public async void any_user_can_change_password()
{
//arrange
var userService = new Mock <IUserService>();
userService.Setup(x => x.ChangePassword(ValidPasswordChangeModel.Email, ValidPasswordChangeModel.Token, ValidPasswordChangeModel.Password))
.Returns(Task.FromResult(true));
//act
var sut = new UserControllerBuilder().WithUserService(userService.Object)
.Build();
var result = await sut.PasswordChange(ValidPasswordChangeModel);
//assert
Assert.IsNotNull(result);
Assert.IsAssignableFrom <RedirectResult>(result);
userService.Verify(x => x.ChangePassword(ValidPasswordChangeModel.Email, ValidPasswordChangeModel.Token, ValidPasswordChangeModel.Password), Times.Once);
sut.AssertPostAttributeWithOutAntiForgeryToken(ACTION_PASSWORD_CHANGE, new[] { typeof(PasswordChangeModel) });
sut.AssertAllowAnonymousAttribute(ACTION_PASSWORD_CHANGE, new[] { typeof(PasswordChangeModel) });
}