fix #4965 - improve user/site management

2025-01-21 12:21:27 -05:00
parent 4793ab4bc9
commit 16477052e2
10 changed files with 187 additions and 105 deletions
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@ -363,28 +363,36 @@ namespace Oqtane.Managers
                        }
                        else
                        {
-                            user = _users.GetUser(identityuser.UserName);
-                            if (user != null)
+                            if (await _identityUserManager.IsEmailConfirmedAsync(identityuser))
                            {
-                                if (await _identityUserManager.IsEmailConfirmedAsync(identityuser))
+                                user = GetUser(identityuser.UserName, alias.SiteId);
+                                if (user != null)
                                {
-                                    user.IsAuthenticated = true;
-                                    user.LastLoginOn = DateTime.UtcNow;
-                                    user.LastIPAddress = LastIPAddress;
-                                    _users.UpdateUser(user);
-                                    _logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful For {Username} From IP Address {IPAddress}", user.Username, LastIPAddress);
-
-                                    _syncManager.AddSyncEvent(alias, EntityNames.User, user.UserId, "Login");
-
-                                    if (setCookie)
+                                    // ensure user is registered for site
+                                    if (user.Roles.Contains(RoleNames.Registered))
                                    {
-                                        await _identitySignInManager.SignInAsync(identityuser, isPersistent);
+                                        user.IsAuthenticated = true;
+                                        user.LastLoginOn = DateTime.UtcNow;
+                                        user.LastIPAddress = LastIPAddress;
+                                        _users.UpdateUser(user);
+                                        _logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful For {Username} From IP Address {IPAddress}", user.Username, LastIPAddress);
+
+                                        _syncManager.AddSyncEvent(alias, EntityNames.User, user.UserId, "Login");
+
+                                        if (setCookie)
+                                        {
+                                            await _identitySignInManager.SignInAsync(identityuser, isPersistent);
+                                        }
+                                    }
+                                    else
+                                    {
+                                        _logger.Log(LogLevel.Information, this, LogFunction.Security, "User {Username} Is Not An Active Member Of Site {SiteId}", user.Username, alias.SiteId);
                                    }
                                }
-                                else
-                                {
-                                    _logger.Log(LogLevel.Information, this, LogFunction.Security, "User Email Address Not Verified {Username}", user.Username);
-                                }
+                            }
+                            else
+                            {
+                                _logger.Log(LogLevel.Information, this, LogFunction.Security, "User Email Address Not Verified {Username}", user.Username);
                            }
                        }
                    }