public void LogOn_Post_ReturnsViewIfValidateUserFails()
{
// Arrange
AccountController controller = GetAccountController();
LogOnModel model = new LogOnModel()
{
//UserName = "******",
Password = "******",
//RememberMe = false
};
// Act
ActionResult result = controller.LogOn(model, null);
// Assert
Assert.IsInstanceOfType(result, typeof(ViewResult));
ViewResult viewResult = (ViewResult)result;
Assert.AreEqual(model, viewResult.ViewData.Model);
Assert.AreEqual("The user name or password provided is incorrect.", controller.ModelState[""].Errors[0].ErrorMessage);
}
public void LogOn_Post_ReturnsViewIfModelStateIsInvalid()
{
// Arrange
AccountController controller = GetAccountController();
LogOnModel model = new LogOnModel()
{
//UserName = "******",
Password = "******",
//RememberMe = false
};
controller.ModelState.AddModelError("", "Dummy error message.");
// Act
ActionResult result = controller.LogOn(model, null);
// Assert
Assert.IsInstanceOfType(result, typeof(ViewResult));
ViewResult viewResult = (ViewResult)result;
Assert.AreEqual(model, viewResult.ViewData.Model);
}
public void LogOn_Post_ReturnsRedirectOnSuccess_WithLocalReturnUrl()
{
// Arrange
AccountController controller = GetAccountController();
LogOnModel model = new LogOnModel()
{
//UserName = "******",
Password = "******",
//RememberMe = false
};
// Act
ActionResult result = controller.LogOn(model, "/someUrl");
// Assert
Assert.IsInstanceOfType(result, typeof(RedirectResult));
RedirectResult redirectResult = (RedirectResult)result;
Assert.AreEqual("/someUrl", redirectResult.Url);
Assert.IsTrue(((MockFormsAuthenticationService)controller.FormsService).SignIn_WasCalled);
}
public void LogOn_Post_ReturnsRedirectToHomeOnSuccess_WithExternalReturnUrl()
{
// Arrange
AccountController controller = GetAccountController();
LogOnModel model = new LogOnModel()
{
//UserName = "******",
Password = "******",
//RememberMe = false
};
// Act
ActionResult result = controller.LogOn(model, "http://malicious.example.net");
// Assert
Assert.IsInstanceOfType(result, typeof(RedirectToRouteResult));
RedirectToRouteResult redirectResult = (RedirectToRouteResult)result;
Assert.AreEqual("Home", redirectResult.RouteValues["controller"]);
Assert.AreEqual("Index", redirectResult.RouteValues["action"]);
Assert.IsTrue(((MockFormsAuthenticationService)controller.FormsService).SignIn_WasCalled);
}
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
//first check to see if this post request is meant for this action, if not, then don't do anything
if (Request.Url.ToString().ToLower().Contains(Url.Action("LogOn", "Account").ToLower()))
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.Email, model.Password))
{
FormsService.SignIn(model.Email, true);
if (Url.IsLocalUrl(returnUrl))
{
return JavaScript("window.location = \"" + returnUrl + "\";");
}
else
{
return JavaScript("window.location.reload();");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
}
else
{
//clear the model state errors for this request since this httppost was meant for another action
//e.g. when we post back on 'forgot password', it will also hit this action because the form is also
//on the page, but we know the request is not meant for this action so just clear the errors manually
//so it doesn't get rendered onto the page
ModelState.Clear();
}
// If we got this far, something failed, redisplay form
return View("_LoginForm", model);
}
