public void When_GetChangeEmailCompletedBodyText_Then_CorrectEmailIsReturned() { // Act var emailText = EmailTemplates.ChangeEmailAddressCompletedBodyText(_firstName, _lastName, _applicationName, _oldEmailAddress, _newEmailAddress); Assert.AreEqual("Dear John Staveley,<br /><br />A request has been completed to change your Security Essentials username/email address from [email protected] to [email protected]. This email address can no longer be used to sign into the account. If you did not request this then please contact the website administration asap.<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText); }
public async Task <ActionResult> ChangeEmailAddressConfirmAsync() { var newEmaiLAddressToken = Request.QueryString["NewEmailAddressToken"] ?? ""; var user = _context.User.FirstOrDefault(u => u.NewEmailAddressToken == newEmaiLAddressToken && u.NewEmailAddressRequestExpiryDateUtc > DateTime.UtcNow); if (user == null) { var error = new HandleErrorInfo( new ArgumentException("INFO: The new user name token is not valid or has expired"), "Account", "ChangeEmailAddressConfirmAsync"); Logger.Information( "Failed Account ChangeEmailAddressConfirm Get, The new user name token is not valid or has expired"); return(View("Error", error)); } if (user.Enabled == false) { var error = new HandleErrorInfo( new InvalidOperationException("INFO: Your account is not currently approved or active"), "Account", "ChangeEmailAddressConfirmAsync"); Logger.Information( "Failed Account ChangeEmailAddressConfirm Get, Account is not currently approved or active"); return(View("Error", error)); } user.UserLogs.Add(new UserLog { Description = $"Change email address request confirmed to change from {user.UserName} to {user.NewEmailAddress}" }); var emailSubject = $"{_configuration.ApplicationName} - Change email address process completed"; var emailBody = EmailTemplates.ChangeEmailAddressCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, user.UserName, user.NewEmailAddress); _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> { user.UserName }, null, null, emailSubject, emailBody, true); user.UserName = user.NewEmailAddress; user.NewEmailAddress = null; user.NewEmailAddressRequestExpiryDateUtc = null; user.NewEmailAddressToken = null; emailBody = $"A request has been completed to change your {_configuration.ApplicationName} username/email address to {user.UserName}. This email address can now be used to log into the application."; _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> { user.UserName }, null, null, emailSubject, emailBody, true); await _context.SaveChangesAsync(); _userManager.SignOut(); return(View("ChangeEmailAddressSuccess")); }
public ActionResult Edit(int id, FormCollection collection) { var isAdmin = UserIdentity.IsUserInRole(this, "Admin"); var currentUserId = UserIdentity.GetUserId(this); var isOwnProfile = currentUserId == id; var users = _context.User.Where(u => u.Id == id); if (users.ToList().Count == 0) { return(new HttpNotFoundResult()); } var user = users.Single(); ViewBag.StatusMessage = ""; var requester = UserIdentity.GetRequester(this); // SECURE: Check user should have access to this account if (!isAdmin && !isOwnProfile) { Logger.Information("Failed User Edit Post, user modification was not permitted for access rights by requester {@requester}", requester); return(new HttpNotFoundResult()); } ViewBag.StatusMessage = ""; var previousUserName = user.UserName; var propertiesToUpdate = new List <string> { "FirstName", "LastName", "TelNoHome", "TelNoMobile", "TelNoWork", "Title", "Town", "Postcode", "SkypeName" }; var expectedFields = new List <string> { "IsAccessingUserAnAdmin", "IsOwnProfile", "IsCurrentUserAnAdmin", "User.Id" }; if (isAdmin) { if (currentUserId != user.Id) { // Otherwise these fields will be disabled on the front page propertiesToUpdate.AddRange(new List <string> { "Approved", "EmailVerified", "Enabled" }); } propertiesToUpdate.AddRange(new List <string> { "UserName" }); } propertiesToUpdate.ForEach(a => expectedFields.Add(a)); AppSensor.ValidateFormData(this, expectedFields); if (TryUpdateModel(user, "User", propertiesToUpdate.ToArray(), collection)) { if (_context.User.Any(a => a.Id != user.Id && user.UserName == a.UserName)) { ModelState.AddModelError("User.UserName", "This username is already in use"); } else { if (user.UserName != previousUserName) { user.UserLogs.Add(new UserLog { Description = $"Username/Email was changed from {previousUserName} by {UserIdentity.GetUserName(this)}" }); string emailSubject = $"{_configuration.ApplicationName} - Change email address process completed"; string emailBody = EmailTemplates.ChangeEmailAddressCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, previousUserName, user.UserName); _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> { user.UserName }, null, null, emailSubject, emailBody, true); } _context.SaveChanges(); if (!isOwnProfile && isAdmin) { return(RedirectToAction("Index", "User")); } ViewBag.StatusMessage = "Your account information has been saved"; } } else { AppSensor.InspectModelStateErrors(this); } return(View("Edit", new UserViewModel(UserIdentity.GetUserId(this), isAdmin, user))); }