public async Task <IActionResult> CheckUserNameExists([FromBody] ValidateUserNameRequest request)
{
if (!ModelState.IsValid)
{
return(BadRequest(new ValidationProblemDetails(ModelState)));
}
var user = await _userManager.FindByNameAsync(request.UserName);
return(user == null?NotFound() : StatusCode(StatusCodes.Status302Found));
}
public async Task <IActionResult> CheckUserNameExists([FromBody] ValidateUserNameRequest request)
{
var allowUserEnumeration = _configuration.GetSection(GeneralSettings.Name).GetValue <bool?>("AllowUserEnumeration") ?? _configuration.GetValue <bool?>("AllowUserEnumeration") ?? true;
if (!allowUserEnumeration)
{
return(StatusCode(StatusCodes.Status410Gone));
}
if (!ModelState.IsValid)
{
return(BadRequest(new ValidationProblemDetails(ModelState)));
}
var user = await _userManager.FindByNameAsync(request.UserName);
return(user == null?NotFound() : StatusCode(StatusCodes.Status302Found));
}
public async Task <IActionResult> Login(LoginInputModel model, string button)
{
// Check if we are in the context of an authorization request.
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// The user clicked the 'cancel' button.
if (button != "login")
{
if (context != null)
{
// If the user cancels, send a result back into IdentityServer as if they denied the consent (even if this client does not require consent).
// This will send back an access denied OIDC error response to the client.
await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied);
// We can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null.
if (context.IsNativeClient())
{
// The client is native, so this change in how to return the response is for better UX for the end user.
return(this.LoadingPage("Redirect", model.ReturnUrl));
}
return(Redirect(model.ReturnUrl));
}
else
{
// Since we don't have a valid context, then we just go back to the home page.
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
// Validate username/password against database.
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, AccountOptions.AllowRememberLogin&& model.RememberLogin, lockoutOnFailure : true);
User user = null;
if (result.Succeeded)
{
user = await _userManager.FindByNameAsync(model.UserName);
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName));
_logger.LogInformation("User '{UserName}' and email {Email} was successfully logged in.", user.UserName, user.Email);
if (context != null)
{
if (context.IsNativeClient())
{
// The client is native, so this change in how to return the response is for better UX for the end user.
return(this.LoadingPage("Redirect", model.ReturnUrl));
}
// We can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null.
return(Redirect(model.ReturnUrl));
}
// Request for a local page.
if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect("~/"));
}
else
{
// User might have clicked on a malicious link - should be logged.
_logger.LogError("User '{UserName}' might have clicked a malicious link during login: {ReturnUrl}.", UserName, model.ReturnUrl);
throw new Exception("Invalid return URL.");
}
}
if (result.IsLockedOut)
{
_logger.LogWarning("User '{UserName}' was locked out after {WrongLoginsNumber} unsuccessful login attempts.", UserName, user?.AccessFailedCount);
await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "User locked out."));
ModelState.AddModelError(string.Empty, "Your account is temporarily locked. Please contact system administrator.");
}
else
{
_logger.LogWarning("User '{UserName}' entered invalid credentials during login.", UserName);
await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "Invalid credentials."));
ModelState.AddModelError(string.Empty, "Please check your credentials.");
}
}
// Something went wrong, show form with error.
var viewModel = await _accountService.BuildLoginViewModelAsync(model);
return(View(viewModel));
}
