Merge pull request #2912 from abpframework/maliming/patch-3

Make AbpResourceOwnerPasswordValidator return detailed reason.
6 years ago · f666dbdcf4
5 changed files with 32 additions and 7 deletions
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
@ -3,6 +3,10 @@
  "texts": {
    "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity Resource name already exist: {Name}",
    "Volo.IdentityServer:DuplicateApiResourceName": "Api Resource name already exist: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId already exist: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId already exist: {ClientId}",
+    "UserLockedOut": "The user account has been locked out due to invalid login attempts. Please wait a while and try again.",
+    "InvalidUserNameOrPassword": "Invalid username or password!",
+    "LoginIsNotAllowed": "You are not allowed to login! You need to confirm your email/phone number.",
+    "InvalidUsername": "Invalid username or password!"
  }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
@ -3,6 +3,10 @@
  "texts": {
    "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity Resource adı zaten mevcut: {Name}",
    "Volo.IdentityServer:DuplicateApiResourceName": "Api Resource adı zaten mevcut: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId already zaten mevcut: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId already zaten mevcut: {ClientId}",
+    "UserLockedOut": "Kullanıcı hesabı hatalı giriş denemeleri nedeniyle kilitlenmiştir. Lütfen bir süre bekleyip tekrar deneyin.",
+    "InvalidUserNameOrPassword": "Kullanıcı adı ya da şifre geçersiz!",
+    "LoginIsNotAllowed": "Giriş yapamazsınız! E-posta adresinizi ya da telefon numaranızı doğrulamanız gerekiyor.",
+    "InvalidUsername": "Kullanıcı adı ya da şifre geçersiz!"
  }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
@ -3,6 +3,10 @@
  "texts": {
    "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity资源名称已存在: {Name}",
    "Volo.IdentityServer:DuplicateApiResourceName": "Api资源名称已存在: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId已经存在: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId已经存在: {ClientId}",
+    "UserLockedOut": "登录失败,用户账户已被锁定.请稍后再试.",
+    "InvalidUserNameOrPassword": "用户名或密码错误!",
+    "LoginIsNotAllowed": "无法登录!你需要验证邮箱地址/手机号.",
+    "InvalidUsername": "用户名或密码错误!"
  }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
@ -3,6 +3,10 @@
  "texts": {
    "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity資源名稱已存在: {Name}",
    "Volo.IdentityServer:DuplicateApiResourceName": "Api資源名稱已存在: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId已經存在: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId已經存在: {ClientId}",
+    "UserLockedOut": "登錄失敗,用戶賬戶已被鎖定.請稍後再試.",
+    "InvalidUserNameOrPassword": "用戶名或密碼錯誤!",
+    "LoginIsNotAllowed": "無法登錄!妳需要驗證郵箱地址/手機號.",
+    "InvalidUsername": "用戶名或密碼錯誤!"
  }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
@ -8,7 +8,9 @@ using IdentityServer4.Models;
 using IdentityServer4.Services;
 using IdentityServer4.Validation;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Localization;
 using Microsoft.Extensions.Logging;
+using Volo.Abp.IdentityServer.Localization;
 using Volo.Abp.Security.Claims;
 using Volo.Abp.Uow;
 using Volo.Abp.Validation;
@ -22,17 +24,20 @@ namespace Volo.Abp.IdentityServer.AspNetIdentity
        private readonly IEventService _events;
        private readonly UserManager<IdentityUser> _userManager;
        private readonly ILogger<ResourceOwnerPasswordValidator<IdentityUser>> _logger;
+        private readonly IStringLocalizer<AbpIdentityServerResource> _localizer;

        public AbpResourceOwnerPasswordValidator(
            UserManager<IdentityUser> userManager,
            SignInManager<IdentityUser> signInManager,
            IEventService events,
-            ILogger<ResourceOwnerPasswordValidator<IdentityUser>> logger)
+            ILogger<ResourceOwnerPasswordValidator<IdentityUser>> logger, 
+            IStringLocalizer<AbpIdentityServerResource> localizer)
        {
            _userManager = userManager;
            _signInManager = signInManager;
            _events = events;
            _logger = logger;
+            _localizer = localizer;
        }

        /// <summary>
@ -44,8 +49,8 @@ namespace Volo.Abp.IdentityServer.AspNetIdentity
        public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
            await ReplaceEmailToUsernameOfInputIfNeeds(context);
-
            var user = await _userManager.FindByNameAsync(context.UserName);
+            string errorDescription;
            if (user != null)
            {
                var result = await _signInManager.CheckPasswordSignInAsync(user, context.Password, true);
@ -72,25 +77,29 @@ namespace Volo.Abp.IdentityServer.AspNetIdentity
                {
                    _logger.LogInformation("Authentication failed for username: {username}, reason: locked out", context.UserName);
                    await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "locked out", interactive: false));
+                    errorDescription = _localizer["UserLockedOut"];
                }
                else if (result.IsNotAllowed)
                {
                    _logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName);
                    await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "not allowed", interactive: false));
+                    errorDescription = _localizer["LoginIsNotAllowed"];
                }
                else
                {
                    _logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", context.UserName);
                    await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "invalid credentials", interactive: false));
+                    errorDescription = _localizer["InvalidUserNameOrPassword"];
                }
            }
            else
            {
                _logger.LogInformation("No user found matching username: {username}", context.UserName);
                await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "invalid username", interactive: false));
+                errorDescription = _localizer["InvalidUsername"];
            }

-            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
+            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, errorDescription);
        }

        protected virtual async Task ReplaceEmailToUsernameOfInputIfNeeds(ResourceOwnerPasswordValidationContext context)