public void GivenAnonymousPostRequest_WithInvalidId_Redirects()
{
var model = new ResetPassword
{
Token = Guid.NewGuid()
};
var result = Controller.ResetPassword(model) as RedirectResult;
result.Should().Not.Be.Null();
result.Url.Should().Equal(Controller.Url.Account().ForgotPassword());
var notification = Controller.TempData[ViewDataConstants.Notification] as Notification;
notification.Should().Not.Be.Null();
}
public ActionResult ResetPassword(ResetPassword model)
{
if (User.Identity.IsAuthenticated)
{
NotifyInfo("You are already logged in. Log out and try again.");
return Redirect(Url.Home().Index());
}
if (ModelState.IsValid)
{
model.Data = Db.SingleOrDefault<PasswordRetrieval>(new { model.Token });
if (model.Data == null)
{
NotifyWarning("Sorry! We couldn't verify that this user requested a password reset. Please try resetting again.");
return Redirect(Url.Account().ForgotPassword());
}
var user = Db.Query<User>("delete from [{0}] where Id=@resetId;update [{1}] set Password=@Password, ModifiedOn=GetUtcDate() where Id=@UserId;select * from [{1}] where Id=@UserId"
.Fmt(
Db.GetTableName<PasswordRetrieval>(),
Db.GetTableName<User>()
), new
{
ResetId = model.Data.Id,
Password = model.Password.ToSHAHash(),
model.Data.UserId
}).SingleOrDefault();
Cache.Trigger(TriggerFor.Id<User>(user.Id));
_authenticationService.SetLoginCookie(user, true);
Metrics.Increment(Metric.Users_ResetPassword);
//show confirmation
return View("ResetPasswordConfirmation");
}
return View(model);
}
public ActionResult ResetPassword(string token)
{
if (User.Identity.IsAuthenticated)
{
NotifyInfo("You are already logged in. Log out and try again.");
return Redirect(Url.Home().Index());
}
Guid guidToken;
if (!Guid.TryParse(token, out guidToken))
{
NotifyWarning("Sorry! We couldn't verify that this user requested a password reset. Please try resetting again.");
return Redirect(Url.Account().ForgotPassword());
}
var model = new ResetPassword
{
Token = guidToken,
Data = Db.SingleOrDefault<PasswordRetrieval>(new { Token = guidToken })
};
if (model.Data == null)
{
NotifyWarning("Sorry! We couldn't verify that this user requested a password reset. Please try resetting again.");
return Redirect(Url.Account().ForgotPassword());
}
return View(model);
}
public ActionResult ResetPassword(ResetPassword model)
{
if (ModelState.IsValid)
{
using (RavenSession.GetCachingContext())
{
model.Data = RavenSession.Query<PasswordRetrieval>().SingleOrDefault(x => x.Token == model.Token);
if (model.Data == null)
return Redirect(Url.Home().Index());
User.UserObject.Password = model.Password.ToSHAHash();
RavenSession.Store(User.UserObject);
RavenSession.Delete(model.Data);
RavenSession.SaveChanges();
Metrics.Increment(Metric.Users_ResetPassword);
}
//show confirmation
return View("ResetPasswordConfirmation");
}
return View(model);
}
public ActionResult ResetPassword(Guid token)
{
var model = new ResetPassword { Token = token };
using (RavenSession.GetCachingContext())
{
model.Data = RavenSession.Query<PasswordRetrieval>().SingleOrDefault(x => x.Token == token);
if (model.Data == null)
return Redirect(Url.Home().Index());
return View(model);
}
}
public void GivenAnonymousPostRequest_WithValidData_DeletesPasswordRetrieval()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
var previousObject = Db.SingleOrDefault<PasswordRetrieval>(new { expectedObject.Id });
previousObject.Should().Be.Null();
}
public void GivenAuthenticatedPostRequest_Redirects()
{
var model = new ResetPassword();
ControllerUtilities.SetupControllerContext(Controller, User);
var result = Controller.ResetPassword(model) as RedirectResult;
result.Should().Not.Be.Null();
result.Url.Should().Equal(Controller.Url.Home().Index());
var notification = Controller.TempData[ViewDataConstants.Notification] as Notification;
notification.Should().Not.Be.Null();
}
public void GivenAnonymousPostRequest_WithValidId_IncrementsMetric()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
MetricsMock.Verify(x => x.Increment(Metric.Users_ResetPassword), Times.Once());
}
public void GivenAnonymousPostRequest_WithValidData_UpdatesUserPassword()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
Controller.ResetPassword(model);
var user = Db.SingleOrDefault<User>(new { User.Id });
user.Password.Should().Equal(model.PasswordConfirm.ToSHAHash());
}
public void GivenAnonymousPostRequest_WithValidData_ReturnsView()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
var result = Controller.ResetPassword(model) as ViewResult;
result.Should().Not.Be.Null();
result.ViewName.Should().Equal("ResetPasswordConfirmation");
}
public void GivenAnonymousPostRequest_WithValidData_LogsInUser()
{
var expectedObject = new PasswordRetrieval
{
Token = Guid.NewGuid(),
UserId = User.Id
};
Db.Save(expectedObject);
var model = new ResetPassword
{
Token = expectedObject.Token,
Password = "******" + GetRandom.String(10),
};
model.PasswordConfirm = model.Password;
Controller.ResetPassword(model);
AuthenticationService.Verify(x => x.SetLoginCookie(It.Is<User>(u => u.Id == User.Id), true), Times.Once());
}