Merge pull request #325 from TransactionProcessing/task/#29_changeandforgotpassword

Change Password Implemented

Author: StuartFerguson

SecurityService.BusinessLogic/ISecurityServiceManager.cs

@@ -11,6 +11,12 @@ namespace SecurityService.BusinessLogic
 
     public interface ISecurityServiceManager
     {
+        Task<(Boolean, String)> ChangePassword(String userName,
+                                               String currentPassword,
+                                               String newPassword,
+                                               String clientId,
+                                               CancellationToken cancellationToken);
+
         Task ProcessPasswordResetRequest(String username,
                                          String emailAddress,
                                          String clientId,

SecurityService.BusinessLogic/SecurityServiceManager.cs

@@ -86,11 +86,52 @@ public SecurityServiceManager(IPasswordHasher<IdentityUser> passwordHasher,
             this.MessagingServiceClient = messagingServiceClient;
             this.IdentityServerTools = identityServerTools;
         }
+        
+        public async Task<(Boolean, String)> ChangePassword(String userName,
+                                                            String currentPassword,
+                                                            String newPassword,
+                                                            String clientId,
+                                                            CancellationToken cancellationToken) {
+            // Find the user based on the user name passed in
+            IdentityUser user = await this.UserManager.FindByNameAsync(userName);
+
+            if (user == null)
+            {
+                // TODO: Redirect to a success page so the user doesnt know if the username is correct or not,
+                // this prevents giving away info to a potential hacker...
+                // TODO: maybe log something here...
+                return (false,String.Empty);
+            }
+
+            IdentityResult result = await this.UserManager.ChangePasswordAsync(user, currentPassword, newPassword);
+
+            if (result.Succeeded == false) {
+                // Log any errors
+                Logger.LogWarning($"Errors during password change for user [{userName} and Client [{clientId}]");
+                foreach (IdentityError identityError in result.Errors)
+                {
+                    Logger.LogWarning($"Code {identityError.Code} Description {identityError.Description}");
+                }
+            }
+
+            // build the redirect uri
+            Duende.IdentityServer.EntityFramework.Entities.Client client = await this.ConfigurationDbContext.Clients.SingleOrDefaultAsync(c => c.ClientId == clientId);
+
+            if (client == null)
+            {
+                Logger.LogWarning($"Client not found for clientId {clientId}");
+                // TODO: need to redirect somewhere...
+                return (false,String.Empty);
+            }
+
+            Logger.LogWarning($"Client uri {client.ClientUri}");
+            return (true,client.ClientUri);
+        }
 
         public async Task ProcessPasswordResetRequest(String username,
-                                                String emailAddress,
-                                                String clientId,
-                                                CancellationToken cancellationToken) {
+                                                      String emailAddress,
+                                                      String clientId,
+                                                      CancellationToken cancellationToken) {
             // Find the user based on the user name passed in
             IdentityUser user = await this.UserManager.FindByNameAsync(username);
 
@@ -101,8 +142,7 @@ public async Task ProcessPasswordResetRequest(String username,
                 return;
             }
 
-            // TODO: User has been found so send an email with reset details
-            // TODO: For now we will write this to a text file 
+            // User has been found so send an email with reset details
             String resetToken = await this.UserManager.GeneratePasswordResetTokenAsync(user);
             resetToken = UrlEncoder.Default.Encode(resetToken);
             String baseAddress = ConfigurationReader.GetValue("ServiceOptions", "PublicOrigin");
@@ -202,7 +242,7 @@ public async Task<String> ProcessPasswordResetConfirmation(String username,
                 }
             }
 
-            // TODO: build the redirect uri
+            // build the redirect uri
             Duende.IdentityServer.EntityFramework.Entities.Client client = await this.ConfigurationDbContext.Clients.SingleOrDefaultAsync(c => c.ClientId == clientId);
 
             if (client == null) {

SecurityService.IntegrationTests/SecurityService.IntegrationTests.csproj

@@ -61,6 +61,12 @@
     </Compile>
   </ItemGroup>
 
+  <ItemGroup>
+    <None Update="xunit.runner.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
   <ItemGroup>
     <SpecFlowFeatureFiles Update="ApiScopes\ApiScope.feature">
       <Generator>SpecFlowSingleFileGenerator</Generator>

SecurityService.IntegrationTests/xunit.runner.json

@@ -0,0 +1,3 @@
+{
+  "maxParallelThreads" :  1
+}

SecurityService.OpenIdConnect.IntegrationTests/ChangePassword/ChangePassword.feature

@@ -0,0 +1,41 @@
+@base @shared @userlogin @changepassword
+Feature: Change Password
+
+Background: 
+
+	Given I create the following roles
+	| Role Name  |
+	| Estate |
+
+	Given I create the following api resources
+	| Name                 | DisplayName            | Secret  | Scopes           | UserClaims               |
+	| estateManagement | Estate Managememt REST | Secret1 | estateManagement | MerchantId,EstateId,role |
+
+	Given I create the following identity resources
+	| Name        | DisplayName          | Description                                                 | UserClaims                                                             |
+	| openid  | Your user identifier |                                                             | sub                                                                    |
+	| profile | User profile         | Your user profile information (first name, last name, etc.) | name,role,email,given_name,middle_name,family_name,EstateId,MerchantId |
+	| email   | Email                | Email and Email Verified Flags                              | email_verified,email                                                   |
+
+	Given I create the following clients
+	| ClientId       | Name            | Secret  | Scopes                                | GrantTypes | RedirectUris                     | PostLogoutRedirectUris            | RequireConsent | AllowOfflineAccess | ClientUri            |
+	| estateUIClient | Merchant Client | Secret1 | estateManagement,openid,email,profile | hybrid     | https://[url]:[port]/signin-oidc | https://[url]:[port]/signout-oidc | false          | true               | https://[url]:[port] |
+
+	Given I create the following users
+	| Email Address                    | Password | Phone Number | Given Name | Middle Name | Family Name | Claims     | Roles      |
+	| estateuser@testestate1.co.uk | 123456   | 123456789    | Test       |             | User 1      | EstateId:1 | Estate |
+
+@PRTest
+Scenario: Change Passwword
+	Given I am on the application home page
+	When I click the 'Privacy' link
+	Then I am presented with a login screen
+	When I login with the username 'estateuser@testestate1.co.uk' and password '123456'
+	Then I am presented with the privacy screen
+	When I click the 'ChangePassword' link
+	Then I am presented with a change password screen
+	When I enter my old password '123456'
+	When I enter my new password 'Pa55word!'
+	And I confirm my new password 'Pa55word!'
+	And I click the change password button
+	Then I am returned to the application home page