kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #3253 - login needs to validate User.IsDeleted property

Browse Source
This commit is contained in:
sbwalker 2023-09-13 10:02:11 -04:00
parent 9267efce01
commit d155e13399
3 changed files with 54 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Oqtane.Client/Modules/Admin/Login/Index.razor
View File

@ -206,8 +206,7 @@
if (hybrid)
{
// hybrid apps utilize an interactive login
var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider
.GetService(typeof(IdentityAuthenticationStateProvider));
var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
authstateprovider.NotifyAuthenticationChanged();
NavigationManager.NavigateTo(NavigateUrl(WebUtility.UrlDecode(_returnUrl), true));
}

73
Oqtane.Server/Managers/UserManager.cs
View File

@ -257,45 +257,52 @@ namespace Oqtane.Managers
var LastIPAddress = user.LastIPAddress ?? "";
user = _users.GetUser(user.Username);
if (user.TwoFactorRequired)
if (!user.IsDeleted)
{
var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email");
user.TwoFactorCode = token;
user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10);
_users.UpdateUser(user);
if (user.TwoFactorRequired)
{
var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email");
user.TwoFactorCode = token;
user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10);
_users.UpdateUser(user);
string body = "Dear " + user.DisplayName + ",\n\nYou requested a secure verification code to log in to your account. Please enter the secure verification code on the site:\n\n" + token +
"\n\nPlease note that the code is only valid for 10 minutes so if you are unable to take action within that time period, you should initiate a new login on the site." +
"\n\nThank You!";
var notification = new Notification(user.SiteId, user, "User Verification Code", body);
_notifications.AddNotification(notification);
string body = "Dear " + user.DisplayName + ",\n\nYou requested a secure verification code to log in to your account. Please enter the secure verification code on the site:\n\n" + token +
"\n\nPlease note that the code is only valid for 10 minutes so if you are unable to take action within that time period, you should initiate a new login on the site." +
"\n\nThank You!";
var notification = new Notification(user.SiteId, user, "User Verification Code", body);
_notifications.AddNotification(notification);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Verification Notification Sent For {Username}", user.Username);
user.TwoFactorRequired = true;
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Verification Notification Sent For {Username}", user.Username);
user.TwoFactorRequired = true;
}
else
{
user = _users.GetUser(identityuser.UserName);
if (user != null)
{
if (identityuser.EmailConfirmed)
{
user.IsAuthenticated = true;
user.LastLoginOn = DateTime.UtcNow;
user.LastIPAddress = LastIPAddress;
_users.UpdateUser(user);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", user.Username);
if (setCookie)
{
await _identitySignInManager.SignInAsync(identityuser, isPersistent);
}
}
else
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Not Verified {Username}", user.Username);
}
}
}
}
else
{
user = _users.GetUser(identityuser.UserName);
if (user != null)
{
if (identityuser.EmailConfirmed)
{
user.IsAuthenticated = true;
user.LastLoginOn = DateTime.UtcNow;
user.LastIPAddress = LastIPAddress;
_users.UpdateUser(user);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", user.Username);
if (setCookie)
{
await _identitySignInManager.SignInAsync(identityuser, isPersistent);
}
}
else
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Not Verified {Username}", user.Username);
}
}
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Failed - Account Deleted {Username}", user.Username);
}
}
else

16
Oqtane.Server/Pages/Login.cshtml.cs
View File

@ -4,6 +4,9 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using Oqtane.Extensions;
using Oqtane.Managers;
using Oqtane.Shared;
namespace Oqtane.Pages
{
@ -12,14 +15,16 @@ namespace Oqtane.Pages
{
private readonly UserManager<IdentityUser> _identityUserManager;
private readonly SignInManager<IdentityUser> _identitySignInManager;
private readonly IUserManager _userManager;
public LoginModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager)
public LoginModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, IUserManager userManager)
{
_identityUserManager = identityUserManager;
_identitySignInManager = identitySignInManager;
_userManager = userManager;
}
public async Task<IActionResult> OnPostAsync(string username, string password, bool remember, string returnurl)
public async Task<IActionResult> OnPostAsync(string username, string password, bool remember, string returnurl)
{
if (!User.Identity.IsAuthenticated && !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
@ -30,7 +35,12 @@ namespace Oqtane.Pages
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, password, true);
if (result.Succeeded)
{
validuser = true;
var alias = HttpContext.GetAlias();
var user = _userManager.GetUser(identityuser.UserName, alias.SiteId);
if (user != null && !user.IsDeleted)
{
validuser = true;
}
}
}