public void CheckLock_NotLocked()
{
//Arrange
var account = _userAccountService.FindByUserName("admin");
//Act
var isLocked = _userAccountService.CheckLock(account);
//Assert
Assert.That(isLocked, Is.False);
}
public ActionResult Login(UserAccountViewModel user, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(user));
}
//Check if registered
if (_userAccountService.IsRegistered(user.UserName))
{
var userAccount = _userAccountService.FindByUserName(user.UserName);
//Check if account is locked
if (!_userAccountService.CheckLock(userAccount))
{
var validCredentials = _userAccountService.ValidateCredentials(user.UserName, user.Password);
//Check if the authentication failed
if (validCredentials == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.InternalServerError, Strings.AuthenticationError));
}
//Check credentials, if correct, redirect to home page
if (validCredentials == true)
{
//Send the user and request info to the service to store login info
var requestInfo = Request.HostAddress() + " - " + Request.UserAgent;
userAccount = _userAccountService.LoginSuccessful(userAccount, requestInfo);
//Create identity for the logged account
var identity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, userAccount.Id.ToString()),
new Claim(ClaimTypes.Name, userAccount.UserName)
}, DefaultAuthenticationTypes.ApplicationCookie);
//Set role depending on account permissions
identity.AddClaim(userAccount.IsAdmin
? new Claim(ClaimTypes.Role, "Admin")
: new Claim(ClaimTypes.Role, "User"));
//Sign in and log the operation
_authenticationManager.SignIn(identity);
_userAccountService.Log(OperationType.Login, userAccount.Id, data: "Addr: " + Request.HostAddress());
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
return(RedirectToAction("Index", "Home"));
}
ModelState.AddModelError(string.Empty, Strings.LoginError);
}
var wasLocked = userAccount.IsLocked;
//Account is locked or incorrect credentials provided,
//register a failed login attempt
userAccount = _userAccountService.LoginFailed(userAccount);
//Log if the account has been locked
if (!wasLocked && userAccount.IsLocked)
{
_userAccountService.Log(OperationType.AccountLocked, userAccount.Id);
}
//If account is not yet locked, exit
if (!userAccount.IsLocked)
{
return(View(user));
}
if (userAccount.UnlockDate == null)
{
//Locked indefinitely
ModelState.AddModelError(string.Empty, Strings.LoginLockedPerm);
}
else
{
//Locked temporarily
var lockMessage = Strings.LoginLocked + userAccount.UnlockDate;
//After initial lock, alert the user of further failed attempts
if (userAccount.FailedLoginAttempts > 3)
{
lockMessage += Strings.LoginLocked2;
}
ModelState.AddModelError(string.Empty, lockMessage);
}
}
else
{
ModelState.AddModelError(string.Empty, Strings.LoginError);
}
return(View(user));
}