From a4922caef58b228ae6560f02e9f22b6930336b29 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Wed, 29 May 2024 11:02:38 +0800
Subject: [PATCH] Lock the user if too many incorrect 2FA code attempts.

---
 .../AspNetIdentity/AbpResourceOwnerPasswordValidator.cs         | 2 ++
 .../Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
index 628eb37cb7..eece31acc3 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
@@ -203,6 +203,8 @@ public class AbpResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
                 return;
             }
 
+            await UserManager.AccessFailedAsync(user);
+
             Logger.LogInformation("Authentication failed for username: {username}, reason: InvalidAuthenticatorCode", context.UserName);
             context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, Localizer["InvalidAuthenticatorCode"]);
         }
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
index e7abd2a2d8..470debf115 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
@@ -206,6 +206,8 @@ public partial class TokenController
                 return await SetSuccessResultAsync(request, user);
             }
 
+            await UserManager.AccessFailedAsync(user);
+
             Logger.LogInformation("Authentication failed for username: {username}, reason: InvalidAuthenticatorCode", request.Username);
 
             var properties = new AuthenticationProperties(new Dictionary<string, string>