From 5fcf2659be6f5c253b9367af620045c1612ae654 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Tue, 25 Feb 2020 11:15:09 +0800
Subject: [PATCH] Make AbpResourceOwnerPasswordValidator return detailed
 reason.

---
 .../IdentityServer/Localization/Resources/en.json |  6 +++++-
 .../IdentityServer/Localization/Resources/tr.json |  6 +++++-
 .../Localization/Resources/zh-Hans.json           |  6 +++++-
 .../Localization/Resources/zh-Hant.json           |  6 +++++-
 .../AbpResourceOwnerPasswordValidator.cs          | 15 ++++++++++++---
 5 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
index 6b2757a963..f974297b06 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json
@@ -3,6 +3,10 @@
   "texts": {
     "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity Resource name already exist: {Name}",
     "Volo.IdentityServer:DuplicateApiResourceName": "Api Resource name already exist: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId already exist: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId already exist: {ClientId}",
+    "UserLockedOut": "The user account has been locked out due to invalid login attempts. Please wait a while and try again.",
+    "InvalidUserNameOrPassword": "Invalid username or password!",
+    "LoginIsNotAllowed": "You are not allowed to login! You need to confirm your email/phone number.",
+    "InvalidUsername": "Invalid username or password!"
   }
 }
\ No newline at end of file
diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
index 9340b7999f..60f7a75a77 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json
@@ -3,6 +3,10 @@
   "texts": {
     "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity Resource adı zaten mevcut: {Name}",
     "Volo.IdentityServer:DuplicateApiResourceName": "Api Resource adı zaten mevcut: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId already zaten mevcut: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId already zaten mevcut: {ClientId}",
+    "UserLockedOut": "Kullanıcı hesabı hatalı giriş denemeleri nedeniyle kilitlenmiştir. Lütfen bir süre bekleyip tekrar deneyin.",
+    "InvalidUserNameOrPassword": "Kullanıcı adı ya da şifre geçersiz!",
+    "LoginIsNotAllowed": "Giriş yapamazsınız! E-posta adresinizi ya da telefon numaranızı doğrulamanız gerekiyor.",
+    "InvalidUsername": "Kullanıcı adı ya da şifre geçersiz!"
   }
 }
\ No newline at end of file
diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
index b2d186e8b4..ac175e574d 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json
@@ -3,6 +3,10 @@
   "texts": {
     "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity资源名称已存在: {Name}",
     "Volo.IdentityServer:DuplicateApiResourceName": "Api资源名称已存在: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId已经存在: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId已经存在: {ClientId}",
+    "UserLockedOut": "登录失败,用户账户已被锁定.请稍后再试.",
+    "InvalidUserNameOrPassword": "用户名或密码错误!",
+    "LoginIsNotAllowed": "无法登录!你需要验证邮箱地址/手机号.",
+    "InvalidUsername": "用户名或密码错误!"
   }
 }
\ No newline at end of file
diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
index 859e8c29b7..0ffeae8f81 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json
@@ -3,6 +3,10 @@
   "texts": {
     "Volo.IdentityServer:DuplicateIdentityResourceName": "Identity資源名稱已存在: {Name}",
     "Volo.IdentityServer:DuplicateApiResourceName": "Api資源名稱已存在: {Name}",
-    "Volo.IdentityServer:DuplicateClientId": "ClientId已經存在: {ClientId}"
+    "Volo.IdentityServer:DuplicateClientId": "ClientId已經存在: {ClientId}",
+    "UserLockedOut": "登錄失敗,用戶賬戶已被鎖定.請稍後再試.",
+    "InvalidUserNameOrPassword": "用戶名或密碼錯誤!",
+    "LoginIsNotAllowed": "無法登錄!妳需要驗證郵箱地址/手機號.",
+    "InvalidUsername": "用戶名或密碼錯誤!"
   }
 }
\ No newline at end of file
diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
index 68489a1bdb..ce11a167e1 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
@@ -8,7 +8,9 @@ using IdentityServer4.Models;
 using IdentityServer4.Services;
 using IdentityServer4.Validation;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Localization;
 using Microsoft.Extensions.Logging;
+using Volo.Abp.IdentityServer.Localization;
 using Volo.Abp.Security.Claims;
 using Volo.Abp.Uow;
 using Volo.Abp.Validation;
@@ -22,17 +24,20 @@ namespace Volo.Abp.IdentityServer.AspNetIdentity
         private readonly IEventService _events;
         private readonly UserManager<IdentityUser> _userManager;
         private readonly ILogger<ResourceOwnerPasswordValidator<IdentityUser>> _logger;
+        private readonly IStringLocalizer<AbpIdentityServerResource> _localizer;
 
         public AbpResourceOwnerPasswordValidator(
             UserManager<IdentityUser> userManager,
             SignInManager<IdentityUser> signInManager,
             IEventService events,
-            ILogger<ResourceOwnerPasswordValidator<IdentityUser>> logger)
+            ILogger<ResourceOwnerPasswordValidator<IdentityUser>> logger, 
+            IStringLocalizer<AbpIdentityServerResource> localizer)
         {
             _userManager = userManager;
             _signInManager = signInManager;
             _events = events;
             _logger = logger;
+            _localizer = localizer;
         }
 
         /// <summary>
@@ -44,8 +49,8 @@ namespace Volo.Abp.IdentityServer.AspNetIdentity
         public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
         {
             await ReplaceEmailToUsernameOfInputIfNeeds(context);
-
             var user = await _userManager.FindByNameAsync(context.UserName);
+            string errorDescription;
             if (user != null)
             {
                 var result = await _signInManager.CheckPasswordSignInAsync(user, context.Password, true);
@@ -72,25 +77,29 @@ namespace Volo.Abp.IdentityServer.AspNetIdentity
                 {
                     _logger.LogInformation("Authentication failed for username: {username}, reason: locked out", context.UserName);
                     await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "locked out", interactive: false));
+                    errorDescription = _localizer["UserLockedOut"];
                 }
                 else if (result.IsNotAllowed)
                 {
                     _logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName);
                     await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "not allowed", interactive: false));
+                    errorDescription = _localizer["LoginIsNotAllowed"];
                 }
                 else
                 {
                     _logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", context.UserName);
                     await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "invalid credentials", interactive: false));
+                    errorDescription = _localizer["InvalidUserNameOrPassword"];
                 }
             }
             else
             {
                 _logger.LogInformation("No user found matching username: {username}", context.UserName);
                 await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "invalid username", interactive: false));
+                errorDescription = _localizer["InvalidUsername"];
             }
 
-            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
+            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, errorDescription);
         }
 
         protected virtual async Task ReplaceEmailToUsernameOfInputIfNeeds(ResourceOwnerPasswordValidationContext context)