public IHttpActionResult ConfirmSecurityQuestionAnswers([FromBody] ResetPasswordDto resetPasswordDto)
{
// Model Binding Validation
if (!ModelState.IsValid)
{
return(BadRequest(GeneralErrorMessages.MODEL_STATE_ERROR));
}
try
{
var resetPasswordManager = new ResetPasswordManager(resetPasswordDto);
var response = resetPasswordManager.ConfirmSecurityQuestionAnswers();
if (response.Error != null)
{
return(BadRequest(response.Error));
}
// Sending HTTP response 200 Status
return(Ok());
}
// Catch exceptions
catch (Exception)
{
// Sending HTTP response 400 Status
return(InternalServerError());
}
}
public void DuplicateParameters(Fields field, Values value)
{
var defaultCompanyLoginId = TestContext.CurrentContext.Test.Properties.Get("companyName").ToString();
var defaultUserName = TestContext.CurrentContext.Test.Properties.Get("adminUserLogin").ToString();
var tokenFromCurrentCompany = Common.RefreshToken(defaultCompanyLoginId, defaultUserName);
var tokenFromOtherCompany = Common.RefreshToken(TestContext.CurrentContext.Test.Properties.Get("otherCompanyName").ToString(), TestContext.CurrentContext.Test.Properties.Get("otherAdminUserLogin").ToString());
var parametersSameValue = new Dictionary <Fields, object>
{
[Fields.CompanyLoginId] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.NewPassword] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword }\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.Username] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.Token] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.CheckOldPasswords] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\", \"checkOldPasswords\": \"1\", \"checkOldPasswords\": \"1\"}}",
};
var parametersNotSameValue = new Dictionary <Fields, object>
{
[Fields.CompanyLoginId] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"companyLoginId\": \"{TestContext.CurrentContext.Test.Properties.Get("otherCompanyName").ToString()}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.NewPassword] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword }\", \"newPassword\": \"123456789\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.Username] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"username\": \"{TestContext.CurrentContext.Test.Properties.Get("otherAdminUserLogin").ToString()}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\"}}",
[Fields.Token] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\", \"token\": \"{tokenFromOtherCompany}\"}}",
[Fields.CheckOldPasswords] = $"{{\"companyLoginId\": \"{defaultCompanyLoginId}\", \"username\": \"{defaultUserName}\", \"newPassword\": \"{NewPassword}\", \"token\": \"{tokenFromCurrentCompany}\", \"checkOldPasswords\": \"1\", \"checkOldPasswords\": \"3\"}}",
};
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(value == Values.Same ? parametersSameValue[field] : parametersNotSameValue[field], System.Net.Http.HttpMethod.Post);
LastPassword = Common.CheckUpdatedPassword(response) ? NewPassword : string.Empty;
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
public IHttpActionResult ResetPassword(HttpRequestMessage request)
{
try
{
var result = new SsoTokenManager(request.Headers.Authorization.Parameter).ManageResetPasswordToken();
if (result.Error != null)
{
// Send 401 Response HTTP Status Code
return(Unauthorized());
}
var resetPasswordManager = new ResetPasswordManager(result.Data);
var updateResponse = resetPasswordManager.SsoUpdatePassword();
if (updateResponse.Error != null)
{
// Send 401 Response HTTP Status Code
return(Unauthorized());
}
// Send 200 Response HTTP Status Code
return(Ok());
}
catch (Exception)
{
// Send 500 Response HTTP Status Code
return(InternalServerError());
}
}
public AccountController()
{
_userManager = new UserManager();
_addressManager = new AddressManager();
_orderManager = new OrderManager();
_resetPasswordManager = new ResetPasswordManager();
}
public void InvalidEntrySpecial(InvalidSpecialCondition inputType)
{
var defaultCompanyLoginId = TestContext.CurrentContext.Test.Properties.Get("companyName").ToString();
var defaultUserName = TestContext.CurrentContext.Test.Properties.Get("adminUserLogin").ToString();
var tokenFromCurrentCompany = Common.RefreshToken(defaultCompanyLoginId, defaultUserName);
var resetPassHandler = new ResetPasswordManager();
var parameterRequest = new Dictionary <string, object>(Common.ResetPasswordParameters);
PrivateApiResponse <object> response = null;
parameterRequest["companyLoginId"] = defaultCompanyLoginId;
parameterRequest["username"] = defaultUserName;
parameterRequest["newPassword"] = NewPassword;
parameterRequest["token"] = tokenFromCurrentCompany;
if (inputType == InvalidSpecialCondition.WrongContentType)
{
response = resetPassHandler.ResetPassword(parameterRequest, System.Net.Http.HttpMethod.Post, Common.InvalidEntrySpecialTestCasesMapper[InvalidSpecialCondition.WrongContentType].ToString());
}
else
{
string jsonContent = string.Empty;
if (inputType == InvalidSpecialCondition.BrokenJsonFormat)
{
jsonContent = "{\"companyLoginId\": \"" + defaultCompanyLoginId + "\", \"username\": \"" + defaultUserName + "\", \"newPassword\": \"" + NewPassword + "\", \"token\": \"" + Common.RefreshToken(defaultCompanyLoginId, defaultUserName) + "\"";
}
else
{
jsonContent = Common.InvalidEntrySpecialTestCasesMapper[inputType].ToString();
}
response = resetPassHandler.ResetPassword(jsonContent, System.Net.Http.HttpMethod.Post);
}
LastPassword = Common.CheckUpdatedPassword(response) ? parameterRequest["newPassword"].ToString() : string.Empty;
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(InvalidSpecialCondition.WrongContentType == inputType ? System.Net.HttpStatusCode.UnsupportedMediaType : System.Net.HttpStatusCode.BadRequest));
}
public void PasswordInvalidMethodTests(HttpMethod type)
{
var token = Common.GetToken();
var defaultUser = CommonData.GetDefaultUser();
var requestDic = new Dictionary <string, object>()
{
["companyLoginId"] = defaultUser.Company.Name,
["username"] = defaultUser.Login,
["newPassword"] = "******",
["token"] = token.Result.Token
};
var passwordMng = new ResetPasswordManager();
var httpMethod = new Dictionary <HttpMethod, System.Net.Http.HttpMethod>()
{
[HttpMethod.GET] = System.Net.Http.HttpMethod.Get,
[HttpMethod.PUT] = System.Net.Http.HttpMethod.Put,
[HttpMethod.DELETE] = System.Net.Http.HttpMethod.Delete,
};
var oldPassword = Common.GetOldPassword();
var response = passwordMng.ResetPassword <ResetPasswordResponse>(requestDic, httpMethod[type]);
Common.RecoverOldPassword(requestDic, passwordMng, oldPassword);
defaultUser.Dispose();
PrAssert.That(response, PrIs.ErrorResponse().With.HttpCode(System.Net.HttpStatusCode.MethodNotAllowed));
}
public void PasswordInvalidSpecialTests(InvalidSpecial inputValue)
{
var requestDic = InvalidSpecialMapper[inputValue];
var passwordMng = new ResetPasswordManager();
var response = passwordMng.ResetPassword <ResetPasswordResponse>(requestDic, HttpMethod.Post);
PrAssert.That(response, PrIs.ErrorResponse().With.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
public void TestResetPasswordInvalid(Fields field, InvalidTestCases inputType)
{
var parameterRequest = GetParameters(inputType, field);
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(parameterRequest, System.Net.Http.HttpMethod.Post);
LastPassword = Common.CheckUpdatedPassword(response) ? parameterRequest["newPassword"].ToString() : string.Empty;
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
public static void RecoverOldPassword(Dictionary <string, object> prop, ResetPasswordManager passwordMng, string currentUserPass)
{
var token = GetToken();
prop["newPassword"] = currentUserPass;
prop.Remove("checkOldPasswords");
prop["token"] = token.Result.Token;
passwordMng.ResetPassword <ResetPasswordResponse>(prop, HttpMethod.Post);
}
public void SetUp()
{
user = new User();
database = new Mock <IDatabase>();
database.Setup(d => d.UserRepository.FindUserByUsername("test")).ReturnsAsync(user);
hashGenerator = new Mock <IHashGenerator>();
service = new ResetPasswordManager(database.Object, hashGenerator.Object);
}
private void ResetPassword(string companyId, string newPassword)
{
var token = GetRefreshToken(companyId);
var resetPassRequest = new Dictionary <string, object>
{
["companyLoginId"] = companyId,
["username"] = TestContext.CurrentContext.Test.Properties.Get("adminUser2Login").ToString(),
["newPassword"] = newPassword,
["token"] = token.Token,
};
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(resetPassRequest, HttpMethod.Post);
PrAssert.That(response, PrIs.SuccessfulResponse());
}
public void ResetPasswordByOtherUserName(SpecialCommon inputType)
{
var parameterRequest = new Dictionary <string, object>(Common.ResetPasswordParameters);
var defaultCompanyLoginId = TestContext.CurrentContext.Test.Properties.Get("companyName").ToString();
var defaultUserName = TestContext.CurrentContext.Test.Properties.Get("adminUserLogin").ToString();
var tokenFromCurrentCompany = Common.RefreshToken(defaultCompanyLoginId, defaultUserName);
parameterRequest["companyLoginId"] = defaultCompanyLoginId;
parameterRequest["newPassword"] = NewPassword;
parameterRequest["token"] = tokenFromCurrentCompany;
parameterRequest["username"] = SpecialCommon.SecondUser == inputType?TestContext.CurrentContext.Test.Properties.Get("adminUser2Login").ToString() : TestContext.CurrentContext.Test.Properties.Get("otherAdminUserLogin").ToString();
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(parameterRequest, System.Net.Http.HttpMethod.Post);
LastPassword = Common.CheckUpdatedPassword(response) ? parameterRequest["newPassword"].ToString() : string.Empty;
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
public void ResetPasswordInjection(Fields field, InjectionInput inputType)
{
var parameterRequest = new Dictionary <string, object>(Common.ResetPasswordParameters);
var defaultCompanyLoginId = TestContext.CurrentContext.Test.Properties.Get("companyName").ToString();
var defaultUserName = TestContext.CurrentContext.Test.Properties.Get("adminUserLogin").ToString();
var tokenFromCurrentCompany = Common.RefreshToken(defaultCompanyLoginId, defaultUserName);
parameterRequest["companyLoginId"] = defaultCompanyLoginId;
parameterRequest["username"] = defaultUserName;
parameterRequest["newPassword"] = NewPassword;
parameterRequest["token"] = tokenFromCurrentCompany;
parameterRequest[Char.ToLowerInvariant(field.ToString()[0]) + field.ToString().Substring(1)] = InjectionInputData.InjectionInputMapper[inputType];
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(parameterRequest, System.Net.Http.HttpMethod.Post);
LastPassword = Common.CheckUpdatedPassword(response) ? parameterRequest["newPassword"].ToString() : string.Empty;
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
public void ResetPassAccessEndpointTests(AccessState accessState, HttpStatusCode httpStatusCode, ResultCode resultCode)
{
var accessEndpointHandler = new AccessEndpointManager();
var token = Common.GetToken();
var defaultUser = CommonData.GetDefaultUser();
var requestContent = new Dictionary <string, object>()
{
["companyLoginId"] = defaultUser.Company.Name,
["username"] = defaultUser.Login,
["newPassword"] = "******",
["token"] = token.Result.Token
};
var oldPassword = Common.GetOldPassword();
var passwordMng = new ResetPasswordManager();
var response = accessEndpointHandler.AccessEndpoint <ResetPasswordResponse>(accessState, Endpoint, requestContent, HttpMethod.Post);
Common.RecoverOldPassword(requestContent, passwordMng, oldPassword);
defaultUser.Dispose();
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(httpStatusCode).And.ErrorCode((int)resultCode));
}
public UserManager()
{
_resetPasswordManager = new ResetPasswordManager();
db = new DatabaseContext();
var roleStore = new RoleStore <ApplicationRole>(db);
_roleManager = new RoleManager <ApplicationRole>(roleStore);
var userStore = new UserStore <ApplicationUser>(db);
_userManager = new UserManager <ApplicationUser>(userStore);
_userManager.UserValidator = new UserValidator <ApplicationUser>(_userManager)
{
RequireUniqueEmail = true,
AllowOnlyAlphanumericUserNames = true
};
}
public void ResetPasswordInjectionTests(InjectionParam key, InjectionInput value)
{
var token = Common.GetToken();
var defaultUser = CommonData.GetDefaultUser();
var requestDic = new Dictionary <string, object>()
{
["companyLoginId"] = defaultUser.Company.Name,
["username"] = defaultUser.Login,
["newPassword"] = "******",
["token"] = token.Result.Token,
["checkOldPasswords"] = CheckOldPasswords,
};
requestDic[String.Format("{0}{1}", key.ToString().Substring(0, 1).ToLower(), key.ToString().Substring(1))] = InjectionInputMapper[value];
var passwordMng = new ResetPasswordManager();
var oldPassword = Common.GetOldPassword();
var response = passwordMng.ResetPassword <ResetPasswordResponse>(requestDic, HttpMethod.Post);
Common.RecoverOldPassword(requestDic, passwordMng, oldPassword);
defaultUser.Dispose();
PrAssert.That(response, PrIs.ErrorResponse().With.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
public void ResetPasswordValidCheckOldPasswordsTests(CheckOldPasswords checkOldPasswords)
{
for (int i = 0; i < CheckOldPasswordsMapper[checkOldPasswords]; i++)
{
ResetPassword(TestContext.CurrentContext.Test.Properties.Get("companyName").ToString(), PasswordList[i]);
}
var tokenResponse = GetRefreshToken(TestContext.CurrentContext.Test.Properties.Get("companyName").ToString());
PrAssume.That(tokenResponse, PrIs.SuccessfulResponse());
for (int i = 0; i < CheckOldPasswordsMapper[checkOldPasswords]; i++)
{
var resetPassRequest = new Dictionary <string, object>
{
["companyLoginId"] = TestContext.CurrentContext.Test.Properties.Get("companyName").ToString(),
["username"] = TestContext.CurrentContext.Test.Properties.Get("adminUser2Login").ToString(),
["newPassword"] = PasswordList[i],
["token"] = tokenResponse.Token,
["checkOldPasswords"] = CheckOldPasswordsMapper[checkOldPasswords],
};
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(resetPassRequest, HttpMethod.Post);
PrAssert.That(response, PrIs.ErrorResponse().With.HttpCode(HttpStatusCode.BadRequest));
}
}
public void ResetPasswordByOtherHttpMethod(HttpMethod inputType)
{
var parameterRequest = new Dictionary <string, object>(Common.ResetPasswordParameters);
var defaultCompanyLoginId = TestContext.CurrentContext.Test.Properties.Get("companyName").ToString();
var defaultUserName = TestContext.CurrentContext.Test.Properties.Get("adminUserLogin").ToString();
var tokenFromCurrentCompany = Common.RefreshToken(defaultCompanyLoginId, defaultUserName);
parameterRequest["companyLoginId"] = defaultCompanyLoginId;
parameterRequest["username"] = defaultUserName;
parameterRequest["newPassword"] = NewPassword;
parameterRequest["token"] = tokenFromCurrentCompany;
var httpMethod = new Dictionary <HttpMethod, System.Net.Http.HttpMethod>()
{
[HttpMethod.GET] = System.Net.Http.HttpMethod.Get,
[HttpMethod.DELETE] = System.Net.Http.HttpMethod.Delete,
[HttpMethod.PUT] = System.Net.Http.HttpMethod.Put,
};
var resetPassHandler = new ResetPasswordManager();
var response = resetPassHandler.ResetPassword(parameterRequest, httpMethod[inputType]);
LastPassword = Common.CheckUpdatedPassword(response) ? parameterRequest["newPassword"].ToString() : string.Empty;
PrAssert.That(response, PrIs.ErrorResponse().And.HttpCode(System.Net.HttpStatusCode.BadRequest));
}
