|
|
|
@ -5,6 +5,7 @@ using IdentityServer4.Services; |
|
|
|
using IdentityServer4.Validation; |
|
|
|
using LINGYUN.Abp.Identity; |
|
|
|
using Microsoft.AspNetCore.Identity; |
|
|
|
using Microsoft.Extensions.DependencyInjection; |
|
|
|
using Microsoft.Extensions.Localization; |
|
|
|
using Microsoft.Extensions.Logging; |
|
|
|
using System; |
|
|
|
@ -23,23 +24,23 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator |
|
|
|
protected IEventService EventService { get; } |
|
|
|
protected IIdentityUserRepository UserRepository { get; } |
|
|
|
protected UserManager<IdentityUser> UserManager { get; } |
|
|
|
protected SignInManager<IdentityUser> SignInManager { get; } |
|
|
|
protected IStringLocalizer<AbpIdentityServerResource> Localizer { get; } |
|
|
|
protected IStringLocalizer<IdentityResource> IdentityLocalizer { get; } |
|
|
|
protected IStringLocalizer<AbpIdentityServerResource> IdentityServerLocalizer { get; } |
|
|
|
|
|
|
|
public SmsTokenGrantValidator( |
|
|
|
IEventService eventService, |
|
|
|
UserManager<IdentityUser> userManager, |
|
|
|
SignInManager<IdentityUser> signInManager, |
|
|
|
IIdentityUserRepository userRepository, |
|
|
|
IStringLocalizer<AbpIdentityServerResource> stringLocalizer, |
|
|
|
IStringLocalizer<IdentityResource> identityLocalizer, |
|
|
|
IStringLocalizer<AbpIdentityServerResource> identityServerLocalizer, |
|
|
|
ILogger<SmsTokenGrantValidator> logger) |
|
|
|
{ |
|
|
|
Logger = logger; |
|
|
|
EventService = eventService; |
|
|
|
UserManager = userManager; |
|
|
|
SignInManager = signInManager; |
|
|
|
Localizer = stringLocalizer; |
|
|
|
UserRepository = userRepository; |
|
|
|
IdentityLocalizer = identityLocalizer; |
|
|
|
IdentityServerLocalizer = identityServerLocalizer; |
|
|
|
} |
|
|
|
|
|
|
|
public string GrantType => SmsValidatorConsts.SmsValidatorGrantTypeName; |
|
|
|
@ -50,26 +51,30 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator |
|
|
|
var credential = raw.Get(OidcConstants.TokenRequest.GrantType); |
|
|
|
if (credential == null || !credential.Equals(GrantType)) |
|
|
|
{ |
|
|
|
Logger.LogWarning("Invalid grant type: not allowed"); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, |
|
|
|
Localizer["InvalidGrant:GrantTypeInvalid"]); |
|
|
|
Logger.LogInformation("Invalid grant type: not allowed"); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:GrantTypeInvalid"]); |
|
|
|
return; |
|
|
|
} |
|
|
|
var phoneNumber = raw.Get(SmsValidatorConsts.SmsValidatorParamName); |
|
|
|
var phoneToken = raw.Get(SmsValidatorConsts.SmsValidatorTokenName); |
|
|
|
if (phoneNumber.IsNullOrWhiteSpace() || phoneToken.IsNullOrWhiteSpace()) |
|
|
|
{ |
|
|
|
Logger.LogWarning("Invalid grant type: phone number or token code not found"); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, |
|
|
|
Localizer["InvalidGrant:PhoneOrTokenCodeNotFound"]); |
|
|
|
Logger.LogInformation("Invalid grant type: phone number or token code not found"); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneOrTokenCodeNotFound"]); |
|
|
|
return; |
|
|
|
} |
|
|
|
var currentUser = await UserRepository.FindByPhoneNumberAsync(phoneNumber); |
|
|
|
if(currentUser == null) |
|
|
|
{ |
|
|
|
Logger.LogWarning("Invalid grant type: phone number not register"); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, |
|
|
|
Localizer["InvalidGrant:PhoneNumberNotRegister"]); |
|
|
|
Logger.LogInformation("Invalid grant type: phone number not register"); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneNumberNotRegister"]); |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
if (await UserManager.IsLockedOutAsync(currentUser)) |
|
|
|
{ |
|
|
|
Logger.LogInformation("Authentication failed for username: {username}, reason: locked out", currentUser.UserName); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityLocalizer["Volo.Abp.Identity:UserLockedOut"]); |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
@ -77,9 +82,20 @@ namespace LINGYUN.Abp.IdentityServer.SmsValidator |
|
|
|
if (!validResult) |
|
|
|
{ |
|
|
|
Logger.LogWarning("Authentication failed for token: {0}, reason: invalid token", phoneToken); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, |
|
|
|
Localizer["InvalidGrant:PhoneVerifyInvalid"]); |
|
|
|
await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, $"invalid phone verify code {phoneToken}", false)); |
|
|
|
// 防尝试破解密码
|
|
|
|
var identityResult = await UserManager.AccessFailedAsync(currentUser); |
|
|
|
if (identityResult.Succeeded) |
|
|
|
{ |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, IdentityServerLocalizer["InvalidGrant:PhoneVerifyInvalid"]); |
|
|
|
await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, $"invalid phone verify code {phoneToken}", false)); |
|
|
|
} |
|
|
|
else |
|
|
|
{ |
|
|
|
Logger.LogInformation("Authentication failed for username: {username}, reason: access failed", currentUser.UserName); |
|
|
|
var userAccessFailedError = identityResult.LocalizeErrors(IdentityLocalizer); |
|
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, userAccessFailedError); |
|
|
|
await EventService.RaiseAsync(new UserLoginFailureEvent(currentUser.UserName, userAccessFailedError, false)); |
|
|
|
} |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
|
cKey
5 years ago