kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #3253 - login needs to validate User.IsDeleted property

Browse Source
This commit is contained in:
sbwalker 2023-09-13 10:02:11 -04:00
parent 9267efce01
commit d155e13399
3 changed files with 54 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Oqtane.Client/Modules/Admin/Login/Index.razor
View File

@ -206,8 +206,7 @@
if (hybrid) if (hybrid)
{ {
// hybrid apps utilize an interactive login // hybrid apps utilize an interactive login
var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
.GetService(typeof(IdentityAuthenticationStateProvider));
authstateprovider.NotifyAuthenticationChanged(); authstateprovider.NotifyAuthenticationChanged();
NavigationManager.NavigateTo(NavigateUrl(WebUtility.UrlDecode(_returnUrl), true)); NavigationManager.NavigateTo(NavigateUrl(WebUtility.UrlDecode(_returnUrl), true));
} }

7
Oqtane.Server/Managers/UserManager.cs
View File

@ -257,6 +257,8 @@ namespace Oqtane.Managers
var LastIPAddress = user.LastIPAddress ?? ""; var LastIPAddress = user.LastIPAddress ?? "";
user = _users.GetUser(user.Username); user = _users.GetUser(user.Username);
if (!user.IsDeleted)
{
if (user.TwoFactorRequired) if (user.TwoFactorRequired)
{ {
var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email"); var token = await _identityUserManager.GenerateTwoFactorTokenAsync(identityuser, "Email");
@ -299,6 +301,11 @@ namespace Oqtane.Managers
} }
} }
else else
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Failed - Account Deleted {Username}", user.Username);
}
}
else
{ {
if (result.IsLockedOut) if (result.IsLockedOut)
{ {

12
Oqtane.Server/Pages/Login.cshtml.cs
View File

@ -4,6 +4,9 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages; using Microsoft.AspNetCore.Mvc.RazorPages;
using Oqtane.Extensions;
using Oqtane.Managers;
using Oqtane.Shared;
namespace Oqtane.Pages namespace Oqtane.Pages
{ {
@ -12,11 +15,13 @@ namespace Oqtane.Pages
{ {
private readonly UserManager<IdentityUser> _identityUserManager; private readonly UserManager<IdentityUser> _identityUserManager;
private readonly SignInManager<IdentityUser> _identitySignInManager; private readonly SignInManager<IdentityUser> _identitySignInManager;
private readonly IUserManager _userManager;
public LoginModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager) public LoginModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, IUserManager userManager)
{ {
_identityUserManager = identityUserManager; _identityUserManager = identityUserManager;
_identitySignInManager = identitySignInManager; _identitySignInManager = identitySignInManager;
_userManager = userManager;
} }
public async Task<IActionResult> OnPostAsync(string username, string password, bool remember, string returnurl) public async Task<IActionResult> OnPostAsync(string username, string password, bool remember, string returnurl)
@ -29,10 +34,15 @@ namespace Oqtane.Pages
{ {
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, password, true); var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, password, true);
if (result.Succeeded) if (result.Succeeded)
{
var alias = HttpContext.GetAlias();
var user = _userManager.GetUser(identityuser.UserName, alias.SiteId);
if (user != null && !user.IsDeleted)
{ {
validuser = true; validuser = true;
} }
} }
}
if (validuser) if (validuser)
{ {