Merge pull request #4975 from abpframework/issue/4928

Revise how to change the password for external logins
6 years ago · 967c47af65
9 changed files with 74 additions and 27 deletions
--- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml
+++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml
@ -25,33 +25,41 @@
 <abp-card>
    <abp-card-body>
        <abp-tabs tab-style="PillVertical">
-            <abp-tab title="@L["ChangePassword"].Value">
-                <h4>@L["ChangePassword"].Value</h4><hr />
-                <abp-dynamic-form abp-model="@Model.ChangePasswordInfoModel" id="ChangePasswordForm">
-                    <abp-form-content />
-                    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value" />
-                </abp-dynamic-form>
-            </abp-tab>
+            @if (!Model.DisablePasswordChange)
+            {
+                <abp-tab title="@L["ChangePassword"].Value">
+                    <h4>@L["ChangePassword"].Value</h4><hr/>
+                    <form id="ChangePasswordForm">
+                        @if (!Model.HideOldPasswordInput)
+                        {
+                            <abp-input asp-for="ChangePasswordInfoModel.CurrentPassword"/>
+                        }
+                        <abp-input asp-for="ChangePasswordInfoModel.NewPassword"/>
+                        <abp-input asp-for="ChangePasswordInfoModel.NewPasswordConfirm"/>
+                        <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value"/>
+                    </form>
+                </abp-tab>
+            }
            <abp-tab title="@L["PersonalSettings"].Value">
-                <h4>@L["PersonalSettings"].Value</h4><hr />
+                <h4>@L["PersonalSettings"].Value</h4><hr/>
                <form method="post" id="PersonalSettingsForm">

-                    <abp-input asp-for="PersonalSettingsInfoModel.UserName" readonly="!isUserNameUpdateEnabled" />
+                    <abp-input asp-for="PersonalSettingsInfoModel.UserName" readonly="!isUserNameUpdateEnabled"/>

                    <abp-row>
                        <abp-column size-md="_6">
-                            <abp-input asp-for="PersonalSettingsInfoModel.Name" />
+                            <abp-input asp-for="PersonalSettingsInfoModel.Name"/>
                        </abp-column>
                        <abp-column size-md="_6">
-                            <abp-input asp-for="PersonalSettingsInfoModel.Surname" />
+                            <abp-input asp-for="PersonalSettingsInfoModel.Surname"/>
                        </abp-column>
                    </abp-row>

-                    <abp-input asp-for="PersonalSettingsInfoModel.Email" readonly="!isEmailUpdateEnabled" />
+                    <abp-input asp-for="PersonalSettingsInfoModel.Email" readonly="!isEmailUpdateEnabled"/>

-                    <abp-input asp-for="PersonalSettingsInfoModel.PhoneNumber" />
+                    <abp-input asp-for="PersonalSettingsInfoModel.PhoneNumber"/>

-                    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value" />
+                    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value"/>
                </form>
            </abp-tab>
        </abp-tabs>
--- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml.cs
+++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml.cs
@ -12,6 +12,10 @@ namespace Volo.Abp.Account.Web.Pages.Account

        public PersonalSettingsInfoModel PersonalSettingsInfoModel { get; set; }

+        public bool DisablePasswordChange { get; set; }
+
+        public bool HideOldPasswordInput { get; set; }
+
        protected IProfileAppService ProfileAppService { get; }

        public ManageModel(IProfileAppService profileAppService)
@ -25,6 +29,9 @@ namespace Volo.Abp.Account.Web.Pages.Account

            PersonalSettingsInfoModel = ObjectMapper.Map<ProfileDto, PersonalSettingsInfoModel>(user);

+            DisablePasswordChange = user.IsExternal;
+            HideOldPasswordInput = !user.HasPassword;
+
            return Page();
        }

@ -54,7 +61,7 @@ namespace Volo.Abp.Account.Web.Pages.Account
        [DataType(DataType.Password)]
        public string NewPasswordConfirm { get; set; }
    }
-    
+
    public class PersonalSettingsInfoModel
    {
        [Required]
--- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.js
+++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.js
@ -15,13 +15,13 @@

        if (
            input.newPassword != input.newPasswordConfirm ||
-            input.currentPassword == ''
+            input.newPassword == ''
        ) {
            abp.message.error(l('NewPasswordConfirmFailed'));
            return;
        }

-        if (input.currentPassword == '') {
+        if (input.currentPassword && input.currentPassword == ''){
            return;
        }

--- a/modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/ChangePasswordInput.cs
+++ b/modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/ChangePasswordInput.cs
@ -1,9 +1,18 @@
-namespace Volo.Abp.Identity
+using System.ComponentModel.DataAnnotations;
+using Volo.Abp.Auditing;
+using Volo.Abp.Validation;
+
+namespace Volo.Abp.Identity
 {
    public class ChangePasswordInput
    {
+        [DisableAuditing]
+        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxPasswordLength))]
        public string CurrentPassword { get; set; }

+        [Required]
+        [DisableAuditing]
+        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxPasswordLength))]
        public string NewPassword { get; set; }
    }
 }
--- a/modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/ProfileDto.cs
+++ b/modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/ProfileDto.cs
@ -13,5 +13,9 @@ namespace Volo.Abp.Identity
        public string Surname { get; set; }

        public string PhoneNumber { get; set; }
+
+        public bool IsExternal { get; set; }
+
+        public bool HasPassword { get; set; }
    }
-}
+}
--- a/modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/AbpIdentityApplicationModuleAutoMapperProfile.cs
+++ b/modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/AbpIdentityApplicationModuleAutoMapperProfile.cs
@ -1,4 +1,5 @@
 using AutoMapper;
+using Volo.Abp.AutoMapper;

 namespace Volo.Abp.Identity
 {
@ -11,9 +12,11 @@ namespace Volo.Abp.Identity

            CreateMap<IdentityRole, IdentityRoleDto>()
                .MapExtraProperties();
-            
+
            CreateMap<IdentityUser, ProfileDto>()
+                .ForMember(dest => dest.HasPassword,
+                    op => op.MapFrom(src => src.PasswordHash != null))
                .MapExtraProperties();
        }
    }
-}
+}
--- a/modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/ProfileAppService.cs
+++ b/modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/ProfileAppService.cs
@ -1,4 +1,5 @@
-using System.Threading.Tasks;
+using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Volo.Abp.Identity.Settings;
@ -20,9 +21,9 @@ namespace Volo.Abp.Identity

        public virtual async Task<ProfileDto> GetAsync()
        {
-            return ObjectMapper.Map<IdentityUser, ProfileDto>(
-                await UserManager.GetByIdAsync(CurrentUser.GetId())
-            );
+            var currentUser = await UserManager.GetByIdAsync(CurrentUser.GetId());
+
+            return ObjectMapper.Map<IdentityUser, ProfileDto>(currentUser);
        }

        public virtual async Task<ProfileDto> UpdateAsync(UpdateProfileDto input)
@ -56,6 +57,19 @@ namespace Volo.Abp.Identity
        public virtual async Task ChangePasswordAsync(ChangePasswordInput input)
        {
            var currentUser = await UserManager.GetByIdAsync(CurrentUser.GetId());
+
+            if (currentUser.IsExternal)
+            {
+                throw new BusinessException(code: IdentityErrorCodes.ExternalUserPasswordChange);
+            }
+
+            if (currentUser.PasswordHash == null)
+            {
+                (await UserManager.AddPasswordAsync(currentUser, input.NewPassword)).CheckErrors();
+
+                return;
+            }
+
            (await UserManager.ChangePasswordAsync(currentUser, input.CurrentPassword, input.NewPassword)).CheckErrors();
        }
    }
--- a/modules/identity/src/Volo.Abp.Identity.Domain.Shared/Volo/Abp/Identity/IdentityErrorCodes.cs
+++ b/modules/identity/src/Volo.Abp.Identity.Domain.Shared/Volo/Abp/Identity/IdentityErrorCodes.cs
@ -4,5 +4,6 @@
    {
        public const string UserSelfDeletion = "Volo.Abp.Identity:010001";
        public const string MaxAllowedOuMembership = "Volo.Abp.Identity:010002";
+        public const string ExternalUserPasswordChange = "Volo.Abp.Identity:010003";
    }
-}
+}
--- a/modules/identity/src/Volo.Abp.Identity.Domain.Shared/Volo/Abp/Identity/Localization/en.json
+++ b/modules/identity/src/Volo.Abp.Identity.Domain.Shared/Volo/Abp/Identity/Localization/en.json
@ -102,6 +102,7 @@
    "Description:Abp.Identity.SignIn.RequireConfirmedPhoneNumber": "Whether a confirmed telephone number is required to sign in.",
    "Description:Abp.Identity.User.IsUserNameUpdateEnabled": "Whether the username can be updated by the user.",
    "Description:Abp.Identity.User.IsEmailUpdateEnabled": "Whether the email can be updated by the user.",
-    "Volo.Abp.Identity:010002": "Can not set more than {MaxUserMembershipCount} organization unit for a user!"
+    "Volo.Abp.Identity:010002": "Can not set more than {MaxUserMembershipCount} organization unit for a user!",
+    "Volo.Abp.Identity:010003": "Can not change password of an externally logged in user!"
  }
 }