public async Task <IActionResult> Index(ConfirmPasswordViewModel viewModel)
{
var resetPasswordData = TempData.Peek <ResetPasswordData>() !;
var hashIsValid = await passwordResetService.EmailAndResetPasswordHashAreValidAsync(
resetPasswordData.Email,
resetPasswordData.ResetPasswordHash,
ResetPasswordHelpers.ResetPasswordHashExpiryTime
);
if (!hashIsValid)
{
TempData.Clear();
return(RedirectToAction("Error"));
}
if (!ModelState.IsValid)
{
return(View(viewModel));
}
await passwordResetService.InvalidateResetPasswordForEmailAsync(resetPasswordData.Email);
await passwordService.ChangePasswordAsync(resetPasswordData.Email, viewModel.Password !);
TempData.Clear();
return(View("Success"));
}
public async Task Post_to_index_should_invalidate_reset_hash_if_model_and_hash_valid()
{
// Given
A.CallTo(
() => passwordResetService.EmailAndResetPasswordHashAreValidAsync(
"email",
"hash",
ResetPasswordHelpers.ResetPasswordHashExpiryTime
)
)
.Returns(true);
unauthenticatedController.TempData.Set(new ResetPasswordData("email", "hash"));
// When
await unauthenticatedController.Index(
new ConfirmPasswordViewModel { Password = "******", ConfirmPassword = "******" }
);
// Then
A.CallTo(() => passwordResetService.InvalidateResetPasswordForEmailAsync("email"))
.MustHaveHappenedOnceExactly();
}