public void When_GetChangePasswordCompletedBodyText_Then_CorrectEmailIsReturned()
{
// Act
var emailText = EmailTemplates.ChangePasswordCompletedBodyText(_firstName, _lastName, _applicationName);
Assert.AreEqual("Dear John Staveley,<br /><br />Just a note from Security Essentials to say your password has been changed today, if this wasn't done by yourself, please contact the site administrator asap<br />How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as \"Dear Security Essentials member\". Emails from Security Essentials will always contain your full name.<br />", emailText);
}
public async Task <ActionResult> ChangePasswordAsync(ChangePasswordViewModel model)
{
ViewBag.ReturnUrl = Url.Action("ChangePassword");
var requester = UserIdentity.GetRequester(this);
var recaptchaSuccess = true;
if (_configuration.HasRecaptcha)
{
recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
}
AppSensor.ValidateFormData(this, new List <string> {
"ConfirmPassword", "OldPassword", "NewPassword"
});
if (recaptchaSuccess)
{
var userId = UserIdentity.GetUserId(this);
var user = _context.User.FirstOrDefault(u => u.Id == userId);
if (user != null)
{
var result = await _userManager.ChangePasswordAsync(UserIdentity.GetUserId(this), model.OldPassword,
model.NewPassword);
if (result.Succeeded)
{
// Email recipient with password change acknowledgement
var emailBody = EmailTemplates.ChangePasswordCompletedBodyText(user.FirstName, user.LastName,
_configuration.ApplicationName);
var emailSubject = $"{_configuration.ApplicationName} - Password change confirmation";
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
user.UserName
},
null, null, emailSubject, emailBody, true);
_context.SaveChanges();
_formsAuth.SignOut();
_userManager.SignOut();
_httpCache.RemoveFromCache($"MustChangePassword-{userId}");
Session.Abandon();
Logger.Debug("Account Logoff due to password change");
return(View("ChangePasswordSuccess"));
}
Logger.Information("Failed Account ChangePassword Post by requester {@requester}", requester);
AddErrors(result);
}
else
{
return(HttpNotFound());
}
}
else
{
Logger.Information("Failed Account Change Password Post Recaptcha failed by requester {@requester}",
requester);
}
return(View("ChangePassword", model));
}
public async Task <ActionResult> ChangePassword(ChangePasswordViewModel model)
{
ViewBag.ReturnUrl = Url.Action("ChangePassword");
var requester = _userIdentity.GetRequester(this);
var recaptchaSuccess = true;
if (_configuration.HasRecaptcha)
{
recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
}
_appSensor.ValidateFormData(this, new List <string>()
{
"ConfirmPassword", "OldPassword", "NewPassword"
});
if (recaptchaSuccess)
{
var user = _context.User.Where(u => u.Id == requester.LoggedOnUserId.Value).FirstOrDefault();
if (user != null)
{
var result = await _userManager.ChangePasswordAsync(requester.LoggedOnUserId.Value, model.OldPassword, model.NewPassword);
if (result.Succeeded)
{
// Email recipient with password change acknowledgement
string emailBody = EmailTemplates.ChangePasswordCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName);
string emailSubject = string.Format("{0} - Password change confirmation", _configuration.ApplicationName);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
{
user.UserName
}, null, null, emailSubject, emailBody, true);
_context.SaveChanges();
_formsAuth.SignOut();
return(View("ChangePasswordSuccess"));
}
else
{
Logger.Information("Failed Account ChangePassword Post by requester {@requester}", requester);
AddErrors(result);
}
}
else
{
return(HttpNotFound());
}
}
else
{
Logger.Information("Failed Account Change Password Post Recaptcha failed by requester {@requester}", requester);
}
return(View(model));
}
