private static Result ValidateIfUserDisabled(ApplicationUser user)
{
return(!user.Disabled ? Result.Success() : Result.Failure(LoginUserErrors.UserIsDisabled()));
}
public async Task <IActionResult> Login(LoginViewModel viewModel)
{
if (viewModel is null)
{
throw new ArgumentNullException(nameof(viewModel));
}
var returnUri = viewModel.ReturnUrl;
if (returnUri is null)
{
return(RedirectToPublicBrowseLogin());
}
var signInResult = await loginService.SignInAsync(viewModel.EmailAddress, viewModel.Password, returnUri);
LoginViewModel NewLoginViewModel() =>
new()
{
ReturnUrl = viewModel.ReturnUrl, EmailAddress = signInResult.Value?.LoginHint
};
if (!ModelState.IsValid)
{
return(View(NewLoginViewModel()));
}
if (!signInResult.IsSuccess)
{
var signInErrors = signInResult.Errors;
if (signInErrors.Contains(LoginUserErrors.UserNameOrPasswordIncorrect()))
{
ModelState.Remove(nameof(LoginViewModel.Password));
ModelState.AddModelError(nameof(LoginViewModel.EmailAddress), SignInErrorMessage);
ModelState.AddModelError(nameof(LoginViewModel.Password), SignInErrorMessage);
}
if (!signInErrors.Contains(LoginUserErrors.UserIsDisabled()))
{
return(View(NewLoginViewModel()));
}
var disabledErrorFormat = string.Format(
CultureInfo.CurrentCulture,
UserDisabledErrorMessageTemplate,
disabledErrorMessageSettings.EmailAddress,
disabledErrorMessageSettings.PhoneNumber);
ModelState.AddModelError(nameof(LoginViewModel.DisabledError), disabledErrorFormat);
return(View(NewLoginViewModel()));
}
var returnUrl = returnUri.ToString();
// We can trust viewModel.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (signInResult.Value.IsTrustedReturnUrl)
{
return(Redirect(returnUrl));
}
return(LocalRedirect(returnUrl));
}
public async Task Login_LoginViewModel_FailedSignIn_AddsDisabledValidationError()
{
const string email = "*****@*****.**";
const string phoneNumber = "012345678901";
var disabledSetting = new DisabledErrorMessageSettings()
{
EmailAddress = email,
PhoneNumber = phoneNumber
};
using var controller = AccountControllerBuilder
.Create()
.WithSignInResult(Result.Failure <SignInResponse>(new List <ErrorDetails> { LoginUserErrors.UserIsDisabled() }))
.WithDisabledErrorMessageSetting(disabledSetting)
.Build();
await controller.Login(LoginViewModelBuilder.Create().Build());
var modelState = controller.ModelState;
modelState.IsValid.Should().BeFalse();
modelState.Count.Should().Be(1);
(string key, ModelStateEntry entry) = modelState.First();
key.Should().Be(nameof(LoginViewModel.DisabledError));
entry.Errors.Count.Should().Be(1);
var expected = string.Format(CultureInfo.CurrentCulture, AccountController.UserDisabledErrorMessageTemplate, email,
phoneNumber);
entry.Errors.First().ErrorMessage.Should().Be(expected);
}