public IAuthentication AuthenticateUser(string emailAddress, string password, HttpResponseBase response, bool addCookie)
        {
            var authResponse = new Authentication();
            var user         = _customerRepository.FetchUserByEmailAddress(emailAddress);

            // ** TO DO. SANITISE USER INPUT

            if (user == null)
            {
                authResponse.Authenticated = false;
                authResponse.ErrorText     = _siteConfiguration.SecureMode ? UsernameOrPasswordIncorrectError : NoUserExistsError;

                return(authResponse);
            }

            // Converting user db to user prinicpal
            authResponse.UserPrincipal = Mapper.Map <UserPrincipal>(user);
            authResponse.Authenticated = _passwordManager.PasswordMatchesHash(password, user.PasswordHash, user.PasswordSalt);

            if (authResponse.Authenticated)
            {
                if (addCookie)
                {
                    // Serialising the UserPrincipal object rather than user as user contains extra information relating to passwords
                    var userData = new JavaScriptSerializer().Serialize(authResponse.UserPrincipal);

                    var ticket = new FormsAuthenticationTicket(1,
                                                               authResponse.UserPrincipal.EmailAddress,
                                                               DateTime.Now,
                                                               DateTime.Now.AddDays(30),
                                                               true,
                                                               userData,
                                                               FormsAuthentication.FormsCookiePath);

                    // Encrypt the ticket.
                    var encTicket = FormsAuthentication.Encrypt(ticket);

                    // Create the cookie.
                    response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
                }
            }
            else
            {
                authResponse.ErrorText = _siteConfiguration.SecureMode ? UsernameOrPasswordIncorrectError : UserPasswordIncorrectError;
            }

            return(authResponse);
        }
        public void then_true_should_be_returned_if_the_passwords_match()
        {
            var result = _passwordManager.PasswordMatchesHash("password", "HyeF+GbkROa/eaUyYgVqCm8zMdNn/AEIzOnd+luTsgQ=", "i2U3DxA=");

            result.Should().BeTrue();
        }