public void UpdatePassword() { unitOfWork.Data = Utils.CreateAdminAndUser(); var cp = new ChangePassword { code = "A", password1 = "pass1", password2 = "pass2" }; var result = controller.UpdatePassword(cp); Utils.AssertRequestMessageAndStatus(result, HttpStatusCode.BadRequest); cp.code = "2"; //Passwords don't match result = controller.UpdatePassword(cp); Utils.AssertRequestMessageAndStatus(result, HttpStatusCode.BadRequest); cp.password2 = "pass1"; //Passwords break rules (8 minimum) result = controller.UpdatePassword(cp); Utils.AssertRequestMessageAndStatus(result, HttpStatusCode.BadRequest); cp.password1 = cp.password2 = "Password"; //one upper case, 8 chars result = controller.UpdatePassword(cp); Assert.IsNotInstanceOfType(result, typeof(HttpResponseMessage)); Assert.IsTrue(unitOfWork.Saved); Assert.AreEqual(cp.password1, unitOfWork.Data.Users.FirstOrDefault(u => u.id == 2)?.password); }