/// <summary>
/// 处理资源的授权
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userName = context.UserName;
var password = context.Password;
var client = context.OwinContext.Get <AppClientRecord>("jytOAuth2:client");
var loginMode = context.OwinContext.Get <string>("AppLoginModel");
if (string.IsNullOrEmpty(client.AllowedOrigin))
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
}
else
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { client.AllowedOrigin });
}
if (client.AllowedGrant == OAuth2Grant.Password)
{
var AppLoginWay = (AppLoginMode)Enum.Parse(typeof(AppLoginMode), loginMode.ToLowerInvariant());
//如果是短信验证码登录方式,首先检测验证码是否正确
if (AppLoginWay == AppLoginMode.smscode)
{
var success = await _securityCodeService.CheckCode(userName, Constant.SmsTypeForLogin, password, true);
if (!success)
{
context.SetError("invalid_grant", "验证码不正确或已过期");
}
}
if (String.IsNullOrWhiteSpace(userName) || String.IsNullOrWhiteSpace(password))
{
context.SetError("invalid_grant", "用户名和密码必须填写");
}
var user = _orchardServices.WorkContext.Resolve <IMembershipService>().GetUser(userName);
if (user != null)
{
if (AppLoginWay == AppLoginMode.smscode)
{
//调用后台的登录服务验证用户名与密码
user = _orchardServices.WorkContext.Resolve <IMembershipService>().ValidateUser(userName, Constant.DefaultAccountPassword);
if (user == null)
{
context.SetError("invalid_grant", "用户名或密码不正确");
Logger.Warning(string.Format("用户{0},从APP登录失败,登录方式:{1}.)", userName, loginMode));
}
}
else
{
//调用后台的登录服务验证用户名与密码
user = _orchardServices.WorkContext.Resolve <IMembershipService>().ValidateUser(userName, password);
}
if (user == null)
{
context.SetError("invalid_grant", "用户或密码不正确");
Logger.Warning(string.Format("用户{0},从APP登录失败,登录方式:{1}.", userName, loginMode));
}
_accountEventHandler.LoggedIn(user);
_accountEventHandler.UpdateLoginMode(user.Id, loginMode);
}
else
{
//创建用户并设置默认密码
user = _orchardServices.WorkContext.Resolve <IMembershipService>().CreateUser(new CreateUserParams(string.Join("|", userName, loginMode), Constant.DefaultAccountPassword, null, null, null, true));
_accountEventHandler.CreateAccountForUser(user, loginMode);
}
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
oAuthIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, user.Id.ToString()));
oAuthIdentity.AddClaim(new Claim("SettingName", _orchardServices.WorkContext.Resolve <ShellSettings>().Name));
AuthenticationProperties properties = CreateProperties(user, context);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
Logger.Information("用户{0}从APP登录成功", userName);
context.Validated(ticket);
}
else
{
context.SetError("invalid_grant", "客户端的密码凭据没有被授予访问");
Logger.Warning("用户{0},没有被授于密码凭据访问,登录失败", userName);
}
}
