public ValidationResult ForgotPassword([FromBody] CredentialsRequestModel requestModel)
{
var result = new ValidationResult();
var existingUser = Context.Users.FirstOrDefault(r => r.EmailAddress.ToUpper() == requestModel.EmailAddress.ToUpper());
if (existingUser == null)
{
result.InValidate("", "The email address is not registered.");
return(result);
}
var tempPassword = SecurityHelper.CreateRandomPassword(Convert.ToInt32(Configuration["Security.TempPasswordLength"]));
var salt = Context.Salts.First(s => s.Active == true).Value;
var emailBody = @"Your temporary password is: " + tempPassword + Environment.NewLine +
"Please click on the following link to login: http://" + Configuration["ColourCoded.UI.Sitename"] + "/security/authenticate";
existingUser.Password = SecurityHelper.SaltedHashAlgorithm(tempPassword, salt);
Context.SaveChanges();
if (CommunicationsHelper.SendEmail(existingUser.EmailAddress, "Password reset", emailBody))
{
return(result);
}
result.InValidate("", "Error sending email. Please contact the IT Administrator.");
return(result);
}
public void ForgottenPassword_Successful()
{
var resources = new Resources();
using (resources.Context.Database.BeginTransaction())
{
// Given
var user = TestHelper.CreateUser(resources.Context);
var requestModel = new CredentialsRequestModel
{
EmailAddress = "*****@*****.**"
};
resources.AddMockCreateRandomPassword(Convert.ToInt32(resources.Configuration["Security.TempPasswordLength"]), "testpassword");
var emailBody = @"Your temporary password is: testpassword" + Environment.NewLine +
"Please click on the following link to change your password: "******"ColourCoded.UI.Sitename"] + "/security/authenticate/changepassword?username="******"Password reset", emailBody);
// When
var result = resources.Controller.ForgotPassword(requestModel);
// Then
Assert.IsNotNull(result);
Assert.IsTrue(result);
}
}
public void ForgottenPassword_NoEmail()
{
var resources = new Resources();
using (resources.Context.Database.BeginTransaction())
{
// Given
var requestModel = new CredentialsRequestModel
{
EmailAddress = "*****@*****.**"
};
// When
var result = resources.Controller.ForgotPassword(requestModel);
// Then
Assert.IsNotNull(result);
Assert.IsFalse(result);
}
}
public bool ForgotPassword([FromBody] CredentialsRequestModel requestModel)
{
var existingUser = Context.Users.FirstOrDefault(r => r.EmailAddress.ToUpper() == requestModel.EmailAddress.ToUpper());
if (existingUser == null)
{
return(false);
}
else
{
var tempPassword = SecurityHelper.CreateRandomPassword(Convert.ToInt32(Configuration["Security.TempPasswordLength"]));
var salt = Context.Salts.First(s => s.Active == true).Value;
existingUser.Password = SecurityHelper.SaltedHashAlgorithm(tempPassword, salt);
var emailBody = @"Your temporary password is: " + tempPassword + Environment.NewLine +
"Please click on the following link to change your password: "******"ColourCoded.UI.Sitename"] + "/security/authenticate/changepassword?username="******"Password reset", emailBody));
}
}
