tsai
/
abp-next-admin
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #617 from colinin/fix-check-external-user-before-changing-password 

fix: check external login user before changing the password
pull/645/head
yx lin 4 years ago
committed by GitHub
parent
6a59d2c77a f1b0bce6b6
commit
a5e58f733d
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs
  2. 16
      aspnet-core/modules/identity/LINGYUN.Abp.Identity.Application/LINGYUN/Abp/Identity/IdentityUserAppService.cs

15
aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs
View File

@ -205,11 +205,17 @@ namespace LINGYUN.Abp.Account
* , UserManager.GeneratePasswordResetTokenAsync Token * , UserManager.GeneratePasswordResetTokenAsync Token
*/ */
// 传递 isConfirmed 用户必须是已确认过手机号的
var user = await GetUserByPhoneNumberAsync(input.PhoneNumber, isConfirmed: true);
// 外部认证用户不允许修改密码
if (user.IsExternal)
{
throw new BusinessException(code: Volo.Abp.Identity.IdentityErrorCodes.ExternalUserPasswordChange);
}
var securityTokenCacheKey = SmsSecurityTokenCacheItem.CalculateCacheKey(input.PhoneNumber, "SmsVerifyCode"); var securityTokenCacheKey = SmsSecurityTokenCacheItem.CalculateCacheKey(input.PhoneNumber, "SmsVerifyCode");
var securityTokenCacheItem = await SecurityTokenCache.GetAsync(securityTokenCacheKey); var securityTokenCacheItem = await SecurityTokenCache.GetAsync(securityTokenCacheKey);
var interval = await SettingProvider.GetAsync(IdentitySettingNames.User.SmsRepetInterval, 1); var interval = await SettingProvider.GetAsync(IdentitySettingNames.User.SmsRepetInterval, 1);
// 传递 isConfirmed 用户必须是已确认过手机号的
var user = await GetUserByPhoneNumberAsync(input.PhoneNumber, isConfirmed: true);
// 能查询到缓存就是重复发送 // 能查询到缓存就是重复发送
if (securityTokenCacheItem != null) if (securityTokenCacheItem != null)
{ {
@ -242,6 +248,11 @@ namespace LINGYUN.Abp.Account
await IdentityOptions.SetAsync(); await IdentityOptions.SetAsync();
// 传递 isConfirmed 用户必须是已确认过手机号的 // 传递 isConfirmed 用户必须是已确认过手机号的
var user = await GetUserByPhoneNumberAsync(input.PhoneNumber, isConfirmed: true); var user = await GetUserByPhoneNumberAsync(input.PhoneNumber, isConfirmed: true);
// 外部认证用户不允许修改密码
if (user.IsExternal)
{
throw new BusinessException(code: Volo.Abp.Identity.IdentityErrorCodes.ExternalUserPasswordChange);
}
// 验证二次认证码 // 验证二次认证码
if (!await UserManager.VerifyTwoFactorTokenAsync(user, TokenOptions.DefaultPhoneProvider, input.Code)) if (!await UserManager.VerifyTwoFactorTokenAsync(user, TokenOptions.DefaultPhoneProvider, input.Code))
{ {

16
aspnet-core/modules/identity/LINGYUN.Abp.Identity.Application/LINGYUN/Abp/Identity/IdentityUserAppService.cs
View File

@ -111,9 +111,21 @@ namespace LINGYUN.Abp.Identity
{ {
var user = await GetUserAsync(id); var user = await GetUserAsync(id);
var token = await UserManager.GeneratePasswordResetTokenAsync(user); if (user.IsExternal)
{
throw new BusinessException(code: Volo.Abp.Identity.IdentityErrorCodes.ExternalUserPasswordChange);
}
(await UserManager.ResetPasswordAsync(user, token, input.Password)).CheckErrors(); if (user.PasswordHash == null)
{
(await UserManager.AddPasswordAsync(user, input.Password)).CheckErrors();
}
else
{
var token = await UserManager.GeneratePasswordResetTokenAsync(user);
(await UserManager.ResetPasswordAsync(user, token, input.Password)).CheckErrors();
}
await CurrentUnitOfWork.SaveChangesAsync(); await CurrentUnitOfWork.SaveChangesAsync();
} }

Write Preview
Loading…
Cancel
Save