tsai
/
abp-next-admin
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Sms login protection retry cracking captchas

pull/140/head
cKey 5 years ago
parent
9928358883
commit
ac8c97fd5b
1 changed files with 34 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 52
      aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/LINGYUN/Abp/IdentityServer/SmsValidator/SmsTokenGrantValidator.cs

52
aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.SmsValidator/LINGYUN/Abp/IdentityServer/SmsValidator/SmsTokenGrantValidator.cs
View File

@ -5,6 +5,7 @@ using IdentityServer4.Services;
using IdentityServer4.Validation; using IdentityServer4.Validation;
using LINGYUN.Abp.Identity; using LINGYUN.Abp.Identity;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Localization; using Microsoft.Extensions.Localization;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using System; using System;
@ -23,23 +24,23 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator
protected IEventService EventService { get; } protected IEventService EventService { get; }
protected IIdentityUserRepository UserRepository { get; } protected IIdentityUserRepository UserRepository { get; }
protected UserManager<IdentityUser> UserManager { get; } protected UserManager<IdentityUser> UserManager { get; }
protected SignInManager<IdentityUser> SignInManager { get; } protected IStringLocalizer<IdentityResource> IdentityLocalizer { get; }
protected IStringLocalizer<AbpIdentityServerResource> Localizer { get; } protected IStringLocalizer<AbpIdentityServerResource> IdentityServerLocalizer { get; }
public SmsTokenGrantValidator( public SmsTokenGrantValidator(
IEventService eventService, IEventService eventService,
UserManager<IdentityUser> userManager, UserManager<IdentityUser> userManager,
SignInManager<IdentityUser> signInManager,
IIdentityUserRepository userRepository, IIdentityUserRepository userRepository,
IStringLocalizer<AbpIdentityServerResource> stringLocalizer, IStringLocalizer<IdentityResource> identityLocalizer,
IStringLocalizer<AbpIdentityServerResource> identityServerLocalizer,
ILogger<SmsTokenGrantValidator> logger) ILogger<SmsTokenGrantValidator> logger)
{ {
Logger = logger; Logger = logger;
EventService = eventService; EventService = eventService;
UserManager = userManager; UserManager = userManager;
SignInManager = signInManager;
Localizer = stringLocalizer;
UserRepository = userRepository; UserRepository = userRepository;
IdentityLocalizer = identityLocalizer;
IdentityServerLocalizer = identityServerLocalizer;
} }
public string GrantType => SmsValidatorConsts.SmsValidatorGrantTypeName; public string GrantType => SmsValidatorConsts.SmsValidatorGrantTypeName;
@ -50,26 +51,30 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator
var credential = raw.Get(OidcConstants.TokenRequest.GrantType); var credential = raw.Get(OidcConstants.TokenRequest.GrantType);
if (credential == null || !credential.Equals(GrantType)) if (credential == null || !credential.Equals(GrantType))
{ {
Logger.LogWarning("Invalid grant type: not allowed"); Logger.LogInformation("Invalid grant type: not allowed");
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:GrantTypeInvalid"]);
Localizer["InvalidGrant:GrantTypeInvalid"]);
return; return;
} }
var phoneNumber = raw.Get(SmsValidatorConsts.SmsValidatorParamName); var phoneNumber = raw.Get(SmsValidatorConsts.SmsValidatorParamName);
var phoneToken = raw.Get(SmsValidatorConsts.SmsValidatorTokenName); var phoneToken = raw.Get(SmsValidatorConsts.SmsValidatorTokenName);
if (phoneNumber.IsNullOrWhiteSpace() || phoneToken.IsNullOrWhiteSpace()) if (phoneNumber.IsNullOrWhiteSpace() || phoneToken.IsNullOrWhiteSpace())
{ {
Logger.LogWarning("Invalid grant type: phone number or token code not found"); Logger.LogInformation("Invalid grant type: phone number or token code not found");
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneOrTokenCodeNotFound"]);
Localizer["InvalidGrant:PhoneOrTokenCodeNotFound"]);
return; return;
} }
var currentUser = await UserRepository.FindByPhoneNumberAsync(phoneNumber); var currentUser = await UserRepository.FindByPhoneNumberAsync(phoneNumber);
if(currentUser == null) if(currentUser == null)
{ {
Logger.LogWarning("Invalid grant type: phone number not register"); Logger.LogInformation("Invalid grant type: phone number not register");
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneNumberNotRegister"]);
Localizer["InvalidGrant:PhoneNumberNotRegister"]); return;
}
if (await UserManager.IsLockedOutAsync(currentUser))
{
Logger.LogInformation("Authentication failed for username: {username}, reason: locked out", currentUser.UserName);
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityLocalizer["Volo.Abp.Identity:UserLockedOut"]);
return; return;
} }
@ -77,9 +82,20 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator
if (!validResult) if (!validResult)
{ {
Logger.LogWarning("Authentication failed for token: {0}, reason: invalid token", phoneToken); Logger.LogWarning("Authentication failed for token: {0}, reason: invalid token", phoneToken);
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, // 防尝试破解密码
Localizer["InvalidGrant:PhoneVerifyInvalid"]); var identityResult = await UserManager.AccessFailedAsync(currentUser);
await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, $"invalid phone verify code {phoneToken}", false)); if (identityResult.Succeeded)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneVerifyInvalid"]);
await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, $"invalid phone verify code {phoneToken}", false));
}
else
{
Logger.LogInformation("Authentication failed for username: {username}, reason: access failed", currentUser.UserName);
var userAccessFailedError = identityResult.LocalizeErrors(IdentityLocalizer);
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, userAccessFailedError);
await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, userAccessFailedError, false));
}
return; return;
} }

Write Preview
Loading…
Cancel
Save