public async Task TestFinishPasswordReset() { var client = _factory.CreateClient(); var userManager = _factory.GetRequiredService <UserManager <User> >(); var passwordHasher = _factory.GetRequiredService <IPasswordHasher <User> >(); var user = new User { Login = "******", Email = "*****@*****.**", PasswordHash = passwordHasher.HashPassword(null, TestUtil.RandomAlphabetic(60)), ResetDate = DateTime.Now.Add(60.Seconds()), ResetKey = TestUtil.RandomAlphabetic(60) }; await userManager.CreateAsync(user); var keyAndPassword = new KeyAndPasswordVM { Key = user.ResetKey, NewPassword = "******" }; var response = await client.PostAsync("/api/account/reset-password/finish", TestUtil.ToJsonContent(keyAndPassword)); response.StatusCode.Should().Be(HttpStatusCode.OK); var updatedUser = await userManager.FindByNameAsync(user.Login); passwordHasher.VerifyHashedPassword(updatedUser, updatedUser.PasswordHash, keyAndPassword.NewPassword) .Should().Be(PasswordVerificationResult.Success); }
public async Task TestFinishPasswordResetTooSmall() { var client = _factory.CreateClient(); var userManager = _factory.GetRequiredService <UserManager <User> >(); var passwordHasher = _factory.GetRequiredService <IPasswordHasher <User> >(); var user = new User { Login = "******", Email = "*****@*****.**", PasswordHash = passwordHasher.HashPassword(null, TestUtil.RandomAlphabetic(60)), ResetDate = DateTime.Now.Add(60.Seconds()), ResetKey = TestUtil.RandomAlphabetic(60) }; await userManager.CreateAsync(user); var keyAndPassword = new KeyAndPasswordVM { Key = user.ResetKey, NewPassword = TestUtil.RandomAlphabetic(3) }; var response = await client.PostAsync("/api/account/reset-password/finish", TestUtil.ToJsonContent(keyAndPassword)); response.StatusCode.Should().Be(HttpStatusCode.BadRequest); var updatedUser = await userManager.FindByNameAsync(user.Login); //TODO FIX database refresh to prevent the usage of context/Reload updatedUser = Fixme.ReloadUser(_factory, updatedUser); passwordHasher.VerifyHashedPassword(updatedUser, updatedUser.PasswordHash, keyAndPassword.NewPassword) .Should().Be(PasswordVerificationResult.Failed); }
public async Task TestFinishPasswordResetWrongKey() { var client = _factory.CreateClient(); var keyAndPassword = new KeyAndPasswordVM { Key = TestUtil.RandomAlphabetic(60), NewPassword = TestUtil.RandomAlphabetic(60) }; var response = await client.PostAsync("/api/account/reset-password/finish", TestUtil.ToJsonContent(keyAndPassword)); response.StatusCode.Should().Be(HttpStatusCode.InternalServerError); }
public async Task RequestPasswordReset([FromBody] KeyAndPasswordVM keyAndPasswordVm) { if (!CheckPasswordLength(keyAndPasswordVm.NewPassword)) { throw new InvalidPasswordException(); } var user = await _userService.CompletePasswordReset(keyAndPasswordVm.NewPassword, keyAndPasswordVm.Key); if (user == null) { throw new InternalServerErrorException("No user was found for this reset key"); } }