diff --git a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/LINGYUN/Abp/IdentityServer/SmsValidator/SmsTokenGrantValidator.cs b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/LINGYUN/Abp/IdentityServer/SmsValidator/SmsTokenGrantValidator.cs index a5f265628..ce9fdc292 100644 --- a/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/LINGYUN/Abp/IdentityServer/SmsValidator/SmsTokenGrantValidator.cs +++ b/aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/LINGYUN/Abp/IdentityServer/SmsValidator/SmsTokenGrantValidator.cs @@ -5,6 +5,7 @@ using IdentityServer4.Services; using IdentityServer4.Validation; using LINGYUN.Abp.Identity; using Microsoft.AspNetCore.Identity; +using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Localization; using Microsoft.Extensions.Logging; using System; @@ -23,23 +24,23 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator protected IEventService EventService { get; } protected IIdentityUserRepository UserRepository { get; } protected UserManager UserManager { get; } - protected SignInManager SignInManager { get; } - protected IStringLocalizer Localizer { get; } + protected IStringLocalizer IdentityLocalizer { get; } + protected IStringLocalizer IdentityServerLocalizer { get; } public SmsTokenGrantValidator( IEventService eventService, UserManager userManager, - SignInManager signInManager, IIdentityUserRepository userRepository, - IStringLocalizer stringLocalizer, + IStringLocalizer identityLocalizer, + IStringLocalizer identityServerLocalizer, ILogger logger) { Logger = logger; EventService = eventService; UserManager = userManager; - SignInManager = signInManager; - Localizer = stringLocalizer; UserRepository = userRepository; + IdentityLocalizer = identityLocalizer; + IdentityServerLocalizer = identityServerLocalizer; } public string GrantType => SmsValidatorConsts.SmsValidatorGrantTypeName; @@ -50,26 +51,30 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator var credential = raw.Get(OidcConstants.TokenRequest.GrantType); if (credential == null || !credential.Equals(GrantType)) { - Logger.LogWarning("Invalid grant type: not allowed"); - context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, - Localizer["InvalidGrant:GrantTypeInvalid"]); + Logger.LogInformation("Invalid grant type: not allowed"); + context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:GrantTypeInvalid"]); return; } var phoneNumber = raw.Get(SmsValidatorConsts.SmsValidatorParamName); var phoneToken = raw.Get(SmsValidatorConsts.SmsValidatorTokenName); if (phoneNumber.IsNullOrWhiteSpace() || phoneToken.IsNullOrWhiteSpace()) { - Logger.LogWarning("Invalid grant type: phone number or token code not found"); - context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, - Localizer["InvalidGrant:PhoneOrTokenCodeNotFound"]); + Logger.LogInformation("Invalid grant type: phone number or token code not found"); + context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneOrTokenCodeNotFound"]); return; } var currentUser = await UserRepository.FindByPhoneNumberAsync(phoneNumber); if(currentUser == null) { - Logger.LogWarning("Invalid grant type: phone number not register"); - context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, - Localizer["InvalidGrant:PhoneNumberNotRegister"]); + Logger.LogInformation("Invalid grant type: phone number not register"); + context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneNumberNotRegister"]); + return; + } + + if (await UserManager.IsLockedOutAsync(currentUser)) + { + Logger.LogInformation("Authentication failed for username: {username}, reason: locked out", currentUser.UserName); + context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityLocalizer["Volo.Abp.Identity:UserLockedOut"]); return; } @@ -77,9 +82,20 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator if (!validResult) { Logger.LogWarning("Authentication failed for token: {0}, reason: invalid token", phoneToken); - context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, - Localizer["InvalidGrant:PhoneVerifyInvalid"]); - await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, $"invalid phone verify code {phoneToken}", false)); + // 防尝试破解密码 + var identityResult = await UserManager.AccessFailedAsync(currentUser); + if (identityResult.Succeeded) + { + context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneVerifyInvalid"]); + await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, $"invalid phone verify code {phoneToken}", false)); + } + else + { + Logger.LogInformation("Authentication failed for username: {username}, reason: access failed", currentUser.UserName); + var userAccessFailedError = identityResult.LocalizeErrors(IdentityLocalizer); + context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, userAccessFailedError); + await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, userAccessFailedError, false)); + } return; }