public ActionResult ChangeSecurityInformation()
{
var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel("", _configuration.HasRecaptcha, securityQuestions);
return(View(changeSecurityInformationViewModel));
}
public async Task Given_SecurityAnswersDontMatch_When_ChangeSecurityInformation_Then_ViewWithErrorReturned()
{
// Arrange
var model = new ChangeSecurityInformationViewModel
{
SecurityAnswer = "securityanswer",
SecurityAnswerConfirm = "this doesnt match"
};
_userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything))
.Return(Task.FromResult(new LogonResult {
Success = true, UserName = TestUserName
}));
_recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true);
// Act
var result = await _sut.ChangeSecurityInformationAsync(model);
// Assert
AssertViewResultReturned(result, "ChangeSecurityInformation");
Context.AssertWasNotCalled(a => a.SaveChangesAsync());
var resultModel = AssertViewResultReturnsType <ChangeSecurityInformationViewModel>(result);
Assert.That(resultModel.ErrorMessage, Contains.Substring("The security question answers do not match"));
}
public async Task Given_AccountDetailsIncorrect_When_ChangeSecurityInformation_Then_ViewWithErrorReturned()
{
// Arrange
var model = new ChangeSecurityInformationViewModel
{
SecurityAnswer = "a",
SecurityAnswerConfirm = "a"
};
_userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything))
.Return(Task.FromResult(new LogonResult {
Success = false, FailedLogonAttemptCount = 1
}));
_recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true);
// Act
var result = await _sut.ChangeSecurityInformationAsync(model);
// Assert
AssertViewResultReturned(result, "ChangeSecurityInformation");
Context.AssertWasNotCalled(a => a.SaveChangesAsync());
var resultModel = AssertViewResultReturnsType <ChangeSecurityInformationViewModel>(result);
Assert.That(resultModel.ErrorMessage, Contains.Substring("Security information incorrect or account locked out"));
}
public async Task Given_ValidSubmission_When_ChangeSecurityInformation_Then_ViewReturned()
{
// Arrange
var model = new ChangeSecurityInformationViewModel
{
SecurityAnswer = "a",
SecurityAnswerConfirm = "a"
};
_userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything))
.Return(Task.FromResult(new LogonResult {
Success = true, UserName = TestUserName
}));
_encryption.Expect(e => e.Encrypt(Arg <string> .Is.Anything, Arg <int> .Is.Anything, Arg <string> .Is.Anything, out Arg <string> .Out(EncryptedSecurityAnswerSalt).Dummy, out Arg <string> .Out(EncryptedSecurityAnswer).Dummy)).Return(false);
_recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true);
// Act
var result = await _sut.ChangeSecurityInformationAsync(model);
// Assert
AssertViewResultReturned(result, "ChangeSecurityInformationSuccess");
Context.AssertWasCalled(a => a.SaveChangesAsync());
_services.AssertWasCalled(a => a.SendEmail(Arg <string> .Is.Anything, Arg <List <string> > .Is.Anything, Arg <List <string> > .Is.Anything, Arg <List <string> > .Is.Anything, Arg <string> .Is.Anything, Arg <string> .Is.Anything, Arg <bool> .Is.Anything));
}
public async Task <ActionResult> ChangeSecurityInformationAsync(ChangeSecurityInformationViewModel model)
{
string errorMessage = "";
var requester = UserIdentity.GetRequester(this);
AppSensor.ValidateFormData(this, new List <string> {
"SecurityQuestionLookupItemId", "SecurityAnswer", "SecurityAnswerConfirm", "Password"
});
if (ModelState.IsValid)
{
var recaptchaSuccess = true;
if (_configuration.HasRecaptcha)
{
recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
}
var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password);
if (recaptchaSuccess)
{
if (logonResult.Success)
{
if (model.SecurityAnswer == model.SecurityAnswerConfirm)
{
var user = _context.User.First(u => u.UserName == logonResult.UserName);
_encryption.Encrypt(_configuration.EncryptionPassword, _configuration.EncryptionIterationCount, model.SecurityAnswer, out var encryptedSecurityAnswerSalt, out var encryptedSecurityAnswer);
user.SecurityAnswer = encryptedSecurityAnswer;
user.SecurityAnswerSalt = encryptedSecurityAnswerSalt;
user.SecurityQuestionLookupItemId = model.SecurityQuestionLookupItemId;
user.UserLogs.Add(new UserLog {
Description = "User Changed Security Information"
});
await _context.SaveChangesAsync();
// Email the user to complete the email verification process or inform them of a duplicate registration and would they like to change their password
string emailSubject = $"{_configuration.ApplicationName} - Security Information Changed";
string emailBody = EmailTemplates.ChangeSecurityInformationCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
{
logonResult.UserName
}, null, null, emailSubject, emailBody, true);
return(View("ChangeSecurityInformationSuccess"));
}
else
{
Logger.Information("Failed Account ChangeSecurityInformation Post, security answers do not match by requester {@requester}", requester);
errorMessage = "The security question answers do not match";
}
}
else
{
Logger.Information("Failed Account ChangeSecurityInformation Post, security information incorrect or account locked out by requester {@requester}", requester);
errorMessage = "Security information incorrect or account locked out";
}
}
else
{
AppSensor.InspectModelStateErrors(this);
}
}
var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel(errorMessage, _configuration.HasRecaptcha, securityQuestions);
return(View("ChangeSecurityInformation", changeSecurityInformationViewModel));
}
