public void AuthenticateUser_Returns_Redirect_If_ModelState_IsInvalid()
{
LogOnModel model = new LogOnModel
{
Email = "goodEmail",
Password = "******",
RememberMe = false
};
controller.ModelState.AddModelError("", "Dummy error message.");
ActionResult result = controller.AuthenticateUser(model, null);
Assert.IsInstanceOf(typeof(RedirectToRouteResult), result);
Assert.IsNotNull(controller.TempData["LogOnModel"]);
}
public void AuthenticateUser_Returns_Redirect_On_Success_With_ReturnUrl()
{
userProfile = EntityHelpers.GetValidUserProfile();
userProfile.Email = "goodEmail";
userProfileRepository.Add(userProfile);
LogOnModel model = new LogOnModel
{
Email = "goodEmail",
Password = "******",
RememberMe = false
};
ActionResult result = controller.AuthenticateUser(model, "/someUrl");
Assert.IsInstanceOf(typeof(RedirectResult), result);
RedirectResult redirectResult = (RedirectResult)result;
Assert.AreEqual("/someUrl", redirectResult.Url);
Assert.IsTrue(((MockFormsAuthenticationService)controller.FormsService).SignIn_WasCalled);
}
private ActionResult ValidateLogon(UserProfile userProfile, LogOnModel model, string url, ref int failedLogins, ref bool mustResetPassword)
{
if (userProfile == null)
{
TempData["UserFeedback"] = "We couldn't find you in our system yet. Fill out the form below to create your profile.";
return RedirectToAction("Register", "Account", new { returnUrl = url });
}
if (!userProfile.IsActivated)
{
return RedirectToAction("AwaitingActivation", "Account", new { returnUrl = url });
}
User user = userProfile.Users.FirstOrDefault();
if (user != null)
{
failedLogins = user.FailedLoginAttempts;
mustResetPassword = user.ForcePasswordChange;
}
if (failedLogins > MembershipService.MaxInvalidPasswordAttempts
&& TempData["LastLogOnAttempt"] != null)
{
var now = DateTime.Now;
var lastAttemptedOn = (DateTime) TempData["LastLogOnAttempt"];
var secondsToSleep = CalculateSleepSeconds(failedLogins, MembershipService.MaxInvalidPasswordAttempts);
var unlockOn = lastAttemptedOn.AddSeconds(secondsToSleep);
if (unlockOn > now)
{
var elapsed = Convert.ToInt32((now - lastAttemptedOn).TotalSeconds);
var remaining = secondsToSleep > elapsed ? secondsToSleep - elapsed : 0;
model.RemainingSeconds = remaining;
model.LastLoginAttempt = lastAttemptedOn;
TempData["UserFeedback"] = string.Format("You still have {0} seconds left before you can try logging in again.", remaining);
return RedirectToAction("LogOn");
}
}
return null;
}
public void AuthenticateUser_Returns_Redirect_If_ValidateUser_Fails()
{
userProfile = EntityHelpers.GetValidUserProfile();
userProfile.Email = "goodEmail";
userProfileRepository.Add(userProfile);
LogOnModel model = new LogOnModel
{
Email = "goodEmail",
Password = "******",
RememberMe = false
};
ActionResult result = controller.AuthenticateUser(model, null);
Assert.IsInstanceOf(typeof(RedirectToRouteResult), result);
Assert.IsNotNull(controller.TempData["LogOnModel"]);
}
public ActionResult AuthenticateUser(LogOnModel model, string returnUrl = "")
{
TempData["LogOnModel"] = model;
if (!ModelState.IsValid)
{
TempData["ModelErrors"] = FindModelErrors();
return RedirectToAction("LogOn", new { returnUrl = returnUrl });
}
int failedLogins = 0;
bool mustResetPassword = false;
UserProfile userProfile;
using (userProfileRepository)
{
userProfile = userProfileRepository.FindUserProfileByEmail(model.Email).FirstOrDefault();
var validationResult = ValidateLogon(userProfile, model, returnUrl, ref failedLogins, ref mustResetPassword);
if (validationResult != null)
{
return validationResult;
}
}
if (MembershipService.ValidateUser(model.Email, model.Password))
{
FormsService.SignIn(model.Email, model.RememberMe);
if (mustResetPassword)
{
TempData["UserFeedback"] = string.Format("Welcome {0}! Please update your password using the form below.", userProfile.FullName);
return RedirectToAction("ChangePassword", new { returnUrl = returnUrl });
}
if (!string.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "UserProfile");
}
failedLogins++;
if (failedLogins > MembershipService.MaxInvalidPasswordAttempts)
{
model.RemainingSeconds = CalculateSleepSeconds(failedLogins, MembershipService.MaxInvalidPasswordAttempts);
model.LastLoginAttempt = DateTime.Now;
}
TempData["ModelErrors"] = new List<string> { "The username or password you provided are incorrect." };
return RedirectToAction("LogOn", new { returnUrl = returnUrl });
}
