public void ValidateUser__must_lock_out_users_after_max_attempts_of_wrong_password()
{
// Arrange
IMemberType memberType = MockedContentTypes.CreateSimpleMemberType();
ServiceContext.MemberTypeService.Save(memberType);
var member = MockedMember.CreateSimpleMember(memberType, "test", "*****@*****.**", "password", "test");
ServiceContext.MemberService.Save(member);
var wrongPassword = "******";
var numberOfFailedAttempts = MembersMembershipProvider.MaxInvalidPasswordAttempts + 2;
// Act
var memberBefore = ServiceContext.MemberService.GetById(member.Id);
for (int i = 0; i < numberOfFailedAttempts; i++)
{
MembersMembershipProvider.ValidateUser(member.Username, wrongPassword);
}
var memberAfter = ServiceContext.MemberService.GetById(member.Id);
// Assert
Assert.Multiple(() =>
{
Assert.AreEqual(0, memberBefore.FailedPasswordAttempts, "Expected 0 failed password attempts before");
Assert.IsFalse(memberBefore.IsLockedOut, "Expected the member NOT to be locked out before");
Assert.AreEqual(MembersMembershipProvider.MaxInvalidPasswordAttempts, memberAfter.FailedPasswordAttempts, "Expected exactly the max possible failed password attempts after");
Assert.IsTrue(memberAfter.IsLockedOut, "Expected the member to be locked out after");
});
}
