public async Task<ActionResult> PasswordChange(string email, string token)
        {
            var isValid = await _userService.IsPasswordResetRequestValid(email, token);
            if (!isValid) return RedirectToHome();

            var model = new PasswordChangeModel();
            model.Email = email;
            model.Token = token;

            return View(model);
        }
        public async Task<ActionResult> PasswordChange(PasswordChangeModel model)
        {
            if (!model.IsValid())
            {
                return RedirectToHome();
            }

            var isValid = await _userService.IsPasswordResetRequestValid(model.Email, model.Token);
            if (!isValid) return RedirectToHome();

            isValid = await _userService.ChangePassword(model.Email, model.Token, model.Password);
            if (!isValid) return RedirectToHome();

            if (User.Identity.IsAuthenticated)
            {
                _formsAuthenticationService.SignOut();
            }

            model.Msg = LocalizationStringHtmlHelper.LocalizationString("password_reset_successfull");

            return View(model);
        }
        public async void password_change_should_return_with_password_change_model_if_model_is_valid()
        {
            // Arrange
            const string actionName = "PasswordChange";
            const string email = "*****@*****.**";
            const string token = "token";
            const string password = "******";

            var validModel = new PasswordChangeModel { Email = email, Password = password, Token = token };

            var userService = new Mock<IUserService>();
            userService.Setup(x => x.IsPasswordResetRequestValid(email, token))
                       .Returns(() => Task.FromResult(true));

            userService.Setup(x => x.ChangePassword(email, token, password))
                       .Returns(() => Task.FromResult(true));

            var formsAuthenticationService = new Mock<IFormsAuthenticationService>();
            formsAuthenticationService.Setup(x => x.SignOut());

            // Act
            var sut = new UserControllerBuilder().WithUserService(userService.Object)
                                                 .WithFormsAuthenticationService(formsAuthenticationService.Object)
                                                 .BuildWithMockControllerContext();

            var view = await sut.PasswordChange(validModel) as ViewResult;

            // Assert
            Assert.NotNull(view);
            Assert.NotNull(view.Model);
            Assert.IsInstanceOf<BaseController>(sut);
            Assert.IsAssignableFrom<PasswordChangeModel>(view.Model);

            userService.Verify(x => x.IsPasswordResetRequestValid(email, token), Times.Once);
            userService.Verify(x => x.ChangePassword(email, token, password), Times.Once);
            formsAuthenticationService.Verify(x => x.SignOut(), Times.Once);

            sut.AssertPostAttribute(actionName, new[] { typeof(PasswordChangeModel) });
            sut.AssertAllowAnonymousAttribute(actionName, new[] { typeof(PasswordChangeModel) });
        }