public ActionResult ChangeSecurityInformation() { var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList(); var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel("", _configuration.HasRecaptcha, securityQuestions); return(View(changeSecurityInformationViewModel)); }
public async Task Given_SecurityAnswersDontMatch_When_ChangeSecurityInformation_Then_ViewWithErrorReturned() { // Arrange var model = new ChangeSecurityInformationViewModel { SecurityAnswer = "securityanswer", SecurityAnswerConfirm = "this doesnt match" }; _userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything)) .Return(Task.FromResult(new LogonResult { Success = true, UserName = TestUserName })); _recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true); // Act var result = await _sut.ChangeSecurityInformationAsync(model); // Assert AssertViewResultReturned(result, "ChangeSecurityInformation"); Context.AssertWasNotCalled(a => a.SaveChangesAsync()); var resultModel = AssertViewResultReturnsType <ChangeSecurityInformationViewModel>(result); Assert.That(resultModel.ErrorMessage, Contains.Substring("The security question answers do not match")); }
public async Task Given_AccountDetailsIncorrect_When_ChangeSecurityInformation_Then_ViewWithErrorReturned() { // Arrange var model = new ChangeSecurityInformationViewModel { SecurityAnswer = "a", SecurityAnswerConfirm = "a" }; _userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything)) .Return(Task.FromResult(new LogonResult { Success = false, FailedLogonAttemptCount = 1 })); _recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true); // Act var result = await _sut.ChangeSecurityInformationAsync(model); // Assert AssertViewResultReturned(result, "ChangeSecurityInformation"); Context.AssertWasNotCalled(a => a.SaveChangesAsync()); var resultModel = AssertViewResultReturnsType <ChangeSecurityInformationViewModel>(result); Assert.That(resultModel.ErrorMessage, Contains.Substring("Security information incorrect or account locked out")); }
public async Task Given_ValidSubmission_When_ChangeSecurityInformation_Then_ViewReturned() { // Arrange var model = new ChangeSecurityInformationViewModel { SecurityAnswer = "a", SecurityAnswerConfirm = "a" }; _userManager.Expect(a => a.TryLogOnAsync(Arg <string> .Is.Anything, Arg <string> .Is.Anything)) .Return(Task.FromResult(new LogonResult { Success = true, UserName = TestUserName })); _encryption.Expect(e => e.Encrypt(Arg <string> .Is.Anything, Arg <int> .Is.Anything, Arg <string> .Is.Anything, out Arg <string> .Out(EncryptedSecurityAnswerSalt).Dummy, out Arg <string> .Out(EncryptedSecurityAnswer).Dummy)).Return(false); _recaptcha.Expect(a => a.ValidateRecaptcha(Arg <Controller> .Is.Anything)).Return(true); // Act var result = await _sut.ChangeSecurityInformationAsync(model); // Assert AssertViewResultReturned(result, "ChangeSecurityInformationSuccess"); Context.AssertWasCalled(a => a.SaveChangesAsync()); _services.AssertWasCalled(a => a.SendEmail(Arg <string> .Is.Anything, Arg <List <string> > .Is.Anything, Arg <List <string> > .Is.Anything, Arg <List <string> > .Is.Anything, Arg <string> .Is.Anything, Arg <string> .Is.Anything, Arg <bool> .Is.Anything)); }
public async Task <ActionResult> ChangeSecurityInformationAsync(ChangeSecurityInformationViewModel model) { string errorMessage = ""; var requester = UserIdentity.GetRequester(this); AppSensor.ValidateFormData(this, new List <string> { "SecurityQuestionLookupItemId", "SecurityAnswer", "SecurityAnswerConfirm", "Password" }); if (ModelState.IsValid) { var recaptchaSuccess = true; if (_configuration.HasRecaptcha) { recaptchaSuccess = _recaptcha.ValidateRecaptcha(this); } var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password); if (recaptchaSuccess) { if (logonResult.Success) { if (model.SecurityAnswer == model.SecurityAnswerConfirm) { var user = _context.User.First(u => u.UserName == logonResult.UserName); _encryption.Encrypt(_configuration.EncryptionPassword, _configuration.EncryptionIterationCount, model.SecurityAnswer, out var encryptedSecurityAnswerSalt, out var encryptedSecurityAnswer); user.SecurityAnswer = encryptedSecurityAnswer; user.SecurityAnswerSalt = encryptedSecurityAnswerSalt; user.SecurityQuestionLookupItemId = model.SecurityQuestionLookupItemId; user.UserLogs.Add(new UserLog { Description = "User Changed Security Information" }); await _context.SaveChangesAsync(); // Email the user to complete the email verification process or inform them of a duplicate registration and would they like to change their password string emailSubject = $"{_configuration.ApplicationName} - Security Information Changed"; string emailBody = EmailTemplates.ChangeSecurityInformationCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName); _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>() { logonResult.UserName }, null, null, emailSubject, emailBody, true); return(View("ChangeSecurityInformationSuccess")); } else { Logger.Information("Failed Account ChangeSecurityInformation Post, security answers do not match by requester {@requester}", requester); errorMessage = "The security question answers do not match"; } } else { Logger.Information("Failed Account ChangeSecurityInformation Post, security information incorrect or account locked out by requester {@requester}", requester); errorMessage = "Security information incorrect or account locked out"; } } else { AppSensor.InspectModelStateErrors(this); } } var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList(); var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel(errorMessage, _configuration.HasRecaptcha, securityQuestions); return(View("ChangeSecurityInformation", changeSecurityInformationViewModel)); }