Feature/215/create an ability to change user password

[weazy12]

dev

JIRA

• Main JIRA ticket

Code reviewers

• @oleksandrhofner
• @Markian-Grybok
• @oleksandrhofner
• @Skiper29
• @denys-pavskyi
• @VladysMoroz

Second Level Review

• @github_username

Summary of issue

closed #215

Summary of change

ToDo

Testing approach

ToDo

CHECK LIST

• СI passed
• Сode coverage >=95%
• PR is reviewed manually again (to make sure you have 100% ready code)
• All reviewers agreed to merge the PR
• I've checked new feature as logged in and logged out user if needed
• PR meets all conventions

Summary by CodeRabbit

• New Features

  • Added a Change Password endpoint so users can update passwords using email, current password, and a new password.
  • Returns clear success or error responses for user feedback.

• Validation

  • Enforced password rules: required, 6–20 chars, must include uppercase, lowercase, and a digit.

• Tests

  • Added unit tests for success, failure scenarios, and validation rules.

[coderabbitai]

Walkthrough

Adds change-password capability: request/response DTOs, a MediatR command and handler, FluentValidation validators, an AuthController change-password endpoint, and unit tests for handler and validators.

Changes

Cohort / File(s)	Summary
DTOs Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs, Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordResponseDto.cs	Added ChangePasswordRequestDto (Email, OldPassword, NewPassword) and ChangePasswordResponseDto (IsSuccess, Message).
MediatR Command & Handler Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordCommand.cs, Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs	Added ChangePasswordCommand wrapping the DTO and ChangePasswordHandler that looks up user by email, calls UserManager.ChangePasswordAsync, logs failures, and returns Result with response DTO.
Validation Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordDtoValidator.cs, Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordCommandValidator.cs	Added DTO validator enforcing password rules (min/max length, uppercase, lowercase, digit) and command validator that requires DTO and applies the DTO validator.
Web API Endpoint Streetcode/Streetcode.WebApi/Controllers/Auth/AuthController.cs	Added ChangePassword POST action that sends ChangePasswordCommand via Mediator and returns BadRequest on failure or OK on success.
Unit Tests — Handler Streetcode/Streetcode.XUnitTest/BLL/MediatR/Users/ChangePassword/ChangeUserPasswordHandlerTests.cs	Added tests for user-not-found, change-password failure, and successful change scenarios with mocked UserManager and logger.
Unit Tests — Validators Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordCommandValidatorTests.cs, Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordDtoValidatorTests.cs	Added tests verifying command DTO null/valid/invalid cases and comprehensive password rule checks (null/empty/too short/too long/missing char classes/valid).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Client
    participant AuthController
    participant Mediator
    participant Handler
    participant UserManager

    Client->>AuthController: POST /api/auth/change-password (ChangePasswordRequestDto)
    AuthController->>Mediator: Send(ChangePasswordCommand)
    Mediator->>Handler: Handle(command)
    Handler->>UserManager: Users.FirstOrDefault(u => u.Email == dto.Email)
    alt user not found
        Handler-->>Mediator: Result.Fail("User not found")
    else user found
        Handler->>UserManager: ChangePasswordAsync(user, oldPassword, newPassword)
        alt change failed
            Handler-->>Mediator: Result.Fail("Error! Can't change password")
        else success
            Handler-->>Mediator: Result.Ok(ChangePasswordResponseDto{IsSuccess=true, Message="Password changed successfully"})
        end
    end
    Mediator-->>AuthController: Result
    alt success
        AuthController-->>Client: 200 OK (response DTO)
    else failure
        AuthController-->>Client: 400 Bad Request (errors)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

enhancement

Suggested reviewers

• denys-pavskyi
• Markian-Grybok
• Skiper29
• VladysMoroz

Poem

Thump-thump, I hop to test and cheer,
A password change is now quite near.
Validators guard each hopping rule,
The handler nibbles bugs like fuel.
Happy bun — secure and clear! 🐇🔐

Pre-merge checks and finishing touches

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	The PR includes out-of-scope modifications to AuthController beyond adding the ChangePassword endpoint: it removes [ApiController] and [Route] attributes and alters existing POST route mappings, which are unrelated to the linked issue and may change global routing behavior.	Revert the unrelated controller attribute and route mapping changes or move them to a separate PR so this change only contains the new ChangePassword endpoint and related code; ensure controller routing and API attributes remain as intended.
Description Check	⚠️ Warning	The PR description follows the repository template structure and includes JIRA and reviewer placeholders, but critical sections "Summary of change" and "Testing approach" are left as "ToDo" placeholders and the checklist is unchecked, so it lacks the concise summary of implemented changes and test details needed for review.	Fill the "Summary of change" with a brief overview of the added DTOs, MediatR command/handler, validators, controller endpoint, and tests, and complete the "Testing approach" with unit/integration test steps and CI/coverage status, then update the checklist items and reviewers accordingly.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Feature/215/create an ability to change user password" clearly identifies the primary change (adding password-change capability) and references the linked issue, so it is related and informative; it is slightly verbose because it includes the branch/issue prefix but remains specific and not generic.
Linked Issues Check	✅ Passed	The changes implement the core objective of enabling users to change passwords by adding request/response DTOs, a MediatR command and handler that calls UserManager.ChangePasswordAsync, FluentValidation validators enforcing password rules, an AuthController endpoint to dispatch the command, and unit tests covering handler and validators, meeting the primary coding objectives for issue [#215]; however, the handler currently locates users by email (from the request) rather than using the authenticated user context and the controller routing changes should be reviewed.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/215/create_an_ability_to_change_user_password

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d665e8 and 7ed4fa0.

📒 Files selected for processing (2)

• Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (1 hunks)
• Streetcode/Streetcode.WebApi/Controllers/Auth/AuthController.cs (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs

🧰 Additional context used

🧬 Code graph analysis (1)

Streetcode/Streetcode.WebApi/Controllers/Auth/AuthController.cs (2)

Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (1)

• Task (28-52)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

🔇 Additional comments (5)

Streetcode/Streetcode.WebApi/Controllers/Auth/AuthController.cs (5)

5-5: Imports for ChangePassword DTOs look correct.
OK to reference request/response DTOs here.

---

7-7: MediatR command import is correct.
Aligns with handler/command usage.

---

28-39: Logout endpoint update LGTM; confirm routing same as above.
Consistent with Register signature and result mapping.

---

41-52: Secure the endpoint ([Authorize]), derive user from claims, and fix result mapping + cancellation.
Current endpoint: unauthenticated, trusts Email from body, doesn’t pass CancellationToken, and returns the FluentResults wrapper. Align with other actions.

Apply this diff within this block:

-        [HttpPost]
-        public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequestDto dto)
-        {
-            var result = await Mediator.Send(new ChangePasswordCommand(dto));
-
-            if (!result.IsSuccess)
-            {
-                return BadRequest(result);
-            }
-
-            return Ok(result);
-        }
+        [Authorize]
+        [HttpPost]
+        public async Task<ActionResult<ChangePasswordResponseDto>> ChangePassword([FromBody] ChangePasswordRequestDto dto, CancellationToken ct)
+        {
+            // Derive identity; do not trust Email from payload
+            var email = User?.FindFirst(System.Security.Claims.ClaimTypes.Email)?.Value
+                        ?? User?.FindFirst("email")?.Value;
+            if (string.IsNullOrWhiteSpace(email))
+            {
+                return Unauthorized();
+            }
+            dto.Email = email;
+
+            var result = await Mediator.Send(new ChangePasswordCommand(dto), ct);
+
+            if (result.IsFailed)
+            {
+                return BadRequest(result.Errors.Select(e => e.Message));
+            }
+
+            return Ok(result.Value);
+        }

Add this import at the top of the file:

using Microsoft.AspNetCore.Authorization;

---

15-26: Routing OK — BaseApiController provides [ApiController] + action-based route.

BaseApiController.cs declares [ApiController] and [Route("api/[controller]/[action]")], so bare [HttpPost] methods in AuthController map to POST api/Auth/{action} (Register, Logout, ChangePassword).

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (20)

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordCommandValidatorTests.cs (2)

31-40: Positive path covered; consider asserting no child errors too.

Optionally add result.ShouldNotHaveAnyValidationErrors() to ensure no nested rules fire when DTO is valid.

---

42-51: Keep test comments in English.

Replace the inline non-English comment to keep consistency across tests.

-            var dto = new ChangePasswordRequestDto { NewPassword = "abc" }; // короткий пароль
+            var dto = new ChangePasswordRequestDto { NewPassword = "abc" }; // short password

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordResponseDto.cs (1)

9-13: DTO is fine; consider immutability.

Using a record with init-only properties makes the response safer and clearer.

-    public class ChangePasswordResponseDto
-    {
-        public bool IsSuccess { get; set; }
-        public string? Message { get; set; }
-    }
+    public sealed record ChangePasswordResponseDto
+    {
+        public bool IsSuccess { get; init; }
+        public string? Message { get; init; }
+    }

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

9-14: Consider adding compile-time guarantees.

If targeting C# 11+, mark properties as required to prevent partially-initialized DTOs.

-        public string Email { get; set; } = string.Empty;
-        public string OldPassword { get; set; } = string.Empty;
-        public string NewPassword { get; set; } = string.Empty;
+        public required string Email { get; set; }
+        public required string OldPassword { get; set; }
+        public required string NewPassword { get; set; }

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordDtoValidatorTests.cs (2)

46-52: Boundary test overshoots; optional tighten.

new string('A', 21) + "1a" produces length 23; 21 is enough to fail >20.

-            var model = new ChangePasswordRequestDto { NewPassword = new string('A', 21) + "1a" };
+            var model = new ChangePasswordRequestDto { NewPassword = new string('A', 19) + "1a" }; // exactly 21 chars

---

78-84: Add min/max boundary positives (optional).

Consider tests for exactly 6 and exactly 20 chars to lock boundaries.

Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (5)

28-36: Prefer UserManager API for lookup; avoid querying Users directly.

Use FindByEmailAsync for normalization and provider-optimized lookup.

-            var user = _userManager.Users.FirstOrDefault(u => u.Email == request.changePasswordRequestDto.Email);
+            var user = await _userManager.FindByEmailAsync(request.changePasswordRequestDto.Email);

If you rename the command property to PascalCase, update access accordingly.

---

38-45: Propagate Identity errors internally; keep client message generic (optional).

Current generic message is fine for clients; consider logging result.Errors details.

-                _loggerService.LogError(request, errorMsg);
+                _loggerService.LogError(request, errorMsg);
+                // Optionally log individual identity errors here
+                // foreach (var e in result.Errors) _loggerService.LogError(request, e.Description);

---

9-14: Remove unused usings.

Streetcode.BLL.DTO.Feedback and Streetcode.BLL.Resources are unused.

-using Streetcode.BLL.DTO.Feedback;
-using Streetcode.BLL.Resources;

---

28-52: Validate more than NewPassword (recommendation).

Add checks ensuring Email and OldPassword are present/valid and that NewPassword != OldPassword. This belongs either here or in the command validator.

---

47-52: Wrap success in Result.Ok(...) and fix the apostrophe

Return an explicit Result.Ok for the successful response and replace the backtick in the error message with an apostrophe; update the test that asserts the error string.

-            return new ChangePasswordResponseDto
-            {
-                IsSuccess = true,
-                Message = "Password changed successfully"
-            };
+            return Result.Ok(new ChangePasswordResponseDto
+            {
+                IsSuccess = true,
+                Message = "Password changed successfully"
+            });

Change error string:

• "Error! Can`t change password" → "Error! Can't change password"

Files to update:

• Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs
• Streetcode/Streetcode.XUnitTest/BLL/MediatR/Users/ChangePassword/ChangeUserPasswordHandlerTests.cs (update assertion for the error message)

Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordDtoValidator.cs (1)

16-23: Add missing validations for Email/OldPassword and strengthen password rule (optional).

Currently only NewPassword is validated.

         public ChangeUserPasswordDtoValidator()
         {
-            RuleFor(x => x.NewPassword)
+            RuleFor(x => x.Email)
+             .NotEmpty().WithMessage("Email is required")
+             .EmailAddress().WithMessage("Invalid email format");
+
+            RuleFor(x => x.OldPassword)
+             .NotEmpty().WithMessage("Old password is required");
+
+            RuleFor(x => x.NewPassword)
              .NotEmpty().WithMessage("Password is required")
             .MinimumLength(MinPasswordLength).WithMessage($"Password must be at least {MinPasswordLength} characters long")
             .MaximumLength(20).WithMessage("Password must not exceed 20 characters")
             .Matches("[A-Z]").WithMessage("Password must contain at least one uppercase letter")
             .Matches("[a-z]").WithMessage("Password must contain at least one lowercase letter")
-            .Matches("[0-9]").WithMessage("Password must contain at least one digit");
+            .Matches("[0-9]").WithMessage("Password must contain at least one digit")
+            .Must(p => p is not null && !p.Contains(' ')).WithMessage("Password must not contain spaces");
+
+            RuleFor(x => x)
+             .Must(x => !string.Equals(x.NewPassword, x.OldPassword, StringComparison.Ordinal))
+             .WithMessage("New password must differ from old password");
         }

Note: add/update tests if you adopt these rules.

Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordCommandValidator.cs (4)

1-5: Remove unused System usings

These namespaces aren’t used here. Trim to reduce noise.

-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
 using FluentValidation;
 using Streetcode.BLL.MediatR.Users.ChangePassword;
 using Streetcode.BLL.Resources;
 using Streetcode.BLL.Util.Extensions;
 using Streetcode.BLL.Validators.Users.ChangeUserPasswordValidator;

---

12-13: Align namespace with sibling validators

Consider consolidating under a consistent namespace (e.g., Streetcode.BLL.Validators.Users.ChangeUserPassword) to match ChangeUserPasswordDtoValidator and improve discoverability.

---

18-21: Avoid hard-coded token in validation message

Use nameof to prevent string drift if the property name changes.

-                .WithMessage(Errors_Validation.IsRequiredData.FormatWith("ChangePasswordRequestDto"));
+                .WithMessage(Errors_Validation.IsRequiredData.FormatWith(nameof(ChangePasswordCommand.changePasswordRequestDto)));

---

22-26: Use DependentRules instead of When + nested RuleFor

This keeps the null check and clearly scopes child validation to run only if NotNull passes.

-            When(x => x.changePasswordRequestDto != null, () =>
-            {
-                RuleFor(x => x.changePasswordRequestDto)
-                    .SetValidator(new ChangeUserPasswordDtoValidator());
-            });
+            RuleFor(x => x.changePasswordRequestDto)
+                .NotNull()
+                .WithMessage(Errors_Validation.IsRequiredData.FormatWith(nameof(ChangePasswordCommand.changePasswordRequestDto)))
+                .DependentRules(() =>
+                {
+                    RuleFor(x => x.changePasswordRequestDto)
+                        .SetValidator(new ChangeUserPasswordDtoValidator());
+                });

Streetcode/Streetcode.XUnitTest/BLL/MediatR/Users/ChangePassword/ChangeUserPasswordHandlerTests.cs (4)

16-21: Consider a test helper for UserManager setup

A small factory/helper for Mock<UserManager> will cut duplication/noise across tests.

---

32-48: Also assert ChangePasswordAsync is not invoked when user is missing

Strengthens behavior by ensuring no change attempt occurs without a user.

             Assert.False(result.IsSuccess);
             Assert.Contains("User not found", result.Errors.Select(e => e.Message));
             _mockLoggerService.Verify(l => l.LogError(command, "User not found"), Times.Once);
+            _mockUserManager.Verify(
+                u => u.ChangePasswordAsync(It.IsAny<User>(), It.IsAny<string>(), It.IsAny<string>()),
+                Times.Never);

---

51-70: Verify ChangePasswordAsync is called exactly once with expected args

Ensures correct invocation when the user exists but operation fails.

             Assert.False(result.IsSuccess);
             Assert.Contains("Error! Can`t change password", result.Errors.Select(e => e.Message));
             _mockLoggerService.Verify(l => l.LogError(command, "Error! Can`t change password"), Times.Once);
+            _mockUserManager.Verify(
+                u => u.ChangePasswordAsync(user, "oldPass123", "newPass123"),
+                Times.Once);

---

72-92: On success, assert no error logs and exactly one password-change call

Tightens the positive-path contract.

             Assert.True(result.IsSuccess);
             Assert.Equal("Password changed successfully", result.Value.Message);
+            _mockUserManager.Verify(
+                u => u.ChangePasswordAsync(user, "oldPass123", "newPass123"),
+                Times.Once);
+            _mockLoggerService.Verify(
+                l => l.LogError(It.IsAny<object>(), It.IsAny<string>()),
+                Times.Never);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a95caf3 and 4d665e8.

📒 Files selected for processing (10)

• Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1 hunks)
• Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordResponseDto.cs (1 hunks)
• Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordCommand.cs (1 hunks)
• Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (1 hunks)
• Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordCommandValidator.cs (1 hunks)
• Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordDtoValidator.cs (1 hunks)
• Streetcode/Streetcode.WebApi/Controllers/Auth/AuthController.cs (2 hunks)
• Streetcode/Streetcode.XUnitTest/BLL/MediatR/Users/ChangePassword/ChangeUserPasswordHandlerTests.cs (1 hunks)
• Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordCommandValidatorTests.cs (1 hunks)
• Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordDtoValidatorTests.cs (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (8)

Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordDtoValidator.cs (1)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

Streetcode/Streetcode.WebApi/Controllers/Auth/AuthController.cs (2)

Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (1)

• Task (28-52)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordCommandValidatorTests.cs (3)

Streetcode/Streetcode.XUnitTest/BLL/MediatR/Users/ChangePassword/ChangeUserPasswordHandlerTests.cs (3)

• Fact (31-48)
• Fact (50-70)
• Fact (72-92)

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordDtoValidatorTests.cs (8)

• Fact (22-28)
• Fact (30-36)
• Fact (38-44)
• Fact (46-52)
• Fact (54-60)
• Fact (62-68)
• Fact (70-76)
• Fact (78-84)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordCommand.cs (2)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordResponseDto.cs (1)

• ChangePasswordResponseDto (9-13)

Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordCommandValidator.cs (2)

Streetcode/Streetcode.BLL/Util/Extensions/ResourceExtensions.cs (1)

• FormatWith (5-8)

Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordDtoValidator.cs (2)

• ChangeUserPasswordDtoValidator (11-24)
• ChangeUserPasswordDtoValidator (14-23)

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordDtoValidatorTests.cs (2)

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordCommandValidatorTests.cs (3)

• Fact (23-29)
• Fact (31-40)
• Fact (42-51)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (2)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordResponseDto.cs (1)

• ChangePasswordResponseDto (9-13)

Streetcode/Streetcode.BLL/Services/Logging/LoggerService.cs (1)

• LogError (35-40)

Streetcode/Streetcode.XUnitTest/BLL/MediatR/Users/ChangePassword/ChangeUserPasswordHandlerTests.cs (3)

Streetcode/Streetcode.BLL/MediatR/Users/ChangePassword/ChangePasswordHandler.cs (3)

• ChangePasswordHandler (17-54)
• ChangePasswordHandler (22-26)
• Task (28-52)

Streetcode/Streetcode.BLL/DTO/Users/ChangePassword/ChangePasswordRequestDto.cs (1)

• ChangePasswordRequestDto (9-14)

Streetcode/Streetcode.BLL/Services/Logging/LoggerService.cs (1)

• LogError (35-40)

🔇 Additional comments (3)

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordCommandValidatorTests.cs (1)

23-29: Good coverage for null DTO case.

Asserts the not-null rule at the command level. LGTM.

Streetcode/Streetcode.XUnitTest/BLL/Validators/Users/ChangeUserPassword/ChangeUserPasswordDtoValidatorTests.cs (1)

22-28: Covers null case well.

LGTM.

Streetcode/Streetcode.BLL/Validators/Users/ChangeUserPasswordValidator/ChangeUserPasswordCommandValidator.cs (1)

18-26: Confirm DTO validation also covers Email/OldPassword and old≠new

DTO validator snippet only enforces NewPassword complexity. Ensure it also:

• Requires Email and OldPassword (and validates email format).
• Ensures NewPassword != OldPassword.

[sonarqubecloud]

Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
86.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud