public void DoesNotSendMessageIfUserIsNotConfirmedOrIfEmailDoesNotMatchUser(int userId, string submittedEmail, bool isConfirmed)
{
var webSecurity = Substitute.For<IWebSecurityService>();
webSecurity.GetUserId("haacked").Returns(userId);
webSecurity.IsConfirmed("haacked").Returns(isConfirmed);
var messengerService = Substitute.For<IMessengerService>();
var users = new TestDbSet<User> { new User { Id = 42, Name = "haacked", Email = "*****@*****.**" }, new User() };
var tournamentContext = Substitute.For<ITournamentContext>();
tournamentContext.Users.Returns(users);
var accountController = new AccountController(webSecurity, messengerService, tournamentContext);
var request = Substitute.For<HttpRequestBase>();
request.Url.Returns(new Uri("http://localhost/"));
var httpContext = Substitute.For<HttpContextBase>();
httpContext.Request.Returns(request);
accountController.ControllerContext = new ControllerContext(httpContext, new RouteData(), accountController);
var forgotPasswordModel = new ForgotPasswordModel
{
UserName = "******",
Email = submittedEmail
};
accountController.ForgotPassword(forgotPasswordModel);
messengerService.DidNotReceive().Send(Args.String, Args.String, Args.String, Args.String, Args.Boolean);
}
public ActionResult ForgotPassword(ForgotPasswordModel model)
{
var isValid = false;
var resetToken = string.Empty;
if (ModelState.IsValid)
{
var userId = webSecurity.GetUserId(model.UserName);
var user = tournamentContext.Users.Find(userId);
if (user != null && webSecurity.IsConfirmed(model.UserName) && user.Email.Equals(model.Email, StringComparison.OrdinalIgnoreCase))
{
resetToken = webSecurity.GeneratePasswordResetToken(model.UserName);
isValid = true;
}
if (isValid)
{
if (Request.Url != null)
{
string hostUrl = Request.Url.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped);
string resetUrl = hostUrl +
VirtualPathUtility.ToAbsolute("~/Account/PasswordReset?resetToken=" +
HttpUtility.UrlEncode(resetToken));
var fromAddress = "Your Email Address";
var toAddress = model.Email;
var subject = "Password reset request";
var body =
string.Format(
"Use this password reset token to reset your password. <br/>The token is: {0}<br/>Visit <a href='{1}'>{1}</a> to reset your password.<br/>",
resetToken, resetUrl);
messengerService.Send(fromAddress, toAddress, subject, body, true);
}
}
return RedirectToAction("ForgotPasswordMessage");
}
return View(model);
}
public void SendsResetMessageIfUserIsConfirmedAndEmailMatchesUserEmail()
{
var webSecurity = Substitute.For<IWebSecurityService>();
webSecurity.GetUserId("haacked").Returns(42);
webSecurity.IsConfirmed("haacked").Returns(true);
var messengerService = Substitute.For<IMessengerService>();
var users = new TestDbSet<User> { new User { Id = 42, Name = "haacked", Email = "*****@*****.**" }, new User() };
var tournamentContext = Substitute.For<ITournamentContext>();
tournamentContext.Users.Returns(users);
var accountController = new AccountController(webSecurity, messengerService, tournamentContext);
var request = Substitute.For<HttpRequestBase>();
request.Url.Returns(new Uri("http://localhost/"));
var httpContext = Substitute.For<HttpContextBase>();
httpContext.Request.Returns(request);
accountController.ControllerContext = new ControllerContext(httpContext, new RouteData(), accountController);
var forgotPasswordModel = new ForgotPasswordModel
{
UserName = "******",
Email = "*****@*****.**"
};
accountController.ForgotPassword(forgotPasswordModel);
messengerService.Received().Send(Args.String, Args.String, Args.String, Args.String, Args.Boolean);
}
