public IAuthentication AuthenticateUser(string emailAddress, string password, HttpResponseBase response, bool addCookie)
{
var authResponse = new Authentication();
var user = _customerRepository.FetchUserByEmailAddress(emailAddress);
// ** TO DO. SANITISE USER INPUT
if (user == null)
{
authResponse.Authenticated = false;
authResponse.ErrorText = _siteConfiguration.SecureMode ? UsernameOrPasswordIncorrectError : NoUserExistsError;
return(authResponse);
}
// Converting user db to user prinicpal
authResponse.UserPrincipal = Mapper.Map <UserPrincipal>(user);
authResponse.Authenticated = _passwordManager.PasswordMatchesHash(password, user.PasswordHash, user.PasswordSalt);
if (authResponse.Authenticated)
{
if (addCookie)
{
// Serialising the UserPrincipal object rather than user as user contains extra information relating to passwords
var userData = new JavaScriptSerializer().Serialize(authResponse.UserPrincipal);
var ticket = new FormsAuthenticationTicket(1,
authResponse.UserPrincipal.EmailAddress,
DateTime.Now,
DateTime.Now.AddDays(30),
true,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
var encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}
}
else
{
authResponse.ErrorText = _siteConfiguration.SecureMode ? UsernameOrPasswordIncorrectError : UserPasswordIncorrectError;
}
return(authResponse);
}
public void then_true_should_be_returned_if_the_passwords_match()
{
var result = _passwordManager.PasswordMatchesHash("password", "HyeF+GbkROa/eaUyYgVqCm8zMdNn/AEIzOnd+luTsgQ=", "i2U3DxA=");
result.Should().BeTrue();
}