Merge pull request #16933 from abpframework/auto-merge/rel-7-3/2027

Merge branch dev with rel-7.3

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/en.json

@@ -10,6 +10,7 @@
     "LoginIsNotAllowed": "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number.",
     "InvalidUsername": "Invalid username or password!",
     "InvalidAuthenticatorCode": "Invalid authenticator code!",
+    "InvalidRecoveryCode": "Invalid recovery code!",
     "TheTargetUserIsNotLinkedToYou": "The target user is not linked to you!"
   }
 }

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/tr.json

@@ -10,6 +10,7 @@
     "LoginIsNotAllowed": "Giriş yapmanıza izin verilmiyor! Hesabınız etkin değil veya e-postanızı/telefon numaranızı onaylamanız gerekiyor.",
     "InvalidUsername": "Kullanıcı adı ya da şifre geçersiz!",
     "InvalidAuthenticatorCode": "Geçersiz kimlik doğrulama kodu!",
+    "InvalidRecoveryCode": "Geçersiz kurtarma kodu!",
     "TheTargetUserIsNotLinkedToYou": "Hedef kullanıcı sizinle bağlantılı değil!"
   }
-}
+}

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hans.json

@@ -10,6 +10,7 @@
     "LoginIsNotAllowed": "无法登录!你的账号未激活或者需要验证邮箱地址/手机号.",
     "InvalidUsername": "用户名或密码错误!",
     "InvalidAuthenticatorCode": "验证码无效!",
+    "InvalidRecoveryCode": "恢复代码无效!",
     "TheTargetUserIsNotLinkedToYou": "目标用户未和你有关联!"
   }
 }

modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared/Volo/Abp/IdentityServer/Localization/Resources/zh-Hant.json

@@ -10,6 +10,7 @@
     "LoginIsNotAllowed": "無法登入!你的賬號未激活或者需要驗證郵箱地址/手機號碼.",
     "InvalidUsername": "用戶名或密碼錯誤!",
     "InvalidAuthenticatorCode": "驗證碼無效！",
+    "InvalidRecoveryCode": "恢復碼無效！",
     "TheTargetUserIsNotLinkedToYou": "目標用戶與您無關！"
   }
-}
+}

modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs

@@ -178,6 +178,20 @@ public class AbpResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
 
     protected virtual async Task HandleTwoFactorLoginAsync(ResourceOwnerPasswordValidationContext context, IdentityUser user)
     {
+        var recoveryCode = context.Request?.Raw?["RecoveryCode"];
+        if (!recoveryCode.IsNullOrWhiteSpace())
+        {
+            var result = await UserManager.RedeemTwoFactorRecoveryCodeAsync(user, recoveryCode);
+            if (result.Succeeded)
+            {
+                await SetSuccessResultAsync(context, user);
+                return;
+            }
+
+            Logger.LogInformation("Authentication failed for username: {username}, reason: InvalidRecoveryCode", context.UserName);
+            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, Localizer["InvalidRecoveryCode"]);
+        }
+
         var twoFactorProvider = context.Request?.Raw?["TwoFactorProvider"];
         var twoFactorCode = context.Request?.Raw?["TwoFactorCode"];
         if (!twoFactorProvider.IsNullOrWhiteSpace() && !twoFactorCode.IsNullOrWhiteSpace())

modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs

@@ -175,8 +175,26 @@ public partial class TokenController
 
     protected virtual async Task<IActionResult> HandleTwoFactorLoginAsync(OpenIddictRequest request, IdentityUser user)
     {
+        var recoveryCode = request.GetParameter("RecoveryCode")?.ToString();
+        if (!recoveryCode.IsNullOrWhiteSpace())
+        {
+            var result = await UserManager.RedeemTwoFactorRecoveryCodeAsync(user, recoveryCode);
+            if (result.Succeeded)
+            {
+                return await SetSuccessResultAsync(request, user);
+            }
+
+            var properties = new AuthenticationProperties(new Dictionary<string, string>
+            {
+                [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
+                [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "Invalid recovery code!"
+            });
+
+            return Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
+        }
+
         var twoFactorProvider = request.GetParameter("TwoFactorProvider")?.ToString();
-        var twoFactorCode = request.GetParameter("TwoFactorCode")?.ToString();;
+        var twoFactorCode = request.GetParameter("TwoFactorCode")?.ToString();
         if (!twoFactorProvider.IsNullOrWhiteSpace() && !twoFactorCode.IsNullOrWhiteSpace())
         {
             var providers = await UserManager.GetValidTwoFactorProvidersAsync(user);