public void ChangePassword_ChangesPassword()
{
securitySettings.AllowLoginAfterAccountCreation = true;
securitySettings.RequireAccountVerification = false;
var id = subject.CreateAccount("test", "pass", "*****@*****.**").ID;
subject.ChangePassword(id, "pass", "pass2");
Assert.IsFalse(subject.Authenticate("test", "pass"));
Assert.IsTrue(subject.Authenticate("test", "pass2"));
}
public ActionResult ChangePassword(ChangePassword cp)
{
if (ModelState.IsValid)
{
using (UserAccountService _uas = new UserAccountService())
{
int code = 0;
User user = _uas.GetUser(Convert.ToInt32(Session["Id"]));
AesEncrpyt en = new AesEncrpyt();
if (user.Password.Equals(en.Encrypt(cp.OldPassword)))
{
code = _uas.ChangePassword(cp, user);
if (code == 1)
{
ViewBag.ChangePasswordMessage = "Successfuly changed password!";
}
else
{
ViewBag.ChangePasswordMessage = "Password change unsuccessful.";
}
}
else
{
ViewBag.ChangePasswordMessage = "Password change unsuccessful.";
}
}
}
return(View());
}
public IActionResult ChangePassword([Bind(Prefix = "Password")] ChangePasswordInputModel model)
{
if (!ModelState.IsValid)
{
return(CorrectErrors(BuildUserProfileModel(model), "password"));
}
try
{
var acct = _userAccountService.GetByID(User.GetId());
_userAccountService.ChangePassword(acct.ID, model.OldPassword, model.NewPassword);
return(RedirectToAction("Edit", new { changed = true }));
}
catch (AuthenticationException)
{
return(new HttpUnauthorizedResult());
}
catch (ValidationException ex) {
// this is more fragile than I'd like, but I don't see another way to check this exception's cause
if (ex.ValidationResult.ErrorMessage == "Invalid old password.")
{
ModelState.AddModelError("Password.OldPassword", ex.Message);
}
else
{
ModelState.AddModelError("Password.NewPassword", ex.Message);
ModelState.AddModelError("Password.NewPasswordConfirm", ex.Message);
}
}
return(CorrectErrors(BuildUserProfileModel(model), "password"));
}
public void ChangePassword(ChangePasswordRequest request)
{
var userAccountRepository = new UserAccountRepository();
UserAccountService.ChangePassword(
request,
ContextualUserId,
userAccountRepository.GetById,
userAccountRepository.SetPassword);
}
public static void ChangePassword(ChangePasswordRequest request,
int userId,
Func <int, UserAccount> getUserAccountById,
Action <string, int> setPasswordForUserId)
{
UserAccountService.ChangePassword(request.OldPassword,
request.NewPassword,
userId,
getUserAccountById,
setPasswordForUserId);
}
public IActionResult ChangePassword(ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = GetCurrentUser();
if (user != null)
{
_userAccountService.ChangePassword(user.ID, model.OldPassword, model.NewPassword);
_authenticationService.SignIn(user, false);
//_logger.LogInformation(3, "User changed their password successfully.");
return(RedirectToAction(nameof(Index), new { Message = ManageMessageId.ChangePasswordSuccess }));
}
return(RedirectToAction(nameof(Index), new { Message = ManageMessageId.Error }));
}
public void If_old_password_does_not_match_Then_throws_BadOldPasswordError()
{
var userId = 1234;
Assert.Throws <InternalException>(() =>
UserAccountService.ChangePassword(
new ChangePasswordRequest
{
OldPassword = "******"
},
userId,
_ =>
new UserAccount
{
Password = "******",
Enabled = true
},
(password, id) => { return; }));
}
/// <summary>
/// Changes user's password
/// </summary>
/// <typeparam name="TAccount"></typeparam>
/// <param name="userAccountService"></param>
/// <param name="newPass"></param>
/// <param name="oldPass"></param>
/// <returns></returns>
public static async Task <ChangePassOutput> ChangePasswordAsync <TAccount>(
UserAccountService <TAccount> userAccountService, string newPass, string oldPass)
where TAccount : RelationalUserAccount
{
var output = new ChangePassOutput {
Success = true
};
//need to verify the user pass first and in order to do so, need to simulate user auth
var uuid = Utils.Identity.GetUserGuid();
if (!uuid.HasValue)
//this shouldn't happen really as the service should only allow authenticated access, but...
{
output.Success = false;
output.FailureReason = "unknown_user";
}
else
{
try
{
userAccountService.ChangePassword(uuid.Value, oldPass, newPass);
}
catch (Exception ex)
{
output.Success = false;
if (ex.Message == "Invalid old password.")
{
output.FailureReason = "invalid_old_pass";
}
if (ex.Message == "The new password must be different from the old password.")
{
output.FailureReason = "new_pass_same_as_old_pass";
}
}
}
return(output);
}
