public ActionResult Create(LoginInput login, string returnUrl)
        {
            if (ModelState.IsValid)
              {
            if (_authService.Login(UserContext.Organization, login.Email, login.Password, login.RememberMe))
            {
              _logger.Info("Authenticated {0} in {1}", login.Email, UserContext.Organization.Name);
              return Redirect(returnUrl ?? "/");
            }

            ModelState.AddModelError("Password", "incorrect email address or password");
              }

              return View("Create");
        }
        public void CannotLoginWithInvalidCredentials()
        {
            var authService = new Mock<IAuthenticationService>();
              var logger = new Mock<ILogger>();
              authService.Setup(s => s.Login(It.IsAny<Organization>(),
            "*****@*****.**", "badpw", false)).Returns(false);

              var viewModel = new LoginInput
              {
            Email = "*****@*****.**",
            Password = "******",
            RememberMe = false
              };

              var controller = new SessionsController(authService.Object, logger.Object);

              var result = controller.Create(viewModel, "/admin");

              Assert.IsInstanceOfType(result, typeof(ViewResult));
              Assert.IsFalse(((ViewResult)result).ViewData.ModelState.IsValid);
        }
        public void CanLoginWithValidCredentials()
        {
            var authService = new Mock<IAuthenticationService>();
              var userService = new Mock<IUserService>();
              var logger = new Mock<ILogger>();

              var viewModel = new LoginInput
              {
            Email = "*****@*****.**",
            Password = "******",
            RememberMe = false
              };

              var controller = new SessionsController(authService.Object, logger.Object);
              authService.Setup(s => s.Login(It.IsAny<Organization>(),
            "*****@*****.**", "secret", false)).Returns(true);
              userService.Setup(s => s.IsValidLogin(It.IsAny<Organization>(),
            "*****@*****.**", "secret")).Returns(new User());

              var result = controller.Create(viewModel, "/admin");

              Assert.IsInstanceOfType(result, typeof(RedirectResult));
              Assert.AreEqual("/admin", ((RedirectResult)result).Url);
        }