public ActionResult Login(LoginForm form)
{
if (form.Username == "admin" && form.Password == "admin")
{
FormsAuthentication.SetAuthCookie("admin", false);
return Redirect("/app");
}
return Redirect("/");
}
protected override void Test()
{
Application.Execute(browser =>
{
const string Username = "******";
var form = new LoginForm
{
Username = Username,
Password = "******"
};
var view = new PartialViewContext("_LoginForm").SetAnonymousPrincipal();
var response = browser.Render(view, form).Submit();
response.ShouldHaveTemporarilyRedirectTo("/app");
response.ShouldHaveCookie(FormsAuthentication.FormsCookieName);
});
}
protected override void Test()
{
Application.Execute(browser =>
{
const string Username = "******";
var form = new LoginForm
{
Username = Username,
Password = "******"
};
var view = new PartialViewContext("_LoginForm");
view.SetFormsAuthPrincipal("invalid"); // simulate invalid anti-forgery request token.
// Obviously the MVC application should handle this more gracefully, this is just an example.
var exception = Assert.Throws<CrowbarException>(() => browser.Render(view, form).Submit());
Assert.That(exception.InnerException, Is.TypeOf<HttpAntiForgeryException>());
});
}
protected override void Test()
{
Application.Execute(browser =>
{
var form = new LoginForm
{
Username = "******",
Password = "******"
};
var response = browser.Render("_LoginForm", form).Submit();
response.ShouldHaveTemporarilyRedirectTo("/");
});
}
