Exemple #1
0
        public void When_GetChangePasswordPendingBodyText_Then_CorrectEmailIsReturned()
        {
            // Act
            var emailText = EmailTemplates.ChangePasswordPendingBodyText(_firstName, _lastName, _applicationName, _url, _token);

            Assert.AreEqual("Dear John Staveley,<br /><br />A request has been received to reset your Security Essentials password. You can complete this process any time within the next 15 minutes by clicking <a href='http://localhost:4986/Account/RecoverPassword?PasswordResetToken=c4f32838-9ab4-46d8-bc49-d080264bd13e'>http://localhost:4986/Account/RecoverPassword?PasswordResetToken=c4f32838-9ab4-46d8-bc49-d080264bd13e</a>. If you did not make this request this then please ignore this email.<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText);
        }
Exemple #2
0
        public async Task <ActionResult> RecoverAsync(RecoverViewModel model)
        {
            var requester = UserIdentity.GetRequester(this);
            var userName  = model.UserName;

            AppSensor.ValidateFormData(this, new List <string> {
                "UserName"
            });
            if (ModelState.IsValid)
            {
                var user = _context.User.SingleOrDefault(u =>
                                                         u.UserName == model.UserName && u.Enabled && u.EmailVerified && u.Approved);
                if (_configuration.HasRecaptcha)
                {
                    if (!_recaptcha.ValidateRecaptcha(this))
                    {
                        Logger.Information("Failed Account Recover Post Recaptcha failed by requester {@requester}",
                                           requester);
                        return(View("Recover", model));
                    }
                }

                if (user != null)
                {
                    user.PasswordResetToken         = Guid.NewGuid().ToString().Replace("-", "");
                    user.PasswordResetExpiryDateUtc = DateTime.UtcNow.AddMinutes(15);
                    // Send recovery email with link to recover password form
                    var emailBody = EmailTemplates.ChangePasswordPendingBodyText(user.FirstName, user.LastName,
                                                                                 _configuration.ApplicationName, _configuration.WebsiteBaseUrl, user.PasswordResetToken);
                    var emailSubject = $"{_configuration.ApplicationName} - Complete the password recovery process";
                    _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
                        user.UserName
                    }, null,
                                        null, emailSubject, emailBody, true);
                    user.UserLogs.Add(new UserLog {
                        Description = "Password reset link generated and sent"
                    });
                    await _context.SaveChangesAsync();
                }
                else
                {
                    Logger.Information("Failed Account Recover Post UserName {userName} by requester {@requester}",
                                       userName, requester);
                    return(View("RecoverSuccess"));
                }
            }
            else
            {
                AppSensor.InspectModelStateErrors(this);
            }

            return(View("RecoverSuccess"));
        }