Exemple #1
0
        public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = "")
        {
            ViewData["ReturnUrl"] = returnUrl;
            if (ModelState.IsValid)
            {
                // Require the user to have a confirmed email before they can log on.
                var userConfirmed = await _userManager.FindByNameAsync(model.Email);
                if (userConfirmed != null)
                {
                    if (!await _userManager.IsEmailConfirmedAsync(userConfirmed))
                    {
                        ViewData["Message"] = "You must have a confirmed email to log on.";
                        return View("Error");
                    }
                }

                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
                if (result.Succeeded)
                {
                    var user = await _userManager.FindByNameAsync(model.Email);
                    var claims = await _userManager.GetClaimsAsync(user);
                    if (claims.Count > 0)
                    {
                        var claimValue = claims.FirstOrDefault(c => c.Type.Equals(Security.ClaimTypes.UserType)).Value;

                        if (claimValue.Equals("TenantAdmin"))
                        {
                            return base.RedirectToAction(nameof(Areas.Admin.Controllers.TenantController.Index), "Tenant", new { area = "Admin" });
                        }
                        else if (claimValue.Equals("SiteAdmin"))
                        {
                            return RedirectToAction(nameof(SiteController.Index), "Site", new { area = "Admin" });
                        }
                    }

                }
                if (result.RequiresTwoFactor)
                {
                    return RedirectToAction(nameof(SendCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
                }
                if (result.IsLockedOut)
                {
                    return View("Lockout");
                }
                else
                {
                    ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                    return View(model);
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }
        public void LoginRedirectLocalUrlTests()
        {
            var controller = AccountController();
            var loginViewModel = new LoginViewModel { Email = "", Password = "", RememberMe = false };

            const string testLocalUrl = "/foo/bar";
            var result = controller.Login(loginViewModel, testLocalUrl).Result;
            Assert.IsType<RedirectResult>(result);
            var redirectToLocalUrl = (RedirectResult)result;
            Assert.Equal(testLocalUrl, redirectToLocalUrl.Url);
        }
        public async void LoginPostRedirectsToLocalWithCorrectParameters()
        {
            var loginViewModel = new LoginViewModel { Email = "", Password = "", RememberMe = false };
            const string testLocalUrl = "/foo/bar";

            var controller = AccountController();
            var result = await controller.Login(loginViewModel, testLocalUrl);

            Assert.IsType<RedirectResult>(result);
            var redirectToLocalUrl = (RedirectResult)result;
            Assert.Equal(testLocalUrl, redirectToLocalUrl.Url);
        }
        public void LoginRedirectRemoteUrlTests()
        {
            var controller = AccountController();
            var loginViewModel = new LoginViewModel {Email = "", Password = "", RememberMe = false};

            const string testRemoteUrl = "http://foo.com/t";
            var result = controller.Login(loginViewModel, testRemoteUrl).Result;
            Assert.IsType<RedirectToActionResult>(result);
            var redirectToAction = (RedirectToActionResult)result;
            Assert.Equal("Home", redirectToAction.ControllerName);
            Assert.Equal(nameof(HomeController.Index), redirectToAction.ActionName);
        }
        public void LoginTestInvalidModel()
        {
            var controller = AccountController();
            controller.ModelState.AddModelError("foo", "bar");
            const string testUrl = "return url";
            var loginViewModel = new LoginViewModel();

            var result = controller.Login(loginViewModel, testUrl).Result;
            Assert.IsType<ViewResult>(result);
            var resultViewModel = ((ViewResult) result).ViewData.Model;
            Assert.IsType<LoginViewModel>(resultViewModel);
            Assert.Equal(resultViewModel, loginViewModel);
        }
        public async Task LoginPostReturnsSameViewAndViewModelWhenModelStatIsInvalid()
        {
            const string testUrl = "return url";
            var loginViewModel = new LoginViewModel();

            var sut = AccountController();
            sut.ModelState.AddModelError("foo", "bar");

            var result = await sut.Login(loginViewModel, testUrl);
            Assert.IsType<ViewResult>(result);

            var resultViewModel = ((ViewResult) result).ViewData.Model;
            Assert.IsType<LoginViewModel>(resultViewModel);
            Assert.Equal(resultViewModel, loginViewModel);
        }
        public void LoginFailureTests()
        {
            var controller = AccountController(SignInResult.Failed);
            var loginViewModel = new LoginViewModel { Email = "", Password = "", RememberMe = false };

            const string testLocalUrl = "/foo/bar";
            var result = controller.Login(loginViewModel, testLocalUrl).Result;

            Assert.IsType<ViewResult>(result);
            var resultViewModel = ((ViewResult)result).ViewData.Model;
            Assert.IsType<LoginViewModel>(resultViewModel);
            Assert.Equal(resultViewModel, loginViewModel);
            Assert.True(controller.ModelState[string.Empty].Errors
                .Select(x => x.ErrorMessage)
                .Contains("Invalid login attempt."));
        }
        public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
        {
            ViewData["ReturnUrl"] = returnUrl;

            if (ModelState.IsValid)
            {
                // Require admin users to have a confirmed email before they can log on.
                var user = await _mediator.SendAsync(new ApplicationUserQuery { UserName = model.Email });
                if (user != null)
                {
                    var isAdminUser = user.IsUserType(UserType.OrgAdmin) || user.IsUserType(UserType.SiteAdmin);
                    if (isAdminUser && !await _userManager.IsEmailConfirmedAsync(user))
                    {
                        //TODO: Showing the error page here makes for a bad experience for the user.
                        //      It would be better if we redirected to a specific page prompting the user to check their email for a confirmation email and providing an option to resend the confirmation email.
                        ViewData["Message"] = "You must have a confirmed email to log on.";
                        return View("Error");
                    }
                }

                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
                if (result.Succeeded)
                {
                    return RedirectToLocal(returnUrl, user);
                }

                if (result.RequiresTwoFactor)
                {
                    return RedirectToAction(nameof(AdminController.SendCode), "Admin", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
                }

                if (result.IsLockedOut)
                {
                    return View("Lockout");
                }

                ModelState.AddModelError(string.Empty, "Invalid login attempt.");

                return View(model);
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }
        public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
        {
            ViewData["ReturnUrl"] = returnUrl;
            if (ModelState.IsValid)
            {
                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
                if (result.Succeeded)
                {
                    return RedirectToLocal(returnUrl);
                }
                else
                {
                    ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                    return View(model);
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }