From 8001ba8401ce3f9978aebc8495c60ea987ff82cb Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 4 Jun 2014 13:08:06 -0700 Subject: [PATCH] Fix sign in regression Added missing SupportUserTwoFactor guard in SignInManager --- .../SignInManager.cs | 2 +- .../HttpSignInTest.cs | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/Microsoft.AspNet.Identity/SignInManager.cs b/src/Microsoft.AspNet.Identity/SignInManager.cs index de859b0382..d6895d2d0a 100644 --- a/src/Microsoft.AspNet.Identity/SignInManager.cs +++ b/src/Microsoft.AspNet.Identity/SignInManager.cs @@ -159,7 +159,7 @@ namespace Microsoft.AspNet.Identity private async Task SignInOrTwoFactor(TUser user, bool isPersistent) { - if (await UserManager.GetTwoFactorEnabledAsync(user)) + if (UserManager.SupportsUserTwoFactor && await UserManager.GetTwoFactorEnabledAsync(user)) { var userId = await UserManager.GetUserIdAsync(user); if (!await AuthenticationManager.IsClientRememeberedAsync(userId)) diff --git a/test/Microsoft.AspNet.Identity.Security.Test/HttpSignInTest.cs b/test/Microsoft.AspNet.Identity.Security.Test/HttpSignInTest.cs index ef1de9ff39..308e4f6388 100644 --- a/test/Microsoft.AspNet.Identity.Security.Test/HttpSignInTest.cs +++ b/test/Microsoft.AspNet.Identity.Security.Test/HttpSignInTest.cs @@ -207,6 +207,35 @@ namespace Microsoft.AspNet.Identity.Security.Test contextAccessor.VerifyAll(); } + [Fact] + public async Task PasswordSignInWorksWithNonTwoFactorStore() + { + // Setup + var user = new TestUser { UserName = "Foo" }; + var manager = MockHelpers.MockUserManager(); + manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); + manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable(); + manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable(); + manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable(); + var context = new Mock(); + var response = new Mock(); + response.Setup(r => r.SignIn(It.IsAny(), It.IsAny())).Verifiable(); + context.Setup(c => c.Response).Returns(response.Object).Verifiable(); + var contextAccessor = new Mock>(); + contextAccessor.Setup(a => a.Value).Returns(context.Object); + var helper = new SignInManager(manager.Object, new HttpAuthenticationManager(contextAccessor.Object)); + + // Act + var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); + + // Assert + Assert.Equal(SignInStatus.Success, result); + manager.VerifyAll(); + context.VerifyAll(); + response.VerifyAll(); + contextAccessor.VerifyAll(); + } + [Fact] public async Task PasswordSignInRequiresVerification() { @@ -214,6 +243,7 @@ namespace Microsoft.AspNet.Identity.Security.Test var user = new TestUser { UserName = "Foo" }; var manager = MockHelpers.MockUserManager(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); + manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.GetTwoFactorEnabledAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable(); @@ -309,6 +339,7 @@ namespace Microsoft.AspNet.Identity.Security.Test var manager = MockHelpers.MockUserManager(); manager.Setup(m => m.GetTwoFactorEnabledAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); + manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable(); manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable();