public IHttpActionResult CheckAnswers(string resetToken, [FromBody] SecurityAnswersRequest request)
{
try
{
PasswordManager pm = new PasswordManager();
int response = pm.CheckSecurityAnswersController(resetToken, request);
if (response == 1)
{
return(Content(HttpStatusCode.OK, true));
}
else if (response == -1)
{
return(Content(HttpStatusCode.BadRequest, "One or more of the answers inputted are incorrect"));
}
else if (response == -2)
{
return(Content(HttpStatusCode.Unauthorized, "Reset link is no longer valid"));
}
else
{
return(Content(HttpStatusCode.BadRequest, "Service Unavailable"));
}
}
catch (Exception ex)
{
return(Content(HttpStatusCode.BadRequest, "Service Unavailable"));
}
}
public void CheckSecurityAnswersController_Fail_WrongAnswers()
{
//Arrange
var expected = -1;
var newUser = tu.CreateUserObject();
string secA1 = "Pizza";
string secA2 = "Cyan";
string secA3 = "Hiking";
newUser.SecurityQ1Answer = secA1;
newUser.SecurityQ2Answer = secA2;
newUser.SecurityQ3Answer = "photography";
tu.CreateUserInDb(newUser);
using (_db = tu.CreateDataBaseContext())
{
PasswordManager pm = new PasswordManager(_db);
var newlyAddedPasswordReset = pm.CreatePasswordReset(newUser.Id);
SecurityAnswersRequest request = new SecurityAnswersRequest();
request.securityA1 = secA1;
request.securityA2 = secA2;
request.securityA3 = secA3;
//Act
var actual = pm.CheckSecurityAnswersController(newlyAddedPasswordReset.ResetToken, request);
//Assert
Assert.AreEqual(expected, actual);
}
}
public int CheckSecurityAnswersController(string resetToken, SecurityAnswersRequest request)
{
if (CheckPasswordResetValid(resetToken))
{
List <string> userSubmittedSecurityAnswers = new List <string>
{
request.securityA1,
request.securityA2,
request.securityA3
};
if (CheckSecurityAnswers(resetToken, userSubmittedSecurityAnswers))
{
return(1); //Ok
}
return(-1); //Bad Request
}
return(-2); //Unauthorized
}
