feat(templates): check if user is confirmed before sign-in with otp i…

…n Boilerplate #7633 (#7634)

src/Templates/Boilerplate/Bit.Boilerplate/src/Boilerplate.Server/Controllers/Identity/IdentityController.cs

@@ -17,6 +17,8 @@ public partial class IdentityController : AppControllerBase, IIdentityController
 
     [AutoInject] private IUserStore<User> userStore = default!;
 
+    [AutoInject] private IUserConfirmation<User> userConfirmation = default!;
+
     [AutoInject] private IOptionsMonitor<BearerTokenOptions> bearerTokenOptions = default!;
 
     [AutoInject] private SmsService smsService = default!;
@@ -94,7 +96,7 @@ public async Task ConfirmEmail(ConfirmEmailRequestDto request, CancellationToken
         var user = await userManager.FindByEmailAsync(request.Email!)
             ?? throw new BadRequestException(Localizer[nameof(AppStrings.UserNotFound)]);
 
-        if (user.EmailConfirmed) return;
+        if (await userManager.IsEmailConfirmedAsync(user)) return;
 
         if (await userManager.IsLockedOutAsync(user))
             throw new BadRequestException(Localizer[nameof(AppStrings.UserLockedOut), (DateTimeOffset.UtcNow - user.LockoutEnd!).Value.ToString("mm\\:ss")]);
@@ -135,7 +137,7 @@ public async Task ConfirmPhone(ConfirmPhoneRequestDto request, CancellationToken
         if (await userManager.IsLockedOutAsync(user))
             throw new BadRequestException(Localizer[nameof(AppStrings.UserLockedOut), (DateTimeOffset.UtcNow - user.LockoutEnd!).Value.ToString("mm\\:ss")]);
 
-        if (user.PhoneNumberConfirmed) return;
+        if (await userManager.IsPhoneNumberConfirmedAsync(user)) return;
 
         var tokenIsValid = await userManager.VerifyUserTokenAsync(user, TokenOptions.DefaultPhoneProvider, $"VerifyPhoneNumber:{request.PhoneNumber},Date:{user.PhoneNumberTokenRequestedOn}", request.Token!);
 
@@ -161,10 +163,11 @@ public async Task<ActionResult<SignInResponseDto>> SignIn(SignInRequestDto reque
             ? await signInManager.OtpSignInAsync(user, request.Otp!)
             : await signInManager.PasswordSignInAsync(user!.UserName!, request.Password!, isPersistent: false, lockoutOnFailure: true);
 
+        if (result.IsNotAllowed && await userConfirmation.IsConfirmedAsync(userManager, user) is false)
+            throw new BadRequestException(Localizer[nameof(AppStrings.UserIsNotConfirmed)]);
+
         if (result.IsLockedOut)
-        {
             throw new BadRequestException(Localizer[nameof(AppStrings.UserLockedOut), (DateTimeOffset.UtcNow - user.LockoutEnd!).Value.ToString("mm\\:ss")]);
-        }
 
         if (result.RequiresTwoFactor)
         {
@@ -220,6 +223,9 @@ public async Task SendResetPasswordToken(SendResetPasswordTokenRequestDto reques
         var user = await userManager.FindUser(request)
                     ?? throw new ResourceNotFoundException(Localizer[nameof(AppStrings.UserNotFound)]);
 
+        if (await userConfirmation.IsConfirmedAsync(userManager, user) is false)
+            throw new BadRequestException(Localizer[nameof(AppStrings.UserIsNotConfirmed)]);
+
         var resendDelay = (DateTimeOffset.Now - user.ResetPasswordTokenRequestedOn) - AppSettings.IdentitySettings.ResetPasswordTokenRequestResendDelay;
 
         if (resendDelay < TimeSpan.Zero)
@@ -264,6 +270,9 @@ public async Task SendOtp(IdentityRequestDto request, CancellationToken cancella
         var user = await userManager.FindUser(request)
                     ?? throw new ResourceNotFoundException(Localizer[nameof(AppStrings.UserNotFound)]);
 
+        if (await userConfirmation.IsConfirmedAsync(userManager, user) is false)
+            throw new BadRequestException(Localizer[nameof(AppStrings.UserIsNotConfirmed)]);
+
         var resendDelay = (DateTimeOffset.Now - user.OtpRequestedOn) - AppSettings.IdentitySettings.OtpRequestResendDelay;
 
         if (resendDelay < TimeSpan.Zero)

src/Templates/Boilerplate/Bit.Boilerplate/src/Boilerplate.Server/Extensions/SignInManagerExtensions.cs

@@ -9,6 +9,8 @@ public static async Task<SignInResult> OtpSignInAsync(this SignInManager<User> s
     {
         var userManager = signInManager.UserManager;
 
+        if (await signInManager.CanSignInAsync(user) is false) return SignInResult.NotAllowed;
+
         if (await userManager.IsLockedOutAsync(user)) return SignInResult.LockedOut;
 
         bool tokenIsValid = await userManager.VerifyUserTokenAsync(user!, TokenOptions.DefaultPhoneProvider, $"Otp,Date:{user.OtpRequestedOn}", otp!);

src/Templates/Boilerplate/Bit.Boilerplate/src/Boilerplate.Shared/Resources/AppStrings.fa.resx

@@ -326,6 +326,9 @@
   </data>
     <data name="UserLockedOut" xml:space="preserve">
     <value>کاربر قفل شده است. دوباره امتحان کنید در {0}</value>
+  </data>
+    <data name="UserIsNotConfirmed" xml:space="preserve">
+    <value>حساب خود را تایید نکرده اید</value>
   </data>
     <data name="UserNotFound" xml:space="preserve">
     <value>کاربر وجود ندارد.</value>

src/Templates/Boilerplate/Bit.Boilerplate/src/Boilerplate.Shared/Resources/AppStrings.fr.resx

@@ -326,6 +326,9 @@
   </data>
     <data name="UserLockedOut" xml:space="preserve">
     <value>L'utilisateur est verrouillé. Réessayez dans {0}</value>
+  </data>
+    <data name="UserIsNotConfirmed" xml:space="preserve">
+    <value>L'utilisateur n'est pas confirmé.</value>
   </data>
     <data name="UserNotFound" xml:space="preserve">
     <value>L'utilisateur n'existe pas.</value>

src/Templates/Boilerplate/Bit.Boilerplate/src/Boilerplate.Shared/Resources/AppStrings.resx

@@ -326,6 +326,9 @@
   </data>
     <data name="UserLockedOut" xml:space="preserve">
     <value>User is locked out. Try again in {0}</value>
+  </data>
+    <data name="UserIsNotConfirmed" xml:space="preserve">
+    <value>User is not confirmed.</value>
   </data>
     <data name="UserNotFound" xml:space="preserve">
     <value>User does not exist.</value>