Fixed Login Failure Message Flow

Author: mckaragoz

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub.csproj

@@ -10,7 +10,7 @@
 
   <ItemGroup>
     <PackageReference Include="CodeBeam.MudBlazor.Extensions" Version="9.0.0" />
-    <PackageReference Include="MudBlazor" Version="9.0.0-rc.1" />
+    <PackageReference Include="MudBlazor" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Pages/Login.razor.cs

@@ -2,7 +2,6 @@
 using CodeBeam.UltimateAuth.Client.Runtime;
 using CodeBeam.UltimateAuth.Core.Contracts;
 using CodeBeam.UltimateAuth.Core.Domain;
-using CodeBeam.UltimateAuth.Users.Contracts;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Components.Authorization;
 using MudBlazor;
@@ -16,7 +15,7 @@ public partial class Login
     private string? _password;
     private ClaimsPrincipal? _aspNetCoreState;
     private UAuthClientProductInfo? _productInfo;
-    private MudTextField<string> _usernameField;
+    private MudTextField<string> _usernameField = default!;
 
     [CascadingParameter]
     public UAuthState AuthState { get; set; } = default!;
@@ -93,9 +92,9 @@ private void ShowLoginError(string code)
     {
         var message = code switch
         {
-            "invalid" => "Invalid username or password.",
+            "invalid_credentials" => "Invalid username or password.",
             "locked" => "Your account is locked.",
-            "mfa" => "Multi-factor authentication required.",
+            "mfa_required" => "Multi-factor authentication required.",
             _ => "Login failed."
         };
 

samples/blazor-standalone-wasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.BlazorWebAssembly">
+<Project Sdk="Microsoft.NET.Sdk.BlazorWebAssembly">
 
   <PropertyGroup>
     <TargetFramework>net10.0</TargetFramework>
@@ -13,7 +13,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="10.0.1" PrivateAssets="all" />
     <PackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="10.0.1" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.1" />
-    <PackageReference Include="MudBlazor" Version="9.0.0-rc.1" />
+    <PackageReference Include="MudBlazor" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/CodeBeam.UltimateAuth.Core/Domain/Principals/AuthFailureReason.cs

@@ -9,5 +9,6 @@ public enum AuthFailureReason
     SessionRevoked,
     TenantDisabled,
     Unauthorized,
+    ReauthenticationRequired,
     Unknown
 }

src/CodeBeam.UltimateAuth.Server/Auth/Response/EffectiveRedirectResponse.cs

@@ -31,14 +31,14 @@ public EffectiveRedirectResponse(
     public static readonly EffectiveRedirectResponse Disabled = new(false, null, null, null, null, false);
 
     public static EffectiveRedirectResponse FromLogin(LoginRedirectOptions login)
-        => new(
-            login.RedirectEnabled,
-            login.SuccessRedirect,
-            login.FailureRedirect,
-            login.FailureQueryKey,
-            login.FailureCodes,
-            login.AllowReturnUrlOverride
-        );
+    => new(
+        login.RedirectEnabled,
+        login.SuccessRedirect,
+        login.FailureRedirect,
+        login.FailureQueryKey,
+        login.FailureCodes,
+        login.AllowReturnUrlOverride
+    );
 
     public static EffectiveRedirectResponse FromLogout(LogoutRedirectOptions logout)
         => new(

src/CodeBeam.UltimateAuth.Server/Extensions/AuthFailureReasonExtensions.cs

@@ -0,0 +1,20 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Server.Extensions;
+
+public static class AuthFailureReasonExtensions
+{
+    public static string ToDefaultCode(this AuthFailureReason reason)
+        => reason switch
+        {
+            AuthFailureReason.InvalidCredentials => "invalid_credentials",
+            AuthFailureReason.LockedOut => "locked",
+            AuthFailureReason.RequiresMfa => "mfa_required",
+            AuthFailureReason.SessionExpired => "session_expired",
+            AuthFailureReason.SessionRevoked => "session_revoked",
+            AuthFailureReason.TenantDisabled => "tenant_disabled",
+            AuthFailureReason.Unauthorized => "unauthorized",
+            AuthFailureReason.ReauthenticationRequired => "reauthentication_required",
+            _ => "failed"
+        };
+}

src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginAuthority.cs

@@ -1,4 +1,5 @@
-using CodeBeam.UltimateAuth.Core.Options;
+using CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.Options;
 using CodeBeam.UltimateAuth.Server.Options;
 using Microsoft.Extensions.Options;
 
@@ -21,22 +22,22 @@ public LoginDecision Decide(LoginDecisionContext context)
     {
         if (!context.UserExists || context.UserKey is null)
         {
-            return LoginDecision.Deny("Invalid credentials.");
+            return LoginDecision.Deny(AuthFailureReason.InvalidCredentials);
         }
 
         var state = context.SecurityState;
         if (state is not null)
         {
             if (state.IsLocked)
-                return LoginDecision.Deny("user_is_locked");
+                return LoginDecision.Deny(AuthFailureReason.LockedOut);
 
             if (state.RequiresReauthentication)
-                return LoginDecision.Challenge("reauth_required");
+                return LoginDecision.Challenge(AuthFailureReason.ReauthenticationRequired);
         }
 
         if (!context.CredentialsValid)
         {
-            return LoginDecision.Deny("Invalid credentials.");
+            return LoginDecision.Deny(AuthFailureReason.InvalidCredentials);
         }
 
         return LoginDecision.Allow();

src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginDecision.cs

@@ -1,25 +1,28 @@
-namespace CodeBeam.UltimateAuth.Server.Flows;
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Server.Flows;
 
 /// <summary>
 /// Represents the outcome of a login decision.
 /// </summary>
 public sealed class LoginDecision
 {
     public LoginDecisionKind Kind { get; }
-    public string? Reason { get; }
+    public AuthFailureReason? FailureReason { get; }
+
 
-    private LoginDecision(LoginDecisionKind kind, string? reason = null)
+    private LoginDecision(LoginDecisionKind kind, AuthFailureReason? reason = null)
     {
         Kind = kind;
-        Reason = reason;
+        FailureReason = reason;
     }
 
     public static LoginDecision Allow()
         => new(LoginDecisionKind.Allow);
 
-    public static LoginDecision Deny(string reason)
+    public static LoginDecision Deny(AuthFailureReason reason)
         => new(LoginDecisionKind.Deny, reason);
 
-    public static LoginDecision Challenge(string reason)
+    public static LoginDecision Challenge(AuthFailureReason reason)
         => new(LoginDecisionKind.Challenge, reason);
 }

src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginOrchestrator.cs

@@ -156,19 +156,18 @@ public async Task<LoginResult> LoginAsync(AuthFlowContext flow, LoginRequest req
         }
 
         if (decision.Kind == LoginDecisionKind.Deny)
-            return LoginResult.Failed();
+            return LoginResult.Failed(decision.FailureReason);
 
         if (decision.Kind == LoginDecisionKind.Challenge)
         {
             return LoginResult.Continue(new LoginContinuation
             {
-                Type = LoginContinuationType.Mfa,
-                Hint = decision.Reason
+                Type = LoginContinuationType.Mfa
             });
         }
 
         if (validatedUserId is null || userKey is not UserKey validUserKey)
-            return LoginResult.Failed();
+            return LoginResult.Failed(AuthFailureReason.InvalidCredentials);
 
         var claims = await _claimsProvider.GetClaimsAsync(request.Tenant, validUserKey, ct);
 

src/CodeBeam.UltimateAuth.Server/Infrastructure/Redirect/AuthRedirectResolver.cs

@@ -1,5 +1,6 @@
 using CodeBeam.UltimateAuth.Core.Domain;
 using CodeBeam.UltimateAuth.Server.Auth;
+using CodeBeam.UltimateAuth.Server.Extensions;
 using CodeBeam.UltimateAuth.Server.Options;
 using Microsoft.AspNetCore.Http;
 
@@ -27,7 +28,7 @@ private RedirectDecision Resolve(AuthFlowContext flow, HttpContext ctx, string?
         if (!redirect.Enabled)
             return RedirectDecision.None();
 
-        if (redirect.AllowReturnUrlOverride && flow.ReturnUrlInfo is { } info)
+        if (failureReason is null && redirect.AllowReturnUrlOverride && flow.ReturnUrlInfo is { } info)
         {
             if (info.IsAbsolute && (info.AbsoluteUri!.Scheme == Uri.UriSchemeHttp || info.AbsoluteUri!.Scheme == Uri.UriSchemeHttps))
             {
@@ -54,12 +55,17 @@ private RedirectDecision Resolve(AuthFlowContext flow, HttpContext ctx, string?
                 var code = redirect.FailureCodes != null &&
                            redirect.FailureCodes.TryGetValue(failureReason.Value, out var mapped)
                     ? mapped
-                    : "failed";
+                    : failureReason.Value.ToDefaultCode();
 
                 query = new Dictionary<string, string?>
                 {
-                    [redirect.FailureQueryKey ?? "error"] = code
+                    [redirect.FailureQueryKey ?? "error"] = code,
                 };
+
+                if (!string.IsNullOrWhiteSpace(flow.ReturnUrlInfo?.RelativePath))
+                {
+                    query["returnUrl"] = flow.ReturnUrlInfo.RelativePath;
+                }
             }
 
             return RedirectDecision.To(UrlComposer.Combine(baseAddress, fallbackPath, query));