From b816dbf3b920981ea63b5c9c38f613a4951ffbef Mon Sep 17 00:00:00 2001 From: anglicangeek Date: Sat, 28 Jan 2012 09:55:16 -0800 Subject: [PATCH] fixing the change password changes that were merged, according to other changes that have happened since then (like adding the new has algorithm) (fixes #356) --- Facts/Services/UsersServiceFacts.cs | 8 +++----- Website/Services/IUserService.cs | 2 +- Website/Services/UserService.cs | 4 ++-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/Facts/Services/UsersServiceFacts.cs b/Facts/Services/UsersServiceFacts.cs index dd57348d70..cb6e9d7aff 100644 --- a/Facts/Services/UsersServiceFacts.cs +++ b/Facts/Services/UsersServiceFacts.cs @@ -603,13 +603,12 @@ public void FindsUsersByUserName() var user = new User { Username = "theUsername", HashedPassword = "thePassword", EmailAddress = "test@example.com" }; var userRepository = new Mock>(); userRepository.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable()); - var crypto = new Mock(); crypto.Setup(c => c.ValidateSaltedHash(It.IsAny(), It.IsAny(), It.IsAny())).Returns(true); - var service = CreateUsersService(cryptoSvc: crypto, userRepo: userRepository); - var foundByUserName = service.FindByUsernameOrEmailAddressAndPassword("theUsername", "thePassword"); + var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword"); + Assert.NotNull(foundByUserName); Assert.Same(user, foundByUserName); } @@ -620,13 +619,12 @@ public void WillNotFindsUsersByEmailAddress() var user = new User { Username = "theUsername", HashedPassword = "thePassword", EmailAddress = "test@example.com" }; var userRepository = new Mock>(); userRepository.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable()); - var crypto = new Mock(); crypto.Setup(c => c.ValidateSaltedHash(It.IsAny(), It.IsAny(), It.IsAny())).Returns(true); - var service = CreateUsersService(cryptoSvc: crypto, userRepo: userRepository); var foundByEmailAddress = service.FindByUsernameAndPassword("test@example.com", "thePassword"); + Assert.Null(foundByEmailAddress); } } diff --git a/Website/Services/IUserService.cs b/Website/Services/IUserService.cs index 03d0edf80c..5fbd0e6a1b 100644 --- a/Website/Services/IUserService.cs +++ b/Website/Services/IUserService.cs @@ -24,7 +24,7 @@ public interface IUserService bool ConfirmEmailAddress(User user, string token); - bool ChangePassword(string usernameOrEmail, string oldPassword, string newPassword); + bool ChangePassword(string username, string oldPassword, string newPassword); User GeneratePasswordResetToken(string usernameOrEmail, int tokenExpirationMinutes); diff --git a/Website/Services/UserService.cs b/Website/Services/UserService.cs index 4500ddaf26..f938bb0355 100644 --- a/Website/Services/UserService.cs +++ b/Website/Services/UserService.cs @@ -126,7 +126,7 @@ public virtual User FindByUsernameAndPassword(string username, string password) if (user == null) return null; - if (!cryptoSvc.ValidateSaltedHash(user.HashedPassword, password)) + if (!cryptoSvc.ValidateSaltedHash(user.HashedPassword, password, user.PasswordHashAlgorithm)) return null; return user; @@ -170,7 +170,7 @@ public string GenerateApiKey(string username) return newApiKey.ToString(); } - public bool ChangePassword(string usernameOrEmail, string oldPassword, string newPassword) + public bool ChangePassword(string username, string oldPassword, string newPassword) { // Review: If the old password is hashed using something other than PBKDF2, we end up making an extra db call that changes the old hash password. // This operation is rare enough that I'm not inclined to change it.