kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added support for User Account Lockout

Browse Source
This commit is contained in:
Shaun Walker 2022-02-25 16:17:54 -05:00
parent 0fba385b9e
commit eb1ac3bc9b
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Oqtane.Server/Controllers/UserController.cs
View File

@ -339,7 +339,7 @@ namespace Oqtane.Controllers
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username); IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null) if (identityuser != null)
{ {
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, false); var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, true);
if (result.Succeeded) if (result.Succeeded)
{ {
loginUser = _users.GetUser(identityuser.UserName); loginUser = _users.GetUser(identityuser.UserName);
@ -364,11 +364,26 @@ namespace Oqtane.Controllers
} }
} }
else else
{
if (result.IsLockedOut)
{
user = _users.GetUser(user.Username);
string token = await _identityUserManager.GeneratePasswordResetTokenAsync(identityuser);
string url = HttpContext.Request.Scheme + "://" + _alias.Name + "/reset?name=" + user.Username + "&token=" + WebUtility.UrlEncode(token);
string body = "Dear " + user.DisplayName + ",\n\nYou attempted 3 times unsuccessfully to login to your account and it is now locked out. Please wait 10 minutes and then try again... or use the link below to reset your password:\n\n" + url +
"\n\nPlease note that the link is only valid for 24 hours so if you are unable to take action within that time period, you should initiate another password reset on the site." +
"\n\nThank You!";
var notification = new Notification(user.SiteId, user, "User Password Lockout", body);
_notifications.AddNotification(notification);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Password Lockout Notification Sent For {Username}", user.Username);
}
else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User Login Failed {Username}", user.Username); _logger.Log(LogLevel.Error, this, LogFunction.Security, "User Login Failed {Username}", user.Username);
} }
} }
} }
}
return loginUser; return loginUser;
} }

2
Oqtane.Server/Pages/Login.cshtml.cs
View File

@ -27,7 +27,7 @@ namespace Oqtane.Pages
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(username); IdentityUser identityuser = await _identityUserManager.FindByNameAsync(username);
if (identityuser != null) if (identityuser != null)
{ {
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, password, false); var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, password, true);
if (result.Succeeded) if (result.Succeeded)
{ {
validuser = true; validuser = true;