fix: 修复Identity锁定功能 #124

aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/AccountAppService.cs

@@ -5,39 +5,53 @@ using IdentityModel;
 using Lion.AbpPro.BasicManagement.ConfigurationOptions;
 using Lion.AbpPro.BasicManagement.Users.Dtos;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.IdentityModel.Tokens;
 using Volo.Abp.Identity.AspNetCore;
 using Volo.Abp.Security.Claims;
+using IdentityUser = Volo.Abp.Identity.IdentityUser;
 
 namespace Lion.AbpPro.BasicManagement.Users
 {
     public class AccountAppService : BasicManagementAppService, IAccountAppService
     {
         private readonly IdentityUserManager _userManager;
+
         private readonly JwtOptions _jwtOptions;
+
         //private readonly Microsoft.AspNetCore.Identity.SignInManager<IdentityUser> _signInManager;
         private readonly IdentitySecurityLogManager _identitySecurityLogManager;
         private readonly IHttpContextAccessor _httpContextAccessor;
         private readonly AbpSignInManager _signInManager;
+        protected IOptions<IdentityOptions> IdentityOptions { get; }
+        
         public AccountAppService(
             IdentityUserManager userManager,
             IOptionsSnapshot<JwtOptions> jwtOptions,
-            IdentitySecurityLogManager identitySecurityLogManager, 
+            IdentitySecurityLogManager identitySecurityLogManager,
-            IHttpContextAccessor httpContextAccessor, AbpSignInManager signInManager)
+            IHttpContextAccessor httpContextAccessor, AbpSignInManager signInManager, ISettingProvider settingProvider, IOptions<IdentityOptions> identityOptions)
         {
             _userManager = userManager;
             _jwtOptions = jwtOptions.Value;
             _identitySecurityLogManager = identitySecurityLogManager;
             _httpContextAccessor = httpContextAccessor;
             _signInManager = signInManager;
+            IdentityOptions = identityOptions;
         }
 
 
         public virtual async Task<LoginOutput> LoginAsync(LoginInput input)
         {
+            await IdentityOptions.SetAsync();
+            
             var result = await _signInManager.PasswordSignInAsync(input.Name, input.Password, false, true);
 
             if (result.IsNotAllowed)
+            {
+                throw new BusinessException(BasicManagementErrorCodes.UserDisabled);
+            }
+
+            if (result.IsLockedOut)
             {
                 throw new BusinessException(BasicManagementErrorCodes.UserLockedOut);
             }
@@ -47,8 +61,9 @@ namespace Lion.AbpPro.BasicManagement.Users
                 throw new BusinessException(BasicManagementErrorCodes.UserOrPasswordMismatch);
             }
 
+
             var user = await _userManager.FindByNameAsync(input.Name);
-            
+
             await _identitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
             {
                 Action = _httpContextAccessor.HttpContext?.Request.Path,
@@ -104,7 +119,7 @@ namespace Lion.AbpPro.BasicManagement.Users
             {
                 Subject = new ClaimsIdentity(claims),
                 Expires = expirationTime, // token 过期时间
-                NotBefore = dateNow,    // token 签发时间
+                NotBefore = dateNow, // token 签发时间
                 SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
                     SecurityAlgorithms.HmacSha256Signature)
             };

aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/UserAppService.cs

@@ -82,6 +82,7 @@ namespace Lion.AbpPro.BasicManagement.Users
         {
             // abp 5.0 之后新增字段,是否运行用户登录，默认设置为true
             input.IsActive = true;
+            input.LockoutEnabled = true;
             return await _identityUserAppService.CreateAsync(input);
         }
 

aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/BasicManagementErrorCodes.cs

@@ -2,7 +2,8 @@
 
 public static class BasicManagementErrorCodes
 {
-    public const string OrganizationUnitNotExist =BasicManagementConsts.NameSpace+ ":100001";
+    public const string OrganizationUnitNotExist = BasicManagementConsts.NameSpace + ":100001";
-    public const string UserLockedOut =BasicManagementConsts.NameSpace+ ":100002";
+    public const string UserLockedOut = BasicManagementConsts.NameSpace + ":100002";
-    public const string UserOrPasswordMismatch =BasicManagementConsts.NameSpace+ ":100003";
+    public const string UserOrPasswordMismatch = BasicManagementConsts.NameSpace + ":100003";
-}
+    public const string UserDisabled = BasicManagementConsts.NameSpace + ":100004";
+}

aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/Localization/BasicManagement/en.json

@@ -18,6 +18,7 @@
     "Setting.Group.System": "System",
     "Lion.AbpPro.BasicManagement:100001": "OrganizationUnit Not Exist",
     "Lion.AbpPro.BasicManagement:100002": "UserLockedOut",
-    "Lion.AbpPro.BasicManagement:100003": "UserOrPasswordMismatch"
+    "Lion.AbpPro.BasicManagement:100003": "UserOrPasswordMismatch",
+    "Lion.AbpPro.BasicManagement:100004": "UserDisabled"
   }
 }

aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/Localization/BasicManagement/zh-Hans.json

@@ -19,6 +19,7 @@
     "Setting.Group.System": "系统",
     "Lion.AbpPro.BasicManagement:100001": "组织机构不存在",
     "Lion.AbpPro.BasicManagement:100002": "用户被锁定",
-    "Lion.AbpPro.BasicManagement:100003": "用户名或者密码错误"
+    "Lion.AbpPro.BasicManagement:100003": "用户名或者密码错误",
+    "Lion.AbpPro.BasicManagement:100004": "用户已禁用"
   }
 }

aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain/Settings/BasicManagementSettingDefinitionProvider.cs

@@ -1,4 +1,6 @@
-namespace Lion.AbpPro.BasicManagement.Settings;
+using Volo.Abp.Identity.Settings;
+
+namespace Lion.AbpPro.BasicManagement.Settings;
 
 public class BasicManagementSettingDefinitionProvider : SettingDefinitionProvider
 {
@@ -24,47 +26,53 @@ public class BasicManagementSettingDefinitionProvider : SettingDefinitionProvide
                 .WithProperty(AbpProSettingConsts.ControlType.Default,
                     AbpProSettingConsts.ControlType.TypeText));
 
-        context.GetOrNull("Abp.Identity.Password.RequiredLength")
+        context.GetOrNull(IdentitySettingNames.Password.RequiredLength)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
                 AbpProSettingConsts.ControlType.Number);
 
-        context.GetOrNull("Abp.Identity.Password.RequiredLength")
+        context.GetOrNull(IdentitySettingNames.Password.RequiredUniqueChars)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
                 AbpProSettingConsts.ControlType.Number);
 
-        context.GetOrNull("Abp.Identity.Password.RequiredUniqueChars")
+        context.GetOrNull(IdentitySettingNames.Password.RequireNonAlphanumeric)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
-                AbpProSettingConsts.ControlType.Number);
+                AbpProSettingConsts.ControlType.TypeCheckBox);
 
-        context.GetOrNull("Abp.Identity.Password.RequireNonAlphanumeric")
+        context.GetOrNull(IdentitySettingNames.Password.RequireLowercase)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
                 AbpProSettingConsts.ControlType.TypeCheckBox);
 
-        context.GetOrNull("Abp.Identity.Password.RequireLowercase")
+        context.GetOrNull(IdentitySettingNames.Password.RequireUppercase)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
                 AbpProSettingConsts.ControlType.TypeCheckBox);
 
-        context.GetOrNull("Abp.Identity.Password.RequireUppercase")
+        context.GetOrNull(IdentitySettingNames.Password.RequireDigit)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
                 AbpProSettingConsts.ControlType.TypeCheckBox);
-
+        
-        context.GetOrNull("Abp.Identity.Password.RequireDigit")
+        context.GetOrNull(IdentitySettingNames.Lockout.LockoutDuration)
             .WithProperty(BasicManagementSettings.Group.Default,
                 BasicManagementSettings.Group.SystemManagement)
             .WithProperty(AbpProSettingConsts.ControlType.Default,
-                AbpProSettingConsts.ControlType.TypeCheckBox);
+                AbpProSettingConsts.ControlType.Number);
+        
+        context.GetOrNull(IdentitySettingNames.Lockout.MaxFailedAccessAttempts)
+            .WithProperty(BasicManagementSettings.Group.Default,
+                BasicManagementSettings.Group.SystemManagement)
+            .WithProperty(AbpProSettingConsts.ControlType.Default,
+                AbpProSettingConsts.ControlType.Number);
     }