Clear the dynamic cache when user logs in.

2 years ago · 0a3be97a28
parent 3b09f26e68
commit 0a3be97a28
6 changed files with 58 additions and 13 deletions
--- a/modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Account/IdentityServerSupportedLoginModel.cs
+++ b/modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Account/IdentityServerSupportedLoginModel.cs
@ -10,7 +10,6 @@ using System;
 using System.Diagnostics;
 using System.Linq;
 using System.Security.Claims;
-using System.Security.Principal;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Identity;
 using Volo.Abp.Account.Settings;
@ -32,14 +31,12 @@ public class IdentityServerSupportedLoginModel : LoginModel
    public IdentityServerSupportedLoginModel(
        IAuthenticationSchemeProvider schemeProvider,
        IOptions<AbpAccountOptions> accountOptions,
+        IOptions<IdentityOptions> identityOptions,
+        IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache,
        IIdentityServerInteractionService interaction,
        IClientStore clientStore,
-        IEventService identityServerEvents,
-        IOptions<IdentityOptions> identityOptions)
-        : base(
-            schemeProvider,
-            accountOptions,
-            identityOptions)
+        IEventService identityServerEvents)
+        : base(schemeProvider, accountOptions, identityOptions, identityDynamicClaimsPrincipalContributorCache)
    {
        Interaction = interaction;
        ClientStore = clientStore;
@ -177,6 +174,9 @@ public class IdentityServerSupportedLoginModel : LoginModel
        Debug.Assert(user != null, nameof(user) + " != null");
        await IdentityServerEvents.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName)); //TODO: Use user's name once implemented

+        // Clear the dynamic claims cache.
+        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
+
        return RedirectSafely(ReturnUrl, ReturnUrlHash);
    }

--- a/modules/account/src/Volo.Abp.Account.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs
+++ b/modules/account/src/Volo.Abp.Account.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs
@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Mvc;
 using OpenIddict.Server;
 using OpenIddict.Server.AspNetCore;
 using Volo.Abp.DependencyInjection;
+using Volo.Abp.Identity;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.OpenIddict;

@ -17,12 +18,14 @@ namespace Volo.Abp.Account.Web.Pages.Account;
 public class OpenIddictSupportedLoginModel : LoginModel
 {
    protected AbpOpenIddictRequestHelper OpenIddictRequestHelper { get; }
+
    public OpenIddictSupportedLoginModel(
        IAuthenticationSchemeProvider schemeProvider,
        IOptions<AbpAccountOptions> accountOptions,
        IOptions<IdentityOptions> identityOptions,
+        IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache,
        AbpOpenIddictRequestHelper openIddictRequestHelper)
-        : base(schemeProvider, accountOptions, identityOptions)
+        : base(schemeProvider, accountOptions, identityOptions, identityDynamicClaimsPrincipalContributorCache)
    {
        OpenIddictRequestHelper = openIddictRequestHelper;
    }
--- a/modules/account/src/Volo.Abp.Account.Web/Areas/Account/Controllers/AccountController.cs
+++ b/modules/account/src/Volo.Abp.Account.Web/Areas/Account/Controllers/AccountController.cs
@ -29,13 +29,15 @@ public class AccountController : AbpControllerBase
    protected ISettingProvider SettingProvider { get; }
    protected IdentitySecurityLogManager IdentitySecurityLogManager { get; }
    protected IOptions<IdentityOptions> IdentityOptions { get; }
+    protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; }

    public AccountController(
        SignInManager<IdentityUser> signInManager,
        IdentityUserManager userManager,
        ISettingProvider settingProvider,
        IdentitySecurityLogManager identitySecurityLogManager,
-        IOptions<IdentityOptions> identityOptions)
+        IOptions<IdentityOptions> identityOptions,
+        IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache)
    {
        LocalizationResource = typeof(AccountResource);

@ -44,6 +46,7 @@ public class AccountController : AbpControllerBase
        SettingProvider = settingProvider;
        IdentitySecurityLogManager = identitySecurityLogManager;
        IdentityOptions = identityOptions;
+        IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache;
    }

    [HttpPost]
@ -69,6 +72,16 @@ public class AccountController : AbpControllerBase
            UserName = login.UserNameOrEmailAddress
        });

+        if (signInResult.Succeeded)
+        {
+            var user = await UserManager.FindByNameAsync(login.UserNameOrEmailAddress);
+            if (user != null)
+            {
+                // Clear the dynamic claims cache.
+                await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
+            }
+        }
+
        return GetAbpLoginResult(signInResult);
    }

--- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs
+++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs
@ -52,17 +52,19 @@ public class LoginModel : AccountPageModel
    protected IAuthenticationSchemeProvider SchemeProvider { get; }
    protected AbpAccountOptions AccountOptions { get; }
    protected IOptions<IdentityOptions> IdentityOptions { get; }
-
+    protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; }
    public bool ShowCancelButton { get; set; }

    public LoginModel(
        IAuthenticationSchemeProvider schemeProvider,
        IOptions<AbpAccountOptions> accountOptions,
-        IOptions<IdentityOptions> identityOptions)
+        IOptions<IdentityOptions> identityOptions,
+        IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache)
    {
        SchemeProvider = schemeProvider;
        IdentityOptions = identityOptions;
        AccountOptions = accountOptions.Value;
+        IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache;
    }

    public virtual async Task<IActionResult> OnGetAsync()
@ -138,6 +140,9 @@ public class LoginModel : AccountPageModel

        Debug.Assert(user != null, nameof(user) + " != null");

+        // Clear the dynamic claims cache.
+        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
+
        return RedirectSafely(ReturnUrl, ReturnUrlHash);
    }

@ -222,8 +227,16 @@ public class LoginModel : AccountPageModel
            throw new UserFriendlyException("Cannot proceed because user is not allowed!");
        }

+        IdentityUser user;
        if (result.Succeeded)
        {
+            user = await UserManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey);
+            if (user != null)
+            {
+                // Clear the dynamic claims cache.
+                await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
+            }
+
            return RedirectSafely(returnUrl, returnUrlHash);
        }

@ -239,7 +252,7 @@ public class LoginModel : AccountPageModel
            });
        }

-        var user = await UserManager.FindByEmailAsync(email);
+        user = await UserManager.FindByEmailAsync(email);
        if (user == null)
        {
            return RedirectToPage("./Register", new {
@ -263,6 +276,9 @@ public class LoginModel : AccountPageModel
            UserName = user.Name
        });

+        // Clear the dynamic claims cache.
+        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
+
        return RedirectSafely(returnUrl, returnUrlHash);
    }

--- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs
+++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs
@ -46,13 +46,16 @@ public class RegisterModel : AccountPageModel
    protected IAuthenticationSchemeProvider SchemeProvider { get; }

    protected AbpAccountOptions AccountOptions { get; }
+    protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; }

    public RegisterModel(
        IAccountAppService accountAppService,
        IAuthenticationSchemeProvider schemeProvider,
-        IOptions<AbpAccountOptions> accountOptions)
+        IOptions<AbpAccountOptions> accountOptions,
+        IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache)
    {
        SchemeProvider = schemeProvider;
+        IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache;
        AccountAppService = accountAppService;
        AccountOptions = accountOptions.Value;
    }
@ -159,6 +162,9 @@ public class RegisterModel : AccountPageModel

        var user = await UserManager.GetByIdAsync(userDto.Id);
        await SignInManager.SignInAsync(user, isPersistent: true);
+
+        // Clear the dynamic claims cache.
+        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
    }

    protected virtual async Task RegisterExternalUserAsync(ExternalLoginInfo externalLoginInfo, string userName, string emailAddress)
@ -185,6 +191,9 @@ public class RegisterModel : AccountPageModel
        }

        await SignInManager.SignInAsync(user, isPersistent: true, ExternalLoginAuthSchema);
+
+        // Clear the dynamic claims cache.
+        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
    }

    protected virtual async Task<bool> CheckSelfRegistrationAsync()
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
@ -31,6 +31,7 @@ public partial class TokenController
    protected IdentitySecurityLogManager IdentitySecurityLogManager => LazyServiceProvider.LazyGetRequiredService<IdentitySecurityLogManager>();

    protected ISettingProvider SettingProvider => LazyServiceProvider.LazyGetRequiredService<ISettingProvider>();
+    protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache => LazyServiceProvider.LazyGetRequiredService<IdentityDynamicClaimsPrincipalContributorCache>();

    [UnitOfWork]
    protected virtual async Task<IActionResult> HandlePasswordAsync(OpenIddictRequest request)
@ -334,6 +335,9 @@ public partial class TokenController

    protected virtual async Task<IActionResult> SetSuccessResultAsync(OpenIddictRequest request, IdentityUser user)
    {
+        // Clear the dynamic claims cache.
+        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
+
        // Create a new ClaimsPrincipal containing the claims that
        // will be used to create an id_token, a token or a code.
        var principal = await SignInManager.CreateUserPrincipalAsync(user);