public void POST_Not_Providing_Reset_Code_In_URL_Gives_PageNotFoundException()
{
// Arrange
User user = new UserBuilder().WithPasswordResetCode("code").Build();
var requestFormValues = new Dictionary <string, StringValues>();
requestFormValues.Add("GovUk_Text_NewPassword", "NewPassword1");
requestFormValues.Add("GovUk_Text_ConfirmNewPassword", "NewPassword1");
var controllerBuilder = new ControllerBuilder <PasswordResetController>();
var controller = controllerBuilder
.WithDatabaseObjects(user)
.WithRequestFormValues(requestFormValues)
.WithMockUriHelper()
.Build();
// Act
var requestViewModel = new ChooseNewPasswordViewModel {
ResetCode = null /* reset code not provided */
};
TestDelegate action = () => controller.ChooseNewPasswordPost(requestViewModel);
// Assert
Assert.Throws <PageNotFoundException>(action);
}
public void POST_Valid_Reset_Code_In_URL_Allows_User_To_Change_Their_Password()
{
// Arrange
User user = new UserBuilder().WithPasswordResetCode("code").Build();
var requestFormValues = new Dictionary <string, StringValues>();
requestFormValues.Add("GovUk_Text_NewPassword", "NewPassword1");
requestFormValues.Add("GovUk_Text_ConfirmNewPassword", "NewPassword1");
var controllerBuilder = new ControllerBuilder <PasswordResetController>();
var controller = controllerBuilder
.WithDatabaseObjects(user)
.WithRequestFormValues(requestFormValues)
.WithMockUriHelper()
.Build();
// Act
controller.ChooseNewPasswordPost(new ChooseNewPasswordViewModel {
ResetCode = "code"
});
// Assert
Assert.AreEqual(Crypto.GetPBKDF2("NewPassword1", Convert.FromBase64String(user.Salt)), user.PasswordHash);
Assert.IsNull(user.PasswordResetCode);
Assert.AreEqual(1, controllerBuilder.EmailsSent.Count);
var email = controllerBuilder.EmailsSent.FirstOrDefault();
Assert.NotNull(email);
Assert.AreEqual(EmailTemplates.SendResetPasswordCompletedEmail, email.TemplateId);
var auditLogs = controllerBuilder.DataRepository.GetAll <AuditLog>();
Assert.AreEqual(1, auditLogs.Count());
var log = auditLogs.FirstOrDefault();
Assert.NotNull(log);
Assert.AreEqual(AuditedAction.UserChangePassword, log.Action);
}
public void POST_Using_Expired_Reset_Code_Gives_PasswordResetCodeExpiredException()
{
// Arrange
User user = new UserBuilder().WithPasswordResetCode("code", VirtualDateTime.Now.AddDays(-10)).Build();
var requestFormValues = new Dictionary <string, StringValues>();
requestFormValues.Add("GovUk_Text_NewPassword", "NewPassword1");
requestFormValues.Add("GovUk_Text_ConfirmNewPassword", "NewPassword1");
var controllerBuilder = new ControllerBuilder <PasswordResetController>();
var controller = controllerBuilder
.WithDatabaseObjects(user)
.WithRequestFormValues(requestFormValues)
.WithMockUriHelper()
.Build();
// Assert
Assert.Throws <PasswordResetCodeExpiredException>(() => controller.ChooseNewPasswordPost(new ChooseNewPasswordViewModel {
ResetCode = "code"
}));
}
