public virtual ActionResult Logon(AccountLogonModel model) { if (!ModelState.IsValid) { return(View(model)); } using (var uow = UnitOfWork.Begin()) { var user = Repositories.Users.FindByEmail(model.Email); if (user == null || !user.IsEmailVerified) { ModelState.AddModelError("Email", "Invalid email or password."); return(View(model)); } bool authenticated = user.AttemptLogon(model.Password); Repositories.Users.Save(user); uow.Persist(); if (!authenticated) { ModelState.AddModelError("Email", "Invalid email or password."); return(View(model)); } // TODO: decouple from FormsAuthentication class so this controller is unit testable FormsAuthentication.SetAuthCookie(user.Id.ToString(), model.RememberMe); Session.ClearRegardingUserSpecificData(); Response.Cookies.ClearRegardingUserSpecificData(); TempData.SetAccountMessage(string.Empty); return(Redirect(HttpContext.GetDefaultReturnUrl())); } }
public virtual ActionResult Logout() { AccountLogonModel model = new AccountLogonModel(); // TODO: decouple from FormsAuthentication class so this controller is unit testable FormsAuthentication.SignOut(); Session.ClearRegardingUserSpecificData(); Response.Cookies.ClearRegardingUserSpecificData(); TempData.SetAccountMessage("You have logged out"); return(Redirect(HttpContext.GetDefaultReturnUrl())); }