public ActionResult ForgotPassword(ForgotPassword model)
{
if (ModelState.IsValid)
{
//get user by email address
var user = Db.SingleOrDefault<User>(new { model.Email, IsDeleted = false });
//if no matching user, error
if (user == null)
{
ModelState.AddModelErrorFor<ForgotPassword>(x => x.Email, "A user could not be found with that email address");
return View(model);
}
// Create token and send email
var token = new PasswordRetrieval(user, Guid.NewGuid());
Db.Save(token);
Metrics.Increment(Metric.Users_SendPasswordResetEmail);
_mailController.ForgotPassword(new ViewModels.Mail.ForgotPassword
{
To = user.Email,
Token = token.Token
}).Deliver();
return View("ForgotPasswordConfirmation");
}
return View(model);
}
public ActionResult ForgotPassword(ForgotPassword model)
{
if (ModelState.IsValid)
{
//get user by email address
using (RavenSession.GetCachingContext())
{
var user = RavenSession.Query<User>().SingleOrDefault(x => x.Email == model.Email && !x.IsDeleted);
//if no matching user, error
if (user == null)
{
ModelState.AddModelError("Invalid User Email", "A user could not be found with that email address");
return View(model);
}
// Create token and send email
var token = new PasswordRetrieval(user, Guid.NewGuid());
RavenSession.Store(token);
RavenSession.SaveChanges();
Metrics.Increment(Metric.Users_SendPasswordResetEmail);
// TODO: Send email with password token
return View("ForgotPasswordConfirmation");
}
}
return View(model);
}
public void GivenAnonymousGetRequest_WithValidId_ReturnsView()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var result = Controller.ResetPassword(expectedObject.Token.ToString("N")) as ViewResult;
result.Should().Not.Be.Null();
var model = result.Model as ResetPassword;
model.Should().Not.Be.Null();
model.Token.Should().Equal(expectedObject.Token);
model.Data.Should().Not.Be.Null();
model.Data.Token.Should().Equal(expectedObject.Token);
model.Data.UserId.Should().Equal(User.Id);
}
public void GivenAnonymousPostRequest_WithValidData_DeletesPasswordRetrieval()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
var previousObject = Db.SingleOrDefault<PasswordRetrieval>(new { expectedObject.Id });
previousObject.Should().Be.Null();
}
public void GivenAnonymousPostRequest_WithValidId_IncrementsMetric()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
MetricsMock.Verify(x => x.Increment(Metric.Users_ResetPassword), Times.Once());
}
public void GivenAnonymousPostRequest_WithValidData_UpdatesUserPassword()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
Controller.ResetPassword(model);
var user = Db.SingleOrDefault<User>(new { User.Id });
user.Password.Should().Equal(model.PasswordConfirm.ToSHAHash());
}
public void GivenAnonymousPostRequest_WithValidData_ReturnsView()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
result.ViewName.Should().Equal("ResetPasswordConfirmation");
}
public void GivenAnonymousPostRequest_WithValidData_LogsInUser()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
Controller.ResetPassword(model);
AuthenticationService.Verify(x => x.SetLoginCookie(It.Is<User>(u => u.Id == User.Id), true), Times.Once());
}
