public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
EnsureDatabaseCreated(_applicationDbContext);
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
CaptchaMiddleware.EnableOption("login", HttpContext.Session);
HttpContext.Session.Remove(SessionKeyPrefix_LoginTryTime + model.Email);
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(SendCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
}
if (result.IsLockedOut)
{
return View("Lockout");
}
else
{
var userLoginTimes = HttpContext.Session.GetInt32(SessionKeyPrefix_LoginTryTime + model.Email);
if (!userLoginTimes.HasValue)
userLoginTimes = 0;
userLoginTimes++;
HttpContext.Session.SetInt32(SessionKeyPrefix_LoginTryTime + model.Email, userLoginTimes.Value);
if (userLoginTimes.Value > 1) //after invalid login attemp two times, ask user to input captcha
CaptchaMiddleware.DisableOption("login", HttpContext.Session);
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
