public async Task VerifyCodePostRedirectsToReturnUrlWhenTwoFactorSignInAsyncSucceedsAndReturnUrlIsLocalUrl() { var model = new VerifyCodeViewModel { ReturnUrl = "returnUrl" }; var signInManager = CreateSignInManagerMock(); signInManager.Setup(x => x.TwoFactorSignInAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>())).ReturnsAsync(SignInResult.Success); var urlHelper = new Mock<IUrlHelper>(); urlHelper.Setup(x => x.IsLocalUrl(model.ReturnUrl)).Returns(true); var sut = new AdminController(null, signInManager.Object, null, null, null) { Url = urlHelper.Object }; var result = await sut.VerifyCode(model) as RedirectResult; Assert.Equal(result.Url, model.ReturnUrl); }
public async Task<IActionResult> VerifyCode(VerifyCodeViewModel model) { if (!ModelState.IsValid) { return View(model); } // The following code protects for brute force attacks against the two factor codes. // If a user enters incorrect codes for a specified amount of time then the user account // will be locked out for a specified amount of time. var result = await _signInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser); if (result.Succeeded) { return RedirectToLocal(model.ReturnUrl); } if (result.IsLockedOut) { return View("Lockout"); } else { ModelState.AddModelError("", "Invalid code."); return View(model); } }
public async Task VerifyCodePostInvokesTwoFactorSignInAsyncWithCorrectParameters() { var model = new VerifyCodeViewModel { Provider = "provider", Code = "code", RememberBrowser = true, RememberMe = true }; var signInManager = CreateSignInManagerMock(); signInManager.Setup(x => x.TwoFactorSignInAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>())).ReturnsAsync(new SignInResult()); var sut = new AdminController(null, signInManager.Object, null, null, null); await sut.VerifyCode(model); signInManager.Verify(x => x.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser)); }