Updated Identity to use MaxFailedAccessAttempts. Fixes #1905

PiranhaCMS · Oct 3, 2022 · f6d4ce9 · f6d4ce9
1 parent 08d6b5e
commit f6d4ce9
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 10 deletions.
diff --git a/core/Piranha.AspNetCore.SimpleSecurity/SimpleSecurity.cs b/core/Piranha.AspNetCore.SimpleSecurity/SimpleSecurity.cs
@@ -59,7 +59,7 @@ public bool Authenticate(string username, string password)
     /// <param name="username">The username</param>
     /// <param name="password">The password</param>
     /// <returns>If the user was signed in</returns>
-    public async Task<bool> SignIn(object context, string username, string password)
+    public async Task<LoginResult> SignIn(object context, string username, string password)
     {
         if (context is HttpContext)
         {
@@ -80,9 +80,9 @@ public async Task<bool> SignIn(object context, string username, string password)
 
                 await ((HttpContext)context).SignInAsync("Piranha.SimpleSecurity", principle);
 
-                return true;
+                return LoginResult.Succeeded;
             }
-            return false;
+            return LoginResult.Failed;
         }
         throw new ArgumentException("SimpleSecurity only works with a HttpContext");
     }

diff --git a/core/Piranha.Manager.LocalAuth/Areas/Manager/Pages/Login.cshtml.cs b/core/Piranha.Manager.LocalAuth/Areas/Manager/Pages/Login.cshtml.cs
@@ -95,7 +95,7 @@ public async Task<IActionResult> OnPostAsync(string returnUrl = null)
         {
             await _service.SignOut(HttpContext);
 
-            if (!ModelState.IsValid || !await _service.SignIn(HttpContext, Input.Username, Input.Password))
+            if (!ModelState.IsValid || (await _service.SignIn(HttpContext, Input.Username, Input.Password)) != LoginResult.Succeeded)
             {
                 ModelState.Clear();
                 ModelState.AddModelError(string.Empty, _localizer.General["Username and/or password are incorrect."].Value);

diff --git a/core/Piranha.Manager.LocalAuth/ISecurity.cs b/core/Piranha.Manager.LocalAuth/ISecurity.cs
@@ -23,7 +23,7 @@ public interface ISecurity
     /// <param name="username">The username</param>
     /// <param name="password">The password</param>
     /// <returns>If the user was signed in</returns>
-    Task<bool> SignIn(object context, string username, string password);
+    Task<LoginResult> SignIn(object context, string username, string password);
 
     /// <summary>
     /// Signs out the current user.

diff --git a/core/Piranha.Manager.LocalAuth/LoginResult.cs b/core/Piranha.Manager.LocalAuth/LoginResult.cs
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) .NET Foundation and Contributors
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ *
+ * https://github.com/piranhacms/piranha.core
+ *
+ */
+
+namespace Piranha.Manager.LocalAuth;
+
+/// <summary>
+/// The different results a login can have.
+/// </summary>
+public enum LoginResult
+{
+    /// <summary>
+    /// The login succeeded.
+    /// </summary>
+    Succeeded,
+    /// <summary>
+    /// The login failed.
+    /// </summary>
+    Failed,
+    /// <summary>
+    /// The user account is locked.
+    /// </summary>
+    Locked
+}
diff --git a/identity/Piranha.AspNetCore.Identity/IdentitySecurity.cs b/identity/Piranha.AspNetCore.Identity/IdentitySecurity.cs
@@ -9,6 +9,7 @@
  */
 
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Options;
 using Piranha.AspNetCore.Identity.Data;
 using Piranha.Manager.LocalAuth;
 
@@ -27,11 +28,17 @@ public class IdentitySecurity : ISecurity
     private readonly SignInManager<User> _signInManager;
 
     /// <summary>
-    ///     Default constructor.
+    /// The identity options.
     /// </summary>
-    public IdentitySecurity(SignInManager<User> signInManager, IIdentitySeed seed = null)
+    private readonly IdentityOptions _options;
+
+    /// <summary>
+    /// Default constructor.
+    /// </summary>
+    public IdentitySecurity(SignInManager<User> signInManager, IOptions<IdentityOptions> identityOptions, IIdentitySeed seed = null)
     {
         _signInManager = signInManager;
+        _options = identityOptions.Value;
         _seed = seed;
     }
 
@@ -43,15 +50,24 @@ public IdentitySecurity(SignInManager<User> signInManager, IIdentitySeed seed =
     /// <param name="username">The username</param>
     /// <param name="password">The password</param>
     /// <returns>If the user was signed in</returns>
-    public async Task<bool> SignIn(object context, string username, string password)
+    public async Task<LoginResult> SignIn(object context, string username, string password)
     {
         if (_seed != null)
         {
             await _seed.CreateAsync();
         }
+        var result = await _signInManager.PasswordSignInAsync(username, password, false,
+            _options.Lockout.MaxFailedAccessAttempts > 0 ? true : false);
 
-        var result = await _signInManager.PasswordSignInAsync(username, password, false, false);
-        return result.Succeeded;
+        if (result.Succeeded)
+        {
+            return LoginResult.Succeeded;
+        }
+        else if (result.IsLockedOut)
+        {
+            return LoginResult.Locked;
+        }
+        return LoginResult.Failed;
     }
 
     /// <summary>