Beispiel #1
0
        public ActionResult ChangeSecurityInformation()
        {
            var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
            var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel("", _configuration.HasRecaptcha, securityQuestions);

            return(View(changeSecurityInformationViewModel));
        }
        public async Task Given_SecurityAnswersDontMatch_When_ChangeSecurityInformation_Then_ViewWithErrorReturned()
        {
            // Arrange
            var model = new ChangeSecurityInformationViewModel
            {
                SecurityAnswer        = "securityanswer",
                SecurityAnswerConfirm = "this doesnt match"
            };

            _userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything))
            .Return(Task.FromResult(new LogonResult {
                Success = true, UserName = TestUserName
            }));
            _recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true);

            // Act
            var result = await _sut.ChangeSecurityInformationAsync(model);

            // Assert
            AssertViewResultReturned(result, "ChangeSecurityInformation");
            Context.AssertWasNotCalled(a => a.SaveChangesAsync());
            var resultModel = AssertViewResultReturnsType <ChangeSecurityInformationViewModel>(result);

            Assert.That(resultModel.ErrorMessage, Contains.Substring("The security question answers do not match"));
        }
        public async Task Given_AccountDetailsIncorrect_When_ChangeSecurityInformation_Then_ViewWithErrorReturned()
        {
            // Arrange
            var model = new ChangeSecurityInformationViewModel
            {
                SecurityAnswer        = "a",
                SecurityAnswerConfirm = "a"
            };

            _userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything))
            .Return(Task.FromResult(new LogonResult {
                Success = false, FailedLogonAttemptCount = 1
            }));
            _recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true);

            // Act
            var result = await _sut.ChangeSecurityInformationAsync(model);

            // Assert
            AssertViewResultReturned(result, "ChangeSecurityInformation");
            Context.AssertWasNotCalled(a => a.SaveChangesAsync());
            var resultModel = AssertViewResultReturnsType <ChangeSecurityInformationViewModel>(result);

            Assert.That(resultModel.ErrorMessage, Contains.Substring("Security information incorrect or account locked out"));
        }
        public async Task Given_ValidSubmission_When_ChangeSecurityInformation_Then_ViewReturned()
        {
            // Arrange
            var model = new ChangeSecurityInformationViewModel
            {
                SecurityAnswer        = "a",
                SecurityAnswerConfirm = "a"
            };

            _userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything))
            .Return(Task.FromResult(new LogonResult {
                Success = true, UserName = TestUserName
            }));
            _encryption.Expect(e => e.Encrypt(Arg <string> .Is.Anything, Arg <int> .Is.Anything, Arg <string> .Is.Anything, out Arg <string> .Out(EncryptedSecurityAnswerSalt).Dummy, out Arg <string> .Out(EncryptedSecurityAnswer).Dummy)).Return(false);
            _recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true);


            // Act
            var result = await _sut.ChangeSecurityInformationAsync(model);

            // Assert
            AssertViewResultReturned(result, "ChangeSecurityInformationSuccess");
            Context.AssertWasCalled(a => a.SaveChangesAsync());
            _services.AssertWasCalled(a => a.SendEmail(Arg <string> .Is.Anything, Arg <List <string> > .Is.Anything, Arg <List <string> > .Is.Anything, Arg <List <string> > .Is.Anything, Arg <string> .Is.Anything, Arg <string> .Is.Anything, Arg <bool> .Is.Anything));
        }
Beispiel #5
0
        public async Task <ActionResult> ChangeSecurityInformationAsync(ChangeSecurityInformationViewModel model)
        {
            string errorMessage = "";
            var    requester    = UserIdentity.GetRequester(this);

            AppSensor.ValidateFormData(this, new List <string> {
                "SecurityQuestionLookupItemId", "SecurityAnswer", "SecurityAnswerConfirm", "Password"
            });
            if (ModelState.IsValid)
            {
                var recaptchaSuccess = true;
                if (_configuration.HasRecaptcha)
                {
                    recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
                }
                var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password);

                if (recaptchaSuccess)
                {
                    if (logonResult.Success)
                    {
                        if (model.SecurityAnswer == model.SecurityAnswerConfirm)
                        {
                            var user = _context.User.First(u => u.UserName == logonResult.UserName);
                            _encryption.Encrypt(_configuration.EncryptionPassword, _configuration.EncryptionIterationCount, model.SecurityAnswer, out var encryptedSecurityAnswerSalt, out var encryptedSecurityAnswer);
                            user.SecurityAnswer               = encryptedSecurityAnswer;
                            user.SecurityAnswerSalt           = encryptedSecurityAnswerSalt;
                            user.SecurityQuestionLookupItemId = model.SecurityQuestionLookupItemId;
                            user.UserLogs.Add(new UserLog {
                                Description = "User Changed Security Information"
                            });
                            await _context.SaveChangesAsync();

                            // Email the user to complete the email verification process or inform them of a duplicate registration and would they like to change their password
                            string emailSubject = $"{_configuration.ApplicationName} - Security Information Changed";
                            string emailBody    = EmailTemplates.ChangeSecurityInformationCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName);
                            _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
                            {
                                logonResult.UserName
                            }, null, null, emailSubject, emailBody, true);
                            return(View("ChangeSecurityInformationSuccess"));
                        }
                        else
                        {
                            Logger.Information("Failed Account ChangeSecurityInformation Post, security answers do not match by requester {@requester}", requester);
                            errorMessage = "The security question answers do not match";
                        }
                    }
                    else
                    {
                        Logger.Information("Failed Account ChangeSecurityInformation Post, security information incorrect or account locked out by requester {@requester}", requester);
                        errorMessage = "Security information incorrect or account locked out";
                    }
                }
                else
                {
                    AppSensor.InspectModelStateErrors(this);
                }
            }
            var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
            var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel(errorMessage, _configuration.HasRecaptcha, securityQuestions);

            return(View("ChangeSecurityInformation", changeSecurityInformationViewModel));
        }