private async Task <ResultWithError <ErrorData> > Process(PasswordResetCommand request, CancellationToken cancellationToken) { var whenHappened = this._clock.GetCurrentInstant().ToDateTimeUtc(); var convertedToken = new Guid(Convert.FromBase64String(request.Token)); var userMaybe = await this._userRepository.FindByUserBySecurityToken(convertedToken, whenHappened, cancellationToken); if (userMaybe.HasNoValue) { return(ResultWithError.Fail(new ErrorData(ErrorCodes.UserNotFound))); } var user = userMaybe.Value; if (user.PasswordHistories.OrderByDescending(x => x.WhenUsed).Take(this._securitySettings.HistoricalLimit) .Any(x => BCrypt.Net.BCrypt.Verify(request.NewPassword, x.Hash))) { return(ResultWithError.Fail(new ErrorData( ErrorCodes.PasswordInHistory))); } user.ChangePassword(BCrypt.Net.BCrypt.HashPassword(request.NewPassword), whenHappened); user.CompleteTokenLifecycle(convertedToken, whenHappened); user.AddDomainEvent(new PasswordChangedEvent(user.EmailAddress, user.Profile.FirstName, user.Profile.LastName)); this._userRepository.Update(user); return(ResultWithError.Ok <ErrorData>()); }
public void Constructor_GiveValidArguments_PropertiesAreSet() { var passwordResetCommand = new PasswordResetCommand("token", "new-password"); Assert.Equal("token", passwordResetCommand.Token); Assert.Equal("new-password", passwordResetCommand.NewPassword); }
public async Task Handle_GivenSavingSucceeds_ExpectSuccessfulResult() { var user = new Mock <IUser>(); user.Setup(x => x.Profile).Returns(new Profile(TestVariables.UserId, "first-name", "last-name")); user.Setup(x => x.PasswordHistories).Returns(new List <PasswordHistory> { new PasswordHistory(TestVariables.PasswordHistoryId, BCrypt.Net.BCrypt.HashPassword("new-password"), TestVariables.Now.AddMonths(-1)), }); var clock = new Mock <IClock>(); var userRepository = new Mock <IUserRepository>(); var unitOfWork = new Mock <IUnitOfWork>(); unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true); userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object); userRepository.Setup(x => x.FindByUserBySecurityToken(It.IsAny <Guid>(), It.IsAny <DateTime>(), It.IsAny <CancellationToken>())) .ReturnsAsync(() => Maybe.From(user.Object)); var securitySettings = new Mock <IOptions <SecuritySettings> >(); securitySettings.Setup(x => x.Value).Returns(new SecuritySettings()); var handler = new PasswordResetCommandHandler(userRepository.Object, clock.Object, securitySettings.Object); var cmd = new PasswordResetCommand( Convert.ToBase64String(Guid.NewGuid().ToByteArray()), "new-password"); var result = await handler.Handle(cmd, CancellationToken.None); Assert.True(result.IsSuccess); }
public async Task <IActionResult> ForgotPassword(ForgotPasswordRequest model, CancellationToken cancellationToken) { var command = new PasswordResetCommand(model.Email); await _commandProcessor.SendAsync(command, cancellationToken : cancellationToken); return(Ok()); }
public void Validate_GivenAllPropertiesAreValid_ExpectValidationSuccess() { var cmd = new PasswordResetCommand("token", "new-password"); var validator = new PasswordResetCommandValidator(); var result = validator.Validate(cmd); Assert.True(result.IsValid); }
public async Task <IActionResult> PasswordReset(string email) { var command = new PasswordResetCommand { Email = email }; var result = await _identityService.PasswordReset(command); return(RedirectToRoute(new { area = "Identity", controller = "Authenticate", action = "PasswordResetSent" })); }
public async Task <IActionResult> PasswordReset([FromBody] PasswordResetCommand command) { if (!ModelState.IsValid) { return(BadRequest(ModelState.GetErrorsArray())); } await _userService.ResetPasswordAsync(command); return(Ok()); }
public void Validate_GivenTokenIsNull_ExpectValidationFailure() { var cmd = new PasswordResetCommand(null, "new-password"); var validator = new PasswordResetCommandValidator(); var result = validator.Validate(cmd); Assert.False(result.IsValid); Assert.Contains( result.Errors, failure => failure.ErrorCode.Equals(ValidationCodes.FieldIsRequired) && failure.PropertyName == "Token"); }
public void Validate_GivenNewPasswordIsEmpty_ExpectValidationFailure() { var cmd = new PasswordResetCommand("token", string.Empty); var validator = new PasswordResetCommandValidator(); var result = validator.Validate(cmd); Assert.False(result.IsValid); Assert.Contains( result.Errors, failure => failure.ErrorCode.Equals(ValidationCodes.FieldIsRequired) && failure.PropertyName == "NewPassword"); }
public IActionResult UpdatePassword([FromBody] PasswordResetCommand cmd) { try { _passwordResetCommandHandler.Handle(cmd, _appSettings.UseStrongPassword); } catch (Exception ex) { return(BadRequest(ex.Message)); } return(Ok()); }
public async Task <ResultWithError <ErrorData> > Handle(PasswordResetCommand request, CancellationToken cancellationToken) { var result = await this.Process(request, cancellationToken); var dbResult = await this._userRepository.UnitOfWork.SaveEntitiesAsync(cancellationToken); if (!dbResult) { return(ResultWithError.Fail(new ErrorData( ErrorCodes.SavingChanges, "Failed To Save Database"))); } return(result); }
public void Handle(PasswordResetCommand cmd, bool useStrongPassword) { if (cmd.CommandId == null) { cmd.CommandId = Guid.NewGuid(); } var user = _applicationUserRepository.Get(cmd.ApplicationUserId); if (user != null) { user.UpdatePassword(cmd.NewPassword, cmd.NewPasswordConfirm, cmd.OldPassword, useStrongPassword); _applicationUserRepository.Save(); //fire event here... } }
public ActionResult PasswordReset(string token, PasswordRestModel passwordRestModel) { if (ModelState.IsValid) { var passwordReset = new PasswordResetCommand(token, passwordRestModel.NewPassword); var result = ExecuteCommand(passwordReset); if (result) { return(RedirectToAction("Login")); } else { ModelState.AddModelError(string.Empty, "The password reset token is invalid or expired."); } } return(View()); }
public async Task <PasswordResetResult> PasswordReset(PasswordResetCommand config) { var user = await _userManager.FindByEmailAsync(config.Email); var emailConfig = new SendPasswordResetEmailCommand { ApiKey = GetValueInSection("EmailConfig", "SendGridApiKey"), SenderEmail = GetValueInSection("EmailConfig", "SenderEmail"), SenderName = GetValueInSection("EmailConfig", "SenderName"), ReceiverEmail = user.Email, ReceiverName = user.FirstName, Subject = GetValueInSection("PasswordReset", "Subject") }; var result = SendPasswordResetEmail(emailConfig, user); return(new PasswordResetResult { }); }
public async Task Handle_GivenUserIsNotFound_ExpectFailedResult() { var clock = new Mock <IClock>(); var userRepository = new Mock <IUserRepository>(); var unitOfWork = new Mock <IUnitOfWork>(); unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true); userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object); userRepository.Setup(x => x.FindByUserBySecurityToken(It.IsAny <Guid>(), It.IsAny <DateTime>(), It.IsAny <CancellationToken>())) .ReturnsAsync(() => Maybe <IUser> .Nothing); var securitySettings = new Mock <IOptions <SecuritySettings> >(); var handler = new PasswordResetCommandHandler(userRepository.Object, clock.Object, securitySettings.Object); var cmd = new PasswordResetCommand( Convert.ToBase64String(Guid.NewGuid().ToByteArray()), "new-password"); var result = await handler.Handle(cmd, CancellationToken.None); Assert.True(result.IsFailure); Assert.Equal(ErrorCodes.UserNotFound, result.Error.Code); }
public ActionResult PasswordReset(string token, PasswordRestModel passwordRestModel) { if (ModelState.IsValid) { var passwordReset = new PasswordResetCommand(token, passwordRestModel.NewPassword); var result = ExecuteCommand(passwordReset); if (result) { return RedirectToAction("Login"); } else { ModelState.AddModelError(string.Empty, "The password reset token is invalid or expired."); } } return View(); }