public void ForgotPassword_InvalidUserName_DoesntSendEmail_But_RedirectsTo_PasswordResetRequestedView()
{
// Arrange
const string nonExistingUser = "******";
_webSecurity.Setup(x => x.GetUserId(nonExistingUser)).Returns(-1);
// Act
var model = new ForgotPasswordViewModel
{
UserNameOrEmail = nonExistingUser
};
Mother.ControllerHelpers.SetupControllerModelState(model, _controllerUnderTest);
var response = _controllerUnderTest.ForgotPassword(model);
// Assert
var result = response as RedirectToRouteResult;
Assert.AreEqual("PasswordResetRequested", result.RouteValues["action"]);
_messageService.Verify(x => x.SendMessage(It.IsAny<Message>(), It.IsAny<Person>(), It.IsAny<string>()), Times.Never);
}
public ActionResult ForgotPassword(ForgotPasswordViewModel model)
{
if (ModelState.IsValid)
{
// First assume the username was typed in.
var userName = model.UserNameOrEmail;
var userId = _webSecurity.GetUserId(model.UserNameOrEmail);
if (userId == -1)
{
// If the user was not found by name, assume his email was typed in.
var user = _volunteerSvc.FindUserByEmail(model.UserNameOrEmail);
if (user != null)
{
userName = user.UserName;
userId = user.Id;
}
}
// Only send email when user actually exists. For security reasons
// don't show an error when the given user doesn't exist.
if (userId != -1)
{
var volunteer = _volunteerSvc.FindByUserId(userId);
if (volunteer != null)
{
var token = _webSecurity.GeneratePasswordResetToken(userName);
// Generate the absolute Url for the password reset action.
var routeValues = new RouteValueDictionary { { "token", token } };
var passwordResetLink = Url.Action("ResetPassword", "Account", routeValues, Request.Url.Scheme);
var body = String.Format(@"<p>Click on the following link to reset your password: <a href='{0}'>{0}</a></p>", passwordResetLink);
var message = new Message("CrisisCheckin - Password Reset", body);
_messageService.SendMessage(message, volunteer);
}
}
return RedirectToAction("PasswordResetRequested");
}
return View(model);
}
public void ForgotPassword_ValidEmailInsteadOfUsername_SendsEmail_And_RedirectsTo_PasswordResetRequestedView()
{
// Arrange
const string usernameOrEmail = "*****@*****.**";
const int existingUserId = 42;
const string existingUsername = "******";
const string token = "t-o-k-e-n";
var person = new Person {Id = existingUserId};
_webSecurity.Setup(x => x.GetUserId(usernameOrEmail))
.Returns(-1);
_volunteerService.Setup(x => x.FindUserByEmail(usernameOrEmail))
.Returns(new User { Id = existingUserId, UserName = existingUsername});
_webSecurity.Setup(x => x.GeneratePasswordResetToken(existingUsername))
.Returns(token);
_volunteerService.Setup(x => x.FindByUserId(existingUserId))
.Returns(person);
_routeCollection.MapRoute(
name: "PasswordReset",
url: "{controller}/{action}",
defaults: new { controller = "Account", action = "PasswordReset" }
);
// Act
var model = new ForgotPasswordViewModel
{
UserNameOrEmail = usernameOrEmail
};
Mother.ControllerHelpers.SetupControllerModelState(model, _controllerUnderTest);
var response = _controllerUnderTest.ForgotPassword(model);
// Assert
var result = response as RedirectToRouteResult;
Assert.AreEqual("PasswordResetRequested", result.RouteValues["action"]);
_messageService.Verify(x => x.SendMessage(It.IsAny<Message>(), person, It.IsAny<string>()));
}
public ActionResult ForgotPassword()
{
var model = new ForgotPasswordViewModel();
return View(model);
}