public async Task VerifyCodePostRedirectsToReturnUrlWhenTwoFactorSignInAsyncSucceedsAndReturnUrlIsLocalUrl()
{
var model = new VerifyCodeViewModel { ReturnUrl = "returnUrl" };
var signInManager = CreateSignInManagerMock();
signInManager.Setup(x => x.TwoFactorSignInAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>())).ReturnsAsync(SignInResult.Success);
var urlHelper = new Mock<IUrlHelper>();
urlHelper.Setup(x => x.IsLocalUrl(model.ReturnUrl)).Returns(true);
var sut = new AdminController(null, signInManager.Object, null, null, null) { Url = urlHelper.Object };
var result = await sut.VerifyCode(model) as RedirectResult;
Assert.Equal(result.Url, model.ReturnUrl);
}
public async Task<IActionResult> VerifyCode(VerifyCodeViewModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
// The following code protects for brute force attacks against the two factor codes.
// If a user enters incorrect codes for a specified amount of time then the user account
// will be locked out for a specified amount of time.
var result = await _signInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser);
if (result.Succeeded)
{
return RedirectToLocal(model.ReturnUrl);
}
if (result.IsLockedOut)
{
return View("Lockout");
}
else
{
ModelState.AddModelError("", "Invalid code.");
return View(model);
}
}
public async Task VerifyCodePostInvokesTwoFactorSignInAsyncWithCorrectParameters()
{
var model = new VerifyCodeViewModel
{
Provider = "provider",
Code = "code",
RememberBrowser = true,
RememberMe = true
};
var signInManager = CreateSignInManagerMock();
signInManager.Setup(x => x.TwoFactorSignInAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>())).ReturnsAsync(new SignInResult());
var sut = new AdminController(null, signInManager.Object, null, null, null);
await sut.VerifyCode(model);
signInManager.Verify(x => x.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser));
}