public void When_GetChangeEmailPendingBodyText_Then_CorrectEmailIsReturned()
{
// Act
var emailBodyText = EmailTemplates.ChangeEmailAddressPendingBodyText(_firstName, _lastName, _applicationName, _url, _token);
Assert.AreEqual("Dear John Staveley,<br /><br />A request has been received to change your Security Essentials username/email address. You can complete this process any time within the next 15 minutes by clicking <a href='http://localhost:4986/Account/ChangeEmailAddresConfirm?NewEmailAddressToken=c4f32838-9ab4-46d8-bc49-d080264bd13e'>http://localhost:4986/Account/ChangeEmailAddresConfirm?NewEmailAddressToken=c4f32838-9ab4-46d8-bc49-d080264bd13e</a>. If you did not request this then you can ignore this email.<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailBodyText);
}
public async Task <ActionResult> ChangeEmailAddressAsync(ChangeEmailAddressViewModel model)
{
var userId = UserIdentity.GetUserId(this);
var user = _context.User.FirstOrDefault(u => u.Id == userId && u.Enabled && u.EmailVerified && u.Approved);
AppSensor.ValidateFormData(this, new List <string> {
"NewEmailAddress", "Password"
});
if (user == null)
{
return(HttpNotFound());
}
if (ModelState.IsValid)
{
if (_context.User.Any(a => a.Id != user.Id && model.NewEmailAddress == a.UserName))
{
ModelState.AddModelError("NewEmailAddress", "This email address is already in use");
Logger.Information("Failed Account ChangeEmailAddress Post, Username already exists");
}
else
{
var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password);
if (logonResult.Success)
{
user.NewEmailAddressToken = Guid.NewGuid().ToString().Replace("-", "");
user.NewEmailAddressRequestExpiryDateUtc = DateTime.UtcNow.AddMinutes(15);
user.NewEmailAddress = model.NewEmailAddress;
// Send change username with link to recover password form
string emailBody = EmailTemplates.ChangeEmailAddressPendingBodyText(user.FirstName, user.LastName,
_configuration.ApplicationName, _configuration.WebsiteBaseUrl, user.NewEmailAddressToken);
string emailSubject = $"{_configuration.ApplicationName} - Complete the change email address process";
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
{
user.UserName
}, null, null,
emailSubject, emailBody, true);
user.UserLogs.Add(new UserLog
{
Description = $"Change email address request started to change from {user.UserName} to {user.NewEmailAddress}"
});
await _context.SaveChangesAsync();
return(View("ChangeEmailAddressPending"));
}
else
{
Logger.Information("Failed Account ChangeEmailAddress Post, Password incorrect by requester {@requester}",
UserIdentity.GetRequester(this, AppSensorDetectionPointKind.Ae1));
ModelState.AddModelError("Password", "The password is not correct");
}
}
}
else
{
AppSensor.InspectModelStateErrors(this);
}
return(View("ChangeEmailAddress", new ChangeEmailAddressViewModel(user.UserName, user.NewEmailAddress, user.NewEmailAddressRequestExpiryDateUtc)));
}
public async Task <ActionResult> ChangeEmailAddress(ChangeEmailAddressViewModel model)
{
var userId = _userIdentity.GetUserId(this);
var user = _context.User.Where(u => u.Id == userId && u.Enabled && u.EmailVerified && u.Approved).FirstOrDefault();
_appSensor.ValidateFormData(this, new List <string>()
{
"NewEmailAddress", "Password"
});
if (ModelState.IsValid)
{
var logonResult = await _userManager.TryLogOnAsync(_userIdentity.GetUserName(this), model.Password);
if (logonResult.Success)
{
if (user != null)
{
user.NewEmailAddressToken = Guid.NewGuid().ToString().Replace("-", "");
user.NewEmailAddressRequestExpiryDate = DateTime.UtcNow.AddMinutes(15);
user.NewEmailAddress = model.NewEmailAddress;
// Send change username with link to recover password form
string emailBody = EmailTemplates.ChangeEmailAddressPendingBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, _configuration.WebsiteBaseUrl, user.NewEmailAddressToken);
string emailSubject = string.Format("{0} - Complete the change email address process", _configuration.ApplicationName);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
{
user.UserName
}, null, null, emailSubject, emailBody, true);
user.UserLogs.Add(new UserLog()
{
Description = string.Format("Change email address request started to change from {0} to {1}", user.UserName, user.NewEmailAddress)
});
_context.SaveChanges();
return(View("ChangeEmailAddressPending"));
}
}
else
{
Logger.Information("Failed Account ChangeEmailAddress Post, Password incorrect by requester {@requester}", _userIdentity.GetRequester(this, Core.Constants.AppSensorDetectionPointKind.AE1));
ModelState.AddModelError("Password", "The password is not correct");
}
}
else
{
_appSensor.InspectModelStateErrors(this);
}
return(View(new ChangeEmailAddressViewModel(user.UserName, user.NewEmailAddress, user.NewEmailAddressRequestExpiryDate)));
}
