public virtual async Task<ActionResult> ChangePassword(AccountViewModel model)
{
var user = GetCurrentUser();
var oldPassword = user.Credentials.FirstOrDefault(
c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase));
if (oldPassword == null)
{
// User is requesting a password set email
await AuthService.GeneratePasswordResetToken(user, Constants.DefaultPasswordResetTokenExpirationHours * 60);
return SendPasswordResetEmail(user, forgotPassword: false);
}
else
{
if (!ModelState.IsValidField("ChangePassword"))
{
return AccountView(model);
}
if (!(await AuthService.ChangePassword(user, model.ChangePassword.OldPassword, model.ChangePassword.NewPassword)))
{
ModelState.AddModelError("ChangePassword.OldPassword", Strings.CurrentPasswordIncorrect);
return AccountView(model);
}
TempData["Message"] = Strings.PasswordChanged;
return RedirectToAction("Account");
}
}
private ActionResult AccountView(AccountViewModel model)
{
// Load Credential info
var user = GetCurrentUser();
var curatedFeeds = CuratedFeedService.GetFeedsForManager(user.Key);
var creds = user.Credentials.Select(c => AuthService.DescribeCredential(c)).ToList();
model.Credentials = creds;
model.CuratedFeeds = curatedFeeds.Select(f => f.Name);
return View("Account", model);
}
public virtual async Task<ActionResult> ChangeEmail(AccountViewModel model)
{
if (!ModelState.IsValidField("ChangeEmail.NewEmail"))
{
return AccountView(model);
}
var user = GetCurrentUser();
if (user.HasPassword())
{
if (!ModelState.IsValidField("ChangeEmail.Password"))
{
return AccountView(model);
}
var authUser = await AuthService.Authenticate(User.Identity.Name, model.ChangeEmail.Password);
if (authUser == null)
{
ModelState.AddModelError("ChangeEmail.Password", Strings.CurrentPasswordIncorrect);
return AccountView(model);
}
}
// No password? We can't do any additional verification...
if (String.Equals(model.ChangeEmail.NewEmail, user.LastSavedEmailAddress, StringComparison.OrdinalIgnoreCase))
{
// email address unchanged - accept
return RedirectToAction(actionName: "Account", controllerName: "Users");
}
try
{
await UserService.ChangeEmailAddress(user, model.ChangeEmail.NewEmail);
}
catch (EntityException e)
{
ModelState.AddModelError("ChangeEmail.NewEmail", e.Message);
return AccountView(model);
}
if (user.Confirmed)
{
var confirmationUrl = Url.ConfirmationUrl(
"Confirm", "Users", user.Username, user.EmailConfirmationToken);
MessageService.SendEmailChangeConfirmationNotice(new MailAddress(user.UnconfirmedEmailAddress, user.Username), confirmationUrl);
TempData["Message"] = Strings.EmailUpdated_ConfirmationRequired;
}
else
{
TempData["Message"] = Strings.EmailUpdated;
}
return RedirectToAction(actionName: "Account", controllerName: "Users");
}
public virtual async Task<ActionResult> CancelChangeEmail(AccountViewModel model)
{
var user = GetCurrentUser();
if(string.IsNullOrWhiteSpace(user.UnconfirmedEmailAddress))
{
return RedirectToAction(actionName: "Account", controllerName: "Users");
}
await UserService.CancelChangeEmailAddress(user);
TempData["Message"] = Strings.CancelEmailAddress;
return RedirectToAction(actionName: "Account", controllerName: "Users");
}
public async Task GivenFailureInAuthService_ItAddsModelError()
{
// Arrange
var user = new User("foo");
user.Credentials.Add(CredentialBuilder.CreatePbkdf2Password("old"));
GetMock<AuthenticationService>()
.Setup(u => u.ChangePassword(user, "old", "new"))
.CompletesWith(false);
var controller = GetController<UsersController>();
controller.SetCurrentUser(user);
var inputModel = new AccountViewModel()
{
ChangePassword = new ChangePasswordViewModel()
{
OldPassword = "******",
NewPassword = "******",
}
};
// Act
var result = await controller.ChangePassword(inputModel);
// Assert
var outputModel = ResultAssert.IsView<AccountViewModel>(result, viewName: "Account");
Assert.Same(inputModel, outputModel);
var errorMessages = controller
.ModelState["ChangePassword.OldPassword"]
.Errors
.Select(e => e.ErrorMessage)
.ToArray();
Assert.Equal(errorMessages, new[] { Strings.CurrentPasswordIncorrect });
}
public async Task GivenSuccessInAuthService_ItRedirectsBackToManageCredentialsWithMessage()
{
// Arrange
var user = new User("foo");
user.Credentials.Add(CredentialBuilder.CreatePbkdf2Password("old"));
GetMock<AuthenticationService>()
.Setup(u => u.ChangePassword(user, "old", "new"))
.CompletesWith(true);
var controller = GetController<UsersController>();
controller.SetCurrentUser(user);
var inputModel = new AccountViewModel()
{
ChangePassword = new ChangePasswordViewModel()
{
OldPassword = "******",
NewPassword = "******",
}
};
// Act
var result = await controller.ChangePassword(inputModel);
// Assert
ResultAssert.IsRedirectToRoute(result, new { action = "Account" });
Assert.Equal(Strings.PasswordChanged, controller.TempData["Message"]);
}
public async Task GivenInvalidView_ItReturnsView()
{
// Arrange
var controller = GetController<UsersController>();
controller.ModelState.AddModelError("ChangePassword.blarg", "test");
var inputModel = new AccountViewModel();
controller.SetCurrentUser(new User()
{
Credentials = new List<Credential>() {
CredentialBuilder.CreatePbkdf2Password("abc")
}
});
// Act
var result = await controller.ChangePassword(inputModel);
// Assert
var outputModel = ResultAssert.IsView<AccountViewModel>(result, viewName: "Account");
Assert.Same(inputModel, outputModel);
}
public async Task DoesNotSendEmailChangeConfirmationNoticeWhenUserWasNotConfirmed()
{
var user = new User
{
Username = "******",
UnconfirmedEmailAddress = "*****@*****.**",
};
GetMock<AuthenticationService>()
.Setup(u => u.Authenticate("aUsername", "password"))
.CompletesWith(new AuthenticatedUser(user, new Credential()));
GetMock<IUserService>()
.Setup(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()))
.Callback(() => user.UpdateEmailAddress("*****@*****.**", () => "new-token"))
.Completes();
var controller = GetController<UsersController>();
controller.SetCurrentUser(user);
var model = new AccountViewModel()
{
ChangeEmail = new ChangeEmailViewModel
{
NewEmail = "*****@*****.**",
Password = "******"
}
};
await controller.ChangeEmail(model);
Assert.Equal("Your new email address was saved!", controller.TempData["Message"]);
GetMock<IUserService>()
.Verify(u => u.ChangeEmailAddress(user, "*****@*****.**"));
GetMock<IMessageService>()
.Verify(m => m.SendEmailChangeConfirmationNotice(It.IsAny<MailAddress>(), It.IsAny<string>()), Times.Never());
}
public async Task SendsEmailChangeConfirmationNoticeWhenChangingAConfirmedEmailAddress()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
EmailAllowed = true
};
GetMock<AuthenticationService>()
.Setup(u => u.Authenticate("theUsername", "password"))
.CompletesWith(new AuthenticatedUser(user, new Credential()));
GetMock<IUserService>()
.Setup(u => u.ChangeEmailAddress(user, "*****@*****.**"))
.Callback(() => user.UpdateEmailAddress("*****@*****.**", () => "token"))
.Completes();
var controller = GetController<UsersController>();
controller.SetCurrentUser(user);
var model = new AccountViewModel()
{
ChangeEmail = new ChangeEmailViewModel
{
NewEmail = "*****@*****.**",
Password = "******"
}
};
var result = await controller.ChangeEmail(model);
GetMock<IMessageService>()
.Verify(m => m.SendEmailChangeConfirmationNotice(It.IsAny<MailAddress>(), It.IsAny<string>()));
}
public async Task WhenPasswordValidationFailsErrorIsReturned()
{
// Arrange
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
Credentials = new [] { new Credential(CredentialTypes.Password.V3, "abc") }
};
Credential credential;
GetMock<AuthenticationService>()
.Setup(u => u.ValidatePasswordCredential(It.IsAny<IEnumerable<Credential>>(), It.IsAny<string>(), out credential))
.Returns(false);
var controller = GetController<UsersController>();
controller.SetCurrentUser(user);
var model = new AccountViewModel
{
ChangeEmail = new ChangeEmailViewModel
{
NewEmail = "*****@*****.**",
Password = "******"
}
};
var result = await controller.ChangeEmail(model);
Assert.IsType<ViewResult>(result);
Assert.IsType<AccountViewModel>(((ViewResult) result).Model);
}
public async Task DoesNotSendEmailChangeConfirmationNoticeWhenAddressDoesntChange()
{
var user = new User
{
EmailAddress = "*****@*****.**",
Username = "******",
};
var authResult =
new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.Success, new AuthenticatedUser(user, new Credential()));
GetMock<AuthenticationService>()
.Setup(u => u.Authenticate("aUsername", "password"))
.CompletesWith(authResult);
GetMock<IUserService>()
.Setup(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()))
.Callback(() => user.UpdateEmailAddress("*****@*****.**", () => "new-token"));
var controller = GetController<UsersController>();
controller.SetCurrentUser(user);
var model = new AccountViewModel()
{
ChangeEmail = new ChangeEmailViewModel
{
NewEmail = "*****@*****.**",
Password = "******"
}
};
await controller.ChangeEmail(model);
GetMock<IUserService>()
.Verify(u => u.ChangeEmailAddress(user, "*****@*****.**"), Times.Never());
GetMock<IMessageService>()
.Verify(m => m.SendEmailChangeConfirmationNotice(It.IsAny<MailAddress>(), It.IsAny<string>()), Times.Never());
}
