public void When_GetChangePasswordPendingBodyText_Then_CorrectEmailIsReturned() { // Act var emailText = EmailTemplates.ChangePasswordPendingBodyText(_firstName, _lastName, _applicationName, _url, _token); Assert.AreEqual("Dear John Staveley,<br /><br />A request has been received to reset your Security Essentials password. You can complete this process any time within the next 15 minutes by clicking <a href='http://localhost:4986/Account/RecoverPassword?PasswordResetToken=c4f32838-9ab4-46d8-bc49-d080264bd13e'>http://localhost:4986/Account/RecoverPassword?PasswordResetToken=c4f32838-9ab4-46d8-bc49-d080264bd13e</a>. If you did not make this request this then please ignore this email.<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText); }
public async Task <ActionResult> RecoverAsync(RecoverViewModel model) { var requester = UserIdentity.GetRequester(this); var userName = model.UserName; AppSensor.ValidateFormData(this, new List <string> { "UserName" }); if (ModelState.IsValid) { var user = _context.User.SingleOrDefault(u => u.UserName == model.UserName && u.Enabled && u.EmailVerified && u.Approved); if (_configuration.HasRecaptcha) { if (!_recaptcha.ValidateRecaptcha(this)) { Logger.Information("Failed Account Recover Post Recaptcha failed by requester {@requester}", requester); return(View("Recover", model)); } } if (user != null) { user.PasswordResetToken = Guid.NewGuid().ToString().Replace("-", ""); user.PasswordResetExpiryDateUtc = DateTime.UtcNow.AddMinutes(15); // Send recovery email with link to recover password form var emailBody = EmailTemplates.ChangePasswordPendingBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, _configuration.WebsiteBaseUrl, user.PasswordResetToken); var emailSubject = $"{_configuration.ApplicationName} - Complete the password recovery process"; _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> { user.UserName }, null, null, emailSubject, emailBody, true); user.UserLogs.Add(new UserLog { Description = "Password reset link generated and sent" }); await _context.SaveChangesAsync(); } else { Logger.Information("Failed Account Recover Post UserName {userName} by requester {@requester}", userName, requester); return(View("RecoverSuccess")); } } else { AppSensor.InspectModelStateErrors(this); } return(View("RecoverSuccess")); }