public void Should_delete_credentials() { const string username1 = "*****@*****.**"; const string username2 = "*****@*****.**"; const string password = "******"; var identity = _identityDirectory.CreateIdentity(); _identityStore.AddCredentials(identity, username1, password); _identityStore.AddCredentials(identity, username2, password, false, new[] { "contacts" }); var credential = _identityStore.GetUsernameCredential(username2); _identityStore.DeleteCredential(credential); var credentials = _identityStore.GetCredentials(identity).ToList(); var credential1 = credentials.FirstOrDefault(c => c.Username == username1); var credential2 = credentials.FirstOrDefault(c => c.Username == username2); Assert.AreEqual(1, credentials.Count()); Assert.IsNotNull(credential1); Assert.IsNull(credential2); }
private void ResetPassword(IOwinContext context, Identification identification) { var form = context.Request.ReadFormAsync().Result; var userName = form["username"]; var resetToken = form["reset-token"]; var newPassword = form["new-password"]; var failed = false; if (resetToken == null) { SetOutcome(context, identification, "No password reset token provided"); failed = true; } else if (userName == null) { SetOutcome(context, identification, "No username provided"); failed = true; } else if (newPassword == null) { SetOutcome(context, identification, "No new password provided"); failed = true; } ICredential credential = null; if (!failed) { credential = _identityStore.GetUsernameCredential(userName); if (credential == null) { SetOutcome(context, identification, "Invalid username provided"); failed = true; } } if (!failed) { var token = _tokenStore.GetToken("passwordReset", resetToken, "ResetPassword", userName); if (token.Status == TokenStatus.Allowed) { try { if (_identityStore.ChangePassword(credential, form["new-password"])) { SetOutcome(context, identification, "Password succesfully reset"); identification.Identity = credential.Identity; identification.Claims = _identityDirectory.GetClaims(credential.Identity); context.Response.Cookies.Append(IdentityCookie, credential.Identity); context.Response.Cookies.Delete(RememberMeCookie); context.Response.Redirect(SecureHomePage); } else { SetOutcome(context, identification, "Password reset failed"); } } catch (InvalidPasswordException e) { SetOutcome(context, identification, "Invalid password. " + e.Message + ". You will need to get a new password reset token to try again."); } } else { SetOutcome(context, identification, "This password reset token has been used before"); } } GoHome(context, identification); }