public ActionResult Login(LoginForm form) { using (var session = Store.OpenSession()) { var user = session.Query<User>().Where(x => x.Username == form.Username).FirstOrDefault(); if (user != null && user.Password.IsValid(form.Password)) { FormsAuthentication.SetAuthCookie(form.Username, false); return Redirect("/app"); } } return Redirect("/"); }
protected override void Test() { Application.Execute((browser, context) => { const string Username = "******"; const string Password = "******"; // Save user to database. context.User(Username, Password); var form = new LoginForm { Username = Username, Password = Password }; var view = new PartialViewContext("_LoginForm").SetAnonymousPrincipal(); var response = browser.Render(view, form).Submit(); response.ShouldHaveTemporarilyRedirectTo("/app"); response.ShouldHaveCookie(FormsAuthentication.FormsCookieName); }); }
protected override void Test() { Application.Execute((browser, context) => { const string Username = "******"; const string Password = "******"; // Save user to database. context.User(Username, Password); var form = new LoginForm { Username = Username, Password = Password }; var view = new PartialViewContext("_LoginForm"); view.SetFormsAuthPrincipal("invalid"); // simulate invalid anti-forgery request token. // Obviously the MVC application should handle this more gracefully, this is just an example. var exception = Assert.Throws<CrowbarException>(() => browser.Render(view, form).Submit()); Assert.That(exception.InnerException, Is.TypeOf<HttpAntiForgeryException>()); }); }
protected override void Test() { Application.Execute((browser, context) => { var form = new LoginForm { Username = "******", Password = "******" }; var response = browser.Render("_LoginForm", form).Submit(); response.ShouldHaveTemporarilyRedirectTo("/"); }); }