public void GivenAnonymousPostRequest_WithValidData_DeletesPasswordRetrieval()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
var previousObject = Db.SingleOrDefault <PasswordRetrieval>(new { expectedObject.Id });
previousObject.Should().Be.Null();
}
public ActionResult ForgotPassword(ForgotPassword model)
{
if (ModelState.IsValid)
{
//get user by email address
var user = Db.SingleOrDefault <User>(new { model.Email, IsDeleted = false });
//if no matching user, error
if (user == null)
{
ModelState.AddModelErrorFor <ForgotPassword>(x => x.Email, "A user could not be found with that email address");
return(View(model));
}
// Create token and send email
var token = new PasswordRetrieval(user, Guid.NewGuid());
Db.Save(token);
Metrics.Increment(Metric.Users_SendPasswordResetEmail);
_mailController.ForgotPassword(new ViewModels.Mail.ForgotPassword
{
To = user.Email,
Token = token.Token
}).Deliver();
return(View("ForgotPasswordConfirmation"));
}
return(View(model));
}
public ActionResult ForgotPassword(ForgotPassword model)
{
if (ModelState.IsValid)
{
//get user by email address
using (RavenSession.GetCachingContext())
{
var user = RavenSession.Query<User>().SingleOrDefault(x => x.Email == model.Email && !x.IsDeleted);
//if no matching user, error
if (user == null)
{
ModelState.AddModelError("Invalid User Email", "A user could not be found with that email address");
return View(model);
}
// Create token and send email
var token = new PasswordRetrieval(user, Guid.NewGuid());
RavenSession.Store(token);
RavenSession.SaveChanges();
Metrics.Increment(Metric.Users_SendPasswordResetEmail);
// TODO: Send email with password token
return View("ForgotPasswordConfirmation");
}
}
return View(model);
}
public void GivenAnonymousGetRequest_WithValidId_ReturnsView()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var result = Controller.ResetPassword(expectedObject.Token.ToString("N")) as ViewResult;
result.Should().Not.Be.Null();
var model = result.Model as ResetPassword;
model.Should().Not.Be.Null();
model.Token.Should().Equal(expectedObject.Token);
model.Data.Should().Not.Be.Null();
model.Data.Token.Should().Equal(expectedObject.Token);
model.Data.UserId.Should().Equal(User.Id);
}
public void GivenAnonymousPostRequest_WithValidData_LogsInUser()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
Controller.ResetPassword(model);
AuthenticationService.Verify(x => x.SetLoginCookie(It.Is <User>(u => u.Id == User.Id), true), Times.Once());
}
public void GivenAnonymousPostRequest_WithValidData_ReturnsView()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
result.ViewName.Should().Equal("ResetPasswordConfirmation");
}
public void GivenAnonymousPostRequest_WithValidId_IncrementsMetric()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
MetricsMock.Verify(x => x.Increment(Metric.Users_ResetPassword), Times.Once());
}
public void GivenAnonymousPostRequest_WithValidData_UpdatesUserPassword()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
Controller.ResetPassword(model);
var user = Db.SingleOrDefault <User>(new { User.Id });
user.Password.Should().Equal(model.PasswordConfirm.ToSHAHash());
}
public async Task<ActionResult> PasswordRetrieval(PasswordRetrieval model)
{
if(ModelState.IsValid)
{
using (var userManager = HttpContext.GetOwinContext().GetUserManager<LambdaUserManager>())
{
var user = await userManager.FindByEmailAsync(model.Email);
if(user == null)
{
ModelState.AddModelError("", "No account with that email was found.");
}
else
{
var newPassword = GeneratePassword();
var result = await userManager.ResetPasswordAsync(user.Id, string.Empty, newPassword);
if(result.Succeeded)
{
var body = string.Format(Settings.Default.ResetPasswordEmailBody, user.UserName, newPassword);
userManager.SendEmailAsync(model.Email, Settings.Default.ResetPasswordEmailSubject, body);
ModelState.AddModelError("Email", "New password has been sent to your email.");
}
else
{
ModelState.AddModelError("", result.Errors.ElementAt(0));
}
}
}
}
return View(model);
}
