public virtual ActionResult Logon(AccountLogonModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
using (var uow = UnitOfWork.Begin())
{
var user = Repositories.Users.FindByEmail(model.Email);
if (user == null || !user.IsEmailVerified)
{
ModelState.AddModelError("Email", "Invalid email or password.");
return(View(model));
}
bool authenticated = user.AttemptLogon(model.Password);
Repositories.Users.Save(user);
uow.Persist();
if (!authenticated)
{
ModelState.AddModelError("Email", "Invalid email or password.");
return(View(model));
}
// TODO: decouple from FormsAuthentication class so this controller is unit testable
FormsAuthentication.SetAuthCookie(user.Id.ToString(), model.RememberMe);
Session.ClearRegardingUserSpecificData();
Response.Cookies.ClearRegardingUserSpecificData();
TempData.SetAccountMessage(string.Empty);
return(Redirect(HttpContext.GetDefaultReturnUrl()));
}
}
public virtual ActionResult Logout()
{
AccountLogonModel model = new AccountLogonModel();
// TODO: decouple from FormsAuthentication class so this controller is unit testable
FormsAuthentication.SignOut();
Session.ClearRegardingUserSpecificData();
Response.Cookies.ClearRegardingUserSpecificData();
TempData.SetAccountMessage("You have logged out");
return(Redirect(HttpContext.GetDefaultReturnUrl()));
}
