public void POST_Cannot_Update_Email_Address_For_Non_Active_User()
{
// Arrange
User user = new UserBuilder().DefaultRetiredUser().WithEmailAddress("*****@*****.**").WithPassword("password").Build();
var requestFormValues = new Dictionary <string, StringValues>();
requestFormValues.Add("GovUk_Text_Password", "password");
var controllerBuilder = new ControllerBuilder <ChangeEmailController>();
var controller = controllerBuilder
.WithLoggedInUser(user)
.WithRequestFormValues(requestFormValues)
.WithDatabaseObjects(user)
.WithMockUriHelper()
.Build();
var emailVerificationCode = Encryption.EncryptModel(
new ChangeEmailVerificationToken
{
UserId = user.UserId,
NewEmailAddress = "*****@*****.**".ToLower(),
TokenTimestamp = VirtualDateTime.Now
});
var viewModel = new VerifyEmailChangeViewModel {
NewEmailAddress = "*****@*****.**", Code = emailVerificationCode, User = user
};
// Act & Assert
Assert.Throws <ArgumentException>(() => controller.VerifyEmailPost(viewModel));
}
public IActionResult VerifyEmailPost(VerifyEmailChangeViewModel viewModel)
{
ChangeEmailVerificationToken changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(viewModel.Code);
if (TokenHasExpired(changeEmailToken))
{
string error = "Your email verification link has expired. Please go to My Account and start the email change process again.";
return(View("VerifyEmailError", error));
}
User user = dataRepository.Get <User>(changeEmailToken.UserId);
viewModel.User = user;
viewModel.NewEmailAddress = changeEmailToken.NewEmailAddress;
// Check if the user has entered a password (they might have left this field blank)
viewModel.ParseAndValidateParameters(Request, m => m.Password);
if (viewModel.HasAnyErrors())
{
return(View("VerifyEmail", viewModel));
}
if (!userRepository.CheckPassword(user, viewModel.Password))
{
viewModel.AddErrorFor(m => m.Password, "Incorrect password");
return(View("VerifyEmail", viewModel));
}
if (OtherUserWithThisEmailAddressAlreadyExists(viewModel.NewEmailAddress))
{
string error = "This email address is already taken by another account.";
return(View("VerifyEmailError", error));
}
string oldEmailAddress = user.EmailAddress;
userRepository.UpdateEmail(user, changeEmailToken.NewEmailAddress);
NotifyBothOldAndNewEmailAddressesThatEmailAddressHasBeenChanged(oldEmailAddress, changeEmailToken.NewEmailAddress);
return(View("ChangeEmailComplete", changeEmailToken.NewEmailAddress));
}
public IActionResult VerifyEmailGet(string code)
{
ChangeEmailVerificationToken changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(code);
if (TokenHasExpired(changeEmailToken))
{
string error = "Your email verification link has expired. Please go to My Account and start the email change process again.";
return(View("VerifyEmailError", error));
}
User user = dataRepository.Get <User>(changeEmailToken.UserId);
var viewModel = new VerifyEmailChangeViewModel
{
User = user,
Code = code,
NewEmailAddress = changeEmailToken.NewEmailAddress
};
return(View("VerifyEmail", viewModel));
}
public void POST_Cannot_Update_Email_Address_To_Email_Associated_With_Another_Account()
{
// Arrange
User user = new UserBuilder().WithEmailAddress("*****@*****.**").WithPassword("password").Build();
User user2 = new UserBuilder().WithEmailAddress("*****@*****.**").Build();
var requestFormValues = new Dictionary <string, StringValues>();
requestFormValues.Add("GovUk_Text_Password", "password");
var controllerBuilder = new ControllerBuilder <ChangeEmailController>();
var controller = controllerBuilder
.WithLoggedInUser(user)
.WithRequestFormValues(requestFormValues)
.WithDatabaseObjects(user, user2)
.WithMockUriHelper()
.Build();
var emailVerificationCode = Encryption.EncryptModel(
new ChangeEmailVerificationToken
{
UserId = user.UserId,
NewEmailAddress = "*****@*****.**".ToLower(),
TokenTimestamp = VirtualDateTime.Now
});
var viewModel = new VerifyEmailChangeViewModel {
NewEmailAddress = "*****@*****.**", Code = emailVerificationCode, User = user
};
// Act
controller.VerifyEmailPost(viewModel);
// Assert
Assert.AreEqual("*****@*****.**", user.EmailAddress);
var auditLogs = controllerBuilder.DataRepository.GetAll <AuditLog>();
Assert.AreEqual(0, auditLogs.Count());
}
public void POST_User_Can_Verify_Their_Email_Address_And_Confirm_Password_To_Change_Email_Address()
{
// Arrange
User user = new UserBuilder().WithEmailAddress("*****@*****.**").WithPassword("password").Build();
var requestFormValues = new Dictionary <string, StringValues>();
requestFormValues.Add("GovUk_Text_Password", "password");
var controllerBuilder = new ControllerBuilder <ChangeEmailController>();
var controller = controllerBuilder
.WithLoggedInUser(user)
.WithRequestFormValues(requestFormValues)
.WithDatabaseObjects(user)
.WithMockUriHelper()
.Build();
var emailVerificationCode = Encryption.EncryptModel(
new ChangeEmailVerificationToken
{
UserId = user.UserId,
NewEmailAddress = "*****@*****.**".ToLower(),
TokenTimestamp = VirtualDateTime.Now
});
var viewModel = new VerifyEmailChangeViewModel {
NewEmailAddress = "*****@*****.**", Code = emailVerificationCode, User = user
};
// Act
controller.VerifyEmailPost(viewModel);
// Assert
Assert.AreEqual("*****@*****.**", user.EmailAddress);
var auditLogs = controllerBuilder.DataRepository.GetAll <AuditLog>();
Assert.AreEqual(1, auditLogs.Count());
var auditLog = auditLogs.FirstOrDefault();
Assert.NotNull(auditLog);
Assert.AreEqual(AuditedAction.UserChangeEmailAddress, auditLog.Action);
Assert.AreEqual(2, controllerBuilder.EmailsSent.Count);
var oldEmailNotifications = controllerBuilder.EmailsSent.Where(e => e.EmailAddress == "*****@*****.**").ToList();
Assert.AreEqual(1, oldEmailNotifications.Count);
var oldEmailNotification = oldEmailNotifications.FirstOrDefault();
Assert.AreEqual(EmailTemplates.SendChangeEmailCompletedNotificationEmail, oldEmailNotification.TemplateId);
var newEmailNotifications = controllerBuilder.EmailsSent.Where(e => e.EmailAddress == "*****@*****.**").ToList();
Assert.AreEqual(1, newEmailNotifications.Count);
var newEmailNotification = newEmailNotifications.FirstOrDefault();
Assert.AreEqual(EmailTemplates.SendChangeEmailCompletedVerificationEmail, newEmailNotification.TemplateId);
}
