kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #2176 - update LastIPAddress correctly during login

Browse Source
This commit is contained in:
Shaun Walker 2022-05-05 09:57:09 -04:00
parent d3c40a7e8b
commit eed27e101a
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Oqtane.Client/Modules/Admin/Login/Index.razor
View File

@ -184,7 +184,7 @@
var interop = new Interop(JSRuntime);
if (await interop.FormValid(login))
{
var user = new User { SiteId = PageState.Site.SiteId, Username = _username, Password = _password};
var user = new User { SiteId = PageState.Site.SiteId, Username = _username, Password = _password, LastIPAddress = SiteState.RemoteIPAddress};
if (!twofactor)
{

4
Oqtane.Server/Controllers/UserController.cs
View File

@ -327,6 +327,8 @@ namespace Oqtane.Controllers
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, true);
if (result.Succeeded)
{
var LastIPAddress = user.LastIPAddress;
user = _users.GetUser(user.Username);
if (user.TwoFactorRequired)
{
@ -353,7 +355,7 @@ namespace Oqtane.Controllers
{
loginUser.IsAuthenticated = true;
loginUser.LastLoginOn = DateTime.UtcNow;
loginUser.LastIPAddress = HttpContext.Connection.RemoteIpAddress.ToString();
loginUser.LastIPAddress = LastIPAddress;
_users.UpdateUser(loginUser);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", user.Username);
}

10
Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs
View File

@ -1,21 +1,25 @@
using System;
using System.Diagnostics;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc.ViewFeatures;
using Microsoft.Extensions.Logging;
using Oqtane.Shared;
namespace Oqtane.Security
{
public class AutoValidateAntiforgeryTokenFilter : IAsyncAuthorizationFilter, IAntiforgeryPolicy
{
private readonly IAntiforgery _antiforgery;
private readonly ILogger<AutoValidateAntiforgeryTokenFilter> _filelogger;
public AutoValidateAntiforgeryTokenFilter(IAntiforgery antiforgery)
public AutoValidateAntiforgeryTokenFilter(IAntiforgery antiforgery, ILogger<AutoValidateAntiforgeryTokenFilter> filelogger)
{
_antiforgery = antiforgery;
_filelogger = filelogger;
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
@ -39,7 +43,7 @@ namespace Oqtane.Security
catch
{
context.Result = new AntiforgeryValidationFailedResult();
Debug.WriteLine($"Oqtane Error: AutoValidateAntiforgeryTokenFilter Failure on {context.HttpContext.Request.Path}");
_filelogger.LogError(Utilities.LogMessage(this, $"AutoValidateAntiforgeryTokenFilter Failure For {context.HttpContext.Request.GetEncodedUrl()}"));
}
}
}