public async void TestEdit_InvalidUser_ShouldFail(string value)
{
// Arrange
UsersController controller = new UsersController(_context);
int userId = int.Parse(value);
// Act
WizardsUser replayUser = await _context.WizardsUser
.FirstOrDefaultAsync(a => a.UserId == userId);
replayUser.Phone = "";
replayUser.Email = "";
try
{
var result = await controller.Edit(replayUser.UserId, replayUser);
// Assert
Assert.IsType <ViewResult>(result);
ViewResult viewResult = (ViewResult)result;
Assert.NotNull(viewResult.ViewData.ModelState);
Assert.NotEmpty(viewResult.ViewData.ModelState.Keys);
foreach (string item in viewResult.ViewData.ModelState.Keys)
{
Assert.Equal("", item);
}
}
catch (Exception ex)
{
Assert.Equal("Xunit.Sdk.IsTypeException", ex.GetType().ToString());
}
}
public async Task <IActionResult> Create(string passwordConfirm, [Bind("UserId,UserName,PasswordHash,FirstName,Dob,LastName,Phone,Email,Gender,ReceivePromotionalEmails")] WizardsUser users)
{
Boolean isValid = true;
if (string.IsNullOrEmpty(users.PasswordHash) || passwordConfirm != users.PasswordHash)
{
isValid = false;
TempData["PasswordConfirmMessage"] = "Password does not match.";
}
if (_context.WizardsUser.Where(u => u.UserName.Equals(users.UserName)).Any())
{
isValid = false;
TempData["UserExistedMessage"] = "Username is used by another user.";
}
if (isValid && ModelState.IsValid)
{
users.PasswordHash = HashHelper.ComputeHash(users.PasswordHash);
UserRole userRole = new UserRole();
// Assign "Customer" role to the new user
userRole.Role = _context.WizardsRole.Where(r => r.RoleName.Equals("Customer")).FirstOrDefault();
userRole.User = users;
_context.Add(users);
_context.Add(userRole);
await _context.SaveChangesAsync();
CreateUserSession(users);
return(RedirectToAction("index", "home"));
}
ViewData["Gender"] = new SelectList(_context.Gender, "Gender1", "Gender1", users.Gender);
return(View(users));
}
private void CreateUserSession(WizardsUser user)
{
var role = _context.UserRole.Where(us => us.UserId.Equals(user.UserId)).FirstOrDefault();
var roleName = _context.WizardsRole.Where(r => r.RoleId.Equals(role.RoleId)).FirstOrDefault().RoleName;
HttpContext.Session.SetInt32("userId", user.UserId);
HttpContext.Session.SetString("userName", user.UserName);
if (role != null && roleName != null)
{
HttpContext.Session.SetString("userRole", roleName);
}
HttpContext.Session.SetString("loggedInTime", DateTime.Now.ToString());
}
public async Task <IActionResult> Edit(int id, [Bind("UserId,UserName,FirstName,Dob,LastName,Phone,Email,Gender,ReceivePromotionalEmails")] WizardsUser users)
{
//if (id == null && IsLoggedIn())
//{
// int sessionUserId = HttpContext.Session.GetInt32("userId");
// id = sessionUserId;
//}
if (id != users.UserId)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
var userToUpdate = _context.WizardsUser.Where(u => u.UserId.Equals(users.UserId)).FirstOrDefault();
userToUpdate.FirstName = users.FirstName;
userToUpdate.LastName = users.LastName;
userToUpdate.Gender = users.Gender;
userToUpdate.Email = users.Email;
userToUpdate.Dob = users.Dob;
userToUpdate.Phone = users.Phone;
userToUpdate.ReceivePromotionalEmails = users.ReceivePromotionalEmails;
_context.Update(userToUpdate);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserHelper.UserExists(users.UserId, _context))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Menu)));
}
ViewData["Gender"] = new SelectList(_context.Gender, "Gender1", "Gender1", users.Gender);
return(View(users));
}
public async Task <IActionResult> ChangePassword(string newPassword, string newPasswordConfirm, string mode, [Bind("UserId, PasswordHash")] WizardsUser users)
{
var userResult = _context.WizardsUser
.Where(u => u.UserId.Equals(users.UserId))
.FirstOrDefault();
var username = users.UserName;
var password = users.PasswordHash;
var passwordHash = !string.IsNullOrEmpty(password) ? HashHelper.ComputeHash(password) : null;
var isMatch = userResult != null && (mode == "reset" || userResult.PasswordHash.Equals(passwordHash));
// Password correct
if (isMatch)
{
if (newPassword == newPasswordConfirm)
{
if (newPassword.Length < 8)
{
TempData["Message"] = "Password must be at least 8 characters.";
}
else if (!ValidationHelper.PasswordValidation(newPassword))
{
TempData["Message"] = "Password must contain at least one number, one lowercase and one uppercase letter.";
}
else
{
userResult.PasswordHash = HashHelper.ComputeHash(newPassword);
_context.Update(userResult);
await _context.SaveChangesAsync();
TempData["Message"] = "";
HttpContext.Session.SetString("modalTitle", "Password changed");
HttpContext.Session.SetString("modalMessage", "Your password has been changed successfully.");
return(RedirectToAction(nameof(Menu)));
}
}
else
{
TempData["Message"] = "Confirm New Password not match";
}
}
else
{
TempData["Message"] = "Current password is incorrect";
}
ViewData["UserId"] = HttpContext.Session.GetInt32("userId");
ViewData["OldPasswordRequired"] = mode != "reset";
return(View());
}
public async Task <IActionResult> Login(String?actionName, String?controllerName, String?id, String?path, String?queryString, [Bind("UserName, PasswordHash")] WizardsUser users)
{
TempData["LoginMessage"] = UserHelper.NOT_LOGGED_IN_MESSAGE;
TempData["RequestedActionName"] = actionName;
TempData["RequestedControllerName"] = controllerName;
TempData["RequestedId"] = id;
TempData["RequestedPath"] = path;
TempData["RequestedQueryString"] = queryString;
// If user is blocked because of going over the login attempts
if (HttpContext.Session.GetString("isBlock") != null)
{
TimeSpan t = DateTime.Now - DateTime.Parse(HttpContext.Session.GetString("isBlock"));
if (t.TotalSeconds > TOTAL_WAIT_IN_SECOND)
{
HttpContext.Session.Remove("isBlock");
//Reset loginAttempts in session
HttpContext.Session.SetInt32("loginAttempts", 1);
}
else
{
TempData["Message"] = $"Please try again in {Math.Round(TOTAL_WAIT_IN_SECOND - t.TotalSeconds)} second(s).";
return(View(users));
}
}
// If user already logged in
if (UserHelper.IsLoggedIn(this))
{
if (!String.IsNullOrEmpty(actionName) && !String.IsNullOrEmpty(controllerName))
{
return(RedirectToAction(actionName, controllerName));
}
return(RedirectToAction("Index", "Home"));
}
var username = users.UserName;
var password = users.PasswordHash;
// Check empty
if (string.IsNullOrEmpty(username))
{
TempData["Message"] = "Please enter username.";
return(View(users));
}
if (string.IsNullOrEmpty(password))
{
TempData["Message"] = "Please enter password.";
return(View(users));
}
var passwordHash = HashHelper.ComputeHash(password);
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
var userResult = _context.WizardsUser.Where(u => u.UserName.Equals(username)).FirstOrDefault();
var isMatch = userResult != null && userResult.PasswordHash.Equals(passwordHash);
// User logged in
if (isMatch)
{
CreateUserSession(userResult);
// Count friend requests received
ViewData["friendRequestCount"] = RelationshipHelper.countRequestsReceived(userResult.UserId, _context);
TempData["Message"] = "";
if (!String.IsNullOrEmpty(path))
{
return(Redirect(path + queryString));
}
else if (!String.IsNullOrEmpty(actionName) && !String.IsNullOrEmpty(controllerName))
{
return(RedirectToAction(actionName, controllerName, id != null ? new { id = id } : null));
}
return(RedirectToAction("Index", "Home"));
}
}
// User login failed
TempData["Message"] = "Login failed. Please check username and password.";
//Update login attempts in session if failed
var loginAttempts = HttpContext.Session.GetInt32("loginAttempts");
if (loginAttempts < LIMIT_LOGIN_ATTEMPT)
{
HttpContext.Session.SetInt32("loginAttempts", (int)(++loginAttempts));
}
else
{
HttpContext.Session.SetString("isBlock", DateTime.Now.ToString());
TempData["Message"] = $"Login is temporarily blocked after {LIMIT_LOGIN_ATTEMPT} failed attempt(s). Please contact customer support.";
}
return(View(users));
}