Given_MaxPreviousPasswordChangesReached_When_ChangePasswordAsync_Then_PasswordHistoryListDoesNotGrow() { // Arrange var oldPasswordHash = TestUser.PasswordHash; var oldSalt = TestUser.PasswordSalt; var oldPassword = "******"; var newPassword = "******"; _configuration.MaxNumberOfPreviousPasswords = 4; var passwordLastChangedDate = DateTime.UtcNow; TestUser.PasswordLastChangedDateUtc = passwordLastChangedDate; TestUser.PreviousPasswords = new List <PreviousPassword> { new PreviousPassword { ActiveFromDateUtc = DateTime.UtcNow.AddDays(-1) }, new PreviousPassword { ActiveFromDateUtc = DateTime.UtcNow.AddDays(-2) }, new PreviousPassword { ActiveFromDateUtc = DateTime.UtcNow.AddDays(-3) }, new PreviousPassword { ActiveFromDateUtc = DateTime.UtcNow.AddDays(-4), Salt = "To be removed" } }; // Act var result = await _sut.ChangePasswordAsync(TestUser.Id, oldPassword, newPassword); // Assert Assert.AreEqual(0, result); _context.AssertWasCalled(a => a.SaveChanges()); _context.AssertWasCalled(a => a.SetDeleted(Arg <PreviousPassword> .Matches(b => b.Salt == "To be removed"))); Assert.AreNotEqual(oldPasswordHash, TestUser.PasswordHash); Assert.AreNotEqual(oldSalt, TestUser.PasswordSalt); var mostRecentPasswordChange = TestUser.PreviousPasswords.OrderByDescending(a => a.ActiveFromDateUtc).Take(1).Single(); Assert.That(mostRecentPasswordChange.ActiveFromDateUtc, Is.EqualTo(passwordLastChangedDate)); }
public async Task Given_OldPasswordCorrect_When_ChangePasswordAsync_Then_Success() { // Arrange var oldPasswordHash = TestUser.PasswordHash; var oldSalt = TestUser.PasswordSalt; var oldPassword = "******"; var newPassword = "******"; // Act var result = await _sut.ChangePasswordAsync(TestUser.Id, oldPassword, newPassword); // Assert Assert.AreEqual(0, result, "Password was invalid"); _context.AssertWasCalled(a => a.SaveChanges()); Assert.AreEqual(1, TestUser.UserLogs.Count); Assert.IsTrue(TestUser.UserLogs.Any(a => a.Description.Contains("Password changed"))); Assert.That(TestUser.PreviousPasswords.Count, Is.EqualTo(1)); Assert.AreNotEqual(oldPasswordHash, TestUser.PasswordHash); Assert.AreNotEqual(oldSalt, TestUser.PasswordSalt); Assert.IsTrue(TestUser.PasswordLastChangedDateUtc > DateTime.UtcNow.AddMinutes(-5)); }