private async Task SetAdminPassword(string adminPassword)
{
var admin = await UserManager.FindByIdAsync("1");
await UserManager.InitializeOptionsAsync(AbpSession.TenantId);
var loginResult = await _logInManager.LoginAsync(User.AdminUserName, "123qwe");
var signInResult = await _signInManager.SignInOrTwoFactorAsync(loginResult, false);
if (signInResult.Succeeded)
{
CheckErrors(await UserManager.ChangePasswordAsync(admin, adminPassword));
admin.ShouldChangePasswordOnNextLogin = false;
CheckErrors(await UserManager.UpdateAsync(admin));
}
}
private async void Button_Click(object sender, RoutedEventArgs e)
{
await new SynchronizationContextRemove();
var loginResult = await _logInManager.LoginAsync(UserName, txt_password.Password);
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
Thread.CurrentPrincipal = new ClaimsPrincipal(loginResult.Identity);
mainWindowViewModel.User = (await _userManager.GetUserByIdAsync(AbpSession.UserId.Value));
SynchronizationContext.Post((o) => DialogResult = true, null);
break;
default:
throw CreateExceptionForFailedLoginAttempt(loginResult.Result, UserName, "");
}
}
public async Task <IActionResult> Bind(WechatBindInput input)
{
var openId = HttpContext.Session.GetString("WechatOpenId");
if (string.IsNullOrEmpty(openId))
{
return(Content("请从微信中访问"));
}
if (UseCaptchaOnRegistration())
{
RecaptchaValidator.Validate(input.Captcha);
}
var tenancyName = GetTenancyNameOrNull();
var loginResult = await LogInManager.LoginAsync(input.UserNameOrEmail, input.Password, tenancyName);
if (loginResult.Result != AbpLoginResultType.Success)
{
var exception =
AbpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(loginResult.Result,
input.UserNameOrEmail, tenancyName);
ViewData["Error"] = exception.Message;
return(View(input));
}
// 绑定
await _wechatService.BindAsync(new WechtLoginInput
{
UserId = loginResult.User.Id,
TenantId = loginResult.Tenant.Id,
ProviderKey = openId
});
await _signInManager.SignInAsync(loginResult.User, true);
if (AbpUrlHelper.IsLocalUrl(Request, input.ReturnUrl))
{
return(Redirect(input.ReturnUrl));
}
return(Redirect("/"));
}
private async Task <AbpLoginResult <Tenant, User> > GetLoginResultAsync(string usernameOrEmailAddress, string password, string tenancyName)
{
var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password, tenancyName);
if (SettingManager.GetSettingValueForApplication <bool>(AppSettingNames.UserManagement.IsPhoneNumberConfirmationRequiredForLogin) &&
!loginResult.User.IsPhoneNumberConfirmed)
{
throw new UserFriendlyException("登录失败", "没有验证手机号!");
}
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
return(loginResult);
default:
throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
}
}
public async Task LinkToUser(LinkToUserInput input)
{
var loginResult = await _logInManager.LoginAsync(input.UsernameOrEmailAddress, input.Password, input.TenancyName);
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(loginResult.Result, input.UsernameOrEmailAddress, input.TenancyName);
}
if (AbpSession.IsUser(loginResult.User))
{
throw new UserFriendlyException(L("YouCannotLinkToSameAccount"));
}
if (loginResult.User.ShouldChangePasswordOnNextLogin)
{
throw new UserFriendlyException(L("ChangePasswordBeforeLinkToAnAccount"));
}
await _userLinkManager.Link(GetCurrentUser(), loginResult.User);
}
public async Task <bool> ResetPassword(ResetPasswordDto input)
{
if (_abpSession.UserId == null)
{
throw new UserFriendlyException("Please log in before attempting to reset password.");
}
var currentUser = await _userManager.GetUserByIdAsync(_abpSession.GetUserId());
var loginAsync =
await _logInManager.LoginAsync(currentUser.UserName, input.AdminPassword, shouldLockout : false);
if (loginAsync.Result != AbpLoginResultType.Success)
{
throw new UserFriendlyException(
"Your 'Admin Password' did not match the one on record. Please try again.");
}
if (currentUser.IsDeleted || !currentUser.IsActive)
{
return(false);
}
var roles = await _userManager.GetRolesAsync(currentUser);
if (!roles.Contains(StaticRoleNames.Tenants.Admin))
{
throw new UserFriendlyException("Only administrators may reset passwords.");
}
var user = await _userManager.GetUserByIdAsync(input.UserId);
if (user != null)
{
user.Password = _passwordHasher.HashPassword(user, input.NewPassword);
await CurrentUnitOfWork.SaveChangesAsync();
}
return(true);
}
private async Task <LoginResult> GetLoginResultAsync(string usernameOrEmailAddress, string password)
{
var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password);
switch (loginResult.Result)
{
case LoginResultType.Success:
return(loginResult);
case LoginResultType.InvalidUserNameOrEmailAddress:
throw new UserFriendlyException("登录失败", "无效的登录用户名");
case LoginResultType.InvalidPassword:
throw new UserFriendlyException("登录失败", "无效的登录密码");
case LoginResultType.LockedOut:
throw new UserFriendlyException("登录失败", string.Format("用户 {0} 未激活,不能登录", loginResult.User.UserAccout));
default:
throw new UserFriendlyException("登录失败", "用户名或密码无效");
}
}
public async Task <JsonResult> Login(LoginViewModel loginModel, string returnUrl = "")
{
CheckModelState();
var loginResult = await _logInManager.LoginAsync(loginModel.UsernameOrEmailAddress, loginModel.Password);
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
break;
case AbpLoginResultType.InvalidUserNameOrEmailAddress:
case AbpLoginResultType.InvalidPassword:
throw new UserFriendlyException("Invalid user name or password!");
case AbpLoginResultType.UserIsNotActive:
throw new UserFriendlyException("User is not active: " + loginModel.UsernameOrEmailAddress);
case AbpLoginResultType.UserEmailIsNotConfirmed:
throw new UserFriendlyException("Your email address is not confirmed!");
default: //Can not fall to default for now. But other result types can be added in the future and we may forget to handle it
throw new UserFriendlyException("Unknown problem with login: " + loginResult.Result);
}
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
AuthenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = loginModel.RememberMe
}, loginResult.Identity);
if (string.IsNullOrWhiteSpace(returnUrl))
{
returnUrl = Request.ApplicationPath;
}
return(Json(new AjaxResponse {
TargetUrl = returnUrl
}));
}
public async Task SetPassword(SetPasswordDto input)
{
// Kiểm tra password admin
var adminUser = await _userRepository.FirstOrDefaultAsync((long)AbpSession.UserId);
var loginAsync = await _logInManager.LoginAsync(adminUser.UserName, input.AdminPassword, shouldLockout : false);
if (loginAsync.Result != AbpLoginResultType.Success)
{
throw new UserFriendlyException(L("WrongAdminPassword"));
}
var currentUser = await _userRepository.FirstOrDefaultAsync(input.UserId);
if (currentUser != null)
{
currentUser.Password = _passwordHasher.HashPassword(currentUser, input.Password);
}
else
{
throw new UserFriendlyException(L("AccountIsNotFound"));
}
}
public async Task <bool> ChangePassword(ChangePasswordDto input)
{
if (_abpSession.UserId == null)
{
throw new UserFriendlyException("Please log in before attemping to change password.");
}
long userId = _abpSession.UserId.Value;
var user = await _userManager.GetUserByIdAsync(userId);
var loginAsync = await _logInManager.LoginAsync(user.UserName, input.CurrentPassword, shouldLockout : false);
if (loginAsync.Result != AbpLoginResultType.Success)
{
throw new UserFriendlyException("Your 'Existing Password' did not match the one on record. Please try again or contact an administrator for assistance in resetting your password.");
}
if (!new Regex(AccountAppService.PasswordRegex).IsMatch(input.NewPassword))
{
throw new UserFriendlyException("Passwords must be at least 8 characters, contain a lowercase, uppercase, and number.");
}
user.Password = _passwordHasher.HashPassword(user, input.NewPassword);
CurrentUnitOfWork.SaveChanges();
return(true);
}
//public async Task<bool> ChangePassword(ChangePasswordDto input)
//{
// if (_abpSession.UserId == null)
// {
// throw new UserFriendlyException(L("LoginRequired"));
// }
// long userId = _abpSession.UserId.Value;
// var user = await _userManager.GetUserByIdAsync(userId);
// var loginAsync = await _logInManager.LoginAsync(user.UserName, input.CurrentPassword, shouldLockout: false);
// if (loginAsync.Result != AbpLoginResultType.Success)
// {
// throw new UserFriendlyException(L("WrongCurrentPassword"));
// }
// // Yêu cầu complex password
// //if (!new Regex(AccountAppService.PasswordRegex).IsMatch(input.NewPassword))
// //{
// // throw new UserFriendlyException("Passwords must be at least 8 characters, contain a lowercase, uppercase, and number.");
// //}
// user.Password = _passwordHasher.HashPassword(user, input.NewPassword);
// CurrentUnitOfWork.SaveChanges();
// return true;
//}
public async Task <bool> ResetPassword(ResetPasswordDto input)
{
if (_abpSession.UserId == null)
{
throw new UserFriendlyException(L("LoginRequired"));
}
long currentUserId = _abpSession.UserId.Value;
var currentUser = await _userManager.GetUserByIdAsync(currentUserId);
var loginAsync = await _logInManager.LoginAsync(currentUser.UserName, input.AdminPassword, shouldLockout : false);
if (loginAsync.Result != AbpLoginResultType.Success)
{
throw new UserFriendlyException(L("WrongAdminPassword"));
}
if (currentUser.IsDeleted || !currentUser.IsActive)
{
return(false);
}
var roles = await _userManager.GetRolesAsync(currentUser);
if (!roles.Contains(StaticRoleNames.Tenants.Admin))
{
throw new UserFriendlyException(L("RoleAdminRequired"));
}
var user = await _userManager.GetUserByIdAsync(input.UserId);
if (user != null)
{
user.Password = _passwordHasher.HashPassword(user, input.NewPassword);
CurrentUnitOfWork.SaveChanges();
}
return(true);
}
public async Task <UserDto> ChangePwd(string oldPwd, string newPwd)
{
// 获取当前用户
var user = await UserManager.FindByIdAsync(AbpSession.UserId.ToString());
var loginResult = await _logInManager.LoginAsync(user.UserName, oldPwd, GetTenancyNameOrNull());
// 校验旧密码是否正确
if (loginResult.Identity == null)
{
throw new MesException("旧密码输入错误");
}
var res = await UserManager.ChangePasswordAsyncNoValid(user, newPwd);
if (res.Succeeded)
{
return(Mapper.Map <User, UserDto>(loginResult.User));
}
else
{
throw new MesException(res.Errors);
}
}
public async Task <bool> ChangePassword(ChangePasswordDto input)
{
if (_abpSession.UserId == null)
{
throw new UserFriendlyException("Please log in before attemping to change password.");
}
long userId = _abpSession.UserId.Value;
var user = await _userManager.GetUserByIdAsync(userId);
string tenancyName = null;
int? tenantId = AbpSession.TenantId;
if (tenantId.HasValue)
{
Tenant tenant = await _tenantManager.GetByIdAsync(tenantId.Value);
tenancyName = tenant.TenancyName;
}
var loginAsync = await _logInManager.LoginAsync(user.UserName, input.CurrentPassword, tenancyName : tenancyName, shouldLockout : false);
if (loginAsync.Result != AbpLoginResultType.Success)
{
throw new UserFriendlyException(L("ExistingPasswordWrong"));
}
//if (!new Regex(AccountAppService.PasswordRegex).IsMatch(input.NewPassword))
//{
// throw new UserFriendlyException("Passwords must be at least 8 characters, contain a lowercase, uppercase, and number.");
//}
user.Password = _passwordHasher.HashPassword(user, input.NewPassword);
CurrentUnitOfWork.SaveChanges();
return(true);
}
public async Task <ActionResult> LoginBySingle()
{
string tkt = null;
if (Request.HttpContext.Request.Query.ContainsKey("ticket"))
{
tkt = Request.HttpContext.Request.Query["ticket"][0];
}
var protocal = "http://";
if (Request.IsHttps)
{
protocal = "https://";
}
string service = protocal + Request.Host.Value;//.PathBase;//.GetLeftPart(UriPartial.Path);
// 如果没有 ticket,则跳转到 认证平台 的登录页面
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
//Response.Redirect(redir);
return(Redirect(redir));
}
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CheckValidationResult);
// 检验 ticket 是否有效
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&" +
"service=" + service;
StreamReader Reader = new StreamReader(new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string user = null; // "201509103";//
// 在 xml 中找 cas:user 标签,如果没有找到,表示出错了。
while (reader.Read())
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
{
user = reader.ReadString();
}
}
}
reader.Close();
// 如果没有找到 cas:user,输出错误提示。否则返回登录页面
if (user == null)
{
//Label1.Text = "从 认证平台 返回本程序, 但校验表示失败.";
}
else
{
//Session["user"] = user;
var provider = "";
var findUserByGMGH = await _userRepository.FirstOrDefaultAsync(p => p.GMGH == user);
if (findUserByGMGH == null)
{//需要註冊綁定
//return RedirectToAction("Login");
}
//_userLoginRepository.Insert(new UserLogin() { LoginProvider = provider, ProviderKey = user, UserId = findUserByGMGH.Id });
UserLoginInfo info = new UserLoginInfo(provider, user, provider + "@" + user);
var loginResult = await _logInManager.LoginAsync(info);
await _signInManager.SignInAsync(loginResult.Identity, false);//记录登录状态,使其不会自动跳入登陆页面
await UnitOfWorkManager.Current.SaveChangesAsync();
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
return(RedirectToAction("Index", "Home")); //进入首页
default:
return(RedirectToAction("Login")); //_abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
}
//FormsAuthentication.RedirectFromLoginPage(user, false); //在宁波卫职院图书馆、一卡通集成中,发现必须将这行代码去掉才能获取到user,运用此demo人员请注意。by aiyu52s 2014年1月14日 14:07:28
}
return(null);
}
private async Task <AbpLoginResult <Tenant, User> > GetLoginResultAsync(string usernameOrEmailAddress, string password, string tenancyName)
{
var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password, tenancyName);
return(loginResult);
}
public async Task <ExternalAuthenticateResultModel> WeChartMiniProgramLoginAsync()
{
//从第三方登录拿到当前用户(包含openId、sessionKey)
var t = await base.HttpContext.AuthenticateAsync(MiniProgramConsts.AuthenticationScheme);//间接使用第三方身份验证方案获取信息
//拿到openId
var openid = t.Principal.Claims.Single(c => c.Type == ClaimTypes.NameIdentifier).Value;
var tenancyName = GetTenancyNameOrNull();
//尝试做第三发登录(内部通过openid找到本地账号做登录),
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(MiniProgramConsts.AuthenticationScheme, openid, MiniProgramConsts.AuthenticationSchemeDisplayName), tenancyName);
//根据登录结果,若成功则直接返回jwtToken 或者自动注册后返回
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
//更新微信用户信息
foreach (var item in t.Principal.Claims)
{
await userManager.ReplaceClaimAsync(loginResult.User, new Claim(item.Type, ""), item);
}
//返回jwtToken
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
//若未找到关联的本地账号则自动注册,再返回jwtToken
var newUser = await RegisterExternalUserAsync(new ExternalAuthUserInfo
{
Provider = MiniProgramConsts.AuthenticationScheme,
ProviderKey = openid,
Name = t.Principal.Claims.SingleOrDefault(c => c.Type == "nickName")?.Value,
EmailAddress = Guid.NewGuid().ToString("N") + "@mp.com",
Surname = "a"
});
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(MiniProgramConsts.AuthenticationScheme, openid, MiniProgramConsts.AuthenticationSchemeDisplayName), tenancyName);
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
openid,
tenancyName
);
}
//保存微信用户信息(排出openid,因为它存储在userlogins里)
await userManager.AddClaimsAsync(loginResult.User, t.Principal.Claims.Where(c => c.Type != ClaimTypes.NameIdentifier));
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
openid,
tenancyName
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
var returnUrl = model.ReturnUrl;
if (model.SingleSignIn.HasValue && model.SingleSignIn.Value && loginResult.Result == AbpLoginResultType.Success)
{
loginResult.User.SetSignInToken();
returnUrl = AddSingleSignInParametersToReturnUrl(model.ReturnUrl, loginResult.User.SignInToken, loginResult.User.Id, loginResult.User.TenantId);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
ReturnUrl = returnUrl
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
//Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
//登陆成功时更新sessionkey
if (externalUser is WechatAuthUserInfo)
{
var userInfo = externalUser as WechatAuthUserInfo;
EventBus.Trigger(new WechatLoginSuccessEventData
{
SessionKey = userInfo.SessionKey,
UserId = loginResult.User.Id
});
}
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> WeChatAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
//Logger.Info($"用户模型:{Newtonsoft.Json.JsonConvert.SerializeObject(externalUser)}");
//Logger.Debug(Newtonsoft.Json.JsonConvert.SerializeObject(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider) ) + GetTenancyNameOrNull());
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
//Logger.Debug(loginResult.Result.ToString());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <IActionResult> Login(LoginInputModel model, string button)
{
if (button != "login")
{
// the user clicked the "cancel" button
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(model.ReturnUrl));
}
else
{
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
var result = await logInManager.LoginAsync(model.Username, model.Password, "1");
if (result.Result == AbpLoginResultType.Success)
{
var user = result.User;
await _events.RaiseAsync(new UserLoginSuccessEvent(user.Name, user.Id.ToString(), result.Tenant.Name));
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
;
await signInManager.SignInAsync(user, props);
await UnitOfWorkManager.Current.SaveChangesAsync();
// make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page
// the IsLocalUrl check is only necessary if you want to support additional local pages, otherwise IsValidReturnUrl is more strict
if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect("~/"));
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, result.Result.ToString()));
ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
Logger.Debug($"ExternalAuthenticate:{model.ToJsonString()}");
if (model.AuthProvider == "WechatH5")
{
var decryptText = SimpleStringCipher.Instance.Decrypt(model.ProviderAccessCode, AppConsts.DefaultPassPhrase);
var arr = decryptText.Split('|');
var expiredCode = DateTime.Now.AddMinutes(-1);
if (arr.Length > 1)
{
DateTime.TryParse(arr[1], out expiredCode);
}
if (expiredCode < DateTime.Now)
{
throw new AbpProjectNameBusinessException(ErrorCode.Forbidden);
}
model.ProviderAccessCode = arr[0];
}
var externalUser = await GetExternalUserInfo(model);
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
//登陆成功时更新sessionkey
if (externalUser is WechatMiniAuthUserInfo)
{
var userInfo = externalUser as WechatMiniAuthUserInfo;
EventBus.Trigger(new WechatLoginSuccessEventData
{
SessionKey = userInfo.SessionKey,
UserId = loginResult.User.Id
});
}
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public static async void LoginUser(string username, string password)
{
await _logInManager.LoginAsync(username, password);
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Identity != null)
{
await _signInManager.SignInAsync(loginResult.Identity, true);
}
await UnitOfWorkManager.Current.SaveChangesAsync();
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var externalUser = new ExternalAuthUserInfo()
{
EmailAddress = model.EmailAddress,
Name = model.Name,
Provider = model.AuthProvider,
ProviderKey = model.ProviderKey,
Surname = model.Surname
};
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
// 判断是否有这个Key
var tenancyName = GetTenancyNameOrNull();
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), tenancyName);
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
UserId = loginResult.User.Id
});
}
case AbpLoginResultType.UnknownExternalLogin:
case AbpLoginResultType.UserIsNotActive:
if (loginResult.User == null)
{
// 该第三方key未绑定用户表信息
return(new ExternalAuthenticateResultModel
{
ProviderKey = model.ProviderKey,
WaitingForActivation = false,
UserId = 0
});
}
else
{
// 找到该用户,但是处于锁定状态
return(new ExternalAuthenticateResultModel
{
ProviderKey = model.ProviderKey,
WaitingForActivation = true,
UserId = (await _userManager.GetUserByEmail(externalUser.EmailAddress)).Id
});
}
default:
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
#region 旧版本
//switch (loginResult.Result)
//{
// case AbpLoginResultType.Success:
// {
// string accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User));
// return new ExternalAuthenticateResultModel
// {
// AccessToken = accessToken,
// EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
// ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
// UserId = loginResult.User.Id
// };
// }
// case AbpLoginResultType.UnknownExternalLogin:
// {
// //注册新用户到数据库中
// User newUser = await RegisterExternalUserAsync(externalUser);
// if (!newUser.IsActive)
// {
// return new ExternalAuthenticateResultModel
// {
// WaitingForActivation = true,
// UserId = newUser.Id,
// ProviderKey = externalUser.ProviderKey,
// };
// }
// // Try to login again with newly registered user!
// loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
// if (loginResult.Result != AbpLoginResultType.Success)
// {
// throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// model.ProviderKey,
// GetTenancyNameOrNull()
// );
// }
// return new ExternalAuthenticateResultModel
// {
// AccessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User)),
// ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
// };
// }
// case AbpLoginResultType.UserIsNotActive:
// {
// // 需要进行账号绑定激活
// return new ExternalAuthenticateResultModel
// {
// WaitingForActivation = true,
// UserId = (await _userManager.GetUserByEmail(externalUser.EmailAddress)).Id
// };
// }
// default:
// {
// throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// model.ProviderKey,
// GetTenancyNameOrNull()
// );
// }
// }
#endregion
}
/// <summary>
/// cs于2017.11.22上午进行了修改
/// 验证登录信息,返回对应登录结果数据
/// </summary>
/// <param name="usernameOrEmailAddress"></param>
/// <param name="password"></param>
/// <param name="tenancyName"></param>
/// <returns></returns>
private async Task <AbpLoginResult <Tenant, User> > GetLoginResultAsync(string usernameOrEmailAddress, string password, string tenancyName)
{
var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password, tenancyName);
var pwdRule = OperateSection.GetPwdRuleSection();
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
if (pwdRule.IsTrialError) //若启用了试错,则重置错误信息
{
if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
throw new Exception("登录失败:当前用户(" + usernameOrEmailAddress + ")已被锁定!");
}
else
{
//var user = loginResult.User;
//user.LoginFailCount = 0;
//user.LockedReason = "";
//user.IsActive = true;
//_userManager.Update(user);
DbHelper.Execute("UPDATE ABP_USERS SET LOGIN_FAIL_COUNT=0,LOCKED_REASON='',IS_ACTIVE=1 WHERE ID=" + loginResult.User.Id);
}
}
return(loginResult);
case AbpLoginResultType.InvalidPassword: //当密码错误时
//先验证是否启用了试错
if (pwdRule.IsTrialError) //启用了试错
{
if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
throw new Exception("登录失败:当前用户(" + usernameOrEmailAddress + ")已被锁定!");
}
else if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount <= Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
string exceptionMsg = "";
//去累加失败次数,锁定用户
var user = loginResult.User;
user.LoginFailCount = user.LoginFailCount + 1;
//当累计错误大于试错数时
if (user.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
exceptionMsg = "当前用户(" + usernameOrEmailAddress + ")密码已累计输错【" + pwdRule.TrialErrorCount + "】次,帐号已被锁定!";
user.IsActive = false; //锁定用户
}
else
{
exceptionMsg = "当前用户(" + usernameOrEmailAddress + ")密码已累计输错【" + user.LoginFailCount + "】次,累计输错【" + pwdRule.TrialErrorCount + "】次将被锁定!";
}
user.LockedReason = exceptionMsg;
//_userManager.Update(user);
//CurrentUnitOfWork.SaveChanges();
DbHelper.Execute(string.Format(@"UPDATE ABP_USERS SET LOGIN_FAIL_COUNT={0},LOCKED_REASON='{1}',IS_ACTIVE=1 WHERE ID={2}",
user.LoginFailCount, exceptionMsg, user.Id));
throw new Exception("登录失败:" + exceptionMsg);
}
else
{
throw new Exception("登录失败:用户或密码错误(系统未配置试错次数)");
}
}
else
{
throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
}
default:
throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
}
}
public async Task <bool> ExcuteAsync(WeChatMiniProgramLoginContext ct)
{
this.httpContext = ct.HttpContext;
this.httpResponse = httpContext.Response;
if (AbpSession.TenantId.HasValue)
{
this.tenancyName = _tenantCache.GetOrNull(AbpSession.TenantId.Value)?.TenancyName;
}
//尝试做第三发登录(内部通过openid找到本地账号做登录),
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(MiniProgramConsts.AuthenticationScheme, ct.WeChatUser.openid, MiniProgramConsts.AuthenticationSchemeDisplayName), tenancyName);
//根据登录结果,若成功则直接返回jwtToken 或者自动注册后返回
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
//User是聚合跟,因此查它的Claims性能差点,方式没毛病;即使这里不获取所有Claim,UserManager.ReplaceClaimAsync内部也会尝试查询全部,若我们查了,它就不会查了
var claims = await userManager.GetClaimsAsync(loginResult.User);
//ReplaceClaimAsync abp 5.4版本有bug,
//var sessionKeyClaim = claims.Single(c => c.Type == "session_key");
// var claimRT = await userManager.ReplaceClaimAsync(loginResult.User, sessionKeyClaim, new Claim("session_key", ct.WeChatUser.session_key));
await userManager.RemoveClaimsAsync(loginResult.User, claims.Where(c => c.Type == "session_key"));
await userManager.AddClaimAsync(loginResult.User, new Claim("session_key", ct.WeChatUser.session_key));
#region 处理前端传递来的除code以外的其它数据
//var tttt = ct.WeChatUser.Input.EnumerateArray();//json格式的数组对象才能这样
//这样的方式才可以正常遍历前端传来的除code以外的其它数据
//foreach (var property in ct.WeChatUser.Input.EnumerateObject())
//{
// property.Name.Value..
//}
//或者用下面的方式按需更新
//if (ct.WeChatUser.Input.TryGetProperty("nickName", out var k))
//{
// var claim = claims.Single(c => c.Type == "nickName");
// await userManager.ReplaceClaimAsync(loginResult.User, claim, new Claim("", ""));
//}
#endregion
//await UnitOfWorkManager.Current.SaveChangesAsync();//必须加
await WriteJsonAsync(new
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
return(true);
}
case AbpLoginResultType.UnknownExternalLogin:
{
//若未找到关联的本地账号则自动注册,再返回jwtToken
var newUser = await RegisterExternalUserAsync(new ExternalAuthUserInfo
{
Provider = MiniProgramConsts.AuthenticationScheme,
ProviderKey = ct.WeChatUser.openid,
Name = Guid.NewGuid().ToString("N"),
EmailAddress = Guid.NewGuid().ToString("N") + "@mp.com",
Surname = "a"
});
//if (!newUser.IsActive)
//{
// return new ExternalAuthenticateResultModel
// {
// WaitingForActivation = true
// };
//}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(MiniProgramConsts.AuthenticationScheme, ct.WeChatUser.openid, MiniProgramConsts.AuthenticationSchemeDisplayName), tenancyName);
if (loginResult.Result != AbpLoginResultType.Success)
{
//throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// openid,
// tenancyName
//);
await WriteJsonAsync(new { msg = "注册失败" });
}
//保存微信用户信息(排出openid,因为它存储在userlogins里)
// await userManager.AddClaimsAsync(loginResult.User, t.Principal.Claims.Where(c => c.Type != ClaimTypes.NameIdentifier));
else
{
await userManager.AddClaimAsync(loginResult.User, new Claim("session_key", ct.WeChatUser.session_key));
await WriteJsonAsync(new
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
return(true);
}
default:
{
await WriteJsonAsync(new { msg = "登录失败!" });
//throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// openid,
// tenancyName
//);
}
return(true);
}
}
