From 00cef562937b5bf1880a90b3f4e782637fdf6d0f Mon Sep 17 00:00:00 2001 From: Roc Date: Sat, 27 Aug 2022 00:41:46 +0800 Subject: [PATCH 1/2] Add `PreSignInCheckAsync` method --- .../AbpOpenIdDictControllerBase.cs | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AbpOpenIdDictControllerBase.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AbpOpenIdDictControllerBase.cs index ff7edb3e52..d1321ad9e1 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AbpOpenIdDictControllerBase.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AbpOpenIdDictControllerBase.cs @@ -73,4 +73,24 @@ public abstract class AbpOpenIdDictControllerBase : AbpController return false; } + + protected virtual async Task PreSignInCheckAsync(IdentityUser user) + { + if (!user.IsActive) + { + return false; + } + + if (!await SignInManager.CanSignInAsync(user)) + { + return false; + } + + if (await UserManager.IsLockedOutAsync(user)) + { + return false; + } + + return true; + } } From 5c6fc1c68c5fbcbad7fba3391ee635e4817ef7bb Mon Sep 17 00:00:00 2001 From: Roc Date: Sat, 27 Aug 2022 00:44:13 +0800 Subject: [PATCH 2/2] Use `PreSignInCheckAsync` method --- .../OpenIddict/Controllers/TokenController.AuthorizationCode.cs | 2 +- .../Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs | 2 +- .../Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs index 26018f5423..89a00f1a8a 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs @@ -33,7 +33,7 @@ public partial class TokenController } // Ensure the user is still allowed to sign in. - if (!await SignInManager.CanSignInAsync(user)) + if (!await PreSignInCheckAsync(user)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs index c46ee5eef0..cbe021854c 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs @@ -33,7 +33,7 @@ public partial class TokenController } // Ensure the user is still allowed to sign in. - if (!await SignInManager.CanSignInAsync(user)) + if (!await PreSignInCheckAsync(user)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs index 05bf247ca5..c234ddd62e 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs @@ -33,7 +33,7 @@ public partial class TokenController } // Ensure the user is still allowed to sign in. - if (!await SignInManager.CanSignInAsync(user)) + if (!await PreSignInCheckAsync(user)) { return Forbid( authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,