public ActionResult NewPassword(string emailAddress) { try { if (string.IsNullOrEmpty(emailAddress)) { ModelState.AddModelError("You must supply an email address to send the new password to"); } var employers = _employersQuery.GetEmployers(emailAddress); if (employers == null || employers.Count == 0) { ModelState.AddModelError("The user cannot be found. Please try again."); } else if (employers.Count == 1) { // Now reset the password. var employer = employers[0]; var credentials = _loginCredentialsQuery.GetCredentials(employer.Id); _loginCredentialsCommand.ResetPassword(employer.Id, credentials); } else if (employers.Count > 1) { ModelState.AddModelError(string.Format("There is more than one user with the specified email address. Please reset your password on the website")); } } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } return(Json(new JsonResponseModel())); }
public void TestPasswordReset() { // Create the member. var member = _memberAccountsCommand.CreateTestMember(0); // Reset their password. var credentials = _loginCredentialsQuery.GetCredentials(member.Id); _loginCredentialsCommand.ResetPassword(member.Id, credentials); // Assert that they cannot log in in with their old password. GetLoginUrl(); SubmitLogIn(member); AssertPageDoesNotContain(member.FullName); AssertSecureLoginUrl(); // Assert that they can log in with the new password. In the test environment this is always the same password. var password = _passwordsCommand.GenerateRandomPassword(); GetLoginUrl(); SubmitLogIn(member, password); AssertUrlWithoutQuery(_mustChangePasswordUrl); }
public void TestPasswordReset() { // Create the member. var member = _memberAccountsCommand.CreateTestMember(0); // Reset their password. var credentials = _loginCredentialsQuery.GetCredentials(member.Id); _loginCredentialsCommand.ResetPassword(member.Id, credentials); // Assert that they cannot log in in with their old password. AssertNotLoggedIn(); AssertJsonError(ApiLogIn(member), null, "101", "Login failed. Please try again."); AssertNotLoggedIn(); // Assert that they can log in with the new password. In the test environment this is always the same password. var password = _passwordsCommand.GenerateRandomPassword(); AssertJsonSuccess(ApiLogIn(member.GetLoginId(), password, false)); Get(HomeUrl); AssertUrlWithoutQuery(_mustChangePasswordUrl); AssertPageContains(member.FullName); }
public ActionResult NewPassword(NewPasswordModel newPassword) { try { // Make sure everything is in order. newPassword.Validate(); // First look for the login id. IRegisteredUser user = null; var userId = _loginCredentialsQuery.GetUserId(newPassword.LoginId); if (userId != null) { user = _usersQuery.GetUser(userId.Value); } else { // Look for an employer treating it as an email address. var employers = _employersQuery.GetEmployers(newPassword.LoginId); if (employers.Count > 1) { ModelState.AddModelError(string.Format("There is more than one user with the specified email address. Please enter one of the usernames or <a href=\"{0}\">contact us</a> for assistance.", SupportRoutes.ContactUs.GenerateUrl())); return(View("NewPasswordSent", newPassword)); } if (employers.Count == 1) { user = employers[0]; } } if (user == null || user.UserType == UserType.Administrator) { ModelState.AddModelError("The user cannot be found. Please try again."); } else { // Now reset the password. var credentials = _loginCredentialsQuery.GetCredentials(user.Id); _loginCredentialsCommand.ResetPassword(user.Id, credentials); return(View("NewPasswordSent", newPassword)); } } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } return(View(newPassword)); }
public void TestCookieWithPasswordReset() { var member = CreateMember(); Get(GetTestUrl(HomeUrl)); SubmitLogIn(member); var cookie = GetCookie(FormsCookieName); var cookieValue = cookie.Value; Assert.AreEqual(Domain, cookie.Domain); Get(GetTestUrl(LoggedInMemberHomeUrl)); AssertUrl(GetTestUrl(LoggedInMemberHomeUrl)); cookie = GetCookie(FormsCookieName); Assert.AreEqual(Domain, cookie.Domain); // Delete the cookie. TestDeleteCookie(); // Reset the member's password. _loginCredentialsCommand.ResetPassword(member.Id, _loginCredentialsQuery.GetCredentials(member.Id)); // Add it back in with the domain, should still be logged in. TestAddCookie(Domain, cookieValue, GetTestUrl(_mustChangePasswordUrl)); // Delete the cookie. TestDeleteCookie(); // Add it back in with the host. TestAddCookie(Host, cookieValue, GetTestUrl(_mustChangePasswordUrl)); // Delete the cookie. TestDeleteCookie(); // Add it back in with the domain and host. TestAddCookies(Host, cookieValue, Domain, cookieValue, GetTestUrl(_mustChangePasswordUrl)); }