public async Task <IActionResult> CheckUserNameExists([FromBody] ValidateUserNameRequest request) { if (!ModelState.IsValid) { return(BadRequest(new ValidationProblemDetails(ModelState))); } var user = await _userManager.FindByNameAsync(request.UserName); return(user == null?NotFound() : StatusCode(StatusCodes.Status302Found)); }
public async Task <IActionResult> CheckUserNameExists([FromBody] ValidateUserNameRequest request) { var allowUserEnumeration = _configuration.GetSection(GeneralSettings.Name).GetValue <bool?>("AllowUserEnumeration") ?? _configuration.GetValue <bool?>("AllowUserEnumeration") ?? true; if (!allowUserEnumeration) { return(StatusCode(StatusCodes.Status410Gone)); } if (!ModelState.IsValid) { return(BadRequest(new ValidationProblemDetails(ModelState))); } var user = await _userManager.FindByNameAsync(request.UserName); return(user == null?NotFound() : StatusCode(StatusCodes.Status302Found)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // Check if we are in the context of an authorization request. var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // The user clicked the 'cancel' button. if (button != "login") { if (context != null) { // If the user cancels, send a result back into IdentityServer as if they denied the consent (even if this client does not require consent). // This will send back an access denied OIDC error response to the client. await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied); // We can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null. if (context.IsNativeClient()) { // The client is native, so this change in how to return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } return(Redirect(model.ReturnUrl)); } else { // Since we don't have a valid context, then we just go back to the home page. return(Redirect("~/")); } } if (ModelState.IsValid) { // Validate username/password against database. var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, AccountOptions.AllowRememberLogin&& model.RememberLogin, lockoutOnFailure : true); User user = null; if (result.Succeeded) { user = await _userManager.FindByNameAsync(model.UserName); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName)); _logger.LogInformation("User '{UserName}' and email {Email} was successfully logged in.", user.UserName, user.Email); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // We can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null. return(Redirect(model.ReturnUrl)); } // Request for a local page. if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // User might have clicked on a malicious link - should be logged. _logger.LogError("User '{UserName}' might have clicked a malicious link during login: {ReturnUrl}.", UserName, model.ReturnUrl); throw new Exception("Invalid return URL."); } } if (result.IsLockedOut) { _logger.LogWarning("User '{UserName}' was locked out after {WrongLoginsNumber} unsuccessful login attempts.", UserName, user?.AccessFailedCount); await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "User locked out.")); ModelState.AddModelError(string.Empty, "Your account is temporarily locked. Please contact system administrator."); } else { _logger.LogWarning("User '{UserName}' entered invalid credentials during login.", UserName); await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "Invalid credentials.")); ModelState.AddModelError(string.Empty, "Please check your credentials."); } } // Something went wrong, show form with error. var viewModel = await _accountService.BuildLoginViewModelAsync(model); return(View(viewModel)); }