From eed27e101aaf327c1ae11222f0385804b5706f82 Mon Sep 17 00:00:00 2001 From: Shaun Walker Date: Thu, 5 May 2022 09:57:09 -0400 Subject: [PATCH] fix #2176 - update LastIPAddress correctly during login --- Oqtane.Client/Modules/Admin/Login/Index.razor | 2 +- Oqtane.Server/Controllers/UserController.cs | 4 +++- .../Security/AutoValidateAntiforgeryTokenFilter.cs | 10 +++++++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Login/Index.razor b/Oqtane.Client/Modules/Admin/Login/Index.razor index 6b4d02e15..d45d18e2e 100644 --- a/Oqtane.Client/Modules/Admin/Login/Index.razor +++ b/Oqtane.Client/Modules/Admin/Login/Index.razor @@ -184,7 +184,7 @@ var interop = new Interop(JSRuntime); if (await interop.FormValid(login)) { - var user = new User { SiteId = PageState.Site.SiteId, Username = _username, Password = _password}; + var user = new User { SiteId = PageState.Site.SiteId, Username = _username, Password = _password, LastIPAddress = SiteState.RemoteIPAddress}; if (!twofactor) { diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs index d73ea1e6e..cdff197fd 100644 --- a/Oqtane.Server/Controllers/UserController.cs +++ b/Oqtane.Server/Controllers/UserController.cs @@ -327,6 +327,8 @@ public async Task Login([FromBody] User user) var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, true); if (result.Succeeded) { + var LastIPAddress = user.LastIPAddress; + user = _users.GetUser(user.Username); if (user.TwoFactorRequired) { @@ -353,7 +355,7 @@ public async Task Login([FromBody] User user) { loginUser.IsAuthenticated = true; loginUser.LastLoginOn = DateTime.UtcNow; - loginUser.LastIPAddress = HttpContext.Connection.RemoteIpAddress.ToString(); + loginUser.LastIPAddress = LastIPAddress; _users.UpdateUser(loginUser); _logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", user.Username); } diff --git a/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs b/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs index 86aa466ec..5efe69fc9 100644 --- a/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs +++ b/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs @@ -1,21 +1,25 @@ using System; -using System.Diagnostics; using System.Threading.Tasks; using Microsoft.AspNetCore.Antiforgery; using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Http.Extensions; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.AspNetCore.Mvc.ViewFeatures; +using Microsoft.Extensions.Logging; +using Oqtane.Shared; namespace Oqtane.Security { public class AutoValidateAntiforgeryTokenFilter : IAsyncAuthorizationFilter, IAntiforgeryPolicy { private readonly IAntiforgery _antiforgery; + private readonly ILogger _filelogger; - public AutoValidateAntiforgeryTokenFilter(IAntiforgery antiforgery) + public AutoValidateAntiforgeryTokenFilter(IAntiforgery antiforgery, ILogger filelogger) { _antiforgery = antiforgery; + _filelogger = filelogger; } public async Task OnAuthorizationAsync(AuthorizationFilterContext context) @@ -39,7 +43,7 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context) catch { context.Result = new AntiforgeryValidationFailedResult(); - Debug.WriteLine($"Oqtane Error: AutoValidateAntiforgeryTokenFilter Failure on {context.HttpContext.Request.Path}"); + _filelogger.LogError(Utilities.LogMessage(this, $"AutoValidateAntiforgeryTokenFilter Failure For {context.HttpContext.Request.GetEncodedUrl()}")); } } }