protected virtual async Task <IdentityUser> CreateExternalUserAsync(ExternalLoginInfo info)
{
await IdentityOptions.SetAsync();
var emailAddress = info.Principal.FindFirstValue(AbpClaimTypes.Email);
var user = new IdentityUser(GuidGenerator.Create(), emailAddress, emailAddress, CurrentTenant.Id);
CheckIdentityErrors(await UserManager.CreateAsync(user));
CheckIdentityErrors(await UserManager.SetEmailAsync(user, emailAddress));
CheckIdentityErrors(await UserManager.AddLoginAsync(user, info));
CheckIdentityErrors(await UserManager.AddDefaultRolesAsync(user));
user.Name = info.Principal.FindFirstValue(AbpClaimTypes.Name);
user.Surname = info.Principal.FindFirstValue(AbpClaimTypes.SurName);
var phoneNumber = info.Principal.FindFirstValue(AbpClaimTypes.PhoneNumber);
if (!phoneNumber.IsNullOrWhiteSpace())
{
var phoneNumberConfirmed = string.Equals(info.Principal.FindFirstValue(AbpClaimTypes.PhoneNumberVerified), "true", StringComparison.InvariantCultureIgnoreCase);
user.SetPhoneNumber(phoneNumber, phoneNumberConfirmed);
}
await UserManager.UpdateAsync(user);
return(user);
}
protected virtual async Task RegisterExternalUserAsync(ExternalLoginInfo externalLoginInfo, string emailAddress)
{
await IdentityOptions.SetAsync();
var user = new IdentityUser(GuidGenerator.Create(), emailAddress, emailAddress, CurrentTenant.Id);
(await UserManager.CreateAsync(user)).CheckErrors();
(await UserManager.AddDefaultRolesAsync(user)).CheckErrors();
var userLoginAlreadyExists = user.Logins.Any(x =>
x.TenantId == user.TenantId &&
x.LoginProvider == externalLoginInfo.LoginProvider &&
x.ProviderKey == externalLoginInfo.ProviderKey);
if (!userLoginAlreadyExists)
{
(await UserManager.AddLoginAsync(user, new UserLoginInfo(
externalLoginInfo.LoginProvider,
externalLoginInfo.ProviderKey,
externalLoginInfo.ProviderDisplayName
))).CheckErrors();
}
await SignInManager.SignInAsync(user, isPersistent : true);
}
protected override async Task RegisterExternalUserAsync(ExternalLoginInfo externalLoginInfo, string emailAddress)
{
await IdentityOptions.SetAsync();
var user = new Volo.Abp.Identity.IdentityUser(GuidGenerator.Create(), emailAddress, emailAddress, CurrentTenant.Id);
(await UserManager.CreateAsync(user)).CheckErrors();
(await UserManager.AddDefaultRolesAsync(user)).CheckErrors();
var userLoginAlreadyExists = user.Logins.Any(x =>
x.TenantId == user.TenantId &&
x.LoginProvider == externalLoginInfo.LoginProvider &&
x.ProviderKey == externalLoginInfo.ProviderKey);
if (!userLoginAlreadyExists)
{
(await UserManager.AddLoginAsync(user, new UserLoginInfo(
externalLoginInfo.LoginProvider,
externalLoginInfo.ProviderKey,
externalLoginInfo.ProviderDisplayName
))).CheckErrors();
}
await SendEmailToAskForEmailConfirmationAsync(user);
}
public virtual async Task ResetPasswordAsync(PhoneResetPasswordDto input)
{
var securityTokenCacheKey = SmsSecurityTokenCacheItem.CalculateCacheKey(input.PhoneNumber, "SmsVerifyCode");
var securityTokenCacheItem = await SecurityTokenCache.GetAsync(securityTokenCacheKey);
if (securityTokenCacheItem == null)
{
throw new UserFriendlyException(L["InvalidSmsVerifyCode"]);
}
await IdentityOptions.SetAsync();
// 传递 isConfirmed 用户必须是已确认过手机号的
var user = await GetUserByPhoneNumberAsync(input.PhoneNumber, isConfirmed : true);
// 验证二次认证码
if (!await UserManager.VerifyTwoFactorTokenAsync(user, TokenOptions.DefaultPhoneProvider, input.Code))
{
// 验证码无效
throw new UserFriendlyException(L["InvalidSmsVerifyCode"]);
}
// 生成真正的重置密码Token
var resetPwdToken = await UserManager.GeneratePasswordResetTokenAsync(user);
// 重置密码
(await UserManager.ResetPasswordAsync(user, resetPwdToken, input.NewPassword)).CheckErrors();
// 移除缓存项
await SecurityTokenCache.RemoveAsync(securityTokenCacheKey);
await CurrentUnitOfWork.SaveChangesAsync();
}
public virtual async Task <IActionResult> OnPostAsync(string action)
{
await CheckLocalLoginAsync();
ValidateModel();
ExternalProviders = await GetExternalProviders();
EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin);
await ReplaceEmailToUsernameOfInputIfNeeds();
await IdentityOptions.SetAsync();
var result = await SignInManager.PasswordSignInAsync(
LoginInput.UserNameOrEmailAddress,
LoginInput.Password,
LoginInput.RememberMe,
true
);
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.Identity,
Action = result.ToIdentitySecurityLogAction(),
UserName = LoginInput.UserNameOrEmailAddress
});
if (result.RequiresTwoFactor)
{
return(await TwoFactorLoginResultAsync());
}
if (result.IsLockedOut)
{
Alerts.Warning(L["UserLockedOutMessage"]);
return(Page());
}
if (result.IsNotAllowed)
{
Alerts.Warning(L["LoginIsNotAllowed"]);
return(Page());
}
if (!result.Succeeded)
{
Alerts.Danger(L["InvalidUserNameOrPassword"]);
return(Page());
}
//TODO: Find a way of getting user's id from the logged in user and do not query it again like that!
var user = await UserManager.FindByNameAsync(LoginInput.UserNameOrEmailAddress) ??
await UserManager.FindByEmailAsync(LoginInput.UserNameOrEmailAddress);
Debug.Assert(user != null, nameof(user) + " != null");
return(RedirectSafely(ReturnUrl, ReturnUrlHash));
}
public async Task <IdentityUser> CreateUserAsync(string userName, string providerName, string plainPassword)
{
if (CanObtainUserInfoWithoutPassword)
{
return(await CreateUserAsync(userName, providerName));
}
await IdentityOptions.SetAsync();
var externalUser = await GetUserInfoAsync(userName, plainPassword);
return(await CreateUserAsync(externalUser, userName, providerName));
}
public virtual async Task RegisterAsync(PhoneRegisterDto input)
{
await CheckSelfRegistrationAsync();
await IdentityOptions.SetAsync();
await CheckNewUserPhoneNumberNotBeUsedAsync(input.PhoneNumber);
var securityTokenCacheKey = SmsSecurityTokenCacheItem.CalculateCacheKey(input.PhoneNumber, "SmsVerifyCode");
var securityTokenCacheItem = await SecurityTokenCache.GetAsync(securityTokenCacheKey);
if (securityTokenCacheItem == null)
{
// 验证码过期
throw new UserFriendlyException(L["InvalidSmsVerifyCode"]);
}
// 验证码是否有效
if (input.Code.Equals(securityTokenCacheItem.Token) && int.TryParse(input.Code, out int token))
{
var securityToken = Encoding.Unicode.GetBytes(securityTokenCacheItem.SecurityToken);
// 校验totp验证码
if (TotpService.ValidateCode(securityToken, token, securityTokenCacheKey))
{
var userEmail = input.EmailAddress ?? $"{input.PhoneNumber}@{CurrentTenant.Name ?? "default"}.io";//如果邮件地址不验证,随意写入一个
var userName = input.UserName ?? input.PhoneNumber;
var user = new IdentityUser(GuidGenerator.Create(), userName, userEmail, CurrentTenant.Id)
{
Name = input.Name ?? input.PhoneNumber
};
await UserStore.SetPhoneNumberAsync(user, input.PhoneNumber);
await UserStore.SetPhoneNumberConfirmedAsync(user, true);
(await UserManager.CreateAsync(user, input.Password)).CheckErrors();
(await UserManager.AddDefaultRolesAsync(user)).CheckErrors();
await SecurityTokenCache.RemoveAsync(securityTokenCacheKey);
await CurrentUnitOfWork.SaveChangesAsync();
return;
}
}
// 验证码无效
throw new UserFriendlyException(L["InvalidSmsVerifyCode"]);
}
protected virtual async Task <IdentityUser> CreateExternalUserAsync(ExternalLoginInfo info)
{
await IdentityOptions.SetAsync();
var emailAddress = info.Principal.FindFirstValue(AbpClaimTypes.Email);
var user = new IdentityUser(GuidGenerator.Create(), emailAddress, emailAddress, CurrentTenant.Id);
CheckIdentityErrors(await UserManager.CreateAsync(user));
CheckIdentityErrors(await UserManager.SetEmailAsync(user, emailAddress));
CheckIdentityErrors(await UserManager.AddLoginAsync(user, info));
CheckIdentityErrors(await UserManager.AddDefaultRolesAsync(user));
return(user);
}
public async Task UpdateUserAsync(IdentityUser user, string providerName, string plainPassword)
{
if (CanObtainUserInfoWithoutPassword)
{
await UpdateUserAsync(user, providerName);
return;
}
await IdentityOptions.SetAsync();
var externalUser = await GetUserInfoAsync(user, plainPassword);
await UpdateUserAsync(user, externalUser, providerName);
}
/// <summary>
/// 登录
/// </summary>
/// <param name="input">The parameters.</param>
/// <returns>Task<ClaimsPrincipal>.</returns>
public async Task <ClaimsPrincipal> SignInAsync(SignInDto input)
{
await IdentityOptions.SetAsync();
var user = await UserManager.FindByNameAsync(input.UserName);
if (user != null)
{
var check = await UserManager.CheckPasswordAsync(user, input.Passowrd);
if (check)
{
return(await UserClaimsPrincipalFactory.CreateAsync(user));
}
}
throw new UserFriendlyException("用户名或密码错误");
}
public virtual async Task RegisterAsync(WeChatRegisterDto input)
{
ThowIfInvalidEmailAddress(input.EmailAddress);
await CheckSelfRegistrationAsync();
await IdentityOptions.SetAsync();
var options = await MiniProgramOptionsFactory.CreateAsync();
var wehchatOpenId = await WeChatOpenIdFinder.FindAsync(input.Code, options.AppId, options.AppSecret);
var user = await UserManager.FindByLoginAsync(AbpWeChatMiniProgramConsts.ProviderKey, wehchatOpenId.OpenId);
if (user != null)
{
// 应该要抛出微信号已注册异常,而不是直接返回注册用户数据,否则造成用户信息泄露
throw new UserFriendlyException(L["DuplicateWeChat"]);
}
var userName = input.UserName;
if (userName.IsNullOrWhiteSpace())
{
userName = "******" + wehchatOpenId.OpenId.ToMd5().ToLower();
}
var userEmail = input.EmailAddress;//如果邮件地址不验证,随意写入一个
if (userEmail.IsNullOrWhiteSpace())
{
userEmail = $"{userName}@{CurrentTenant.Name ?? "default"}.io";
}
user = new IdentityUser(GuidGenerator.Create(), userName, userEmail, CurrentTenant.Id);
(await UserManager.CreateAsync(user, input.Password)).CheckErrors();
(await UserManager.AddDefaultRolesAsync(user)).CheckErrors();
var userLogin = new UserLoginInfo(AbpWeChatMiniProgramConsts.ProviderKey, wehchatOpenId.OpenId, AbpWeChatGlobalConsts.DisplayName);
(await UserManager.AddLoginAsync(user, userLogin)).CheckErrors();
await CurrentUnitOfWork.SaveChangesAsync();
}
public virtual async Task <IActionResult> OnGetExternalLoginCallbackAsync(string returnUrl = "", string returnUrlHash = "", string remoteError = null)
{
//TODO: Did not implemented Identity Server 4 sample for this method (see ExternalLoginCallback in Quickstart of IDS4 sample)
/* Also did not implement these:
* - Logout(string logoutId)
*/
if (remoteError != null)
{
Logger.LogWarning($"External login callback error: {remoteError}");
return(RedirectToPage("./Login"));
}
await IdentityOptions.SetAsync();
var loginInfo = await SignInManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
Logger.LogWarning("External login info is not available");
return(RedirectToPage("./Login"));
}
var result = await SignInManager.ExternalLoginSignInAsync(
loginInfo.LoginProvider,
loginInfo.ProviderKey,
isPersistent : false,
bypassTwoFactor : true
);
if (!result.Succeeded)
{
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.IdentityExternal,
Action = "Login" + result
});
}
if (result.IsLockedOut)
{
Logger.LogWarning($"External login callback error: user is locked out!");
throw new UserFriendlyException("Cannot proceed because user is locked out!");
}
if (result.IsNotAllowed)
{
Logger.LogWarning($"External login callback error: user is not allowed!");
throw new UserFriendlyException("Cannot proceed because user is not allowed!");
}
if (result.Succeeded)
{
return(RedirectSafely(returnUrl, returnUrlHash));
}
//TODO: Handle other cases for result!
var email = loginInfo.Principal.FindFirstValue(AbpClaimTypes.Email);
if (email.IsNullOrWhiteSpace())
{
return(RedirectToPage("./Register", new {
IsExternalLogin = true,
ExternalLoginAuthSchema = loginInfo.LoginProvider,
ReturnUrl = returnUrl
}));
}
var user = await UserManager.FindByEmailAsync(email);
if (user == null)
{
user = await CreateExternalUserAsync(loginInfo);
}
else
{
if (await UserManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey) == null)
{
CheckIdentityErrors(await UserManager.AddLoginAsync(user, loginInfo));
}
}
await SignInManager.SignInAsync(user, false);
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.IdentityExternal,
Action = result.ToIdentitySecurityLogAction(),
UserName = user.Name
});
return(RedirectSafely(returnUrl, returnUrlHash));
}
public override async Task <IActionResult> OnPostAsync(string action)
{
var context = await Interaction.GetAuthorizationContextAsync(ReturnUrl);
if (action == "Cancel")
{
if (context == null)
{
return(Redirect("~/"));
}
await Interaction.GrantConsentAsync(context, new ConsentResponse()
{
Error = AuthorizationError.AccessDenied
});
return(Redirect(ReturnUrl));
}
await CheckLocalLoginAsync();
ValidateModel();
await IdentityOptions.SetAsync();
ExternalProviders = await GetExternalProviders();
EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin);
await ReplaceEmailToUsernameOfInputIfNeeds();
var result = await SignInManager.PasswordSignInAsync(
LoginInput.UserNameOrEmailAddress,
LoginInput.Password,
LoginInput.RememberMe,
true
);
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.Identity,
Action = result.ToIdentitySecurityLogAction(),
UserName = LoginInput.UserNameOrEmailAddress,
ClientId = context?.Client?.ClientId
});
if (result.RequiresTwoFactor)
{
return(await TwoFactorLoginResultAsync());
}
if (result.IsLockedOut)
{
Alerts.Warning(L["UserLockedOutMessage"]);
return(Page());
}
if (result.IsNotAllowed)
{
Alerts.Warning(L["LoginIsNotAllowed"]);
return(Page());
}
if (!result.Succeeded)
{
Alerts.Danger(L["InvalidUserNameOrPassword"]);
return(Page());
}
//TODO: Find a way of getting user's id from the logged in user and do not query it again like that!
var user = await UserManager.FindByNameAsync(LoginInput.UserNameOrEmailAddress) ??
await UserManager.FindByEmailAsync(LoginInput.UserNameOrEmailAddress);
Debug.Assert(user != null, nameof(user) + " != null");
await IdentityServerEvents.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName)); //TODO: Use user's name once implemented
return(RedirectSafely(ReturnUrl, ReturnUrlHash));
}
public virtual async Task <IActionResult> OnGetExternalLoginCallbackAsync(string returnUrl = "", string returnUrlHash = "", string remoteError = null)
{
//TODO: Did not implemented Identity Server 4 sample for this method (see ExternalLoginCallback in Quickstart of IDS4 sample)
/* Also did not implement these:
* - Logout(string logoutId)
*/
if (remoteError != null)
{
Logger.LogWarning($"External login callback error: {remoteError}");
return(RedirectToPage("./Login"));
}
await IdentityOptions.SetAsync();
var loginInfo = await SignInManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
Logger.LogWarning("External login info is not available");
return(RedirectToPage("./Login"));
}
var result = await SignInManager.ExternalLoginSignInAsync(
loginInfo.LoginProvider,
loginInfo.ProviderKey,
isPersistent : false,
bypassTwoFactor : true
);
if (!result.Succeeded)
{
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.IdentityExternal,
Action = "Login" + result
});
}
if (result.IsLockedOut)
{
Logger.LogWarning($"External login callback error: user is locked out!");
throw new UserFriendlyException("Cannot proceed because user is locked out!");
}
if (result.IsNotAllowed)
{
Logger.LogWarning($"External login callback error: user is not allowed!");
throw new UserFriendlyException("Cannot proceed because user is not allowed!");
}
if (result.Succeeded)
{
return(RedirectSafely(returnUrl, returnUrlHash));
}
//TODO: Handle other cases for result!
// Get the information about the user from the external login provider
var externalLoginInfo = await SignInManager.GetExternalLoginInfoAsync();
if (externalLoginInfo == null)
{
throw new ApplicationException("Error loading external login information during confirmation.");
}
if (!IsEmailRetrievedFromExternalLogin(externalLoginInfo))
{
return(RedirectToPage("./Register", new
{
IsExternalLogin = true,
ExternalLoginAuthSchema = externalLoginInfo.LoginProvider,
ReturnUrl = returnUrl
}));
}
var user = await CreateExternalUserAsync(externalLoginInfo);
await SignInManager.SignInAsync(user, false);
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.IdentityExternal,
Action = result.ToIdentitySecurityLogAction(),
UserName = user.Name
});
return(RedirectSafely(returnUrl, returnUrlHash));
}
public virtual async Task <IActionResult> OnPostAsync(string action)
{
ActionHelper.AddTitle(this, "Login");
// Clean old noitify data
ViewData["LoginError"] = null;
await CheckLocalLoginAsync();
ValidateModel();
ExternalProviders = await GetExternalProviders();
EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin);
await ReplaceEmailToUsernameOfInputIfNeeds();
await IdentityOptions.SetAsync();
var result = await SignInManager.PasswordSignInAsync(
LoginInput.UserNameOrEmailAddress,
LoginInput.Password,
LoginInput.RememberMe,
true
);
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext()
{
Identity = IdentitySecurityLogIdentityConsts.Identity,
Action = result.ToIdentitySecurityLogAction(),
UserName = LoginInput.UserNameOrEmailAddress
});
if (result.RequiresTwoFactor)
{
return(await TwoFactorLoginResultAsync());
}
if (result.IsLockedOut)
{
ViewData["LoginError"] = L["Please try again after a few minutes"];
ToastHelper.ToastError(this, L["Please try again after a few minutes"]);
return(Page());
}
if (result.IsNotAllowed)
{
ViewData["LoginError"] = L["You are not permitted login right now"];
ToastHelper.ToastError(this, L["You are not permitted login right now"]);
return(Page());
}
if (!result.Succeeded)
{
ViewData["LoginError"] = L["Invalid Username/Email or Password"];
ToastHelper.ToastError(this, L["Invalid Username/Email or Password"]);
return(Page());
}
//TODO: Find a way of getting user's id from the logged in user and do not query it again like that!
var user = await UserManager.FindByNameAsync(LoginInput.UserNameOrEmailAddress) ??
await UserManager.FindByEmailAsync(LoginInput.UserNameOrEmailAddress);
Debug.Assert(user != null, nameof(user) + " != null");
ToastHelper.ToastSuccess(this, L["Login successful"]);
return(RedirectSafely(ReturnUrl, ReturnUrlHash));
}
