0

I am writing a N-Tier application using ASP.Net Core. In my service layer in logic tier I have an API which update the user's password. Here is the code from the service layer.

public IActionResult UpdatePassword([Required][EmailAddress] string email, [Required][DataType(DataType.Password)] string oldPassword, [Required][DataType(DataType.Password)] string newPassword)
{
    try
    {
        _userLogic.UpdatePasswordLogic(oldPassword, email, newPassword);
    }
    catch (Exception ex)
    {
        return BadRequest(ex.Message);
    }

    return Ok($"Password updated successfully. The new password is: { newPassword }");
}

basically it just gets the email, the current password, and the new given password by user and pass it to the "UpdatePasswordLogic" method in business layer. The "UpdatePasswordLogic" works as following:

public void UpdatePasswordLogic(string oldPassword, string email, string newPassword)
{
    // Take the user's password from the database
    string savedPassword = _context.Users
        .Where(x => x.Email == email)
        .Select(x => x.Password);

    if (!string.IsNullOrEmpty(savedPassword))
    {
        // Check if the oldPassword is equal to the password saved in the databank
        if (ComparePasswords(savedPassword, oldPassword))
        {
            // TODO: Set the new password
        }
        else
            // Throw exception when password is not correct
            throw new Exception("password does not match the one saved in the database");
    }
    else
        // If user does not exist, throw an exception
        throw new Exception("User does not exist in databank");
}

The "ComparePasswords" method check if the given password by user match the one that saved in the databank. If the password is not correct then it suppose to throw an exception. When I enter a wrong password the UpdatePasswordLogic does throw an exception but my API in service layer does not catch this exception and it returns the OKObjectResult. Does anyone know why it does not catch the exception?

Ben
  • 76
  • 2
  • 8
brk
  • 385
  • 3
  • 8
  • 1
    I have not an answer to your question, but I really think that driving code using exceptions when other methods exist is fundamentally flawed. – Steve Nov 13 '20 at 22:33
  • @Steve What methods for example? – brk Nov 13 '20 at 22:36
  • 3
    For example define an OperationResult class that you can share between your layers. Always initialize it in your operational layer. This class will have a message, a status property and a generic T data property. When something goes wrong prepare the message and the status leaving the data null, In success fill it with the proper data expected by the caller and set OK to the status. Then return the instance created and take appropriate steps in the upper layer – Steve Nov 13 '20 at 22:39
  • 1
    Think of throwing an exception as having a `goto` statement without a label - it's going to go _somewhere_, but you don't really know where. Exceptions should be raised in 'exceptional' situations where the code just cannot continue - i.e. "this should never, ever happen". Plus of course there's a performance penalty with exceptions - they're expensive for the runtime to create. This is all discussed in [this question](https://stackoverflow.com/questions/729379/why-not-use-exceptions-as-regular-flow-of-control). – stuartd Nov 13 '20 at 22:56

0 Answers0