Merge pull request #21333 from abpframework/auto-merge/rel-8-3/3197

Merge branch rel-9.0 with rel-8.3
1 year ago · 6c664da3fa
2 changed files with 35 additions and 2 deletions
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpErrorDescriptionConsts.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpErrorDescriptionConsts.cs
@ -0,0 +1,8 @@
+namespace Volo.Abp.OpenIddict;
+
+public static class AbpErrorDescriptionConsts
+{
+    public const string RequiresTwoFactor = "RequiresTwoFactor";
+
+    public const string RequiresConfirmUser = "RequiresConfirmUser";
+}
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
@ -127,7 +127,12 @@ public partial class TokenController
                            return await HandlePeriodicallyChangePasswordAsync(request, user, request.Password);
                        }

-                        errorDescription = "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number.";
+                        if (user.IsActive)
+                        {
+                            return await HandleConfirmUserAsync(request, user);
+                        }
+
+                        errorDescription = "You are not allowed to login! Your account is inactive.";
                    }
                    else
                    {
@ -235,7 +240,7 @@ public partial class TokenController
                items: new Dictionary<string, string>
                {
                    [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
-                    [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = nameof(SignInResult.RequiresTwoFactor)
+                    [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = AbpErrorDescriptionConsts.RequiresTwoFactor
                },
                parameters: new Dictionary<string, object>
                {
@ -337,6 +342,26 @@ public partial class TokenController
        }
    }

+    protected virtual Task<IActionResult> HandleConfirmUserAsync(OpenIddictRequest request, IdentityUser user)
+    {
+        Logger.LogInformation($"{request.Username} needs to confirm email/phone number");
+
+        var properties = new AuthenticationProperties(
+            items: new Dictionary<string, string>
+            {
+                [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
+                [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = AbpErrorDescriptionConsts.RequiresConfirmUser
+            },
+            parameters: new Dictionary<string, object>
+            {
+                ["userId"] = user.Id.ToString("N"),
+                ["email"] = user.Email,
+                ["phoneNumber"] = user.PhoneNumber ?? ""
+            });
+
+        return Task.FromResult<IActionResult>(Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme));
+    }
+
    protected virtual async Task<IActionResult> SetSuccessResultAsync(OpenIddictRequest request, IdentityUser user)
    {
        // Clear the dynamic claims cache.