wanggang
/
iot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '93c287bab1'
${ noResults }
iot/projects/UserCenter/ResourceOwnerValidator.cs

118 lines
5.5 KiB
Raw Blame History

using Application.Domain.Entities;
using IdentityServer4.Models;
using IdentityServer4.Validation;
using Infrastructure.Data;
using Infrastructure.Security;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.Configuration;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
namespace UserCenter
{
public class ResourceOwnerValidator : IResourceOwnerPasswordValidator
{
private readonly IConfiguration _cfg;
private readonly IRepository<User> _userRepo;
private readonly IEncryptionService _encryptionService;
public ResourceOwnerValidator(IConfiguration cfg, IRepository<User> userRepo, IEncryptionService encryptionService)
{
this._cfg = cfg;
this._userRepo = userRepo;
this._encryptionService = encryptionService;
}
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
//var userName = context.UserName;
//var password = context.Password;
//try
//{
// var user = this._userRepo.Table().FirstOrDefault(o => o.UserName == userName);
// if (user == null)
// {
// context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "invalid_credential", new Dictionary<string, object> { { "message", "用户不存在" } });
// }
// else
// {
// var maxAccessFailedCount = this._cfg.GetValue<int>("MaxFailedAccessAttemptsBeforeLockout");
// var lockoutEndMinutes = this._cfg.GetValue<int>("DefaultAccountLockoutMinutes");
// if (user.LockoutEnabled)//对已启用登录锁定的用户,如果当前登录时间超出锁定时间,先解除锁定状态
// {
// if (user.LockoutEnd.HasValue && DateTime.UtcNow > user.LockoutEnd)
// {
// user.LockoutEnd = null;
// user.AccessFailedCount = 0;
// this._userRepo.SaveChanges();
// }
// }
// var success = false;
// if (user.LockoutEnabled)//对启用登录锁定的用户进行验证
// {
// if (user.LockoutEnd.HasValue == false)
// {
// if (user.PasswordHash == this._encryptionService.CreatePasswordHash(password, user.SecurityStamp))
// {
// user.LockoutEnd = null;
// user.AccessFailedCount = 0;
// success = true;
// }
// else
// {
// user.AccessFailedCount += 1;
// if (user.AccessFailedCount >= maxAccessFailedCount)
// {
// user.LockoutEnd = DateTime.UtcNow.AddMinutes(lockoutEndMinutes);
// }
// }
// this._userRepo.SaveChanges();
// }
// }
// else//对未启用登录锁定的用户进行验证
// {
// if (user.PasswordHash == this._encryptionService.CreatePasswordHash(password, user.SecurityStamp))
// {
// success = true;
// }
// }
// if (success)
// {
// var roles = this._userRepo.ReadOnlyTable().Where(o => o.UserName == userName)
// .SelectMany(o => o.UserRoles)
// .Select(o => o.Role)
// .SelectMany(o => o.RolePermissions)
// .Select(o => o.Permission.Number)
// .ToList();
// var claims = new List<Claim> { new Claim("Name", userName) };
// claims.AddRange(roles.Select(o => new Claim("Role", o)).ToList());
// var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme, "Name", "Role"));
// context.Result = new GrantValidationResult(claimsPrincipal);
// }
// else
// {
// if (user.LockoutEnabled && user.LockoutEnd.HasValue)
// {
// context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, $"用户被锁定,请于{user.LockoutEnd.Value.ToLocalTime().ToString("HH:mm")}后重试");
// }
// else
// {
// context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "密码错误");
// }
// }
// }
//}
//catch (Exception ex)
//{
// context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, ex.Message);
//}
return Task.CompletedTask;
}
}
}
Reference in new issue View Git Blame Copy Permalink