identity: many fixes to auth grant validation

2026-02-12 19:22:45 +00:00 · 2024-05-16 13:15:41 +05:00
parent abe7e67933
commit dac2d7a577
3 changed files with 15 additions and 12 deletions
--- a/Streetwriters.Identity/Validation/LockedOutValidationResult.cs
+++ b/Streetwriters.Identity/Validation/LockedOutValidationResult.cs
@@ -26,11 +26,12 @@ namespace Streetwriters.Identity.Validation
    {
        public LockedOutValidationResult(TimeSpan? timeLeft)
        {
-            base.Error = "locked_out";
+            Error = "locked_out";
+            IsError = true;
            if (timeLeft.HasValue)
-                base.ErrorDescription = $"You have been locked out. Please try again in {timeLeft?.Minutes.Pluralize("minute", "minutes")} and {timeLeft?.Seconds.Pluralize("second", "seconds")}.";
+                ErrorDescription = $"You have been locked out. Please try again in {timeLeft?.Minutes.Pluralize("minute", "minutes")} and {timeLeft?.Seconds.Pluralize("second", "seconds")}.";
            else
-                base.ErrorDescription = $"You have been locked out.";
+                ErrorDescription = $"You have been locked out.";
        }
    }
 }
--- a/Streetwriters.Identity/Validation/MFAGrantValidator.cs
+++ b/Streetwriters.Identity/Validation/MFAGrantValidator.cs
@@ -89,6 +89,14 @@ namespace Streetwriters.Identity.Validation
            var user = await UserManager.FindByIdAsync(userId);
            if (user == null) return;

+            var isLockedOut = await UserManager.IsLockedOutAsync(user);
+            if (isLockedOut)
+            {
+                var timeLeft = user.LockoutEnd - DateTimeOffset.Now;
+                context.Result = new LockedOutValidationResult(timeLeft);
+                return;
+            }
+
            context.Result.Error = "invalid_mfa";
            context.Result.ErrorDescription = "Please provide a valid multi-factor authentication code.";

@@ -102,14 +110,6 @@ namespace Streetwriters.Identity.Validation
                return;
            }

-            var isLockedOut = await UserManager.IsLockedOutAsync(user);
-            if (isLockedOut)
-            {
-                var timeLeft = user.LockoutEnd - DateTimeOffset.Now;
-                context.Result = new LockedOutValidationResult(timeLeft);
-                return;
-            }
-
            if (mfaMethod == MFAMethods.RecoveryCode)
            {
                context.Result.ErrorDescription = "Please provide a valid multi-factor authentication recovery code.";
@@ -132,8 +132,9 @@ namespace Streetwriters.Identity.Validation
                }
            }

+            await UserManager.ResetAccessFailedCountAsync(user);
            context.Result.IsError = false;
-            context.Result.Subject = await TokenGenerationService.TransformTokenRequestAsync(context.Request, user, GrantType, new string[] { Config.MFA_PASSWORD_GRANT_TYPE_SCOPE });
+            context.Result.Subject = await TokenGenerationService.TransformTokenRequestAsync(context.Request, user, GrantType, [Config.MFA_PASSWORD_GRANT_TYPE_SCOPE]);
        }


--- a/Streetwriters.Identity/Validation/MFAPasswordGrantValidator.cs
+++ b/Streetwriters.Identity/Validation/MFAPasswordGrantValidator.cs
@@ -101,6 +101,7 @@ namespace Streetwriters.Identity.Validation
                return;
            }

+            await UserManager.ResetAccessFailedCountAsync(user);
            var sub = await UserManager.GetUserIdAsync(user);
            context.Result = new GrantValidationResult(sub, AuthenticationMethods.Password);
        }