public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var authCode = context.Request.Raw["authCode"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
//检测是否为空
if (string.IsNullOrEmpty(phone) || string.IsNullOrEmpty(authCode))
{
context.Result = errorValidationResult;
return;
}
//验证码
if (!await authCodeService.Validate(phone, authCode))
{
context.Result = errorValidationResult;
return;
}
//完成用户注册
int userId = await userService.CheckOrCreate(phone);
if (userId <= 0)
{
context.Result = errorValidationResult;
return;
}
context.Result = new GrantValidationResult(userId.ToString(), GrantType);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw.Get("phone");
var authCode = context.Request.Raw.Get("auth_code");
var errorResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (phone.IsNullOrEmpty() || authCode.IsNullOrEmpty())
{
context.Result = errorResult;
return;
}
if (!_authService.Validate(phone, authCode))
{
context.Result = errorResult;
return;
}
var userId = await _userService.CheckOrCreate(phone);
if (userId <= 0)
{
context.Result = errorResult;
return;
}
context.Result = new GrantValidationResult(userId.ToString(), GrantType);
return;
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var partner = context.Request.Raw["auth_partner"]; //wechat alipay
var authCode = context.Request.Raw["partner_auth_code"]; //合作方授权码
var errorvalidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(partner) || string.IsNullOrWhiteSpace(authCode))
{
context.Result = errorvalidationResult;
return;
}
var obj = await _userServiceProxy.VerifyCookAppPartnerLoginUserByAuthCode(authCode);
if (obj == null)
{
context.Result = errorvalidationResult;
return;
}
context.Result = new GrantValidationResult(
subject: obj.PartnerKey,
authenticationMethod: "custom",
claims: new Claim[] {
new Claim("UserId", obj.Id),
new Claim("Name", obj.PartnerKey),
new Claim("NickName", obj.PartnerKey)
}
);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = errorValidationResult;
return;
}
//检查验证码
if (!_authCodeService.Validate(phone, code))
{
context.Result = errorValidationResult;
return;
}
//完成用户注册
var userInfo = await _userService.CheckOrCreateAsync(phone);
if (userInfo == null)
{
context.Result = errorValidationResult;
return;
}
var claims = new Claim[] {
new Claim("name", userInfo.Name ?? string.Empty),
new Claim("company", userInfo.Company ?? string.Empty),
new Claim("title", userInfo.Title ?? string.Empty),
new Claim("avatar", userInfo.Avatar ?? string.Empty)
};
context.Result = new GrantValidationResult(userInfo.userID.ToString(), GrantType, claims);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["code"];
var result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = result;
return;
}
if (!await _codeService.ValidateAsync(phone, code))
{
context.Result = result;
return;
}
var identity = await _userService.ValidateAsync(phone);
if (identity == null)
{
context.Result = result;
return;
}
var claims = new Claim[]
{
new Claim("phone", identity.Phone),
new Claim("name", identity.Name)
};
context.Result = new GrantValidationResult(identity.Id.ToString(), GrantType, claims);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var userName = context.Request.Raw["userName"];
var password = context.Request.Raw["password"];
GrantValidationResult erroValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password))
{
context.Result = erroValidationResult;
return;
}
if (!_validService.VaildUserName(userName))
{
context.Result = erroValidationResult;
return;
}
var userIdentityInfo = await _userService.CheckByPassword(userName, password);
if (userIdentityInfo == null)
{
context.Result = erroValidationResult;
return;
}
var claims = new Claim[] {
new Claim("UserBasicInfoId", userIdentityInfo.UserBasicInfoId.ToString() ?? string.Empty),
new Claim("UserName", userIdentityInfo.UserName ?? string.Empty),
new Claim("RoleType", userIdentityInfo.RoleType.ToString() ?? string.Empty)
};
context.Result = new GrantValidationResult(userIdentityInfo.UserId.ToString(), GrantType, claims);
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var invalidCredentialsResult = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid credentials");
var getAccountResult = await _accountGetterService.GetByEmailAsync(context.UserName);
if (!getAccountResult.Success)
{
context.Result = invalidCredentialsResult;
return;
}
var accountCanBeAuthenticatedResult = _accountVerificationService.VerifyAccountCanBeAuthenticated(getAccountResult.Value, context.Password);
if (!accountCanBeAuthenticatedResult.Success)
{
var error = accountCanBeAuthenticatedResult.Errors.Single();
context.Result = error.ErrorCode.Equals(AccountErrorCodeEnumeration.PasswordIsNotSet) || error.ErrorCode.Equals(AccountErrorCodeEnumeration.IncorrectPassword)
? invalidCredentialsResult
: new GrantValidationResult(TokenRequestErrors.InvalidTarget, error.ErrorMessage);
return;
}
var claims = await _accountClaimsCreatorService.CreateAccountClaimsAsync(getAccountResult.Value);
context.Result = new GrantValidationResult(getAccountResult.Value.Id.ToString(),
context.Request.GrantType, claims);
}
public async Task ValidateAsync_Should_Set_Fail_GrantValidationResult_When_Account_Does_Not_Exist()
{
var errors = new Collection <IError>
{
new Error(AccountErrorCodeEnumeration.NotFound, AccountErrorMessage.NotFound)
};
var getAccountResult = GetResult <Account> .Fail(errors);
var context = new ResourceOwnerPasswordValidationContext
{
Request = new ValidatedTokenRequest
{
GrantType = GrantType.ResourceOwnerPassword
}
};
var expectedResult = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid credentials");
_accountGetterServiceMock.Setup(x => x.GetByEmailAsync(It.IsAny <string>()))
.ReturnsAsync(getAccountResult);
Func <Task> result = async() => await _resourceOwnerPasswordValidator.ValidateAsync(context);
await result.Should().NotThrowAsync <Exception>();
context.Result.Should().BeEquivalentTo(expectedResult);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var sms_code = context.Request.Raw["auth_code"];
var validationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrEmpty(phone) || string.IsNullOrEmpty(sms_code))
{
context.Result = validationResult;
return;
}
if (!authCodeService.Validate(phone, sms_code))
{
context.Result = validationResult;
return;
}
int userId = await userService.CheckOrCreate(phone);
if (userId <= 0)
{
context.Result = validationResult;
return;
}
context.Result = new GrantValidationResult(userId.ToString(), GrantType);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = errorValidationResult;
return;
}
//检查验证码
if (!_authCodeService.Validate(phone, code))
{
context.Result = errorValidationResult;
return;
}
var userId = _userServices.CheckOrCreate(phone);
if (userId <= 0)
{
context.Result = errorValidationResult;
return;
}
context.Result = new GrantValidationResult(userId.ToString(), GrantType);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
string phone = context.Request.Raw["phone"];
string code = context.Request.Raw["code"];
var ErrorGrantValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = ErrorGrantValidationResult;
return;
}
var Teacher = await _UserService.Teacher_LoginBySms(phone, code);
if (Teacher == null)
{
context.Result = ErrorGrantValidationResult;
return;
}
var claims = new List <Claim>()
{
new Claim("role", "teacher")
};
context.Result = new GrantValidationResult(Teacher.ID, GrantType, claims);
}
public Task ValidateAsync(ExtensionGrantValidationContext context)
{
var userName = context.Request.Raw.Get("czar_name");
var userPassword = context.Request.Raw.Get("czar_password");
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userPassword))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
}
//校验登录
var result = userName == userPassword;
if (result != true)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
}
//添加指定的claims
GrantValidationResult grantValidationResult = new GrantValidationResult(
subject: userName,
authenticationMethod: GrantType,
claims: new List <Claim>()
{
new Claim("pwd", userPassword)
});
context.Result = grantValidationResult;
return(Task.CompletedTask);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidClient);
if (string.IsNullOrEmpty(phone) || string.IsNullOrEmpty(code))
{
context.Result = errorValidationResult;
return;
}
//验证手机号码
//创建用户
await Task.Delay(1);
var claims = new Claim[]
{
new Claim("UserName", "Adamson"),
new Claim("Phone", "15295758935")
};
context.Result = new GrantValidationResult("userid", GrantType, claims);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var tel = context.Request.Raw["tel"];
var code = context.Request.Raw["auth_code"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrEmpty(tel) || string.IsNullOrEmpty(code))
{
context.Result = errorValidationResult;
}
if (!_authCodeService.Validate(tel, code))
{
context.Result = errorValidationResult;
}
var userInfo = await _userService.CheckOrCreate(tel);
if (userInfo == null)
{
context.Result = errorValidationResult;
}
var claims = new Claim[] {
new Claim("name", userInfo.Name ?? string.Empty),
new Claim("company", userInfo.Company ?? string.Empty),
new Claim("title", userInfo.Title ?? string.Empty),
new Claim("avatar", userInfo.Avatar ?? string.Empty),
};
var grantResult = new GrantValidationResult(userInfo.Id.ToString(), GrantType, claims);
context.Result = grantResult;
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
string phone = context.Request.Raw["phone"];
string code = context.Request.Raw["code"];
var ErrorGrantValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = ErrorGrantValidationResult;
return;
}
var student = await _UserService.Student_LoginBySms(phone, code);
if (student == null)
{
context.Result = ErrorGrantValidationResult;
return;
}
var claims = new List <Claim>()
{
new Claim("role", "student")
};
var tokenlist = _persistedGrantDbContext.PersistedGrants.Where(vn => vn.SubjectId == student.ID).ToList();
_persistedGrantDbContext.PersistedGrants.RemoveRange(tokenlist);
await _persistedGrantDbContext.SaveChangesAsync();
context.Result = new GrantValidationResult(student.ID, GrantType, claims);
}
public void InitialData()
{
this.passwordValidator = new ResourceOwnerPasswordValidator(userStore);
this.userWithoutClaims = new User {
Id = "1",
Nickname = "gustavo.matos",
Username = "******",
Roles = new List <string> {
"Admin",
"Analyst"
},
Email = "*****@*****.**",
Password = "******"
};
this.userWitHashedPassword = new User {
Id = "1",
Nickname = "gustavo.matos",
Username = "******",
Roles = new List <string> {
"Admin",
"Analyst"
},
Email = "*****@*****.**",
Password = BCrypt.Net.BCrypt.HashPassword("123456")
};
this.userWithClaims = new User {
Id = "1",
Nickname = "gustavo.matos",
Username = "******",
Roles = new List <string> {
"Admin",
"Analyst"
},
Email = "*****@*****.**",
Password = BCrypt.Net.BCrypt.HashPassword("123456"),
Claims = new Dictionary <string, IEnumerable <string> >()
{
{ "TESTE", new List <string>()
{
"Hahahah"
} }
}
};
this.grantValidationResultError = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "invalid_user_credentials");
this.grantValidationResultWhenExceptionIsThrown = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "user_validation_error");
this.additionalInfoResult = new GrantValidationResult(
subject: userWithClaims.Id,
authenticationMethod: "custom",
claims: ResourceOwnerPasswordValidator.GetUserClaims(userWithClaims)
);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"]; //手机号
var code = context.Request.Raw["mobile_verify_code"]; //验证码
if (phone == "18621685194" && code == "8888")
{
context.Result = new GrantValidationResult(
subject: phone,
authenticationMethod: "custom",
claims: new Claim[] {
new Claim("user_id", "888"),
new Claim("user_name", "18621685194"),
new Claim("mobile", "18621685194"),
new Claim("email", "*****@*****.**")
}
);
return;
}
var errorvalidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = errorvalidationResult;
return;
}
var verification = await _verificationServiceProxy.GetVerification(BizCode.Login, phone);
if (verification == null)
{
context.Result = errorvalidationResult;
return;
}
var result = await _userServiceProxy.GetUser(phone);
if (result == null)
{
await _userServiceProxy.AddUser(phone, null, phone, null, null);
}
context.Result = new GrantValidationResult(
subject: phone,
authenticationMethod: "custom",
claims: new Claim[] {
new Claim("user_id", ""),
new Claim("user_name", phone),
new Claim("mobile", phone),
new Claim("email", "")
}
);
}
private GrantValidationResult BuildErrorResult(StsAccountStatusCode statusCode, string description = null)
{
var result = new GrantValidationResult(TokenRequestErrors.InvalidGrant)
{
CustomResponse = new Dictionary <string, object>()
{
{ StsLoginStatus.LoginStatusSymbol, statusCode },
{ StsLoginStatus.LoginStatusDescriptionSymbol, description == null?statusCode.ToDescription() : description }
}
};
return(result);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
string phone = context.Request.Raw["Phone"];
string pwd = context.Request.Raw["PassWord"];
string code = context.Request.Raw["AuthCode"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code) || string.IsNullOrWhiteSpace(pwd))
{
context.Result = errorValidationResult;
return;
}
Regex Reg_phone = new Regex(@"^((13[0-9])|(14[5|7])|(15([0-9]))|(17[0-9])|(18[0-9])|(19[0-9]))\d{8}$");
if (!Reg_phone.IsMatch(phone))
{
context.Result = errorValidationResult;
return;
}
if (!_authcodeServices.Validate(phone, code))
{
context.Result = errorValidationResult;
return;
}
var userInfo = await _userServices.CreateOrCheck(new Models.Users.UserInfo {
UserName = phone, UserPassword = pwd, Phone = phone
});
if (userInfo == null)
{
context.Result = errorValidationResult;
return;
}
Claim[] claims = new Claim[]
{
new Claim("name", userInfo.Name ?? string.Empty),
new Claim("title", userInfo.Title ?? string.Empty),
new Claim("company", userInfo.Company ?? string.Empty),
new Claim("avatar", userInfo.Avatar ?? string.Empty),
};
context.Result = new GrantValidationResult(userInfo.UserId.ToString(), GrantType, claims);
}
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
if (false) //验证成功
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient, "invalid grant");
return(Task.FromResult(0));
}
var _rel = new GrantValidationResult(new Dictionary <string, object>()
{
//需要返回的Claim ,GetUserClaim(context);
});
context.Result = _rel;
//认证成功
return(Task.FromResult(1));
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
ClaimsIdentity userIdentity = new ClaimsIdentity();
DateTime epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
userIdentity.AddClaim(new Claim(JwtClaimTypes.Subject, "sub"));
userIdentity.AddClaim(new Claim(JwtClaimTypes.IdentityProvider, "homekuru"));
userIdentity.AddClaim(new Claim(JwtClaimTypes.AuthenticationMethod, "password"));
userIdentity.AddClaim(new Claim(JwtClaimTypes.AuthenticationTime, ((long)(DateTime.UtcNow - epoch).TotalSeconds).ToString()));
ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
var res = new GrantValidationResult(principal);
context.Result = res;
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"]; //手机号
var code = context.Request.Raw["mobile_verify_code"]; //验证码
if (phone == "18621685194" && code == "8888")
{
context.Result = new GrantValidationResult(
subject: phone,
authenticationMethod: "custom",
claims: new Claim[] {
new Claim("UserId", "1868253c-efc5-4bdc-adfe-3ab7f13a3481"),
new Claim("Name", phone),
new Claim("NickName", phone)
}
);
return;
}
var errorvalidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = errorvalidationResult;
return;
}
var result = await _userServiceProxy.VerifyCookAppUserByVerifyCode(phone, code);
if (result == null)
{
context.Result = errorvalidationResult;
return;
}
context.Result = new GrantValidationResult(
subject: phone,
authenticationMethod: "custom",
claims: new Claim[] {
new Claim("UserId", result.Id),
new Claim("Name", phone),
new Claim("NickName", result.UserName)
}
);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var userInfo = context.Request.Raw["userInfo"];
var userId = context.Request.Raw["userId"];
var claimsIdentity = context.Request.Raw["claimsIdentity"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
//用户不存在
if (string.IsNullOrWhiteSpace(userInfo) || string.IsNullOrWhiteSpace(userId))
{
errorValidationResult.ErrorDescription = "用户不存在";
context.Result = errorValidationResult;
return;
}
try
{
var claims = new Claim[]
{
new Claim("userInfo", userInfo),
//new Claim("phone",userInfo.PhoneNumber??string.Empty),
//new Claim("cardId",userInfo.CardId??string.Empty),
//new Claim(JwtClaimTypes.Subject, userInfo.Id.ToString()),
new Claim(JwtClaimTypes.Role, "portal"),
//new Claim(JwtClaimTypes.p)
};
var ClaimsIdentity = CreateJwtClaims(JsonHelper.ToObject <ClaimsIdentity>(claimsIdentity));
ClaimsIdentity.AddRange(claims);
context.Result = new GrantValidationResult(userId, GrantType, ClaimsIdentity);
}
catch (Exception e)
{
_logger.LogError("ValidateAsync错误:" + e.StackTrace);
errorValidationResult.ErrorDescription = e.Message;
context.Result = errorValidationResult;
}
await Task.CompletedTask;
return;
}
//connect/token 访问进来
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = errorValidationResult;
return;
}
//检查手机号和验证码是否匹配
if (!await _authCodeService.Validate(phone, code))
{
context.Result = errorValidationResult;
return;
}
//var userInfo = await _userService.GetOrCreateAsync(phone);
//if (userInfo == null)
//{
// //如果用户ID小于等于0 ,验证失败
// context.Result = errorValidationResult;
// return;
//}
#region 测试代码
var userInfo = new BaseUserInfo();
userInfo.Name = "luoyi";
userInfo.Title = "denglu";
userInfo.Company = "hw";
userInfo.Avatar = "2222";
#endregion
//构建UserClaims
var claims = new Claim[]
{
new Claim("name", userInfo.Name ?? string.Empty),
new Claim("title", userInfo.Title ?? string.Empty),
new Claim("company", userInfo.Company ?? string.Empty),
new Claim("avatar", userInfo.Avatar ?? string.Empty)
};
context.Result = new GrantValidationResult(userInfo.UserId.ToString(), GrantType, claims);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
//从请求中获得 手机号和验证码
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
//授权失败
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
//检查手机号和验证码参数是否符合预期
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
context.Result = errorValidationResult;
return;
}
//检测验证码
if (!await _authCodeService.Validate(phone, code))
{
context.Result = errorValidationResult;
return;
}
// //构建UserClaims
// var claims = new Claim[]
// {
// new Claim("name","gzz"),
// new Claim(phone,code),
// };
// context.Result = new GrantValidationResult("gzz_id", GrantType, claims);
//完成用户注册
var userId = await _userService.CheckOrCreate(phone);
if (userId <= 0)
{
context.Result = errorValidationResult;
return;
}
context.Result = new GrantValidationResult(userId.ToString(), GrantType);
}
public async Task ValidateAsync_Should_Set_Fail_GrantValidationResult_When_Account_Email_Is_Not_Confirmed()
{
var account = Account.Builder()
.SetId(Guid.NewGuid())
.SetEmail("*****@*****.**")
.SetConfirmed(false)
.SetPasswordHash("PasswordHash")
.SetSecurityStamp(Guid.NewGuid())
.SetCreated(DateTimeOffset.UtcNow)
.SetRoles(new List <Guid> {
Guid.NewGuid()
})
.Build();
var getAccountResult = GetResult <Account> .Ok(account);
var errors = new Collection <IError>
{
new Error(AccountErrorCodeEnumeration.NotConfirmed, AccountErrorMessage.NotConfirmed)
};
var accountCanBeAuthenticatedResult = VerificationResult.Fail(errors);
var context = new ResourceOwnerPasswordValidationContext
{
Request = new ValidatedTokenRequest
{
GrantType = GrantType.ResourceOwnerPassword
}
};
var expectedResult = new GrantValidationResult(TokenRequestErrors.InvalidTarget, accountCanBeAuthenticatedResult.Errors.Single().ErrorMessage);
_accountGetterServiceMock.Setup(x => x.GetByEmailAsync(It.IsAny <string>()))
.ReturnsAsync(getAccountResult);
_accountVerificationServiceMock
.Setup(x => x.VerifyAccountCanBeAuthenticated(It.IsAny <Account>(), It.IsAny <string>()))
.Returns(accountCanBeAuthenticatedResult);
Func <Task> result = async() => await _resourceOwnerPasswordValidator.ValidateAsync(context);
await result.Should().NotThrowAsync <Exception>();
context.Result.Should().BeEquivalentTo(expectedResult);
}
public Task <GrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request)
{
// Check The UserName And Password In Database, Return The Subject If Correct, Return Null Otherwise
string subject = null;
if (userName == "bob" && password == "1234")
{
subject = "validated";
}
if (subject == null)
{
var result = new GrantValidationResult(subject, "Username Or Password Incorrect");
return(Task.FromResult(result));
}
else
{
var result = new GrantValidationResult(subject, "password");
return(Task.FromResult(result));
}
}
public override async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var result = new GrantValidationResult {
IsError = false
};
var user = await userManager.FindByNameAsync(context.UserName);
if (user == null)
{
result.IsError = true;
result.Error = "invalid_grant";
result.ErrorDescription = "invalid_username_or_password";
context.Result = result;
}
else
{
var siginResult = await this.signInManager.PasswordSignInAsync(user, context.Password, false, true);
if (siginResult == SignInResult.Success)
{
await base.ValidateAsync(context);
result = context.Result;
}
else if (siginResult == SignInResult.Failed)
{
result.Error = "invalid_grant";
result.ErrorDescription = "invalid_username_or_password";
result.IsError = true;
}
else if (siginResult == SignInResult.LockedOut)
{
result.Error = "invalid_grant";
result.ErrorDescription = "Your account is locked, click on Forgot my password";
result.IsError = true;
}
}
context.Result = result;
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
//由于这里定义的是InvalidGrant,所以再请求时,无论时什么错误都会抛出InvalidGrant错误
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
if (string.IsNullOrEmpty(phone) || string.IsNullOrEmpty(code))
{
context.Result = errorValidationResult;
}
//检查验证码
if (!_authCodeService.Validate(phone, code))
{
context.Result = errorValidationResult;
return;
}
//完成用户注册
var userInfo = await _userService.CheckOrCreate(phone);//如果请求路径不对,例如在UserService的_userServiceUrl的变量中忘记添加http://执行到这里就不会继续进行了,并在postman中提示 "error": "invalid_grant"
if (userInfo == null)
{
context.Result = errorValidationResult;
return;
}
var claims = new Claim[] {
new Claim("name", userInfo.Name ?? string.Empty),
new Claim("company", userInfo.Company ?? string.Empty),
new Claim("title", userInfo.Title ?? string.Empty),
new Claim("avatar", userInfo.Avatar ?? string.Empty),
};
//context.Result = new GrantValidationResult(userId.ToString(), GrantType);
context.Result = new GrantValidationResult(userInfo.UserId.ToString(), GrantType, claims);
}
/// <summary>
/// 验证用户获取tokcer
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var phone = context.Request.Raw["phone"];
var code = context.Request.Raw["auth_code"];
var errorValidationResult = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
//判断手机号和验证码
if (string.IsNullOrWhiteSpace(phone) || string.IsNullOrWhiteSpace(code))
{
//返回错误的状态
context.Result = errorValidationResult;
return;
}
//验证验证码
if (!_authCodeService.Validate(phone, authCode: code))
{
context.Result = errorValidationResult;
return;
}
var userInfo = await _userService.CheckOrCreateAsync(phone);
if (userInfo == null)
{
context.Result = errorValidationResult;
return;
}
//赋值
List <Claim> list = new List <Claim>()
{
new Claim("name", userInfo.Name ?? string.Empty),
new Claim("company", userInfo.Company ?? string.Empty),
new Claim("phone", userInfo.Phone ?? string.Empty),
new Claim("title", userInfo.Title ?? string.Empty),
new Claim("avatar", userInfo.Avatar ?? string.Empty),
};
context.Result = new GrantValidationResult(userInfo.Id.ToString(), GrantType, list);
}
