fixing the change password changes that were merged, according to oth…

…er changes that have happened since then (like adding the new has algorithm) (fixes #356)
NuGet · Jan 28, 2012 · b816dbf · b816dbf
1 parent c88823f
commit b816dbf
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 8 deletions.
diff --git a/Facts/Services/UsersServiceFacts.cs b/Facts/Services/UsersServiceFacts.cs
@@ -603,13 +603,12 @@ public void FindsUsersByUserName()
                 var user = new User { Username = "theUsername", HashedPassword = "thePassword", EmailAddress = "[email protected]" };
                 var userRepository = new Mock<IEntityRepository<User>>();
                 userRepository.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable());
-
                 var crypto = new Mock<ICryptographyService>();
                 crypto.Setup(c => c.ValidateSaltedHash(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>())).Returns(true);
-
                 var service = CreateUsersService(cryptoSvc: crypto, userRepo: userRepository);
 
-                var foundByUserName = service.FindByUsernameOrEmailAddressAndPassword("theUsername", "thePassword");
+                var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword");
+
                 Assert.NotNull(foundByUserName);
                 Assert.Same(user, foundByUserName);
             }
@@ -620,13 +619,12 @@ public void WillNotFindsUsersByEmailAddress()
                 var user = new User { Username = "theUsername", HashedPassword = "thePassword", EmailAddress = "[email protected]" };
                 var userRepository = new Mock<IEntityRepository<User>>();
                 userRepository.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable());
-
                 var crypto = new Mock<ICryptographyService>();
                 crypto.Setup(c => c.ValidateSaltedHash(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>())).Returns(true);
-
                 var service = CreateUsersService(cryptoSvc: crypto, userRepo: userRepository);
 
                 var foundByEmailAddress = service.FindByUsernameAndPassword("[email protected]", "thePassword");
+
                 Assert.Null(foundByEmailAddress);
             }
         }

diff --git a/Website/Services/IUserService.cs b/Website/Services/IUserService.cs
@@ -24,7 +24,7 @@ public interface IUserService
 
         bool ConfirmEmailAddress(User user, string token);
 
-        bool ChangePassword(string usernameOrEmail, string oldPassword, string newPassword);
+        bool ChangePassword(string username, string oldPassword, string newPassword);
 
         User GeneratePasswordResetToken(string usernameOrEmail, int tokenExpirationMinutes);
 

diff --git a/Website/Services/UserService.cs b/Website/Services/UserService.cs
@@ -126,7 +126,7 @@ public virtual User FindByUsernameAndPassword(string username, string password)
             if (user == null)
                 return null;
 
-            if (!cryptoSvc.ValidateSaltedHash(user.HashedPassword, password))
+            if (!cryptoSvc.ValidateSaltedHash(user.HashedPassword, password, user.PasswordHashAlgorithm))
                 return null;
 
             return user;
@@ -170,7 +170,7 @@ public string GenerateApiKey(string username)
             return newApiKey.ToString();
         }
 
-        public bool ChangePassword(string usernameOrEmail, string oldPassword, string newPassword)
+        public bool ChangePassword(string username, string oldPassword, string newPassword)
         {
             // Review: If the old password is hashed using something other than PBKDF2, we end up making an extra db call that changes the old hash password.
             // This operation is rare enough that I'm not inclined to change it.