From fe8678fa3fea93d9bb9dbcbbf76cd0eed7d03a92 Mon Sep 17 00:00:00 2001 From: vktun <425989168@qq.com> Date: Fri, 11 Jun 2021 20:24:39 +0800 Subject: [PATCH] fixed reset password for code --- .../PhoneNumberLoginAccountAppService.cs | 46 ++++++++++++++++--- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/src/EasyAbp.Abp.PhoneNumberLogin.Application/EasyAbp/Abp/PhoneNumberLogin/Account/PhoneNumberLoginAccountAppService.cs b/src/EasyAbp.Abp.PhoneNumberLogin.Application/EasyAbp/Abp/PhoneNumberLogin/Account/PhoneNumberLoginAccountAppService.cs index 11ac15f..46ed6a7 100644 --- a/src/EasyAbp.Abp.PhoneNumberLogin.Application/EasyAbp/Abp/PhoneNumberLogin/Account/PhoneNumberLoginAccountAppService.cs +++ b/src/EasyAbp.Abp.PhoneNumberLogin.Application/EasyAbp/Abp/PhoneNumberLogin/Account/PhoneNumberLoginAccountAppService.cs @@ -1,15 +1,20 @@ using EasyAbp.Abp.PhoneNumberLogin.Account.Dtos; using EasyAbp.Abp.PhoneNumberLogin.Identity; +using EasyAbp.Abp.PhoneNumberLogin.Localization; using EasyAbp.Abp.PhoneNumberLogin.Settings; using EasyAbp.Abp.VerificationCode; using IdentityModel.Client; using Microsoft.AspNetCore.Identity; +using Microsoft.Extensions.Caching.Distributed; using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.Localization; using Microsoft.Extensions.Options; using System; using System.Net.Http; using System.Threading.Tasks; +using Volo.Abp; using Volo.Abp.Application.Services; +using Volo.Abp.Caching; using Volo.Abp.Identity; using Volo.Abp.Settings; using Volo.Abp.Uow; @@ -28,6 +33,8 @@ public class PhoneNumberLoginAccountAppService : ApplicationService, IPhoneNumbe private readonly IHttpClientFactory _httpClientFactory; private readonly IConfiguration _configuration; private readonly ISettingProvider _settingProvider; + private readonly IDistributedCache _distributedCache; + private readonly IStringLocalizer _localizer; public PhoneNumberLoginAccountAppService( IPhoneNumberLoginVerificationCodeSender phoneNumberLoginVerificationCodeSender, @@ -38,7 +45,9 @@ public PhoneNumberLoginAccountAppService( IHttpClientFactory httpClientFactory, IConfiguration configuration, ISettingProvider settingProvider, - IdentityUserManager identityUserManager) + IdentityUserManager identityUserManager, + IDistributedCache distributedCache, + IStringLocalizer localizer) { _phoneNumberLoginVerificationCodeSender = phoneNumberLoginVerificationCodeSender; _phoneNumberLoginNewUserCreator = phoneNumberLoginNewUserCreator; @@ -49,6 +58,8 @@ public PhoneNumberLoginAccountAppService( _httpClientFactory = httpClientFactory; _settingProvider = settingProvider; _configuration = configuration; + _distributedCache = distributedCache; + _localizer = localizer; } public virtual async Task SendVerificationCodeAsync(SendVerificationCodeInput input) @@ -99,11 +110,21 @@ public virtual async Task ConfirmPhoneNumberAsync(Conf public virtual async Task ResetPasswordAsync(ResetPasswordWithPhoneNumberInput input) { + var result = await GetValidateResultAsync(input.PhoneNumber, input.VerificationCode, VerificationCodeType.ResetPassword); + if (!result) + { + throw new InvalidVerificationCodeException(); + } await _identityOptions.SetAsync(); var identityUser = await _uniquePhoneNumberIdentityUserRepository.GetByConfirmedPhoneNumberAsync(input.PhoneNumber); - - (await _identityUserManager.ResetPasswordAsync(identityUser, input.VerificationCode, input.Password)).CheckErrors(); + // VerifyTwoFactor + if (!await _identityUserManager.VerifyTwoFactorTokenAsync(identityUser, TokenOptions.DefaultPhoneProvider, input.VerificationCode)) + { + throw new UserFriendlyException(_localizer["InvalidVerificationCode"]); + } + var resetPwdToken = await _identityUserManager.GeneratePasswordResetTokenAsync(identityUser); + (await _identityUserManager.ResetPasswordAsync(identityUser, resetPwdToken, input.Password)).CheckErrors(); } public virtual async Task TryRegisterAndRequestTokenAsync(TryRegisterAndRequestTokenInput input) @@ -164,9 +185,8 @@ protected virtual async Task GetValidateResultAsync(string phoneNumber, st { case VerificationCodeType.ResetPassword: - // Not able to validate reset password token here using default asp.net identity implementation - - return true; + var tempCode = await _distributedCache.GetAsync($"{PhoneNumberLoginConsts.VerificationCodeCachePrefix}:{type}:{phoneNumber}"); + return tempCode.Equals(code); case VerificationCodeType.Register: @@ -276,7 +296,19 @@ protected virtual async Task GenerateCodeAsync(string phoneNumber, Verif switch (type) { case VerificationCodeType.ResetPassword: - code = await _identityUserManager.GeneratePasswordResetTokenAsync(identityUser); + if (identityUser == null) + throw new UserFriendlyException(_localizer["InvalidPhoneNumber"]); + var tspan = await GetRegisterCodeCacheSecondsAsync(); + code = await _distributedCache.GetOrAddAsync($"{PhoneNumberLoginConsts.VerificationCodeCachePrefix}:{type}:{phoneNumber}", + async () => + { + return await _identityUserManager.GenerateTwoFactorTokenAsync(identityUser, TokenOptions.DefaultPhoneProvider); + }, + () => new DistributedCacheEntryOptions + { + AbsoluteExpiration = DateTimeOffset.Now.AddSeconds(tspan) + } + ); break; case VerificationCodeType.Register: