public void POST_Cannot_Update_Email_Address_For_Non_Active_User() { // Arrange User user = new UserBuilder().DefaultRetiredUser().WithEmailAddress("*****@*****.**").WithPassword("password").Build(); var requestFormValues = new Dictionary <string, StringValues>(); requestFormValues.Add("GovUk_Text_Password", "password"); var controllerBuilder = new ControllerBuilder <ChangeEmailController>(); var controller = controllerBuilder .WithLoggedInUser(user) .WithRequestFormValues(requestFormValues) .WithDatabaseObjects(user) .WithMockUriHelper() .Build(); var emailVerificationCode = Encryption.EncryptModel( new ChangeEmailVerificationToken { UserId = user.UserId, NewEmailAddress = "*****@*****.**".ToLower(), TokenTimestamp = VirtualDateTime.Now }); var viewModel = new VerifyEmailChangeViewModel { NewEmailAddress = "*****@*****.**", Code = emailVerificationCode, User = user }; // Act & Assert Assert.Throws <ArgumentException>(() => controller.VerifyEmailPost(viewModel)); }
public IActionResult VerifyEmailPost(VerifyEmailChangeViewModel viewModel) { ChangeEmailVerificationToken changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(viewModel.Code); if (TokenHasExpired(changeEmailToken)) { string error = "Your email verification link has expired. Please go to My Account and start the email change process again."; return(View("VerifyEmailError", error)); } User user = dataRepository.Get <User>(changeEmailToken.UserId); viewModel.User = user; viewModel.NewEmailAddress = changeEmailToken.NewEmailAddress; // Check if the user has entered a password (they might have left this field blank) viewModel.ParseAndValidateParameters(Request, m => m.Password); if (viewModel.HasAnyErrors()) { return(View("VerifyEmail", viewModel)); } if (!userRepository.CheckPassword(user, viewModel.Password)) { viewModel.AddErrorFor(m => m.Password, "Incorrect password"); return(View("VerifyEmail", viewModel)); } if (OtherUserWithThisEmailAddressAlreadyExists(viewModel.NewEmailAddress)) { string error = "This email address is already taken by another account."; return(View("VerifyEmailError", error)); } string oldEmailAddress = user.EmailAddress; userRepository.UpdateEmail(user, changeEmailToken.NewEmailAddress); NotifyBothOldAndNewEmailAddressesThatEmailAddressHasBeenChanged(oldEmailAddress, changeEmailToken.NewEmailAddress); return(View("ChangeEmailComplete", changeEmailToken.NewEmailAddress)); }
public IActionResult VerifyEmailGet(string code) { ChangeEmailVerificationToken changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(code); if (TokenHasExpired(changeEmailToken)) { string error = "Your email verification link has expired. Please go to My Account and start the email change process again."; return(View("VerifyEmailError", error)); } User user = dataRepository.Get <User>(changeEmailToken.UserId); var viewModel = new VerifyEmailChangeViewModel { User = user, Code = code, NewEmailAddress = changeEmailToken.NewEmailAddress }; return(View("VerifyEmail", viewModel)); }
public void POST_Cannot_Update_Email_Address_To_Email_Associated_With_Another_Account() { // Arrange User user = new UserBuilder().WithEmailAddress("*****@*****.**").WithPassword("password").Build(); User user2 = new UserBuilder().WithEmailAddress("*****@*****.**").Build(); var requestFormValues = new Dictionary <string, StringValues>(); requestFormValues.Add("GovUk_Text_Password", "password"); var controllerBuilder = new ControllerBuilder <ChangeEmailController>(); var controller = controllerBuilder .WithLoggedInUser(user) .WithRequestFormValues(requestFormValues) .WithDatabaseObjects(user, user2) .WithMockUriHelper() .Build(); var emailVerificationCode = Encryption.EncryptModel( new ChangeEmailVerificationToken { UserId = user.UserId, NewEmailAddress = "*****@*****.**".ToLower(), TokenTimestamp = VirtualDateTime.Now }); var viewModel = new VerifyEmailChangeViewModel { NewEmailAddress = "*****@*****.**", Code = emailVerificationCode, User = user }; // Act controller.VerifyEmailPost(viewModel); // Assert Assert.AreEqual("*****@*****.**", user.EmailAddress); var auditLogs = controllerBuilder.DataRepository.GetAll <AuditLog>(); Assert.AreEqual(0, auditLogs.Count()); }
public void POST_User_Can_Verify_Their_Email_Address_And_Confirm_Password_To_Change_Email_Address() { // Arrange User user = new UserBuilder().WithEmailAddress("*****@*****.**").WithPassword("password").Build(); var requestFormValues = new Dictionary <string, StringValues>(); requestFormValues.Add("GovUk_Text_Password", "password"); var controllerBuilder = new ControllerBuilder <ChangeEmailController>(); var controller = controllerBuilder .WithLoggedInUser(user) .WithRequestFormValues(requestFormValues) .WithDatabaseObjects(user) .WithMockUriHelper() .Build(); var emailVerificationCode = Encryption.EncryptModel( new ChangeEmailVerificationToken { UserId = user.UserId, NewEmailAddress = "*****@*****.**".ToLower(), TokenTimestamp = VirtualDateTime.Now }); var viewModel = new VerifyEmailChangeViewModel { NewEmailAddress = "*****@*****.**", Code = emailVerificationCode, User = user }; // Act controller.VerifyEmailPost(viewModel); // Assert Assert.AreEqual("*****@*****.**", user.EmailAddress); var auditLogs = controllerBuilder.DataRepository.GetAll <AuditLog>(); Assert.AreEqual(1, auditLogs.Count()); var auditLog = auditLogs.FirstOrDefault(); Assert.NotNull(auditLog); Assert.AreEqual(AuditedAction.UserChangeEmailAddress, auditLog.Action); Assert.AreEqual(2, controllerBuilder.EmailsSent.Count); var oldEmailNotifications = controllerBuilder.EmailsSent.Where(e => e.EmailAddress == "*****@*****.**").ToList(); Assert.AreEqual(1, oldEmailNotifications.Count); var oldEmailNotification = oldEmailNotifications.FirstOrDefault(); Assert.AreEqual(EmailTemplates.SendChangeEmailCompletedNotificationEmail, oldEmailNotification.TemplateId); var newEmailNotifications = controllerBuilder.EmailsSent.Where(e => e.EmailAddress == "*****@*****.**").ToList(); Assert.AreEqual(1, newEmailNotifications.Count); var newEmailNotification = newEmailNotifications.FirstOrDefault(); Assert.AreEqual(EmailTemplates.SendChangeEmailCompletedVerificationEmail, newEmailNotification.TemplateId); }