public async Task <IActionResult> HandleLogin([Bind(Prefix = "loginModel")] LoginModel model) { if (ModelState.IsValid == false) { return(CurrentUmbracoPage()); } MergeRouteValuesToModel(model); // Sign the user in with username/password, this also gives a chance for developers to // custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker SignInResult result = await _signInManager.PasswordSignInAsync( model.Username, model.Password, isPersistent : model.RememberMe, lockoutOnFailure : true); if (result.Succeeded) { TempData["LoginSuccess"] = true; // If there is a specified path to redirect to then use it. if (model.RedirectUrl.IsNullOrWhiteSpace() == false) { // Validate the redirect URL. // If it's not a local URL we'll redirect to the root of the current site. return(Redirect(Url.IsLocalUrl(model.RedirectUrl) ? model.RedirectUrl : CurrentPage.AncestorOrSelf(1).Url(PublishedUrlProvider))); } // Redirect to current URL by default. // This is different from the current 'page' because when using Public Access the current page // will be the login page, but the URL will be on the requested page so that's where we need // to redirect too. return(RedirectToCurrentUmbracoUrl()); } if (result.RequiresTwoFactor) { throw new NotImplementedException("Two factor support is not supported for Umbraco members yet"); } // TODO: We can check for these and respond differently if we think it's important // result.IsLockedOut // result.IsNotAllowed // Don't add a field level error, just model level. ModelState.AddModelError("loginModel", "Invalid username or password"); return(CurrentUmbracoPage()); }
public async Task <IActionResult> HandleLogin([Bind(Prefix = "loginModel")] LoginModel model) { if (ModelState.IsValid == false) { return(CurrentUmbracoPage()); } MergeRouteValuesToModel(model); // Sign the user in with username/password, this also gives a chance for developers to // custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker SignInResult result = await _signInManager.PasswordSignInAsync( model.Username, model.Password, isPersistent : model.RememberMe, lockoutOnFailure : true); if (result.Succeeded) { TempData["LoginSuccess"] = true; // If there is a specified path to redirect to then use it. if (model.RedirectUrl.IsNullOrWhiteSpace() == false) { // Validate the redirect URL. // If it's not a local URL we'll redirect to the root of the current site. return(Redirect(Url.IsLocalUrl(model.RedirectUrl) ? model.RedirectUrl : CurrentPage !.AncestorOrSelf(1) !.Url(PublishedUrlProvider))); } // Redirect to current URL by default. // This is different from the current 'page' because when using Public Access the current page // will be the login page, but the URL will be on the requested page so that's where we need // to redirect too. return(RedirectToCurrentUmbracoUrl()); } if (result.RequiresTwoFactor) { MemberIdentityUser attemptedUser = await _memberManager.FindByNameAsync(model.Username); if (attemptedUser == null) { return(new ValidationErrorResult( $"No local member found for username {model.Username}")); } var providerNames = await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(attemptedUser.Key); ViewData.SetTwoFactorProviderNames(providerNames); } else if (result.IsLockedOut) { ModelState.AddModelError("loginModel", "Member is locked out"); } else if (result.IsNotAllowed) { ModelState.AddModelError("loginModel", "Member is not allowed"); } else { ModelState.AddModelError("loginModel", "Invalid username or password"); } return(CurrentUmbracoPage()); }