密码登录开启2FA

根据环境变量STS_PASSWORD_LOGIN_TWOFACTOR 判断是否开启密码2FA登录

Author: jonechenug

src/SecurityTokenService/Controllers/AccountController.cs

@@ -45,6 +45,9 @@ public class AccountController(
     private readonly SecurityTokenServiceOptions _options = options.CurrentValue;
     private readonly IdentityExtensionOptions _identityExtensionOptions = identityExtensionOptions.CurrentValue;
 
+    private static readonly bool PasswordLoginTwoFactorEnable =
+        bool.Parse(Environment.GetEnvironmentVariable("STS_PASSWORD_LOGIN_TWOFACTOR") ?? "false");
+
     /// <summary>
     /// 通过旧密码修改密码
     /// 要提供用户名
@@ -214,6 +217,19 @@ await events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid crede
         {
             await events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName,
                 clientId: context?.Client.ClientId));
+            if (PasswordLoginTwoFactorEnable)
+            {
+                var isValid = await userManager.VerifyUserTokenAsync(user, Util.PhoneNumberTokenProvider,
+                    Util.PurposeLogin,
+                    model.VerifyCode);
+                if (!isValid)
+                {
+                    return new ObjectResult(new ApiResult
+                    {
+                        Code = Errors.VerifyCodeIsInCorrect, Success = false, Message = "手机验证码不正确"
+                    });
+                }
+            }
 
             if (context != null)
             {

src/SecurityTokenService/Controllers/Inputs.cs

@@ -199,6 +199,12 @@ public class LoginInput
             /// </summary>
             [StringLength(10, ErrorMessage = "验证码长度超长"), Required(ErrorMessage = "请输入验证码")]
             public string CaptchaCode { get; set; }
+            
+            /// <summary>
+            /// 验证码
+            /// </summary>
+            [StringLength(8, ErrorMessage = "验证码长度不正确")]
+            public string VerifyCode { get; set; }
         }
 
         public class LogoutInput