public VerifyCaptchaAttributeTests()
{
_model = new PassResetEmailViewModel()
{
CaptchaToken = "some_fancy_token",
Email = "*****@*****.**"
};
_routeData = new RouteData();
_routeData.Values.Add("action", "PassChange");
_modelState = new ModelStateDictionary();
_actionArguments = new Dictionary <string, object>()
{
{ "model", _model }
};
_actionContextMock = GetActionContextMock();
_actionExecutingContext = GetActionExecutingContext();
_httpMock = new Mock <IHttpService>();
_userServiceMock = new Mock <IUserService>();
_next = () =>
{
ActionExecutedContext ctx = new ActionExecutedContext(_actionContextMock.Object, new List <IFilterMetadata>(), new Mock <Controller>().Object);
return(Task.FromResult(ctx));
};
_userServiceMock.Setup(mock => mock.GetIpAddress(_actionContextMock.Object.HttpContext)).Returns("127.0.0.1");
_httpMock.Setup(mock => mock.VerifyCaptchaAsync(It.IsAny <string>(), It.IsAny <string>())).ReturnsAsync(true);
_filter = new VerifyCaptchaAttribute(_httpMock.Object, _userServiceMock.Object);
}
private async Task PassChange_OnUserNotExisting_ReturnsStatusCode409()
{
string expectedErrorsResult = "Invalid user details.";
PassResetEmailViewModel model = new PassResetEmailViewModel()
{
Email = _wrongEmail
};
IActionResult result = await _controller.PassChange(model);
ObjectResult objectResult = result as ObjectResult;
Assert.NotNull(result);
Assert.Equal(StatusCodes.Status409Conflict, objectResult.StatusCode);
Assert.Equal(expectedErrorsResult, objectResult.Value);
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
string actionName = context.RouteData.Values["action"] as string;
string token = string.Empty;
bool verificationSuccess;
if (actionName == "PassChange")
{
PassResetEmailViewModel model = context.ActionArguments["model"] as PassResetEmailViewModel;
token = model.CaptchaToken;
}
else if (actionName == "AddNewUser")
{
UserRegisterViewModel model = context.ActionArguments["model"] as UserRegisterViewModel;
token = model.CaptchaToken;
}
else
{
context.Result = new ObjectResult("Bad request.")
{
StatusCode = 400
};
return;
}
string ip = _userService.GetIpAddress(context.HttpContext);
verificationSuccess = await _http.VerifyCaptchaAsync(token, ip);
if (!verificationSuccess)
{
context.Result = new ObjectResult("Oops! Something went wrong.")
{
StatusCode = 429
};
return;
}
await next();
}
public UserControllerTests()
{
_properPassResetModel = new PassResetEmailViewModel()
{
CaptchaToken = _properToken,
Email = _properEmail
};
_properResetModel = new ResetPasswordViewModel()
{
Email = _properEmail,
Password = _properPassword,
Token = _properToken
};
_properRegisterUserModel = new UserRegisterViewModel()
{
Email = _properEmail,
CaptchaToken = _properToken,
DisplayName = _properName,
Password = _properPassword,
UserName = _properName
};
_properUser = new AppUser()
{
Email = _properEmail
};
_userServiceMock = new Mock <IUserService>();
_emailSenderMock = new Mock <IEmailSender>();
_userServiceMock.Setup(mock => mock.FindUserByEmail(_properEmail)).ReturnsAsync(_properUser);
_userServiceMock.Setup(mock => mock.FindUserByEmail(_wrongEmail)).ReturnsAsync((AppUser)null);
_userServiceMock.Setup(mock => mock.GenerateUsername(It.IsAny <string>())).Returns(It.IsAny <string>());
_userServiceMock.Setup(mock => mock.GetPassResetToken(It.IsAny <AppUser>())).ReturnsAsync(It.IsAny <string>());
_userServiceMock.Setup(mock => mock.ResetPassword(It.IsAny <AppUser>(), It.IsAny <string>(), It.IsAny <string>())).ReturnsAsync(true);
_userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true);
_emailSenderMock.Setup(mock => mock.SendEmailAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>())).ReturnsAsync(true);
_controller = new UserController(_userServiceMock.Object, _emailSenderMock.Object);
}
public async Task <IActionResult> PassChange([FromBody] PassResetEmailViewModel model)
{
if (_hostingEnv.IsProduction())
{
if (model.Email == "*****@*****.**" || model.Email == "*****@*****.**")
{
return(new ObjectResult("Clicker account can not be modified. Please create new user account to test this feature.")
{
StatusCode = 423
});
}
}
AppUser user = await _userService.FindUserByEmail(model.Email);
if (user == null)
{
return(new ObjectResult("Invalid user details.")
{
StatusCode = 409
});
}
string token = await _userService.GetPassResetToken(user);
string passResetUrl = _configuration["Data:PassReset_url"];
string resetLink = passResetUrl + model.Email + "/" + token;
if (!await _emailSender.SendEmailAsync(model.Email, "Reset your password", "Please click or copy the password reset link to your browser: " + resetLink))
{
return(new ObjectResult("Email could not be sent.")
{
StatusCode = 502
});
}
return(Ok());
}
