public ActionResult NewPassword(string emailAddress)
{
try
{
if (string.IsNullOrEmpty(emailAddress))
{
ModelState.AddModelError("You must supply an email address to send the new password to");
}
var employers = _employersQuery.GetEmployers(emailAddress);
if (employers == null || employers.Count == 0)
{
ModelState.AddModelError("The user cannot be found. Please try again.");
}
else if (employers.Count == 1)
{
// Now reset the password.
var employer = employers[0];
var credentials = _loginCredentialsQuery.GetCredentials(employer.Id);
_loginCredentialsCommand.ResetPassword(employer.Id, credentials);
}
else if (employers.Count > 1)
{
ModelState.AddModelError(string.Format("There is more than one user with the specified email address. Please reset your password on the website"));
}
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new StandardErrorHandler());
}
return(Json(new JsonResponseModel()));
}
public void TestPasswordReset()
{
// Create the member.
var member = _memberAccountsCommand.CreateTestMember(0);
// Reset their password.
var credentials = _loginCredentialsQuery.GetCredentials(member.Id);
_loginCredentialsCommand.ResetPassword(member.Id, credentials);
// Assert that they cannot log in in with their old password.
GetLoginUrl();
SubmitLogIn(member);
AssertPageDoesNotContain(member.FullName);
AssertSecureLoginUrl();
// Assert that they can log in with the new password. In the test environment this is always the same password.
var password = _passwordsCommand.GenerateRandomPassword();
GetLoginUrl();
SubmitLogIn(member, password);
AssertUrlWithoutQuery(_mustChangePasswordUrl);
}
public void TestPasswordReset()
{
// Create the member.
var member = _memberAccountsCommand.CreateTestMember(0);
// Reset their password.
var credentials = _loginCredentialsQuery.GetCredentials(member.Id);
_loginCredentialsCommand.ResetPassword(member.Id, credentials);
// Assert that they cannot log in in with their old password.
AssertNotLoggedIn();
AssertJsonError(ApiLogIn(member), null, "101", "Login failed. Please try again.");
AssertNotLoggedIn();
// Assert that they can log in with the new password. In the test environment this is always the same password.
var password = _passwordsCommand.GenerateRandomPassword();
AssertJsonSuccess(ApiLogIn(member.GetLoginId(), password, false));
Get(HomeUrl);
AssertUrlWithoutQuery(_mustChangePasswordUrl);
AssertPageContains(member.FullName);
}
public ActionResult NewPassword(NewPasswordModel newPassword)
{
try
{
// Make sure everything is in order.
newPassword.Validate();
// First look for the login id.
IRegisteredUser user = null;
var userId = _loginCredentialsQuery.GetUserId(newPassword.LoginId);
if (userId != null)
{
user = _usersQuery.GetUser(userId.Value);
}
else
{
// Look for an employer treating it as an email address.
var employers = _employersQuery.GetEmployers(newPassword.LoginId);
if (employers.Count > 1)
{
ModelState.AddModelError(string.Format("There is more than one user with the specified email address. Please enter one of the usernames or <a href=\"{0}\">contact us</a> for assistance.", SupportRoutes.ContactUs.GenerateUrl()));
return(View("NewPasswordSent", newPassword));
}
if (employers.Count == 1)
{
user = employers[0];
}
}
if (user == null || user.UserType == UserType.Administrator)
{
ModelState.AddModelError("The user cannot be found. Please try again.");
}
else
{
// Now reset the password.
var credentials = _loginCredentialsQuery.GetCredentials(user.Id);
_loginCredentialsCommand.ResetPassword(user.Id, credentials);
return(View("NewPasswordSent", newPassword));
}
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new StandardErrorHandler());
}
return(View(newPassword));
}
public void TestCookieWithPasswordReset()
{
var member = CreateMember();
Get(GetTestUrl(HomeUrl));
SubmitLogIn(member);
var cookie = GetCookie(FormsCookieName);
var cookieValue = cookie.Value;
Assert.AreEqual(Domain, cookie.Domain);
Get(GetTestUrl(LoggedInMemberHomeUrl));
AssertUrl(GetTestUrl(LoggedInMemberHomeUrl));
cookie = GetCookie(FormsCookieName);
Assert.AreEqual(Domain, cookie.Domain);
// Delete the cookie.
TestDeleteCookie();
// Reset the member's password.
_loginCredentialsCommand.ResetPassword(member.Id, _loginCredentialsQuery.GetCredentials(member.Id));
// Add it back in with the domain, should still be logged in.
TestAddCookie(Domain, cookieValue, GetTestUrl(_mustChangePasswordUrl));
// Delete the cookie.
TestDeleteCookie();
// Add it back in with the host.
TestAddCookie(Host, cookieValue, GetTestUrl(_mustChangePasswordUrl));
// Delete the cookie.
TestDeleteCookie();
// Add it back in with the domain and host.
TestAddCookies(Host, cookieValue, Domain, cookieValue, GetTestUrl(_mustChangePasswordUrl));
}
