public async Task AccountLoginPostValidDataExistingUserLoginRequireTFA()
{
this.signInManangerMock.Setup(
mock => mock.PasswordSignInAsyncWrap(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>()))
.Returns(Task.FromResult(SignInStatus.RequiresVerification));
this.accountController.SignInManager = this.signInManangerMock.Object;
var loginModel = new LoginViewModel { Email = "tester", Password = "******" };
var result = await this.accountController.Login(loginModel);
this.accountController.WebMessages.Messages.Count.Should().Be(0);
result.Should().BeRedirectToRouteResult().WithAction("sendcodechoice").WithController("account");
}
public async Task AccountLoginPostValidDataExistingStrongUserRefused()
{
this.webUser.IsStronglyAuthenticated = true;
var loginModel = new LoginViewModel { Email = "tester", Password = "******" };
var result = await this.accountController.Login(loginModel);
var messages = this.accountController.WebMessages.Messages; // Only one read of propoerty is available (by design)
messages.Count.Should().Be(1);
messages[0].WebMessageType.Should().Be(WebMessageType.Informative);
messages[0].MessageTitle.Should().Be("Testable message");
result.Should().BeRedirectToRouteResult().WithAction("login").WithController("account");
}
public async Task AccountLoginPostValidDataExistingUserLoginLockout()
{
this.signInManangerMock.Setup(
mock => mock.PasswordSignInAsyncWrap(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>()))
.Returns(Task.FromResult(SignInStatus.LockedOut));
this.accountController.SignInManager = this.signInManangerMock.Object;
var loginModel = new LoginViewModel { Email = "tester", Password = "******" };
var result = await this.accountController.Login(loginModel);
this.accountController.WebMessages.Messages.Count.Should().Be(0);
result.Should().BeViewResult().WithViewName("~/Features/Account/Lockout.cshtml");
}
public async Task AccountLoginPostValidDataExistingUserLogin()
{
var loginModel = new LoginViewModel { Email = "tester", Password = "******" };
var result = await this.accountController.Login(loginModel);
this.accountController.WebMessages.Messages.Count.Should().Be(0);
result.Should().BeRedirectToRouteResult().WithAction("index").WithController("dashboard");
}
public async Task AccountLoginPostValidDataExistingUserWrongPasswordFails()
{
this.signInManangerMock.Setup(
mock => mock.PasswordSignInAsyncWrap(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>(), It.IsAny<bool>()))
.Returns(Task.FromResult(SignInStatus.Failure));
this.userManagerMock.Setup(mock => mock.FindByNameAsyncWrap(It.IsAny<string>())).Returns(Task.FromResult<WebUser>(this.webUser));
this.accountController.SignInManager = this.signInManangerMock.Object;
this.accountController.UserManager = this.userManagerMock.Object;
var loginModel = new LoginViewModel { Email = "tester", Password = "******" };
var result = await this.accountController.Login(loginModel);
var messages = this.accountController.WebMessages.Messages; // Only one read of propoerty is available (by design)
messages.Count.Should().Be(1);
messages[0].WebMessageType.Should().Be(WebMessageType.Error);
messages[0].MessageTitle.Should().Be("Testable message");
result.Should().BeViewResult().WithViewName("LoginForm").ModelAs<LoginViewModel>();
}
public async Task AccountLoginPostInvalidDataReturnsToLoginView()
{
var loginModel = new LoginViewModel { Email = string.Empty, Password = string.Empty };
this.accountController.ModelState.AddModelError("Email", "email must have value");
ActionResult result = await this.accountController.Login(loginModel);
result.Should().BeViewResult();
ViewDataDictionary viewData = ((ViewResult)result).ViewData;
viewData.ModelState.IsValid.Should().BeFalse();
viewData.ModelState.Values.Count.Should().Be(1);
}
public virtual async Task<ActionResult> Login(LoginViewModel model)
{
if (model == null)
{
return this.View(MVC.Account.Views.LoginForm, new LoginViewModel());
}
if (!this.ModelState.IsValid)
{
return this.View(MVC.Account.Views.LoginForm, model);
}
var user = await this.UserManager.FindByNameAsyncWrap(model.Email);
if (user != null)
{
// Upgraded users should not use weak authentication anymore
if (user.IsStronglyAuthenticated)
{
this.WebMessages.AddInfoMessage(this.T("SignIn"), this.T("This user has upgraded account to strong authentication. Please use Login through BankID, ID card or Mobile certificate option."));
return this.RedirectToAction(MVC.Account.Login());
}
// Require the user to have a confirmed email before they can log on.
if (!await this.UserManager.IsEmailConfirmedAsyncWrap(user.Id))
{
return this.View(MVC.Account.Views.ViewNames.EmailNotConfirmed, model: model.Email);
}
}
SignInStatus result = await this.SignInManager.PasswordSignInAsyncWrap(model.Email, model.Password, model.RememberMe, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
WebUser userData = await this.UserManager.FindByEmailAsyncWrap(model.Email);
if (string.IsNullOrEmpty(userData.FirstName) || string.IsNullOrEmpty(userData.LastName) || userData.BirthDate == null)
{
return this.RedirectToAction(MVC.Account.ActionNames.UserProfileFullEdit, MVC.Account.Name);
}
if (!string.IsNullOrEmpty(model.ReturnUrl) && Url.IsLocalUrl(model.ReturnUrl))
{
return this.Redirect(model.ReturnUrl);
}
return this.RedirectToAction(MVC.Dashboard.ActionNames.Index, MVC.Dashboard.Name);
case SignInStatus.LockedOut:
return this.View(MVC.Account.Views.Lockout);
case SignInStatus.RequiresVerification:
return this.RedirectToAction(MVC.Account.SendCodeChoice(model.ReturnUrl));
case SignInStatus.Failure:
default:
// TODO: Ensure these strigs are added to translations
string title = this.T("Authentication error");
this.WebMessages.AddErrorMessage(this.T("Authentication error"), this.T("Invalid email or password."));
return this.View(MVC.Account.Views.ViewNames.LoginForm, model);
}
}