Revise how to change the password for external logins

modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml

@@ -25,33 +25,41 @@
 <abp-card>
     <abp-card-body>
         <abp-tabs tab-style="PillVertical">
-            <abp-tab title="@L["ChangePassword"].Value">
-                <h4>@L["ChangePassword"].Value</h4><hr />
-                <abp-dynamic-form abp-model="@Model.ChangePasswordInfoModel" id="ChangePasswordForm">
-                    <abp-form-content />
-                    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value" />
-                </abp-dynamic-form>
-            </abp-tab>
+            @if (!Model.DisablePasswordChange)
+            {
+                <abp-tab title="@L["ChangePassword"].Value">
+                    <h4>@L["ChangePassword"].Value</h4><hr/>
+                    <form id="ChangePasswordForm">
+                        @if (!Model.HideOldPasswordInput)
+                        {
+                            <abp-input asp-for="ChangePasswordInfoModel.CurrentPassword"/>
+                        }
+                        <abp-input asp-for="ChangePasswordInfoModel.NewPassword"/>
+                        <abp-input asp-for="ChangePasswordInfoModel.NewPasswordConfirm"/>
+                        <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value"/>
+                    </form>
+                </abp-tab>
+            }
             <abp-tab title="@L["PersonalSettings"].Value">
-                <h4>@L["PersonalSettings"].Value</h4><hr />
+                <h4>@L["PersonalSettings"].Value</h4><hr/>
                 <form method="post" id="PersonalSettingsForm">
 
-                    <abp-input asp-for="PersonalSettingsInfoModel.UserName" readonly="!isUserNameUpdateEnabled" />
+                    <abp-input asp-for="PersonalSettingsInfoModel.UserName" readonly="!isUserNameUpdateEnabled"/>
 
                     <abp-row>
                         <abp-column size-md="_6">
-                            <abp-input asp-for="PersonalSettingsInfoModel.Name" />
+                            <abp-input asp-for="PersonalSettingsInfoModel.Name"/>
                         </abp-column>
                         <abp-column size-md="_6">
-                            <abp-input asp-for="PersonalSettingsInfoModel.Surname" />
+                            <abp-input asp-for="PersonalSettingsInfoModel.Surname"/>
                         </abp-column>
                     </abp-row>
 
-                    <abp-input asp-for="PersonalSettingsInfoModel.Email" readonly="!isEmailUpdateEnabled" />
+                    <abp-input asp-for="PersonalSettingsInfoModel.Email" readonly="!isEmailUpdateEnabled"/>
 
-                    <abp-input asp-for="PersonalSettingsInfoModel.PhoneNumber" />
+                    <abp-input asp-for="PersonalSettingsInfoModel.PhoneNumber"/>
 
-                    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value" />
+                    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value"/>
                 </form>
             </abp-tab>
         </abp-tabs>

modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml.cs

@@ -12,6 +12,10 @@ public class ManageModel : AccountPageModel
 
         public PersonalSettingsInfoModel PersonalSettingsInfoModel { get; set; }
 
+        public bool DisablePasswordChange { get; set; }
+
+        public bool HideOldPasswordInput { get; set; }
+
         protected IProfileAppService ProfileAppService { get; }
 
         public ManageModel(IProfileAppService profileAppService)
@@ -25,6 +29,9 @@ public virtual async Task<IActionResult> OnGetAsync()
 
             PersonalSettingsInfoModel = ObjectMapper.Map<ProfileDto, PersonalSettingsInfoModel>(user);
 
+            DisablePasswordChange = user.IsExternalLoggedIn;
+            HideOldPasswordInput = !user.HasPassword;
+
             return Page();
         }
 
@@ -54,7 +61,7 @@ public class ChangePasswordInfoModel
         [DataType(DataType.Password)]
         public string NewPasswordConfirm { get; set; }
     }
-    
+
     public class PersonalSettingsInfoModel
     {
         [Required]

modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.js

@@ -15,13 +15,13 @@
 
         if (
             input.newPassword != input.newPasswordConfirm ||
-            input.currentPassword == ''
+            input.newPassword == ''
         ) {
             abp.message.error(l('NewPasswordConfirmFailed'));
             return;
         }
 
-        if (input.currentPassword == '') {
+        if (input.currentPassword && input.currentPassword == ''){
             return;
         }
 

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/ChangePasswordInput.cs

@@ -1,9 +1,18 @@
-namespace Volo.Abp.Identity
+using System.ComponentModel.DataAnnotations;
+using Volo.Abp.Auditing;
+using Volo.Abp.Validation;
+
+namespace Volo.Abp.Identity
 {
     public class ChangePasswordInput
     {
+        [DisableAuditing]
+        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxPasswordLength))]
         public string CurrentPassword { get; set; }
 
+        [Required]
+        [DisableAuditing]
+        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxPasswordLength))]
         public string NewPassword { get; set; }
     }
 }

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/ProfileDto.cs

@@ -13,5 +13,9 @@ public class ProfileDto : ExtensibleObject
         public string Surname { get; set; }
 
         public string PhoneNumber { get; set; }
+
+        public bool IsExternalLoggedIn { get; set; }
+
+        public bool HasPassword { get; set; }
     }
-}
+}

modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/AbpIdentityApplicationModuleAutoMapperProfile.cs

@@ -1,4 +1,5 @@
 using AutoMapper;
+using Volo.Abp.AutoMapper;
 
 namespace Volo.Abp.Identity
 {
@@ -11,9 +12,11 @@ public AbpIdentityApplicationModuleAutoMapperProfile()
 
             CreateMap<IdentityRole, IdentityRoleDto>()
                 .MapExtraProperties();
-            
+
             CreateMap<IdentityUser, ProfileDto>()
+                .Ignore(x=>x.IsExternalLoggedIn)
+                .Ignore(x=>x.HasPassword)
                 .MapExtraProperties();
         }
     }
-}
+}

modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/ProfileAppService.cs

@@ -1,4 +1,5 @@
-using System.Threading.Tasks;
+using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Volo.Abp.Identity.Settings;
@@ -20,9 +21,13 @@ public ProfileAppService(IdentityUserManager userManager)
 
         public virtual async Task<ProfileDto> GetAsync()
         {
-            return ObjectMapper.Map<IdentityUser, ProfileDto>(
-                await UserManager.GetByIdAsync(CurrentUser.GetId())
-            );
+            var currentUser = await UserManager.GetByIdAsync(CurrentUser.GetId());
+
+            var profile = ObjectMapper.Map<IdentityUser, ProfileDto>(currentUser);
+            profile.IsExternalLoggedIn = currentUser.IsExternal;
+            profile.HasPassword = currentUser.PasswordHash != null;
+
+            return profile;
         }
 
         public virtual async Task<ProfileDto> UpdateAsync(UpdateProfileDto input)
@@ -56,6 +61,20 @@ public virtual async Task<ProfileDto> UpdateAsync(UpdateProfileDto input)
         public virtual async Task ChangePasswordAsync(ChangePasswordInput input)
         {
             var currentUser = await UserManager.GetByIdAsync(CurrentUser.GetId());
+
+            if (currentUser.IsExternal)
+            {
+                throw new BusinessException(code: IdentityErrorCodes.ExternalUserPasswordChange);
+            }
+
+            if (currentUser.PasswordHash == null)
+            {
+                (await UserManager.RemovePasswordAsync(currentUser)).CheckErrors();
+                (await UserManager.AddPasswordAsync(currentUser, input.NewPassword)).CheckErrors();
+
+                return;
+            }
+
             (await UserManager.ChangePasswordAsync(currentUser, input.CurrentPassword, input.NewPassword)).CheckErrors();
         }
     }

modules/identity/src/Volo.Abp.Identity.Domain.Shared/Volo/Abp/Identity/IdentityErrorCodes.cs

@@ -4,5 +4,6 @@ public static class IdentityErrorCodes
     {
         public const string UserSelfDeletion = "Volo.Abp.Identity:010001";
         public const string MaxAllowedOuMembership = "Volo.Abp.Identity:010002";
+        public const string ExternalUserPasswordChange = "Volo.Abp.Identity:010003";
     }
-}
+}

modules/identity/src/Volo.Abp.Identity.Domain.Shared/Volo/Abp/Identity/Localization/en.json

@@ -102,6 +102,7 @@
     "Description:Abp.Identity.SignIn.RequireConfirmedPhoneNumber": "Whether a confirmed telephone number is required to sign in.",
     "Description:Abp.Identity.User.IsUserNameUpdateEnabled": "Whether the username can be updated by the user.",
     "Description:Abp.Identity.User.IsEmailUpdateEnabled": "Whether the email can be updated by the user.",
-    "Volo.Abp.Identity:010002": "Can not set more than {MaxUserMembershipCount} organization unit for a user!"
+    "Volo.Abp.Identity:010002": "Can not set more than {MaxUserMembershipCount} organization unit for a user!",
+    "Volo.Abp.Identity:010003": "Can not change password of an externally logged in user!"
   }
 }