diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs index eece31acc3d..d4e0fb54902 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs @@ -128,21 +128,29 @@ public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext c } else if (result.IsNotAllowed) { - Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName); - - if (user.ShouldChangePasswordOnNextLogin) + if (!await UserManager.CheckPasswordAsync(user, context.Password)) { - await HandleShouldChangePasswordOnNextLoginAsync(context, user, context.Password); - return; + Logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", context.UserName); + errorDescription = Localizer["InvalidUserNameOrPassword"]; } - - if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user)) + else { - await HandlePeriodicallyChangePasswordAsync(context, user, context.Password); - return; - } + Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName); - errorDescription = Localizer["LoginIsNotAllowed"]; + if (user.ShouldChangePasswordOnNextLogin) + { + await HandleShouldChangePasswordOnNextLoginAsync(context, user, context.Password); + return; + } + + if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user)) + { + await HandlePeriodicallyChangePasswordAsync(context, user, context.Password); + return; + } + + errorDescription = Localizer["LoginIsNotAllowed"]; + } } else { diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs index 392e696d08a..33a1a37845d 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs @@ -115,24 +115,32 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext } else if (result.IsNotAllowed) { - Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", request.Username); - - if (user.ShouldChangePasswordOnNextLogin) + if (!await UserManager.CheckPasswordAsync(user, request.Password)) { - return await HandleShouldChangePasswordOnNextLoginAsync(request, user, request.Password); + Logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", request.Username); + errorDescription = "Invalid username or password!"; } - - if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user)) + else { - return await HandlePeriodicallyChangePasswordAsync(request, user, request.Password); - } + Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", request.Username); - if (user.IsActive) - { - return await HandleConfirmUserAsync(request, user); - } + if (user.ShouldChangePasswordOnNextLogin) + { + return await HandleShouldChangePasswordOnNextLoginAsync(request, user, request.Password); + } - errorDescription = "You are not allowed to login! Your account is inactive."; + if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user)) + { + return await HandlePeriodicallyChangePasswordAsync(request, user, request.Password); + } + + if (user.IsActive) + { + return await HandleConfirmUserAsync(request, user); + } + + errorDescription = "You are not allowed to login! Your account is inactive."; + } } else {