public async Task <IActionResult> PasswordReset([FromForm] ResetPasswordInputModel model) { var vm = _account.BuildResetPasswordViewModel(model, false); if (!ModelState.IsValid) { return(View(vm)); } IdentityExpressUser identityExpressUser = await _userManager.GetUserAsync(User); var result = await _userManager.ResetPasswordAsync(identityExpressUser, model.Token, model.Password); if (result.Succeeded) { result = await _userManager.UpdateAsync(identityExpressUser); } if (!result.Succeeded) { foreach (var item in result.Errors) { ModelState.AddModelError("", item.Description); } } vm = _account.BuildResetPasswordViewModel(model, result.Succeeded); return(View(vm)); }
public async Task Resgiter_WhenModelIsValidWithNullPassword_ExpectSuccessAndUserPasswordSet() { //arrange var username = Guid.NewGuid().ToString(); var user = new IdentityExpressUser() { UserName = username, NormalizedUserName = normalizer.Normalize(username) }; using (var context = new IdentityExpressDbContext(options)) { context.Users.Add(user); context.SaveChanges(); } var model = new RegisterInputModel { ConfirmPassword = "******", Password = "******", Username = username }; var list = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("ConfirmPassword", "Password123!"), new KeyValuePair <string, string>("Password", "Password123!"), new KeyValuePair <string, string>("Username", username) }; //act var result = await client.PostAsync("/account/register", new FormUrlEncodedContent(list)); //assert Assert.True(result.IsSuccessStatusCode); IdentityExpressUser foundUser; using (var context = new IdentityExpressDbContext(options)) { foundUser = await context.Users.FirstOrDefaultAsync(x => x.UserName == username); } Assert.NotNull(foundUser); Assert.NotNull(foundUser.PasswordHash); }
public async Task Resgiter_WhenUserAlreadyHasPassword_ExpectFailureAndPasswordNotUpdated() { //arrange var username = Guid.NewGuid().ToString(); var user = new IdentityExpressUser() { UserName = username, NormalizedUserName = normalizer.Normalize(username) }; var passwordHasher = new PasswordHasher <IdentityExpressUser>(); var hash = passwordHasher.HashPassword(user, "hello"); user.PasswordHash = hash; using (var context = new IdentityExpressDbContext(options)) { context.Users.Add(user); context.SaveChanges(); } var model = new RegisterInputModel { ConfirmPassword = "******", Password = "******", Username = username }; var json = JsonConvert.SerializeObject(model); //act var result = await client.PostAsync("/account/register", new StringContent(json, Encoding.UTF8, "application/json")); //assert Assert.True(result.IsSuccessStatusCode); IdentityExpressUser foundUser; using (var context = new IdentityExpressDbContext(options)) { foundUser = await context.Users.FirstOrDefaultAsync(x => x.UserName == username); } Assert.NotNull(foundUser); Assert.Equal(hash, foundUser.PasswordHash); }
public async Task Register_WhenUserAlreadyHasPassword_ExpectFailureAndPasswordNotUpdated() { //arrange var username = Guid.NewGuid().ToString(); var user = new IdentityExpressUser() { UserName = username, NormalizedUserName = normalizer.NormalizeName(username) }; var passwordHasher = new PasswordHasher <IdentityExpressUser>(); var hash = passwordHasher.HashPassword(user, "hello"); user.PasswordHash = hash; using (var context = new IdentityExpressDbContext(options)) { context.Users.Add(user); context.SaveChanges(); } var registerInputModel = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("ConfirmPassword", "Password123!"), new KeyValuePair <string, string>("Password", "Password123!"), new KeyValuePair <string, string>("Username", username) }; //act var result = await client.PostAsync("/account/register", new FormUrlEncodedContent(registerInputModel)); //assert Assert.True(result.IsSuccessStatusCode); IdentityExpressUser foundUser; using (var context = new IdentityExpressDbContext(options)) { foundUser = await context.Users.FirstOrDefaultAsync(x => x.UserName == username); } Assert.NotNull(foundUser); Assert.Equal(hash, foundUser.PasswordHash); }
public async Task <IActionResult> PasswordResetHook([FromBody] PasswordResetDTO dto) { if (!ModelState.IsValid) { return(BadRequest("Invalid email" + ModelState.ToString())); } IdentityExpressUser identityExpressUser = await _userManager.FindByEmailAsync(dto.Email); string resetToken = await _userManager.GeneratePasswordResetTokenAsync(identityExpressUser); string emailHost = _configuration.GetValue <string>("smtp_host"); string emailPort = _configuration.GetValue <string>("smtp_port"); string smtpUsername = _configuration.GetValue <string>("smtp_username"); string smtpPassword = _configuration.GetValue <string>("smtp_password"); string origin = _configuration.GetValue <string>("Public_Origin"); int port = 587; int.TryParse(emailPort, out port); string senderEmail = _configuration.GetValue <string>("Email_Host"); string senderName = _configuration.GetValue <string>("Sender_Name"); MailMessage message = new MailMessage(); message.IsBodyHtml = true; message.From = new MailAddress(senderEmail, senderName); message.To.Add(new MailAddress(dto.Email)); message.Subject = "Password reset"; string urlEncodedEmail = HttpUtility.UrlEncode(identityExpressUser.Email); string urlEncodedToken = HttpUtility.UrlEncode(resetToken); message.Body = "<h1>IdentityServer Password Reset</h1>" + "<p>Plese reset you password using the following link:</p>" + "<p><a href='" + origin + "/Account/PasswordReset?email=" + urlEncodedEmail + "&token=" + urlEncodedToken + "'>resetToken</a></p>"; Console.WriteLine(resetToken); Console.WriteLine(urlEncodedToken); using (var client = new SmtpClient(emailHost, port)) { client.Credentials = new NetworkCredential(smtpUsername, smtpPassword); client.EnableSsl = true; client.Send(message); } return(Ok()); }
public async Task <IActionResult> PasswordReset(string email, string token) { Console.WriteLine(token); Console.WriteLine(); if (String.IsNullOrWhiteSpace(email) || String.IsNullOrWhiteSpace(token)) { return(Unauthorized("Email or token not provided Email:" + email ?? "not provided" + "Token:" + token ?? "not provided")); } IdentityExpressUser identityExpressUser = await _userManager.FindByEmailAsync(HttpUtility.UrlDecode(email)); bool verified = await _userManager.VerifyUserTokenAsync(identityExpressUser, TokenOptions.DefaultEmailProvider, "ResetPassword", HttpUtility.UrlDecode(token)); if (verified) { ResetPasswordViewModel resetPasswordViewModel = _account.BuildResetPasswordViewModel(); resetPasswordViewModel.Email = email; resetPasswordViewModel.Token = token; return(View(resetPasswordViewModel)); } return(Unauthorized("Token not validated Email:" + email + " token:" + token)); }