using Application.Domain.Entities; using IdentityServer4.Models; using IdentityServer4.Validation; using Infrastructure.Data; using Infrastructure.Security; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.Extensions.Configuration; using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; namespace UserCenter { public class ResourceOwnerValidator : IResourceOwnerPasswordValidator { private readonly IConfiguration _cfg; private readonly IRepository _userRepo; private readonly IEncryptionService _encryptionService; public ResourceOwnerValidator(IConfiguration cfg, IRepository userRepo, IEncryptionService encryptionService) { this._cfg = cfg; this._userRepo = userRepo; this._encryptionService = encryptionService; } public Task ValidateAsync(ResourceOwnerPasswordValidationContext context) { //var userName = context.UserName; //var password = context.Password; //try //{ // var user = this._userRepo.Table().FirstOrDefault(o => o.UserName == userName); // if (user == null) // { // context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "invalid_credential", new Dictionary { { "message", "用户不存在" } }); // } // else // { // var maxAccessFailedCount = this._cfg.GetValue("MaxFailedAccessAttemptsBeforeLockout"); // var lockoutEndMinutes = this._cfg.GetValue("DefaultAccountLockoutMinutes"); // if (user.LockoutEnabled)//对已启用登录锁定的用户,如果当前登录时间超出锁定时间,先解除锁定状态 // { // if (user.LockoutEnd.HasValue && DateTime.UtcNow > user.LockoutEnd) // { // user.LockoutEnd = null; // user.AccessFailedCount = 0; // this._userRepo.SaveChanges(); // } // } // var success = false; // if (user.LockoutEnabled)//对启用登录锁定的用户进行验证 // { // if (user.LockoutEnd.HasValue == false) // { // if (user.PasswordHash == this._encryptionService.CreatePasswordHash(password, user.SecurityStamp)) // { // user.LockoutEnd = null; // user.AccessFailedCount = 0; // success = true; // } // else // { // user.AccessFailedCount += 1; // if (user.AccessFailedCount >= maxAccessFailedCount) // { // user.LockoutEnd = DateTime.UtcNow.AddMinutes(lockoutEndMinutes); // } // } // this._userRepo.SaveChanges(); // } // } // else//对未启用登录锁定的用户进行验证 // { // if (user.PasswordHash == this._encryptionService.CreatePasswordHash(password, user.SecurityStamp)) // { // success = true; // } // } // if (success) // { // var roles = this._userRepo.ReadOnlyTable().Where(o => o.UserName == userName) // .SelectMany(o => o.UserRoles) // .Select(o => o.Role) // .SelectMany(o => o.RolePermissions) // .Select(o => o.Permission.Number) // .ToList(); // var claims = new List { new Claim("Name", userName) }; // claims.AddRange(roles.Select(o => new Claim("Role", o)).ToList()); // var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme, "Name", "Role")); // context.Result = new GrantValidationResult(claimsPrincipal); // } // else // { // if (user.LockoutEnabled && user.LockoutEnd.HasValue) // { // context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, $"用户被锁定,请于{user.LockoutEnd.Value.ToLocalTime().ToString("HH:mm")}后重试"); // } // else // { // context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "密码错误"); // } // } // } //} //catch (Exception ex) //{ // context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, ex.Message); //} return Task.CompletedTask; } } }