public void When_GetChangePasswordCompletedBodyText_Then_CorrectEmailIsReturned() { // Act var emailText = EmailTemplates.ChangePasswordCompletedBodyText(_firstName, _lastName, _applicationName); Assert.AreEqual("Dear John Staveley,<br /><br />Just a note from Security Essentials to say your password has been changed today, if this wasn't done by yourself, please contact the site administrator asap<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText); }
public async Task <ActionResult> ChangePasswordAsync(ChangePasswordViewModel model) { ViewBag.ReturnUrl = Url.Action("ChangePassword"); var requester = UserIdentity.GetRequester(this); var recaptchaSuccess = true; if (_configuration.HasRecaptcha) { recaptchaSuccess = _recaptcha.ValidateRecaptcha(this); } AppSensor.ValidateFormData(this, new List <string> { "ConfirmPassword", "OldPassword", "NewPassword" }); if (recaptchaSuccess) { var userId = UserIdentity.GetUserId(this); var user = _context.User.FirstOrDefault(u => u.Id == userId); if (user != null) { var result = await _userManager.ChangePasswordAsync(UserIdentity.GetUserId(this), model.OldPassword, model.NewPassword); if (result.Succeeded) { // Email recipient with password change acknowledgement var emailBody = EmailTemplates.ChangePasswordCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName); var emailSubject = $"{_configuration.ApplicationName} - Password change confirmation"; _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> { user.UserName }, null, null, emailSubject, emailBody, true); _context.SaveChanges(); _formsAuth.SignOut(); _userManager.SignOut(); _httpCache.RemoveFromCache($"MustChangePassword-{userId}"); Session.Abandon(); Logger.Debug("Account Logoff due to password change"); return(View("ChangePasswordSuccess")); } Logger.Information("Failed Account ChangePassword Post by requester {@requester}", requester); AddErrors(result); } else { return(HttpNotFound()); } } else { Logger.Information("Failed Account Change Password Post Recaptcha failed by requester {@requester}", requester); } return(View("ChangePassword", model)); }
public async Task <ActionResult> ChangePassword(ChangePasswordViewModel model) { ViewBag.ReturnUrl = Url.Action("ChangePassword"); var requester = _userIdentity.GetRequester(this); var recaptchaSuccess = true; if (_configuration.HasRecaptcha) { recaptchaSuccess = _recaptcha.ValidateRecaptcha(this); } _appSensor.ValidateFormData(this, new List <string>() { "ConfirmPassword", "OldPassword", "NewPassword" }); if (recaptchaSuccess) { var user = _context.User.Where(u => u.Id == requester.LoggedOnUserId.Value).FirstOrDefault(); if (user != null) { var result = await _userManager.ChangePasswordAsync(requester.LoggedOnUserId.Value, model.OldPassword, model.NewPassword); if (result.Succeeded) { // Email recipient with password change acknowledgement string emailBody = EmailTemplates.ChangePasswordCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName); string emailSubject = string.Format("{0} - Password change confirmation", _configuration.ApplicationName); _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>() { user.UserName }, null, null, emailSubject, emailBody, true); _context.SaveChanges(); _formsAuth.SignOut(); return(View("ChangePasswordSuccess")); } else { Logger.Information("Failed Account ChangePassword Post by requester {@requester}", requester); AddErrors(result); } } else { return(HttpNotFound()); } } else { Logger.Information("Failed Account Change Password Post Recaptcha failed by requester {@requester}", requester); } return(View(model)); }