Create class to store and validate passwords.
All passwords must be salted and hashed.
Do not interact with an Email server.
Create an AreValidUserCredentials method that takes in a userName and password. The method salts and hashes the password to check its validity against what is stored. If it matched it returns true, else false.
Create a SendResetEmail method that take in an email address. If it matches what is on record for the user send an email with a validation link. The link must include a randomly generated token that will expire 1 hour after being created.
- Pass in a mocked repository for password validation.
- Or if you are feeling brave and using C# write an integration test using a real repo that writes to an in-memory DB. Lots of good test packages to choose from.
- Pass in a mocked email service for sending email.
- You are not allowed to feel luck with this, it will be painful if you try.
- Modify the reset logic to extend all previous request sent within the last hour to the expiry of the most recently issued token. E.g a link was issued 50 minutes ago. A user request a new link, now both links expire in one hour.
- Passwords expire every 60 days and the user many not use the any of the previous 5 passwords.
- If you did not write an integration test for DB interaction, please do so now. Remove your mock and make use of a real implementation tested against an testing version of the DB.
- Making use of migrations is a great way to ensure you can easily spin up a new DB for testing.