Merge branch 'dev' of https://github.com/abpframework/abp into dev

abpframework · Aug 15, 2019 · 5007709 · 5007709
2 parents c7bb18c + 905baff
commit 5007709
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 16 deletions.
diff --git a/.../src/Volo.Abp.Validation/Volo/Abp/Validation/DataAnnotationObjectValidationContributor.cs b/.../src/Volo.Abp.Validation/Volo/Abp/Validation/DataAnnotationObjectValidationContributor.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections;
 using System.Collections.Generic;
 using System.ComponentModel;
@@ -13,10 +14,14 @@ public class DataAnnotationObjectValidationContributor : IObjectValidationContri
     {
         public const int MaxRecursiveParameterValidationDepth = 8;
 
+        protected IServiceProvider ServiceProvider { get; }
         protected AbpValidationOptions Options { get; }
 
-        public DataAnnotationObjectValidationContributor(IOptions<AbpValidationOptions> options)
+        public DataAnnotationObjectValidationContributor(
+            IOptions<AbpValidationOptions> options,
+            IServiceProvider serviceProvider)
         {
+            ServiceProvider = serviceProvider;
             Options = options.Value;
         }
 
@@ -90,7 +95,7 @@ public void AddErrors(List<ValidationResult> errors, object validatingObject)
             if (validatingObject is IValidatableObject validatableObject)
             {
                 errors.AddRange(
-                    validatableObject.Validate(new ValidationContext(validatableObject))
+                    validatableObject.Validate(new ValidationContext(validatableObject, ServiceProvider, null))
                 );
             }
         }
@@ -103,7 +108,7 @@ protected virtual void AddPropertyErrors(object validatingObject, PropertyDescri
                 return;
             }
 
-            var validationContext = new ValidationContext(validatingObject)
+            var validationContext = new ValidationContext(validatingObject, ServiceProvider, null)
             {
                 DisplayName = property.DisplayName,
                 MemberName = property.Name

diff --git a/...Server.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs b/...Server.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
@@ -1,33 +1,95 @@
-using System.Threading.Tasks;
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using IdentityModel;
 using IdentityServer4.AspNetIdentity;
+using IdentityServer4.Events;
+using IdentityServer4.Models;
 using IdentityServer4.Services;
 using IdentityServer4.Validation;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Logging;
 using Volo.Abp.Identity;
+using Volo.Abp.Security.Claims;
 using Volo.Abp.Uow;
 
 namespace Volo.Abp.IdentityServer.AspNetIdentity
 {
-    public class AbpResourceOwnerPasswordValidator : ResourceOwnerPasswordValidator<IdentityUser>
+    public class AbpResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator //ResourceOwnerPasswordValidator<IdentityUser>
     {
+        private readonly SignInManager<IdentityUser> _signInManager;
+        private readonly IEventService _events;
+        private readonly UserManager<IdentityUser> _userManager;
+        private readonly ILogger<ResourceOwnerPasswordValidator<IdentityUser>> _logger;
+
         public AbpResourceOwnerPasswordValidator(
-            IdentityUserManager userManager, 
-            SignInManager<IdentityUser> signInManager, 
-            IEventService events, 
-            ILogger<ResourceOwnerPasswordValidator<IdentityUser>> logger
-            ) : base(
-                userManager, 
-                signInManager, 
-                events, 
-                logger)
+            UserManager<IdentityUser> userManager,
+            SignInManager<IdentityUser> signInManager,
+            IEventService events,
+            ILogger<ResourceOwnerPasswordValidator<IdentityUser>> logger)
         {
+            _userManager = userManager;
+            _signInManager = signInManager;
+            _events = events;
+            _logger = logger;
         }
 
+        /// <summary>
+        /// https://github.com/IdentityServer/IdentityServer4/blob/master/src/AspNetIdentity/src/ResourceOwnerPasswordValidator.cs#L53
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
         [UnitOfWork]
-        public override async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
+        public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
         {
-            await base.ValidateAsync(context);
+            var user = await _userManager.FindByNameAsync(context.UserName);
+            if (user != null)
+            {
+                var result = await _signInManager.CheckPasswordSignInAsync(user, context.Password, true);
+                if (result.Succeeded)
+                {
+                    var sub = await _userManager.GetUserIdAsync(user);
+
+                    _logger.LogInformation("Credentials validated for username: {username}", context.UserName);
+                    await _events.RaiseAsync(new UserLoginSuccessEvent(context.UserName, sub, context.UserName, interactive: false));
+
+                    context.Result = new GrantValidationResult(sub, OidcConstants.AuthenticationMethods.Password, GetAdditionalClaimsOrNull(user));
+
+                    return;
+                }
+                else if (result.IsLockedOut)
+                {
+                    _logger.LogInformation("Authentication failed for username: {username}, reason: locked out", context.UserName);
+                    await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "locked out", interactive: false));
+                }
+                else if (result.IsNotAllowed)
+                {
+                    _logger.LogInformation("Authentication failed for username: {username}, reason: not allowed", context.UserName);
+                    await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "not allowed", interactive: false));
+                }
+                else
+                {
+                    _logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", context.UserName);
+                    await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "invalid credentials", interactive: false));
+                }
+            }
+            else
+            {
+                _logger.LogInformation("No user found matching username: {username}", context.UserName);
+                await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName, "invalid username", interactive: false));
+            }
+
+            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant);
+        }
+
+        protected virtual IEnumerable<Claim> GetAdditionalClaimsOrNull(IdentityUser user)
+        {
+            if (!user.TenantId.HasValue)
+            {
+                return null;
+            }
+
+            return new[] { new Claim(AbpClaimTypes.TenantId, user.TenantId?.ToString()) };
         }
     }
 }