public async Task Given_ValidResetToken_When_ChangePasswordFromTokenAsync_Then_Success() { // Arrange var passwordResetToken = "jafueokvnsdsjrogdsjvnasqpzlmveyij"; var newPassword = "******"; TestUser.PasswordResetToken = passwordResetToken; TestUser.PasswordResetExpiryDateUtc = DateTime.UtcNow.AddMinutes(10); TestUser.PasswordHash = null; TestUser.PasswordSalt = null; // Act var result = await _sut.ChangePasswordFromTokenAsync(TestUser.Id, passwordResetToken, newPassword); // Assert Assert.AreEqual(0, result.Errors.Count()); _context.AssertWasCalled(a => a.SaveChangesAsync()); Assert.IsNull(TestUser.PasswordResetExpiryDateUtc); Assert.IsNull(TestUser.PasswordResetToken); Assert.AreEqual(0, TestUser.FailedLogonAttemptCount); Assert.AreEqual(1, TestUser.UserLogs.Count); Assert.IsTrue(TestUser.UserLogs.Any(a => a.Description.Contains("Password changed"))); Assert.That(TestUser.PreviousPasswords.Count, Is.EqualTo(1)); Assert.IsNotNull(TestUser.PasswordHash); Assert.IsNotNull(TestUser.PasswordSalt); Assert.IsTrue(TestUser.PasswordLastChangedDateUtc > DateTime.UtcNow.AddMinutes(-5)); }