Merge pull request #16929 from abpframework/feat/14202

Support `RecoveryCode` login.
3 years ago · 7e53281dee
6 changed files with 39 additions and 3 deletions
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
@ -10,6 +10,7 @@
    "LoginIsNotAllowed": "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number.",
    "InvalidUsername": "Invalid username or password!",
    "InvalidAuthenticatorCode": "Invalid authenticator code!",
    "InvalidRecoveryCode": "Invalid recovery code!",
    "TheTargetUserIsNotLinkedToYou": "The target user is not linked to you!"
  }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
@ -10,6 +10,7 @@
    "LoginIsNotAllowed": "Giriş yapmanıza izin verilmiyor! Hesabınız etkin değil veya e-postanızı/telefon numaranızı onaylamanız gerekiyor.",
    "InvalidUsername": "Kullanıcı adı ya da şifre geçersiz!",
    "InvalidAuthenticatorCode": "Geçersiz kimlik doğrulama kodu!",
    "InvalidRecoveryCode": "Geçersiz kurtarma kodu!",
    "TheTargetUserIsNotLinkedToYou": "Hedef kullanıcı sizinle bağlantılı değil!"
  }
-}
+}
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
@ -10,6 +10,7 @@
    "LoginIsNotAllowed": "无法登录!你的账号未激活或者需要验证邮箱地址/手机号.",
    "InvalidUsername": "用户名或密码错误!",
    "InvalidAuthenticatorCode": "验证码无效!",
    "InvalidRecoveryCode": "恢复代码无效!",
    "TheTargetUserIsNotLinkedToYou": "目标用户未和你有关联!"
  }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
@ -10,6 +10,7 @@
    "LoginIsNotAllowed": "無法登入!你的賬號未激活或者需要驗證郵箱地址/手機號碼.",
    "InvalidUsername": "用戶名或密碼錯誤!",
    "InvalidAuthenticatorCode": "驗證碼無效！",
    "InvalidRecoveryCode": "恢復碼無效！",
    "TheTargetUserIsNotLinkedToYou": "目標用戶與您無關！"
  }
-}
+}
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
@ -178,6 +178,20 @@ public class AbpResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
    protected virtual async Task HandleTwoFactorLoginAsync(ResourceOwnerPasswordValidationContext context, IdentityUser user)
    {
        var recoveryCode = context.Request?.Raw?["RecoveryCode"];
        if (!recoveryCode.IsNullOrWhiteSpace())
        {
            var result = await UserManager.RedeemTwoFactorRecoveryCodeAsync(user, recoveryCode);
            if (result.Succeeded)
            {
                await SetSuccessResultAsync(context, user);
                return;
            }
            Logger.LogInformation("Authentication failed for username: {username}, reason: InvalidRecoveryCode", context.UserName);
            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, Localizer["InvalidRecoveryCode"]);
        }
        var twoFactorProvider = context.Request?.Raw?["TwoFactorProvider"];
        var twoFactorCode = context.Request?.Raw?["TwoFactorCode"];
        if (!twoFactorProvider.IsNullOrWhiteSpace() && !twoFactorCode.IsNullOrWhiteSpace())
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
@ -175,8 +175,26 @@ public partial class TokenController
    protected virtual async Task<IActionResult> HandleTwoFactorLoginAsync(OpenIddictRequest request, IdentityUser user)
    {
        var recoveryCode = request.GetParameter("RecoveryCode")?.ToString();
        if (!recoveryCode.IsNullOrWhiteSpace())
        {
            var result = await UserManager.RedeemTwoFactorRecoveryCodeAsync(user, recoveryCode);
            if (result.Succeeded)
            {
                return await SetSuccessResultAsync(request, user);
            }
            var properties = new AuthenticationProperties(new Dictionary<string, string>
            {
                [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
                [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "Invalid recovery code!"
            });
            return Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
        }
        var twoFactorProvider = request.GetParameter("TwoFactorProvider")?.ToString();
-        var twoFactorCode = request.GetParameter("TwoFactorCode")?.ToString();;
+        var twoFactorCode = request.GetParameter("TwoFactorCode")?.ToString();
        if (!twoFactorProvider.IsNullOrWhiteSpace() && !twoFactorCode.IsNullOrWhiteSpace())
        {
            var providers = await UserManager.GetValidTwoFactorProvidersAsync(user);