public void When_GetChangeEmailCompletedBodyText_Then_CorrectEmailIsReturned()
{
// Act
var emailText = EmailTemplates.ChangeEmailAddressCompletedBodyText(_firstName, _lastName, _applicationName, _oldEmailAddress, _newEmailAddress);
Assert.AreEqual("Dear John Staveley,<br /><br />A request has been completed to change your Security Essentials username/email address from [email protected] to [email protected]. This email address can no longer be used to sign into the account. If you did not request this then please contact the website administration asap.<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText);
}
public async Task <ActionResult> ChangeEmailAddressConfirmAsync()
{
var newEmaiLAddressToken = Request.QueryString["NewEmailAddressToken"] ?? "";
var user = _context.User.FirstOrDefault(u =>
u.NewEmailAddressToken == newEmaiLAddressToken &&
u.NewEmailAddressRequestExpiryDateUtc > DateTime.UtcNow);
if (user == null)
{
var error = new HandleErrorInfo(
new ArgumentException("INFO: The new user name token is not valid or has expired"), "Account",
"ChangeEmailAddressConfirmAsync");
Logger.Information(
"Failed Account ChangeEmailAddressConfirm Get, The new user name token is not valid or has expired");
return(View("Error", error));
}
if (user.Enabled == false)
{
var error = new HandleErrorInfo(
new InvalidOperationException("INFO: Your account is not currently approved or active"), "Account",
"ChangeEmailAddressConfirmAsync");
Logger.Information(
"Failed Account ChangeEmailAddressConfirm Get, Account is not currently approved or active");
return(View("Error", error));
}
user.UserLogs.Add(new UserLog
{
Description =
$"Change email address request confirmed to change from {user.UserName} to {user.NewEmailAddress}"
});
var emailSubject = $"{_configuration.ApplicationName} - Change email address process completed";
var emailBody = EmailTemplates.ChangeEmailAddressCompletedBodyText(user.FirstName, user.LastName,
_configuration.ApplicationName, user.UserName, user.NewEmailAddress);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
user.UserName
}, null, null,
emailSubject, emailBody, true);
user.UserName = user.NewEmailAddress;
user.NewEmailAddress = null;
user.NewEmailAddressRequestExpiryDateUtc = null;
user.NewEmailAddressToken = null;
emailBody =
$"A request has been completed to change your {_configuration.ApplicationName} username/email address to {user.UserName}. This email address can now be used to log into the application.";
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
user.UserName
}, null, null,
emailSubject, emailBody, true);
await _context.SaveChangesAsync();
_userManager.SignOut();
return(View("ChangeEmailAddressSuccess"));
}
public ActionResult Edit(int id, FormCollection collection)
{
var isAdmin = UserIdentity.IsUserInRole(this, "Admin");
var currentUserId = UserIdentity.GetUserId(this);
var isOwnProfile = currentUserId == id;
var users = _context.User.Where(u => u.Id == id);
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.Single();
ViewBag.StatusMessage = "";
var requester = UserIdentity.GetRequester(this);
// SECURE: Check user should have access to this account
if (!isAdmin && !isOwnProfile)
{
Logger.Information("Failed User Edit Post, user modification was not permitted for access rights by requester {@requester}", requester);
return(new HttpNotFoundResult());
}
ViewBag.StatusMessage = "";
var previousUserName = user.UserName;
var propertiesToUpdate = new List <string>
{
"FirstName", "LastName", "TelNoHome", "TelNoMobile", "TelNoWork", "Title",
"Town", "Postcode", "SkypeName"
};
var expectedFields = new List <string> {
"IsAccessingUserAnAdmin", "IsOwnProfile", "IsCurrentUserAnAdmin", "User.Id"
};
if (isAdmin)
{
if (currentUserId != user.Id)
{
// Otherwise these fields will be disabled on the front page
propertiesToUpdate.AddRange(new List <string> {
"Approved", "EmailVerified", "Enabled"
});
}
propertiesToUpdate.AddRange(new List <string> {
"UserName"
});
}
propertiesToUpdate.ForEach(a => expectedFields.Add(a));
AppSensor.ValidateFormData(this, expectedFields);
if (TryUpdateModel(user, "User", propertiesToUpdate.ToArray(), collection))
{
if (_context.User.Any(a => a.Id != user.Id && user.UserName == a.UserName))
{
ModelState.AddModelError("User.UserName", "This username is already in use");
}
else
{
if (user.UserName != previousUserName)
{
user.UserLogs.Add(new UserLog
{
Description = $"Username/Email was changed from {previousUserName} by {UserIdentity.GetUserName(this)}"
});
string emailSubject = $"{_configuration.ApplicationName} - Change email address process completed";
string emailBody = EmailTemplates.ChangeEmailAddressCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, previousUserName, user.UserName);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
user.UserName
}, null, null, emailSubject, emailBody, true);
}
_context.SaveChanges();
if (!isOwnProfile && isAdmin)
{
return(RedirectToAction("Index", "User"));
}
ViewBag.StatusMessage = "Your account information has been saved";
}
}
else
{
AppSensor.InspectModelStateErrors(this);
}
return(View("Edit", new UserViewModel(UserIdentity.GetUserId(this), isAdmin, user)));
}
