Display the number of login attempts

src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserMobileAuthenticationService.cs

@@ -47,17 +47,17 @@ protected override async Task<CredentialsValidationResult> Validate(string realm
 
     protected override async Task<CredentialsValidationResult> Validate(string realm, User authenticatedUser, AuthenticateMobileViewModel viewModel, CancellationToken cancellationToken)
     {
-        if (authenticatedUser.IsBlocked()) return CredentialsValidationResult.Error("user_blocked", "user_blocked", authenticatedUser);
+        if (authenticatedUser.IsBlocked()) return CredentialsValidationResult.Error("user_blocked", "user_blocked");
         var session = await _distributedCache.GetStringAsync(viewModel.SessionId, cancellationToken);
         if (string.IsNullOrWhiteSpace(session))
         {
-            return CredentialsValidationResult.Error("unknown_session", "unknown_session", authenticatedUser);
+            return CredentialsValidationResult.Error("unknown_session", "unknown_session");
         }
 
         var sessionRecord = JsonSerializer.Deserialize<AuthenticationSessionRecord>(session);
         if (!sessionRecord.IsValidated)
         {
-            return CredentialsValidationResult.Error("session_not_validated", "session_not_validated", authenticatedUser);
+            return CredentialsValidationResult.Error("session_not_validated", "session_not_validated");
         }
 
         return CredentialsValidationResult.Ok(authenticatedUser);

src/IdServer/SimpleIdServer.IdServer.Fido/Services/UserWebauthnAuthenticationService.cs

@@ -47,18 +47,18 @@ protected override async Task<CredentialsValidationResult> Validate(string realm
 
         protected override async Task<CredentialsValidationResult> Validate(string realm, User authenticatedUser, AuthenticateWebauthnViewModel viewModel, CancellationToken cancellationToken)
         {
-            if (authenticatedUser.IsBlocked()) return CredentialsValidationResult.Error("user_blocked", "user_blocked", authenticatedUser);
-            if (!authenticatedUser.GetStoredFidoCredentials(Constants.AMR).Any()) return CredentialsValidationResult.Error("missing_credential", "missing_credential", authenticatedUser);
+            if (authenticatedUser.IsBlocked()) return CredentialsValidationResult.Error("user_blocked", "user_blocked");
+            if (!authenticatedUser.GetStoredFidoCredentials(Constants.AMR).Any()) return CredentialsValidationResult.Error("missing_credential", "missing_credential");
             var session = await _distributedCache.GetStringAsync(viewModel.SessionId, cancellationToken);
             if (string.IsNullOrWhiteSpace(session))
             {
-                return CredentialsValidationResult.Error("unknown_session", "unknown_session", authenticatedUser);
+                return CredentialsValidationResult.Error("unknown_session", "unknown_session");
             }
 
             var sessionRecord = JsonSerializer.Deserialize<AuthenticationSessionRecord>(session);
             if (!sessionRecord.IsValidated)
             {
-                return CredentialsValidationResult.Error("session_not_validated", "session_not_validated", authenticatedUser);
+                return CredentialsValidationResult.Error("session_not_validated", "session_not_validated");
             }
 
             return CredentialsValidationResult.Ok(authenticatedUser);

src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs

@@ -52,17 +52,17 @@ protected override async Task<CredentialsValidationResult> Validate(string realm
 
     protected override Task<CredentialsValidationResult> Validate(string realm, User authenticatedUser, AuthenticatePasswordViewModel viewModel, CancellationToken cancellationToken)
     {
-        if (authenticatedUser.IsBlocked()) return Task.FromResult(CredentialsValidationResult.Error("user_blocked", "user_blocked", authenticatedUser));
+        if (authenticatedUser.IsBlocked()) return Task.FromResult(CredentialsValidationResult.Error("user_blocked", "user_blocked"));
         var authService = _authServices.SingleOrDefault(s => s.Name == authenticatedUser.Source);
         if (authService != null)
         {
-            if (!authService.Authenticate(authenticatedUser, authenticatedUser.IdentityProvisioning, viewModel.Password)) return Task.FromResult(CredentialsValidationResult.Error(ValidationStatus.INVALIDCREDENTIALS, authenticatedUser));
+            if (!authService.Authenticate(authenticatedUser, authenticatedUser.IdentityProvisioning, viewModel.Password)) return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser));
         }
         else
         {
             var credential = authenticatedUser.Credentials.FirstOrDefault(c => c.CredentialType == Constants.Areas.Password && c.IsActive);
             var hash = PasswordHelper.ComputeHash(viewModel.Password, _options.IsPasswordEncodeInBase64);
-            if (credential == null || credential.Value != hash) return Task.FromResult(CredentialsValidationResult.Error(ValidationStatus.INVALIDCREDENTIALS, authenticatedUser));
+            if (credential == null || credential.Value != hash) return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser));
         }
 
         return Task.FromResult(CredentialsValidationResult.Ok(authenticatedUser));

src/IdServer/SimpleIdServer.IdServer.Website/Pages/UserSettings.razor

@@ -28,6 +28,11 @@
             <RadzenDatePicker Name="UnblockDateTime" @bind-Value=@updateUserSettings.UnblockDateTime Class="w-100" Disabled=true />
         </div>
     }
+    <!-- Login attempt -->
+    <div>
+        <RadzenText TextStyle="TextStyle.Subtitle2" TagName="TagName.H3">@Global.NbLoginAttempt</RadzenText>
+        <RadzenNumeric Name="NbLoginAttempt" @bind-Value="@updateUserSettings.NbLoginAttempt" Class="w-100" Disabled=true></RadzenNumeric>
+    </div>
     <!-- Created at -->
     <div>
         <RadzenText TextStyle="TextStyle.Subtitle2" TagName="TagName.H3">@Global.CreatedAt</RadzenText>
@@ -87,6 +92,7 @@
         public string? Lastname { get; set; } = null;
         public string? NotificationMode { get; set; } = null;
         public DateTime? UnblockDateTime { get; set; } = null;
+        public int NbLoginAttempt { get; set; }
     }
 
     protected override void OnAfterRender(bool firstRender)
@@ -121,7 +127,8 @@
             Firstname = this.User.Firstname,
             Lastname = this.User.Lastname,
             NotificationMode = this.User.NotificationMode,
-            UnblockDateTime = this.User.UnblockDateTime
+            UnblockDateTime = this.User.UnblockDateTime,
+            NbLoginAttempt = this.User.NbLoginAttempt
         };
     }
 

src/IdServer/SimpleIdServer.IdServer.Website/Resources/Global.resx

@@ -1845,4 +1845,7 @@ The <b>authorization_signed_response_alg</b> will be set to <b&gt
   <data name="UnblockDateTime" xml:space="preserve">
     <value>Unblock datetime</value>
   </data>
+  <data name="NbLoginAttempt" xml:space="preserve">
+    <value>Number of login attempts</value>
+  </data>
 </root>

src/IdServer/SimpleIdServer.IdServer/UI/Services/BaseOTPAuthenticationService.cs

@@ -32,11 +32,11 @@ protected override async Task<CredentialsValidationResult> Validate(string realm
 
     protected override Task<CredentialsValidationResult> Validate(string realm, User authenticatedUser, BaseOTPAuthenticateViewModel viewModel, CancellationToken cancellationToken)
     {
-        if (authenticatedUser.IsBlocked()) return Task.FromResult(CredentialsValidationResult.Error("user_blocked", "user_blocked", authenticatedUser));
-        if (authenticatedUser.ActiveOTP == null) return Task.FromResult(CredentialsValidationResult.Error("no_active_otp", "no_active_otp", authenticatedUser));
+        if (authenticatedUser.IsBlocked()) return Task.FromResult(CredentialsValidationResult.Error("user_blocked", "user_blocked"));
+        if (authenticatedUser.ActiveOTP == null) return Task.FromResult(CredentialsValidationResult.Error("no_active_otp", "no_active_otp"));
         var activeOtp = authenticatedUser.ActiveOTP;
         var otpAuthenticator = _otpAuthenticators.Single(a => a.Alg == activeOtp.OTPAlg);
-        if (!otpAuthenticator.Verify(viewModel.OTPCode, activeOtp)) return Task.FromResult(CredentialsValidationResult.Error(ValidationStatus.INVALIDCREDENTIALS, authenticatedUser));
+        if (!otpAuthenticator.Verify(viewModel.OTPCode, activeOtp)) return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser));
         return Task.FromResult(CredentialsValidationResult.Ok(authenticatedUser));
     }
 }

src/IdServer/SimpleIdServer.IdServer/UI/Services/IUserAuthenticationService.cs

@@ -43,15 +43,16 @@ private CredentialsValidationResult(ValidationStatus status)
 
     public static CredentialsValidationResult Ok(User user) => new CredentialsValidationResult(user);
 
-    public static CredentialsValidationResult Error(ValidationStatus status, User authenticatedUser = null) => new CredentialsValidationResult(status)
+    public static CredentialsValidationResult Error(ValidationStatus status) => new CredentialsValidationResult(status);
+
+    public static CredentialsValidationResult InvalidCredentials(User authenticatedUser) => new CredentialsValidationResult(ValidationStatus.INVALIDCREDENTIALS)
     {
         AuthenticatedUser = authenticatedUser
     };
 
-    public static CredentialsValidationResult Error(string errorCode, string errorMessage, User authenticatedUser = null) => new CredentialsValidationResult(ValidationStatus.NOCONTENT)
+    public static CredentialsValidationResult Error(string errorCode, string errorMessage) => new CredentialsValidationResult(ValidationStatus.NOCONTENT)
     {
         ErrorCode = errorCode,
-        ErrorMessage = errorMessage,
-        AuthenticatedUser = authenticatedUser
+        ErrorMessage = errorMessage
     };
 }