public void When_GetChangeSecurityInformationCompletedBodyText_Then_CorrectEmailIsReturned()
{
// Act
var emailText = EmailTemplates.ChangeSecurityInformationCompletedBodyText(_firstName, _lastName, _applicationName);
Assert.AreEqual("Dear John Staveley,<br /><br />Please be advised that the security information on your Security Essentials account been changed. If you did not initiate this action then please contact the site administrator as soon as possible<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText);
}
public async Task <ActionResult> ChangeSecurityInformationAsync(ChangeSecurityInformationViewModel model)
{
string errorMessage = "";
var requester = UserIdentity.GetRequester(this);
AppSensor.ValidateFormData(this, new List <string> {
"SecurityQuestionLookupItemId", "SecurityAnswer", "SecurityAnswerConfirm", "Password"
});
if (ModelState.IsValid)
{
var recaptchaSuccess = true;
if (_configuration.HasRecaptcha)
{
recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
}
var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password);
if (recaptchaSuccess)
{
if (logonResult.Success)
{
if (model.SecurityAnswer == model.SecurityAnswerConfirm)
{
var user = _context.User.First(u => u.UserName == logonResult.UserName);
_encryption.Encrypt(_configuration.EncryptionPassword, _configuration.EncryptionIterationCount, model.SecurityAnswer, out var encryptedSecurityAnswerSalt, out var encryptedSecurityAnswer);
user.SecurityAnswer = encryptedSecurityAnswer;
user.SecurityAnswerSalt = encryptedSecurityAnswerSalt;
user.SecurityQuestionLookupItemId = model.SecurityQuestionLookupItemId;
user.UserLogs.Add(new UserLog {
Description = "User Changed Security Information"
});
await _context.SaveChangesAsync();
// Email the user to complete the email verification process or inform them of a duplicate registration and would they like to change their password
string emailSubject = $"{_configuration.ApplicationName} - Security Information Changed";
string emailBody = EmailTemplates.ChangeSecurityInformationCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
{
logonResult.UserName
}, null, null, emailSubject, emailBody, true);
return(View("ChangeSecurityInformationSuccess"));
}
else
{
Logger.Information("Failed Account ChangeSecurityInformation Post, security answers do not match by requester {@requester}", requester);
errorMessage = "The security question answers do not match";
}
}
else
{
Logger.Information("Failed Account ChangeSecurityInformation Post, security information incorrect or account locked out by requester {@requester}", requester);
errorMessage = "Security information incorrect or account locked out";
}
}
else
{
AppSensor.InspectModelStateErrors(this);
}
}
var securityQuestions = _context.LookupItem.Where(l => l.LookupTypeId == Consts.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
var changeSecurityInformationViewModel = new ChangeSecurityInformationViewModel(errorMessage, _configuration.HasRecaptcha, securityQuestions);
return(View("ChangeSecurityInformation", changeSecurityInformationViewModel));
}
