public IHttpActionResult CheckAnswers(string resetToken, [FromBody] SecurityAnswersRequest request) { try { PasswordManager pm = new PasswordManager(); int response = pm.CheckSecurityAnswersController(resetToken, request); if (response == 1) { return(Content(HttpStatusCode.OK, true)); } else if (response == -1) { return(Content(HttpStatusCode.BadRequest, "One or more of the answers inputted are incorrect")); } else if (response == -2) { return(Content(HttpStatusCode.Unauthorized, "Reset link is no longer valid")); } else { return(Content(HttpStatusCode.BadRequest, "Service Unavailable")); } } catch (Exception ex) { return(Content(HttpStatusCode.BadRequest, "Service Unavailable")); } }
public void CheckSecurityAnswersController_Fail_WrongAnswers() { //Arrange var expected = -1; var newUser = tu.CreateUserObject(); string secA1 = "Pizza"; string secA2 = "Cyan"; string secA3 = "Hiking"; newUser.SecurityQ1Answer = secA1; newUser.SecurityQ2Answer = secA2; newUser.SecurityQ3Answer = "photography"; tu.CreateUserInDb(newUser); using (_db = tu.CreateDataBaseContext()) { PasswordManager pm = new PasswordManager(_db); var newlyAddedPasswordReset = pm.CreatePasswordReset(newUser.Id); SecurityAnswersRequest request = new SecurityAnswersRequest(); request.securityA1 = secA1; request.securityA2 = secA2; request.securityA3 = secA3; //Act var actual = pm.CheckSecurityAnswersController(newlyAddedPasswordReset.ResetToken, request); //Assert Assert.AreEqual(expected, actual); } }
public int CheckSecurityAnswersController(string resetToken, SecurityAnswersRequest request) { if (CheckPasswordResetValid(resetToken)) { List <string> userSubmittedSecurityAnswers = new List <string> { request.securityA1, request.securityA2, request.securityA3 }; if (CheckSecurityAnswers(resetToken, userSubmittedSecurityAnswers)) { return(1); //Ok } return(-1); //Bad Request } return(-2); //Unauthorized }