Skip to content

Commit

Permalink
add user lockout after given retry count
Browse files Browse the repository at this point in the history
  • Loading branch information
@emrecoskun705
emrecoskun705 committed Sep 10, 2023
1 parent 58d5cd5 commit 1a1fd09
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 3 deletions.
3 changes: 3 additions & 0 deletions Unitagram.Identity/IdentityServiceRegistration.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ public static IServiceCollection AddIdentityServices(this IServiceCollection ser
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;

options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(3); // Lockout duration (3 minutes)
options.Lockout.MaxFailedAccessAttempts = 8; // Maximum failed attempts before lockout (8 attempts)

options.SignIn.RequireConfirmedEmail = true;
options.Tokens.EmailConfirmationTokenProvider = "emailconfirmation";
})
Expand Down
6 changes: 6 additions & 0 deletions Unitagram.Identity/Models/Confirmation.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
namespace Unitagram.Identity.Models;

public class Confirmation
{

}
2 changes: 1 addition & 1 deletion Unitagram.Identity/Providers/SixDigitEmailConfirmationTokenProvider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public override Task<string> GenerateAsync(string purpose, UserManager<TUser> ma
{
throw new ArgumentNullException(nameof(manager));
}

var code = GenerateRandom6DigitCode(); // Generate a 6-digit code as a string
return Task.FromResult(code);
}
Expand Down
28 changes: 27 additions & 1 deletion Unitagram.Identity/Services/AuthService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,45 @@ public async Task<Result<AuthResponse>> Login(AuthRequest request)
return new Result<AuthResponse>(notFoundException);
}

if (user.LockoutEnabled && user.AccessFailedCount >= _userManager.Options.Lockout.MaxFailedAccessAttempts-1)
{
var lockoutEndDate = await _userManager.GetLockoutEndDateAsync(user);
if (lockoutEndDate >= DateTimeOffset.UtcNow)
{
var lockoutException = new BadRequestException($"Account locked out. Try again later.");
return new Result<AuthResponse>(lockoutException);
}
else
{
// If lockout has expired, reset the AccessFailedCount and LockoutEnd
await _userManager.ResetAccessFailedCountAsync(user);
await _userManager.SetLockoutEndDateAsync(user, null); // Reset lockout end date
}
}

if (!user.EmailConfirmed)
{
var badRequestException = new BadRequestException($"Email is not confirmed for '{request.UserName}'.");
var badRequestException = new BadRequestException($"Email is not confirmed for '{user.Email}'.");
return new Result<AuthResponse>(badRequestException);
}

var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false);

if (result.Succeeded == false)
{
await _userManager.AccessFailedAsync(user);
if (user.LockoutEnabled && user.AccessFailedCount >= _userManager.Options.Lockout.MaxFailedAccessAttempts-1)
{
await _userManager.SetLockoutEndDateAsync(user, DateTimeOffset.UtcNow.Add(_userManager.Options.Lockout.DefaultLockoutTimeSpan));
var lockoutException = new BadRequestException($"Account locked out. Try again later.");
return new Result<AuthResponse>(lockoutException);
}

var badRequestException = new BadRequestException($"Credentials for '{request.UserName} aren't valid'.");
return new Result<AuthResponse>(badRequestException);
}

await _signInManager.SignInAsync(user, false);

JwtResponse jwtResponse = _jwtService.CreateJwtToken(await UserToJwtRequest(user));
// update user
Expand Down
2 changes: 1 addition & 1 deletion Unitagram.WebAPI/api.xml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 1a1fd09

Please sign in to comment.