fix: 修复Identity锁定功能 #124

2 years ago · b17b90ac04
6 changed files with 48 additions and 21 deletions
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/AccountAppService.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/AccountAppService.cs
@ -5,39 +5,53 @@ using IdentityModel;
 using Lion.AbpPro.BasicManagement.ConfigurationOptions;
 using Lion.AbpPro.BasicManagement.Users.Dtos;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.IdentityModel.Tokens;
 using Volo.Abp.Identity.AspNetCore;
 using Volo.Abp.Security.Claims;
+using IdentityUser = Volo.Abp.Identity.IdentityUser;

 namespace Lion.AbpPro.BasicManagement.Users
 {
    public class AccountAppService : BasicManagementAppService, IAccountAppService
    {
        private readonly IdentityUserManager _userManager;
+
        private readonly JwtOptions _jwtOptions;
+
        //private readonly Microsoft.AspNetCore.Identity.SignInManager<IdentityUser> _signInManager;
        private readonly IdentitySecurityLogManager _identitySecurityLogManager;
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly AbpSignInManager _signInManager;
+        protected IOptions<IdentityOptions> IdentityOptions { get; }
+        
        public AccountAppService(
            IdentityUserManager userManager,
            IOptionsSnapshot<JwtOptions> jwtOptions,
            IdentitySecurityLogManager identitySecurityLogManager,
-            IHttpContextAccessor httpContextAccessor, AbpSignInManager signInManager)
+            IHttpContextAccessor httpContextAccessor, AbpSignInManager signInManager, ISettingProvider settingProvider, IOptions<IdentityOptions> identityOptions)
        {
            _userManager = userManager;
            _jwtOptions = jwtOptions.Value;
            _identitySecurityLogManager = identitySecurityLogManager;
            _httpContextAccessor = httpContextAccessor;
            _signInManager = signInManager;
+            IdentityOptions = identityOptions;
        }


        public virtual async Task<LoginOutput> LoginAsync(LoginInput input)
        {
+            await IdentityOptions.SetAsync();
+            
            var result = await _signInManager.PasswordSignInAsync(input.Name, input.Password, false, true);

            if (result.IsNotAllowed)
+            {
+                throw new BusinessException(BasicManagementErrorCodes.UserDisabled);
+            }
+
+            if (result.IsLockedOut)
            {
                throw new BusinessException(BasicManagementErrorCodes.UserLockedOut);
            }
@ -47,6 +61,7 @@ namespace Lion.AbpPro.BasicManagement.Users
                throw new BusinessException(BasicManagementErrorCodes.UserOrPasswordMismatch);
            }

+
            var user = await _userManager.FindByNameAsync(input.Name);

            await _identitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
@ -104,7 +119,7 @@ namespace Lion.AbpPro.BasicManagement.Users
            {
                Subject = new ClaimsIdentity(claims),
                Expires = expirationTime, // token 过期时间
-                NotBefore = dateNow,    // token 签发时间
+                NotBefore = dateNow, // token 签发时间
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
                    SecurityAlgorithms.HmacSha256Signature)
            };
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/UserAppService.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/UserAppService.cs
@ -82,6 +82,7 @@ namespace Lion.AbpPro.BasicManagement.Users
        {
            // abp 5.0 之后新增字段,是否运行用户登录，默认设置为true
            input.IsActive = true;
+            input.LockoutEnabled = true;
            return await _identityUserAppService.CreateAsync(input);
        }

--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/BasicManagementErrorCodes.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/BasicManagementErrorCodes.cs
@ -2,7 +2,8 @@

 public static class BasicManagementErrorCodes
 {
-    public const string OrganizationUnitNotExist =BasicManagementConsts.NameSpace+ ":100001";
-    public const string UserLockedOut =BasicManagementConsts.NameSpace+ ":100002";
-    public const string UserOrPasswordMismatch =BasicManagementConsts.NameSpace+ ":100003";
+    public const string OrganizationUnitNotExist = BasicManagementConsts.NameSpace + ":100001";
+    public const string UserLockedOut = BasicManagementConsts.NameSpace + ":100002";
+    public const string UserOrPasswordMismatch = BasicManagementConsts.NameSpace + ":100003";
+    public const string UserDisabled = BasicManagementConsts.NameSpace + ":100004";
 }
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/Localization/BasicManagement/en.json
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/Localization/BasicManagement/en.json
@ -18,6 +18,7 @@
    "Setting.Group.System": "System",
    "Lion.AbpPro.BasicManagement:100001": "OrganizationUnit Not Exist",
    "Lion.AbpPro.BasicManagement:100002": "UserLockedOut",
-    "Lion.AbpPro.BasicManagement:100003": "UserOrPasswordMismatch"
+    "Lion.AbpPro.BasicManagement:100003": "UserOrPasswordMismatch",
+    "Lion.AbpPro.BasicManagement:100004": "UserDisabled"
  }
 }
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/Localization/BasicManagement/zh-Hans.json
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain.Shared/Localization/BasicManagement/zh-Hans.json
@ -19,6 +19,7 @@
    "Setting.Group.System": "系统",
    "Lion.AbpPro.BasicManagement:100001": "组织机构不存在",
    "Lion.AbpPro.BasicManagement:100002": "用户被锁定",
-    "Lion.AbpPro.BasicManagement:100003": "用户名或者密码错误"
+    "Lion.AbpPro.BasicManagement:100003": "用户名或者密码错误",
+    "Lion.AbpPro.BasicManagement:100004": "用户已禁用"
  }
 }
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain/Settings/BasicManagementSettingDefinitionProvider.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Domain/Settings/BasicManagementSettingDefinitionProvider.cs
@ -1,4 +1,6 @@
-namespace Lion.AbpPro.BasicManagement.Settings;
+using Volo.Abp.Identity.Settings;
+
+namespace Lion.AbpPro.BasicManagement.Settings;

 public class BasicManagementSettingDefinitionProvider : SettingDefinitionProvider
 {
@ -24,47 +26,53 @@ public class BasicManagementSettingDefinitionProvider : SettingDefinitionProvide
                .WithProperty(AbpProSettingConsts.ControlType.Default,
                    AbpProSettingConsts.ControlType.TypeText));

-        context.GetOrNull("Abp.Identity.Password.RequiredLength")
+        context.GetOrNull(IdentitySettingNames.Password.RequiredLength)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
                AbpProSettingConsts.ControlType.Number);

-        context.GetOrNull("Abp.Identity.Password.RequiredLength")
+        context.GetOrNull(IdentitySettingNames.Password.RequiredUniqueChars)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
                AbpProSettingConsts.ControlType.Number);

-        context.GetOrNull("Abp.Identity.Password.RequiredUniqueChars")
+        context.GetOrNull(IdentitySettingNames.Password.RequireNonAlphanumeric)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
-                AbpProSettingConsts.ControlType.Number);
+                AbpProSettingConsts.ControlType.TypeCheckBox);

-        context.GetOrNull("Abp.Identity.Password.RequireNonAlphanumeric")
+        context.GetOrNull(IdentitySettingNames.Password.RequireLowercase)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
                AbpProSettingConsts.ControlType.TypeCheckBox);

-        context.GetOrNull("Abp.Identity.Password.RequireLowercase")
+        context.GetOrNull(IdentitySettingNames.Password.RequireUppercase)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
                AbpProSettingConsts.ControlType.TypeCheckBox);

-        context.GetOrNull("Abp.Identity.Password.RequireUppercase")
+        context.GetOrNull(IdentitySettingNames.Password.RequireDigit)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
                AbpProSettingConsts.ControlType.TypeCheckBox);
        
-        context.GetOrNull("Abp.Identity.Password.RequireDigit")
+        context.GetOrNull(IdentitySettingNames.Lockout.LockoutDuration)
            .WithProperty(BasicManagementSettings.Group.Default,
                BasicManagementSettings.Group.SystemManagement)
            .WithProperty(AbpProSettingConsts.ControlType.Default,
-                AbpProSettingConsts.ControlType.TypeCheckBox);
+                AbpProSettingConsts.ControlType.Number);
+        
+        context.GetOrNull(IdentitySettingNames.Lockout.MaxFailedAccessAttempts)
+            .WithProperty(BasicManagementSettings.Group.Default,
+                BasicManagementSettings.Group.SystemManagement)
+            .WithProperty(AbpProSettingConsts.ControlType.Default,
+                AbpProSettingConsts.ControlType.Number);
    }