Skip to content

Commit

Permalink
Merge pull request #22093 from abpframework/IsNotAllowed
Browse files Browse the repository at this point in the history 
Check user password if sign in result is `IsNotAllowed`.
  • Loading branch information
@sumeyyeKurtulus
sumeyyeKurtulus authored Feb 7, 2025
2 parents 64c96f1 + 212749f commit 5ae3584
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 24 deletions.
30 changes: 19 additions & 11 deletions ...Server.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,21 +128,29 @@ public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext c
}
else if (result.IsNotAllowed)
{
Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName);

if (user.ShouldChangePasswordOnNextLogin)
if (!await UserManager.CheckPasswordAsync(user, context.Password))
{
await HandleShouldChangePasswordOnNextLoginAsync(context, user, context.Password);
return;
Logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", context.UserName);
errorDescription = Localizer["InvalidUserNameOrPassword"];
}

if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user))
else
{
await HandlePeriodicallyChangePasswordAsync(context, user, context.Password);
return;
}
Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName);

errorDescription = Localizer["LoginIsNotAllowed"];
if (user.ShouldChangePasswordOnNextLogin)
{
await HandleShouldChangePasswordOnNextLoginAsync(context, user, context.Password);
return;
}

if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user))
{
await HandlePeriodicallyChangePasswordAsync(context, user, context.Password);
return;
}

errorDescription = Localizer["LoginIsNotAllowed"];
}
}
else
{
Expand Down
34 changes: 21 additions & 13 deletions ...olo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,24 +115,32 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
}
else if (result.IsNotAllowed)
{
Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", request.Username);

if (user.ShouldChangePasswordOnNextLogin)
if (!await UserManager.CheckPasswordAsync(user, request.Password))
{
return await HandleShouldChangePasswordOnNextLoginAsync(request, user, request.Password);
Logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", request.Username);
errorDescription = "Invalid username or password!";
}

if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user))
else
{
return await HandlePeriodicallyChangePasswordAsync(request, user, request.Password);
}
Logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", request.Username);

if (user.IsActive)
{
return await HandleConfirmUserAsync(request, user);
}
if (user.ShouldChangePasswordOnNextLogin)
{
return await HandleShouldChangePasswordOnNextLoginAsync(request, user, request.Password);
}

errorDescription = "You are not allowed to login! Your account is inactive.";
if (await UserManager.ShouldPeriodicallyChangePasswordAsync(user))
{
return await HandlePeriodicallyChangePasswordAsync(request, user, request.Password);
}

if (user.IsActive)
{
return await HandleConfirmUserAsync(request, user);
}

errorDescription = "You are not allowed to login! Your account is inactive.";
}
}
else
{
Expand Down

0 comments on commit 5ae3584

Please sign in to comment.