diff --git a/modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Account/IdentityServerSupportedLoginModel.cs b/modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Account/IdentityServerSupportedLoginModel.cs index d04abee6d9..d60c90ce60 100644 --- a/modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Account/IdentityServerSupportedLoginModel.cs +++ b/modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Account/IdentityServerSupportedLoginModel.cs @@ -10,7 +10,6 @@ using System; using System.Diagnostics; using System.Linq; using System.Security.Claims; -using System.Security.Principal; using System.Threading.Tasks; using Microsoft.AspNetCore.Identity; using Volo.Abp.Account.Settings; @@ -32,14 +31,12 @@ public class IdentityServerSupportedLoginModel : LoginModel public IdentityServerSupportedLoginModel( IAuthenticationSchemeProvider schemeProvider, IOptions accountOptions, + IOptions identityOptions, + IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache, IIdentityServerInteractionService interaction, IClientStore clientStore, - IEventService identityServerEvents, - IOptions identityOptions) - : base( - schemeProvider, - accountOptions, - identityOptions) + IEventService identityServerEvents) + : base(schemeProvider, accountOptions, identityOptions, identityDynamicClaimsPrincipalContributorCache) { Interaction = interaction; ClientStore = clientStore; @@ -177,6 +174,9 @@ public class IdentityServerSupportedLoginModel : LoginModel Debug.Assert(user != null, nameof(user) + " != null"); await IdentityServerEvents.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName)); //TODO: Use user's name once implemented + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); + return RedirectSafely(ReturnUrl, ReturnUrlHash); } diff --git a/modules/account/src/Volo.Abp.Account.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs b/modules/account/src/Volo.Abp.Account.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs index 10231a2607..d7998eb826 100644 --- a/modules/account/src/Volo.Abp.Account.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs +++ b/modules/account/src/Volo.Abp.Account.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs @@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Mvc; using OpenIddict.Server; using OpenIddict.Server.AspNetCore; using Volo.Abp.DependencyInjection; +using Volo.Abp.Identity; using Volo.Abp.MultiTenancy; using Volo.Abp.OpenIddict; @@ -17,12 +18,14 @@ namespace Volo.Abp.Account.Web.Pages.Account; public class OpenIddictSupportedLoginModel : LoginModel { protected AbpOpenIddictRequestHelper OpenIddictRequestHelper { get; } + public OpenIddictSupportedLoginModel( IAuthenticationSchemeProvider schemeProvider, IOptions accountOptions, IOptions identityOptions, + IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache, AbpOpenIddictRequestHelper openIddictRequestHelper) - : base(schemeProvider, accountOptions, identityOptions) + : base(schemeProvider, accountOptions, identityOptions, identityDynamicClaimsPrincipalContributorCache) { OpenIddictRequestHelper = openIddictRequestHelper; } diff --git a/modules/account/src/Volo.Abp.Account.Web/Areas/Account/Controllers/AccountController.cs b/modules/account/src/Volo.Abp.Account.Web/Areas/Account/Controllers/AccountController.cs index 8e93913176..9caff2c187 100644 --- a/modules/account/src/Volo.Abp.Account.Web/Areas/Account/Controllers/AccountController.cs +++ b/modules/account/src/Volo.Abp.Account.Web/Areas/Account/Controllers/AccountController.cs @@ -29,13 +29,15 @@ public class AccountController : AbpControllerBase protected ISettingProvider SettingProvider { get; } protected IdentitySecurityLogManager IdentitySecurityLogManager { get; } protected IOptions IdentityOptions { get; } + protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; } public AccountController( SignInManager signInManager, IdentityUserManager userManager, ISettingProvider settingProvider, IdentitySecurityLogManager identitySecurityLogManager, - IOptions identityOptions) + IOptions identityOptions, + IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache) { LocalizationResource = typeof(AccountResource); @@ -44,6 +46,7 @@ public class AccountController : AbpControllerBase SettingProvider = settingProvider; IdentitySecurityLogManager = identitySecurityLogManager; IdentityOptions = identityOptions; + IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache; } [HttpPost] @@ -69,6 +72,16 @@ public class AccountController : AbpControllerBase UserName = login.UserNameOrEmailAddress }); + if (signInResult.Succeeded) + { + var user = await UserManager.FindByNameAsync(login.UserNameOrEmailAddress); + if (user != null) + { + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); + } + } + return GetAbpLoginResult(signInResult); } diff --git a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs index d4bb0dbc5e..7b7d4a2b94 100644 --- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs +++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs @@ -52,17 +52,19 @@ public class LoginModel : AccountPageModel protected IAuthenticationSchemeProvider SchemeProvider { get; } protected AbpAccountOptions AccountOptions { get; } protected IOptions IdentityOptions { get; } - + protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; } public bool ShowCancelButton { get; set; } public LoginModel( IAuthenticationSchemeProvider schemeProvider, IOptions accountOptions, - IOptions identityOptions) + IOptions identityOptions, + IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache) { SchemeProvider = schemeProvider; IdentityOptions = identityOptions; AccountOptions = accountOptions.Value; + IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache; } public virtual async Task OnGetAsync() @@ -138,6 +140,9 @@ public class LoginModel : AccountPageModel Debug.Assert(user != null, nameof(user) + " != null"); + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); + return RedirectSafely(ReturnUrl, ReturnUrlHash); } @@ -222,8 +227,16 @@ public class LoginModel : AccountPageModel throw new UserFriendlyException("Cannot proceed because user is not allowed!"); } + IdentityUser user; if (result.Succeeded) { + user = await UserManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey); + if (user != null) + { + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); + } + return RedirectSafely(returnUrl, returnUrlHash); } @@ -239,7 +252,7 @@ public class LoginModel : AccountPageModel }); } - var user = await UserManager.FindByEmailAsync(email); + user = await UserManager.FindByEmailAsync(email); if (user == null) { return RedirectToPage("./Register", new { @@ -263,6 +276,9 @@ public class LoginModel : AccountPageModel UserName = user.Name }); + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); + return RedirectSafely(returnUrl, returnUrlHash); } diff --git a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs index 322a17e82f..9e0a2c191b 100644 --- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs +++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs @@ -46,13 +46,16 @@ public class RegisterModel : AccountPageModel protected IAuthenticationSchemeProvider SchemeProvider { get; } protected AbpAccountOptions AccountOptions { get; } + protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; } public RegisterModel( IAccountAppService accountAppService, IAuthenticationSchemeProvider schemeProvider, - IOptions accountOptions) + IOptions accountOptions, + IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache) { SchemeProvider = schemeProvider; + IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache; AccountAppService = accountAppService; AccountOptions = accountOptions.Value; } @@ -159,6 +162,9 @@ public class RegisterModel : AccountPageModel var user = await UserManager.GetByIdAsync(userDto.Id); await SignInManager.SignInAsync(user, isPersistent: true); + + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); } protected virtual async Task RegisterExternalUserAsync(ExternalLoginInfo externalLoginInfo, string userName, string emailAddress) @@ -185,6 +191,9 @@ public class RegisterModel : AccountPageModel } await SignInManager.SignInAsync(user, isPersistent: true, ExternalLoginAuthSchema); + + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); } protected virtual async Task CheckSelfRegistrationAsync() diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs index 9617d4f409..26f826da7a 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs @@ -31,6 +31,7 @@ public partial class TokenController protected IdentitySecurityLogManager IdentitySecurityLogManager => LazyServiceProvider.LazyGetRequiredService(); protected ISettingProvider SettingProvider => LazyServiceProvider.LazyGetRequiredService(); + protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache => LazyServiceProvider.LazyGetRequiredService(); [UnitOfWork] protected virtual async Task HandlePasswordAsync(OpenIddictRequest request) @@ -334,6 +335,9 @@ public partial class TokenController protected virtual async Task SetSuccessResultAsync(OpenIddictRequest request, IdentityUser user) { + // Clear the dynamic claims cache. + await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId); + // Create a new ClaimsPrincipal containing the claims that // will be used to create an id_token, a token or a code. var principal = await SignInManager.CreateUserPrincipalAsync(user);