From 119eb3fa684dca448ee9156dd7981b1445a15aa0 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 22 Feb 2017 13:03:22 -0800
Subject: [PATCH] Add test verifying SetEmail invalidates token

---
 .../IdentitySpecificationTestBase.cs          | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Identity.Specification.Tests/IdentitySpecificationTestBase.cs b/src/Microsoft.AspNetCore.Identity.Specification.Tests/IdentitySpecificationTestBase.cs
index 70d17ee256..e8d24c3389 100644
--- a/src/Microsoft.AspNetCore.Identity.Specification.Tests/IdentitySpecificationTestBase.cs
+++ b/src/Microsoft.AspNetCore.Identity.Specification.Tests/IdentitySpecificationTestBase.cs
@@ -2205,6 +2205,33 @@ namespace Microsoft.AspNetCore.Identity.Test
         /// <returns>Task</returns>
         [Fact]
         public async Task ChangeEmailFailsWithWrongToken()
+        {
+            if (ShouldSkipDbTests())
+            {
+                return;
+            }
+            var manager = CreateManager();
+            var user = CreateTestUser("foouser");
+            IdentityResultAssert.IsSuccess(await manager.CreateAsync(user));
+            var email = await manager.GetUserNameAsync(user) + "@diddly.bop";
+            IdentityResultAssert.IsSuccess(await manager.SetEmailAsync(user, email));
+            Assert.False(await manager.IsEmailConfirmedAsync(user));
+            var stamp = await manager.GetSecurityStampAsync(user);
+            var newEmail = await manager.GetUserNameAsync(user) + "@en.vec";
+            var token1 = await manager.GenerateChangeEmailTokenAsync(user, newEmail);
+            IdentityResultAssert.IsSuccess(await manager.SetEmailAsync(user, "another@email.com"));
+            Assert.NotEqual(stamp, await manager.GetSecurityStampAsync(user));
+            IdentityResultAssert.IsFailure(await manager.ChangeEmailAsync(user, newEmail, token1));
+            Assert.False(await manager.IsEmailConfirmedAsync(user));
+            Assert.Equal(await manager.GetEmailAsync(user), "another@email.com");
+        }
+
+        /// <summary>
+        /// Test.
+        /// </summary>
+        /// <returns>Task</returns>
+        [Fact]
+        public async Task ChangeEmailTokensFailsAfterEmailChanged()
         {
             if (ShouldSkipDbTests())
             {