public void Should_change_password()
{
const string userName = "******";
const string oldPassword = "******";
const string newPassword = "******";
var identity = _identityDirectory.CreateIdentity();
_identityStore.AddCredentials(identity, userName, oldPassword);
var result = _identityStore.AuthenticateWithCredentials(userName, oldPassword);
Assert.AreEqual(identity, result.Identity);
Assert.AreEqual(AuthenticationStatus.Authenticated, result.Status);
var credential = _identityStore.GetRememberMeCredential(result.RememberMeToken);
_identityStore.ChangePassword(credential, newPassword);
result = _identityStore.AuthenticateWithCredentials(userName, newPassword);
Assert.AreEqual(identity, result.Identity);
Assert.AreEqual(AuthenticationStatus.Authenticated, result.Status);
result = _identityStore.AuthenticateWithCredentials(userName, oldPassword);
Assert.AreEqual(identity, result.Identity);
Assert.AreEqual(AuthenticationStatus.InvalidCredentials, result.Status);
}
private void ChangePassword(IOwinContext context, Identification identification)
{
var form = context.Request.ReadFormAsync().Result;
var result = _identityStore.AuthenticateWithCredentials(form["username"], form["password"]);
if (result.Status == AuthenticationStatus.Authenticated)
{
var credential = _identityStore.GetRememberMeCredential(result.RememberMeToken);
if (credential == null)
{
SetOutcome(context, identification, "Internal error, remember me token was not valid");
}
else
{
try
{
if (_identityStore.ChangePassword(credential, form["new-password"]))
{
SetOutcome(context, identification, "Password changed");
}
else
{
SetOutcome(context, identification, "Password was not changed");
}
}
catch (InvalidPasswordException e)
{
SetOutcome(context, identification, "Invalid password. " + e.Message);
}
}
}
else
{
SetOutcome(context, identification, "Login failed");
}
GoHome(context, identification);
}