public ActionResult Login(LoginForm form)
{
using (var session = Store.OpenSession())
{
var user = session.Query<User>().Where(x => x.Username == form.Username).FirstOrDefault();
if (user != null && user.Password.IsValid(form.Password))
{
FormsAuthentication.SetAuthCookie(form.Username, false);
return Redirect("/app");
}
}
return Redirect("/");
}
protected override void Test()
{
Application.Execute((browser, context) =>
{
const string Username = "******";
const string Password = "******";
// Save user to database.
context.User(Username, Password);
var form = new LoginForm
{
Username = Username,
Password = Password
};
var view = new PartialViewContext("_LoginForm").SetAnonymousPrincipal();
var response = browser.Render(view, form).Submit();
response.ShouldHaveTemporarilyRedirectTo("/app");
response.ShouldHaveCookie(FormsAuthentication.FormsCookieName);
});
}
protected override void Test()
{
Application.Execute((browser, context) =>
{
const string Username = "******";
const string Password = "******";
// Save user to database.
context.User(Username, Password);
var form = new LoginForm
{
Username = Username,
Password = Password
};
var view = new PartialViewContext("_LoginForm");
view.SetFormsAuthPrincipal("invalid"); // simulate invalid anti-forgery request token.
// Obviously the MVC application should handle this more gracefully, this is just an example.
var exception = Assert.Throws<CrowbarException>(() => browser.Render(view, form).Submit());
Assert.That(exception.InnerException, Is.TypeOf<HttpAntiForgeryException>());
});
}
protected override void Test()
{
Application.Execute((browser, context) =>
{
var form = new LoginForm
{
Username = "******",
Password = "******"
};
var response = browser.Render("_LoginForm", form).Submit();
response.ShouldHaveTemporarilyRedirectTo("/");
});
}
