From 6c0fc949f90e62f0ba7e810ca786534b5223767f Mon Sep 17 00:00:00 2001 From: maliming Date: Wed, 6 Nov 2024 10:28:40 +0800 Subject: [PATCH 1/3] Handles case where users need to confirm `email` or `phone number`. --- .../OpenIddict/AbpErrorDescriptionConsts.cs | 8 ++++++ .../Controllers/TokenController.Password.cs | 27 +++++++++++++++++-- 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpErrorDescriptionConsts.cs diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpErrorDescriptionConsts.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpErrorDescriptionConsts.cs new file mode 100644 index 00000000000..93839fa6e39 --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpErrorDescriptionConsts.cs @@ -0,0 +1,8 @@ +namespace Volo.Abp.OpenIddict; + +public static class AbpErrorDescriptionConsts +{ + public const string RequiresTwoFactor = "RequiresTwoFactor"; + + public const string RequiresConfirmUser = "RequiresConfirmUser"; +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs index 470debf115c..95ceef2e489 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs @@ -127,7 +127,12 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext return await HandlePeriodicallyChangePasswordAsync(request, user, request.Password); } - errorDescription = "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number."; + if (user.IsActive) + { + return await HandleConfirmUserAsync(request, user); + } + + errorDescription = "You are not allowed to login! Your account is inactive."; } else { @@ -235,7 +240,7 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext items: new Dictionary { [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant, - [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = nameof(SignInResult.RequiresTwoFactor) + [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = AbpErrorDescriptionConsts.RequiresTwoFactor }, parameters: new Dictionary { @@ -337,6 +342,24 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext } } + protected virtual Task HandleConfirmUserAsync(OpenIddictRequest request, IdentityUser user) + { + Logger.LogInformation($"{request.Username} needs to confirm email/phone number"); + + var properties = new AuthenticationProperties( + items: new Dictionary + { + [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant, + [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = AbpErrorDescriptionConsts.RequiresConfirmUser + }, + parameters: new Dictionary + { + ["userId"] = user.Id.ToString("N"), + }); + + return Task.FromResult(Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)); + } + protected virtual async Task SetSuccessResultAsync(OpenIddictRequest request, IdentityUser user) { // Clear the dynamic claims cache. From 81fddf3e24a602519b53cc9aae26983d28235ae8 Mon Sep 17 00:00:00 2001 From: maliming Date: Wed, 6 Nov 2024 19:47:40 +0800 Subject: [PATCH 2/3] Add `email` and `phonenumber` to response. --- .../Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs index 95ceef2e489..48fd233d5c7 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs @@ -355,6 +355,8 @@ protected virtual Task HandleConfirmUserAsync(OpenIddictRequest r parameters: new Dictionary { ["userId"] = user.Id.ToString("N"), + ["email"] = user.Email, + ["phoneNumber"] = user.PhoneNumber }); return Task.FromResult(Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)); From dd2962a303fa76e2f3ecea59938c54f3cfbbca42 Mon Sep 17 00:00:00 2001 From: masum-ulu Date: Wed, 6 Nov 2024 15:07:04 +0300 Subject: [PATCH 3/3] check: nullability for phoneNumber --- .../Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs index 48fd233d5c7..392e696d08a 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs @@ -356,7 +356,7 @@ protected virtual Task HandleConfirmUserAsync(OpenIddictRequest r { ["userId"] = user.Id.ToString("N"), ["email"] = user.Email, - ["phoneNumber"] = user.PhoneNumber + ["phoneNumber"] = user.PhoneNumber ?? "" }); return Task.FromResult(Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme));