VberAdmin_V4/SourceCode/Zero/VberYue.Zero/Authorization/Users/VzUserStore.cs

using Abp;
using Abp.Dependency;
using Abp.Domain.Repositories;
using Abp.Domain.Uow;
using Abp.Extensions;
using Abp.Linq;

using Castle.Core.Logging;

using Microsoft.AspNetCore.Identity;

using System.Globalization;
using System.Security.Claims;
using System.Transactions;

using VberZero.BaseSystem.Organizations;
using VberZero.BaseSystem.Roles;
using VberZero.BaseSystem.Users;
using VberZero.MultiTenancy;
using VberZero.Session;
using VberZero.Tools;

using ILogger = Castle.Core.Logging.ILogger;

namespace VberZero.Authorization.Users;

/// <summary>
/// 用户和角色类型的持久性存储的新实例
/// </summary>
public class VzUserStore :
    IUserLoginStore<User>,
    IUserRoleStore<User>,
    IUserClaimStore<User>,
    IUserPasswordStore<User>,
    IUserSecurityStampStore<User>,
    IUserEmailStore<User>,
    IUserLockoutStore<User>,
    IUserPhoneNumberStore<User>,
    IUserTwoFactorStore<User>,
    IUserAuthenticationTokenStore<User>,
    IUserPermissionStore<User>,
    IQueryableUserStore<User>,
    IUserAuthenticatorKeyStore<User>,
    ITransientDependency
{
    public ILogger Logger { get; set; }

    /// <summary>
    /// 获取或设置当前操作发生的任何错误的 <see cref="IdentityErrorDescriber"/>。
    /// </summary>
    public IdentityErrorDescriber ErrorDescriber { get; set; }

    /// <summary>
    /// 调用 CreateAsync、UpdateAsync 和 DeleteAsync 后是否自动保存
    /// </summary>
    /// <value>
    /// 如果应自动保存，则为 true，否则为 false。
    /// </value>
    public bool AutoSaveChanges { get; set; } = true;

    public IVzSession AbpSession { get; set; }

    public IQueryable<User> Users => UserRepository.GetAll();

    public IRepository<User, long> UserRepository { get; }

    public IAsyncQueryableExecuter AsyncQueryableExecuter { get; set; }

    private readonly IRepository<Role> _roleRepository;
    private readonly IRepository<UserRole, long> _userRoleRepository;
    private readonly IRepository<UserLogin, long> _userLoginRepository;
    private readonly IRepository<UserClaim, long> _userClaimRepository;
    private readonly IRepository<UserPermissionSetting, long> _userPermissionSettingRepository;
    private readonly IRepository<UserOrganizationUnit, long> _userOrganizationUnitRepository;
    private readonly IRepository<OrganizationUnitRole, long> _organizationUniRoleRepository;

    private readonly IUnitOfWorkManager _unitOfWorkManager;
    private readonly TenantStore _tenantStore;

    public VzUserStore(
        IUnitOfWorkManager unitOfWorkManager,
        IRepository<User, long> userRepository,
        IRepository<Role> roleRepository,
        IRepository<UserRole, long> userRoleRepository,
        IRepository<UserLogin, long> userLoginRepository,
        IRepository<UserClaim, long> userClaimRepository,
        IRepository<UserPermissionSetting, long> userPermissionSettingRepository,
        IRepository<UserOrganizationUnit, long> userOrganizationUnitRepository,
        IRepository<OrganizationUnitRole, long> organizationUniRoleRepository, TenantStore tenantStore)
    {
        _unitOfWorkManager = unitOfWorkManager;
        UserRepository = userRepository;
        _roleRepository = roleRepository;
        _userRoleRepository = userRoleRepository;
        _userLoginRepository = userLoginRepository;
        _userClaimRepository = userClaimRepository;
        _userPermissionSettingRepository = userPermissionSettingRepository;
        _userOrganizationUnitRepository = userOrganizationUnitRepository;
        _organizationUniRoleRepository = organizationUniRoleRepository;
        _tenantStore = tenantStore;

        AbpSession = NullVzSession.Instance;
        ErrorDescriber = new IdentityErrorDescriber();
        Logger = NullLogger.Instance;
        AsyncQueryableExecuter = NullAsyncQueryableExecuter.Instance;
    }

    /// <summary>
    /// 保存当前库
    /// </summary>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    protected Task SaveChangesAsync(CancellationToken cancellationToken)
    {
        if (!AutoSaveChanges || _unitOfWorkManager.Current == null)
        {
            return Task.CompletedTask;
        }

        return _unitOfWorkManager.Current.SaveChangesAsync();
    }

    /// <summary>
    /// 保存当前库
    /// </summary>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    protected void SaveChanges(CancellationToken cancellationToken)
    {
        if (!AutoSaveChanges || _unitOfWorkManager.Current == null)
        {
            return;
        }

        _unitOfWorkManager.Current.SaveChanges();
    }

    #region USER

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的用户 ID
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<string> GetUserIdAsync(User user, CancellationToken cancellationToken = default)
    {
        return Task.FromResult(GetUserId(user, cancellationToken));
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的用户 ID
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual string GetUserId(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.Id.ToString();
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的用户名
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<string> GetUserNameAsync(User user, CancellationToken cancellationToken = default)
    {
        return Task.FromResult(GetUserName(user, cancellationToken));
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的用户名
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual string GetUserName(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.UserName;
    }

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置给定的 <paramref name="userName" />。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="userName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetUserNameAsync(User user, string userName, CancellationToken cancellationToken = default)
    {
        SetUserName(user, userName, cancellationToken);
        return Task.CompletedTask;
    }

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置给定的 <paramref name="userName" />。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="userName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetUserName(User user, string userName, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.UserName = userName;
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的规范化用户名。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<string> GetNormalizedUserNameAsync(User user, CancellationToken cancellationToken = default)
    {
        return Task.FromResult(GetNormalizedUserName(user, cancellationToken));
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的规范化用户名。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual string GetNormalizedUserName(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.NormalizedUserName;
    }

    /// <summary>
    /// 设置规范化名称。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetNormalizedUserNameAsync(User user, string normalizedName, CancellationToken cancellationToken = default)
    {
        SetNormalizedUserName(user, normalizedName, cancellationToken);
        return Task.CompletedTask;
    }

    /// <summary>
    /// 设置规范化名称
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetNormalizedUserName(User user, string normalizedName, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.NormalizedUserName = normalizedName;
    }

    /// <summary>
    /// 创建用户
    /// </summary>
    /// <param name="user">The user to create.</param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual async Task<IdentityResult> CreateAsync(User user,
        CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            await UserRepository.InsertAsync(user);
            await SaveChangesAsync(cancellationToken);

            return IdentityResult.Success;
        });
    }

    /// <summary>
    /// 创建用户
    /// </summary>
    /// <param name="user">The user to create.</param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual IdentityResult Create(User user, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            UserRepository.Insert(user);
            SaveChanges(cancellationToken);

            return IdentityResult.Success;
        });
    }

    /// <summary>
    /// 修改用户
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<IdentityResult> UpdateAsync(User user, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            user.ConcurrencyStamp = Guid.NewGuid().ToString();
            await UserRepository.UpdateAsync(user);

            try
            {
                await SaveChangesAsync(cancellationToken);
            }
            catch (AbpDbConcurrencyException ex)
            {
                Logger.Warn(ex.ToString(), ex);
                return IdentityResult.Failed(ErrorDescriber.ConcurrencyFailure());
            }

            await SaveChangesAsync(cancellationToken);

            return IdentityResult.Success;
        });
    }

    /// <summary>
    /// 修改用户
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual IdentityResult Update(User user, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            user.ConcurrencyStamp = Guid.NewGuid().ToString();
            UserRepository.Update(user);

            try
            {
                SaveChanges(cancellationToken);
            }
            catch (AbpDbConcurrencyException ex)
            {
                Logger.Warn(ex.ToString(), ex);
                return IdentityResult.Failed(ErrorDescriber.ConcurrencyFailure());
            }

            SaveChanges(cancellationToken);

            return IdentityResult.Success;
        });
    }

    /// <summary>
    /// 删除用户
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<IdentityResult> DeleteAsync(User user, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            await UserRepository.DeleteAsync(user);

            try
            {
                await SaveChangesAsync(cancellationToken);
            }
            catch (AbpDbConcurrencyException ex)
            {
                Logger.Warn(ex.ToString(), ex);
                return IdentityResult.Failed(ErrorDescriber.ConcurrencyFailure());
            }

            await SaveChangesAsync(cancellationToken);

            return IdentityResult.Success;
        });
    }

    /// <summary>
    /// 删除用户
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual IdentityResult Delete(User user, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            UserRepository.Delete(user);

            try
            {
                SaveChanges(cancellationToken);
            }
            catch (AbpDbConcurrencyException ex)
            {
                Logger.Warn(ex.ToString(), ex);
                return IdentityResult.Failed(ErrorDescriber.ConcurrencyFailure());
            }

            SaveChanges(cancellationToken);

            return IdentityResult.Success;
        });
    }

    /// <summary>
    /// 查询用户根据<paramref name="userId"/>
    /// </summary>
    /// <param name="userId"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<User> FindByIdAsync(string userId, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            return await UserRepository.FirstOrDefaultAsync(userId.To<long>());
        });
    }

    /// <summary>
    /// 查询用户根据<paramref name="userId"/>
    /// </summary>
    /// <param name="userId"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual User FindById(string userId, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            return UserRepository.FirstOrDefault(userId.To<long>());
        });
    }

    /// <summary>
    /// 查询指定规范化用户名的用户
    /// </summary>
    /// <param name="normalizedUserName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<User> FindByNameAsync(string normalizedUserName, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(normalizedUserName, nameof(normalizedUserName));
            return await UserRepository.FirstOrDefaultAsync(u => u.NormalizedUserName == normalizedUserName);
        });
    }

    /// <summary>
    /// 查询指定规范化用户名的用户
    /// </summary>
    /// <param name="normalizedUserName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual User FindByName(string normalizedUserName, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(normalizedUserName, nameof(normalizedUserName));
            return UserRepository.FirstOrDefault(u => u.NormalizedUserName == normalizedUserName);
        });
    }

    /// <summary>
    /// 设置用户密码哈希
    /// </summary>
    /// <param name="user"></param>
    /// <param name="passwordHash"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual Task SetPasswordHashAsync(User user, string passwordHash, CancellationToken cancellationToken = default)
    {
        SetPasswordHash(user, passwordHash, cancellationToken);
        return Task.CompletedTask;
    }

    /// <summary>
    /// 设置用户密码哈希
    /// </summary>
    /// <param name="user"></param>
    /// <param name="passwordHash"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual void SetPasswordHash(User user, string passwordHash, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
        Check.NotNull(user, nameof(user));
        user.Password = passwordHash;
    }

    /// <summary>
    /// 获取用户的密码哈希
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual Task<string> GetPasswordHashAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
        Check.NotNull(user, nameof(user));
        return Task.FromResult(user.Password);
    }

    /// <summary>
    /// 获取用户的密码哈希
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual string GetPasswordHash(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
        Check.NotNull(user, nameof(user));
        return user.Password;
    }

    /// <summary>
    /// 返回一个标志，指示指定的用户是否有密码
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<bool> HasPasswordAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
        Check.NotNull(user, nameof(user));
        return Task.FromResult(user.Password != null);
    }

    /// <summary>
    /// 返回一个标志，指示指定的用户是否有密码
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual bool HasPassword(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();
        Check.NotNull(user, nameof(user));
        return user.Password != null;
    }

    public async Task<string> GetTenancyNameAsync(string userNameOrEmailOrPhone)
    {
        using (_unitOfWorkManager.Current.DisableFilter(AbpDataFilters.MayHaveTenant))
        {
            var user = await FindByNameOrEmailOrPhoneAsync(userNameOrEmailOrPhone);
            if (user == null || user.TenantId == null)
            {
                return null;
            }

            var tenant = _tenantStore.FindTenantCache(user.TenantId.Value);
            if (tenant == null || !tenant.IsActive)
            {
                return null;
            }
            return tenant.TenancyName;
        }
    }

    public string GetTenancyName(string userNameOrEmailOrPhone)
    {
        using (_unitOfWorkManager.Current.DisableFilter(AbpDataFilters.MayHaveTenant))
        {
            var user = FindByNameOrEmailOrPhone(userNameOrEmailOrPhone);
            if (user.TenantId == null)
            {
                return null;
            }
            var tenant = _tenantStore.FindTenantCache(user.TenantId.Value);
            if (tenant == null || !tenant.IsActive)
            {
                return null;
            }
            return tenant.TenancyName;
        }
    }

    #endregion USER

    #region ROLE

    /// <summary>
    /// 将给定的 <paramref name="normalizedRoleName"/> 添加到指定的 <paramref name="user"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedRoleName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task AddToRoleAsync(User user, string normalizedRoleName,
        CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(normalizedRoleName, nameof(normalizedRoleName));

            if (await IsInRoleAsync(user, normalizedRoleName, cancellationToken))
            {
                return;
            }

            var role = await _roleRepository.FirstOrDefaultAsync(r => r.NormalizedName == normalizedRoleName);

            if (role == null)
            {
                throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture,
                    "Role {0} does not exist!", normalizedRoleName));
            }

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Roles, cancellationToken);
            user.Roles.Add(new UserRole(user.TenantId, user.Id, role.Id));
        });
    }

    /// <summary>
    /// 将给定的 <paramref name="normalizedRoleName"/> 添加到指定的 <paramref name="user"/>。
    /// </summary>
    /// <param name="user">The user to add the role to.</param>
    /// <param name="normalizedRoleName">The role to add.</param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void AddToRole(User user, string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(normalizedRoleName, nameof(normalizedRoleName));

            if (IsInRole(user, normalizedRoleName, cancellationToken))
            {
                return;
            }

            var role = _roleRepository.FirstOrDefault(r => r.NormalizedName == normalizedRoleName);

            if (role == null)
            {
                throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture,
                    "Role {0} does not exist!", normalizedRoleName));
            }

            UserRepository.EnsureCollectionLoaded(user, u => u.Roles, cancellationToken);
            user.Roles.Add(new UserRole(user.TenantId, user.Id, role.Id));
        });
    }

    /// <summary>
    /// 从指定的 <paramref name="user"/> 中删除给定的 <paramref name="normalizedRoleName"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedRoleName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task RemoveFromRoleAsync(User user, string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            if (string.IsNullOrWhiteSpace(normalizedRoleName))
            {
                throw new ArgumentException(nameof(normalizedRoleName) + " can not be null or whitespace");
            }

            if (!await IsInRoleAsync(user, normalizedRoleName, cancellationToken))
            {
                return;
            }

            var role = await _roleRepository.FirstOrDefaultAsync(r => r.NormalizedName == normalizedRoleName);
            if (role == null)
            {
                return;
            }

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Roles, cancellationToken);
            user.Roles.RemoveAll(r => r.RoleId == role.Id);
        });
    }

    /// <summary>
    /// 从指定的 <paramref name="user"/> 中删除给定的 <paramref name="normalizedRoleName"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedRoleName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void RemoveFromRole(User user, string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            if (string.IsNullOrWhiteSpace(normalizedRoleName))
            {
                throw new ArgumentException(nameof(normalizedRoleName) + " can not be null or whitespace");
            }

            if (!IsInRole(user, normalizedRoleName, cancellationToken))
            {
                return;
            }

            var role = _roleRepository.FirstOrDefault(r => r.NormalizedName == normalizedRoleName);
            if (role == null)
            {
                return;
            }

            user.Roles.RemoveAll(r => r.RoleId == role.Id);
        });
    }

    /// <summary>
    /// 检索指定 <paramref name="user"/> 所属的角色。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<IList<string>> GetRolesAsync(User user, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            var userRoles = await AsyncQueryableExecuter.ToListAsync(from userRole in _userRoleRepository.GetAll()
                                                                     join role in _roleRepository.GetAll() on userRole.RoleId equals role.Id
                                                                     where userRole.UserId == user.Id
                                                                     select role.Name);

            var userOrganizationUnitRoles = await AsyncQueryableExecuter.ToListAsync(
                from userOu in _userOrganizationUnitRepository.GetAll()
                join roleOu in _organizationUniRoleRepository.GetAll() on userOu.OrganizationUnitId equals roleOu
                    .OrganizationUnitId
                join userOuRoles in _roleRepository.GetAll() on roleOu.RoleId equals userOuRoles.Id
                where userOu.UserId == user.Id
                select userOuRoles.Name);

            return userRoles.Union(userOrganizationUnitRoles).ToList();
        });
    }

    /// <summary>
    /// 检索指定 <paramref name="user"/> 所属的角色。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual IList<string> GetRoles(User user, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            var userRoles = (
                from userRole in _userRoleRepository.GetAll()
                join role in _roleRepository.GetAll() on userRole.RoleId equals role.Id
                where userRole.UserId == user.Id
                select role.Name
            ).ToList();

            var userOrganizationUnitRoles = (
                from userOu in _userOrganizationUnitRepository.GetAll()
                join roleOu in _organizationUniRoleRepository.GetAll() on userOu.OrganizationUnitId equals roleOu
                    .OrganizationUnitId
                join userOuRoles in _roleRepository.GetAll() on roleOu.RoleId equals userOuRoles.Id
                where userOu.UserId == user.Id
                select userOuRoles.Name
            ).ToList();

            return userRoles.Union(userOrganizationUnitRoles).ToList();
        });
    }

    /// <summary>
    /// 返回一个标志，指示指定的用户是否是给定 <paramref name="normalizedRoleName"/> 的成员。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedRoleName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<bool> IsInRoleAsync(User user, string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        if (string.IsNullOrWhiteSpace(normalizedRoleName))
        {
            throw new ArgumentException(nameof(normalizedRoleName) + " can not be null or whitespace");
        }

        return (await GetRolesAsync(user, cancellationToken)).Any(r => r.ToUpperInvariant() == normalizedRoleName);
    }

    /// <summary>
    /// 返回一个标志，指示指定的用户是否是给定 <paramref name="normalizedRoleName"/> 的成员。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedRoleName"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual bool IsInRole(User user, string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        if (string.IsNullOrWhiteSpace(normalizedRoleName))
        {
            throw new ArgumentException(nameof(normalizedRoleName) + " can not be null or whitespace");
        }

        return (GetRoles(user, cancellationToken)).Any(r => r.ToUpperInvariant() == normalizedRoleName);
    }

    /// <summary>
    /// 检索指定角色中的所有用户。
    /// </summary>
    /// <param name="normalizedRoleName">The role whose users should be retrieved.</param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    /// <returns>
    /// The <see cref="Task"/> contains a list of users, if any, that are in the specified role.
    /// </returns>
    public virtual async Task<IList<User>> GetUsersInRoleAsync(string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            if (string.IsNullOrEmpty(normalizedRoleName))
            {
                throw new ArgumentNullException(nameof(normalizedRoleName));
            }

            var role = await _roleRepository.FirstOrDefaultAsync(r => r.NormalizedName == normalizedRoleName);

            if (role == null)
            {
                return new List<User>();
            }

            var query = from userRole in _userRoleRepository.GetAll()
                        join user in UserRepository.GetAll() on userRole.UserId equals user.Id
                        where userRole.RoleId.Equals(role.Id)
                        select user;

            return await AsyncQueryableExecuter.ToListAsync(query);
        });
    }

    /// <summary>
    /// 检索指定角色中的所有用户。
    /// </summary>
    /// <param name="normalizedRoleName">The role whose users should be retrieved.</param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    /// <returns>
    /// The <see cref="Task"/> contains a list of users, if any, that are in the specified role.
    /// </returns>
    public virtual IList<User> GetUsersInRole(string normalizedRoleName, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            if (string.IsNullOrEmpty(normalizedRoleName))
            {
                throw new ArgumentNullException(nameof(normalizedRoleName));
            }

            var role = _roleRepository.FirstOrDefault(r => r.NormalizedName == normalizedRoleName);

            if (role == null)
            {
                return new List<User>();
            }

            var query = from userRole in _userRoleRepository.GetAll()
                        join user in UserRepository.GetAll() on userRole.UserId equals user.Id
                        where userRole.RoleId.Equals(role.Id)
                        select user;

            return query.ToList();
        });
    }

    #endregion ROLE

    /// <summary>
    /// Dispose
    /// </summary>
    public void Dispose()
    {
    }

    #region Claim

    /// <summary>
    /// 获取与指定 <paramref name="user"/> 关联的声明
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<IList<Claim>> GetClaimsAsync(User user, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Claims, cancellationToken);

            return user.Claims.Select(c => new Claim(c.ClaimType, c.ClaimValue)).ToList();
        });
    }

    /// <summary>
    /// 获取与指定 <paramref name="user"/> 关联的声明
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual IList<Claim> GetClaims(User user, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            UserRepository.EnsureCollectionLoaded(user, u => u.Claims, cancellationToken);

            return user.Claims.Select(c => new Claim(c.ClaimType, c.ClaimValue)).ToList();
        });
    }

    /// <summary>
    /// 将给定的 <paramref name="claims"/> 添加到指定的 <paramref name="user"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="claims"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task AddClaimsAsync(User user, IEnumerable<Claim> claims, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            var list = claims.ToList();
            Check.NotNull(list, nameof(claims));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Claims, cancellationToken);

            foreach (var claim in list)
            {
                user.Claims.Add(new UserClaim(user, claim));
            }
        });
    }

    /// <summary>
    /// 将给定的 <paramref name="claims"/> 添加到指定的 <paramref name="user"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="claims"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void AddClaims(User user, IEnumerable<Claim> claims, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            var list = claims.ToList();
            Check.NotNull(list, nameof(claims));

            UserRepository.EnsureCollectionLoaded(user, u => u.Claims, cancellationToken);

            foreach (var claim in list)
            {
                user.Claims.Add(new UserClaim(user, claim));
            }
        });
    }

    /// <summary>
    /// 将指定的 <paramref name="user"/> 上的 <paramref name="claim"/> 替换为 <paramref name="newClaim"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="claim"></param>
    /// <param name="newClaim"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task ReplaceClaimAsync(User user, Claim claim, Claim newClaim, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(claim, nameof(claim));
            Check.NotNull(newClaim, nameof(newClaim));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Claims, cancellationToken);

            var userClaims = user.Claims.Where(uc => uc.ClaimValue == claim.Value && uc.ClaimType == claim.Type);
            foreach (var userClaim in userClaims)
            {
                userClaim.ClaimType = newClaim.Type;
                userClaim.ClaimValue = newClaim.Value;
            }
        });
    }

    /// <summary>
    /// 将指定的 <paramref name="user"/> 上的 <paramref name="claim"/> 替换为 <paramref name="newClaim"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="claim"></param>
    /// <param name="newClaim"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void ReplaceClaim(User user, Claim claim, Claim newClaim, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(claim, nameof(claim));
            Check.NotNull(newClaim, nameof(newClaim));

            UserRepository.EnsureCollectionLoaded(user, u => u.Claims, cancellationToken);

            var userClaims = user.Claims.Where(uc => uc.ClaimValue == claim.Value && uc.ClaimType == claim.Type);
            foreach (var userClaim in userClaims)
            {
                userClaim.ClaimType = claim.Type;
                userClaim.ClaimValue = claim.Value;
            }
        });
    }

    /// <summary>
    /// 从指定的 <paramref name="user"/> 中删除给定的 <paramref name="claims"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="claims"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task RemoveClaimsAsync(User user, IEnumerable<Claim> claims, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            var list = claims.ToList();
            Check.NotNull(list, nameof(claims));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Claims, cancellationToken);

            foreach (var claim in list)
            {
                user.Claims.RemoveAll(c => c.ClaimValue == claim.Value && c.ClaimType == claim.Type);
            }
        });
    }

    /// <summary>
    /// 从指定的 <paramref name="user"/> 中删除给定的 <paramref name="claims"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="claims"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void RemoveClaims(User user, IEnumerable<Claim> claims, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            var list = claims.ToList();
            Check.NotNull(list, nameof(claims));

            UserRepository.EnsureCollectionLoaded(user, u => u.Claims, cancellationToken);

            foreach (var claim in list)
            {
                user.Claims.RemoveAll(c => c.ClaimValue == claim.Value && c.ClaimType == claim.Type);
            }
        });
    }

    /// <summary>
    /// 检索具有指定声明的所有用户。
    /// </summary>
    /// <param name="claim"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    /// <returns>
    /// The <see cref="Task"/> contains a list of users, if any, that contain the specified claim.
    /// </returns>
    public virtual async Task<IList<User>> GetUsersForClaimAsync(Claim claim, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(claim, nameof(claim));

            var query = from userClaims in _userClaimRepository.GetAll()
                        join user in UserRepository.GetAll() on userClaims.UserId equals user.Id
                        where userClaims.ClaimValue == claim.Value && userClaims.ClaimType == claim.Type &&
                              userClaims.TenantId == AbpSession.TenantId
                        select user;

            return await AsyncQueryableExecuter.ToListAsync(query);
        });
    }

    /// <summary>
    /// 检索具有指定声明的所有用户。
    /// </summary>
    /// <param name="claim"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    /// <returns>
    /// The <see cref="Task"/> contains a list of users, if any, that contain the specified claim.
    /// </returns>
    public virtual IList<User> GetUsersForClaim(Claim claim, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(claim, nameof(claim));

            var query = from userClaims in _userClaimRepository.GetAll()
                        join user in UserRepository.GetAll() on userClaims.UserId equals user.Id
                        where userClaims.ClaimValue == claim.Value && userClaims.ClaimType == claim.Type &&
                              userClaims.TenantId == AbpSession.TenantId
                        select user;

            return query.ToList();
        });
    }

    #endregion Claim

    #region Login

    /// <summary>
    /// 将给定的 <paramref name="login"/> 添加到指定的 <paramref name="user"/>
    /// </summary>
    /// <param name="user"></param>
    /// <param name="login"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task AddLoginAsync(User user, UserLoginInfo login, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(login, nameof(login));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Logins, cancellationToken);

            user.Logins.Add(new UserLogin(user.TenantId, user.Id, login.LoginProvider, login.ProviderKey));
        });
    }

    /// <summary>
    /// 将给定的 <paramref name="login"/> 添加到指定的 <paramref name="user"/>
    /// </summary>
    /// <param name="user"></param>
    /// <param name="login"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void AddLogin(User user, UserLoginInfo login, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(login, nameof(login));

            UserRepository.EnsureCollectionLoaded(user, u => u.Logins, cancellationToken);

            user.Logins.Add(new UserLogin(user.TenantId, user.Id, login.LoginProvider, login.ProviderKey));
        });
    }

    /// <summary>
    /// 从指定的 <paramref name="user"/> 中删除给定的 <paramref name="loginProvider"/>
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="providerKey"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task RemoveLoginAsync(User user, string loginProvider, string providerKey, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(loginProvider, nameof(loginProvider));
            Check.NotNull(providerKey, nameof(providerKey));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Logins, cancellationToken);

            user.Logins.RemoveAll(userLogin =>
                userLogin.LoginProvider == loginProvider && userLogin.ProviderKey == providerKey
            );
        });
    }

    /// <summary>
    /// 从指定的 <paramref name="user"/> 中删除给定的 <paramref name="loginProvider"/>
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="providerKey"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void RemoveLogin(User user, string loginProvider, string providerKey, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));
            Check.NotNull(loginProvider, nameof(loginProvider));
            Check.NotNull(providerKey, nameof(providerKey));

            UserRepository.EnsureCollectionLoaded(user, u => u.Logins, cancellationToken);

            user.Logins.RemoveAll(userLogin =>
                userLogin.LoginProvider == loginProvider && userLogin.ProviderKey == providerKey
            );
        });
    }

    /// <summary>
    /// 检索指定 <param ref="user"/> 的关联登录。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<IList<UserLoginInfo>> GetLoginsAsync(User user, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Logins, cancellationToken);

            return user.Logins.Select(l => new UserLoginInfo(l.LoginProvider, l.ProviderKey, l.LoginProvider))
                .ToList();
        });
    }

    /// <summary>
    /// 检索指定 <param ref="user"/> 的关联登录。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual IList<UserLoginInfo> GetLogins(User user, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            UserRepository.EnsureCollectionLoaded(user, u => u.Logins, cancellationToken);

            return user.Logins
                .Select(l => new UserLoginInfo(l.LoginProvider, l.ProviderKey, l.LoginProvider))
                .ToList();
        });
    }

    /// <summary>
    /// 检索与指定登录提供程序和登录提供程序密钥关联的用户
    /// </summary>
    /// <param name="loginProvider"></param>
    /// <param name="providerKey"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<User> FindByLoginAsync(string loginProvider, string providerKey, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(loginProvider, nameof(loginProvider));
            Check.NotNull(providerKey, nameof(providerKey));

            var query = from userLogin in _userLoginRepository.GetAll()
                        join user in UserRepository.GetAll() on userLogin.UserId equals user.Id
                        where userLogin.LoginProvider == loginProvider &&
                              userLogin.ProviderKey == providerKey &&
                              userLogin.TenantId == AbpSession.TenantId
                        select user;

            return await AsyncQueryableExecuter.FirstOrDefaultAsync(query);
        });
    }

    /// <summary>
    /// 检索与指定登录提供程序和登录提供程序密钥关联的用户
    /// </summary>
    /// <param name="loginProvider"></param>
    /// <param name="providerKey"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual User FindByLogin(string loginProvider, string providerKey, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(loginProvider, nameof(loginProvider));
            Check.NotNull(providerKey, nameof(providerKey));

            var query = from userLogin in _userLoginRepository.GetAll()
                        join user in UserRepository.GetAll() on userLogin.UserId equals user.Id
                        where userLogin.LoginProvider == loginProvider &&
                              userLogin.ProviderKey == providerKey &&
                              userLogin.TenantId == AbpSession.TenantId
                        select user;

            return query.FirstOrDefault();
        });
    }

    #endregion Login

    #region Email

    /// <summary>
    /// 获取一个标志，指示指定的<paramref name="user"/> 的电子邮件地址是否已被验证
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<bool> GetEmailConfirmedAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.IsEmailConfirmed);
    }

    /// <summary>
    /// 获取一个标志，指示指定的<paramref name="user"/> 的电子邮件地址是否已被验证
    /// </summary>
    /// <param name="user">The user whose email confirmation status should be returned.</param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual bool GetEmailConfirmed(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.IsEmailConfirmed;
    }

    /// <summary>
    /// 设置指示指定的 <paramref name="user"/> 的电子邮件地址是否已被确认的标志
    /// </summary>
    /// <param name="user"></param>
    /// <param name="confirmed"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetEmailConfirmedAsync(User user, bool confirmed, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsEmailConfirmed = confirmed;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 设置指示指定的 <paramref name="user"/> 的电子邮件地址是否已被确认的标志
    /// </summary>
    /// <param name="user"></param>
    /// <param name="confirmed"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetEmailConfirmed(User user, bool confirmed, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsEmailConfirmed = confirmed;
    }

    /// <summary>
    /// 为 <paramref name="user"/> 设置 <paramref name="email"/> 地址
    /// </summary>
    /// <param name="user"></param>
    /// <param name="email"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetEmailAsync(User user, string email, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.EmailAddress = email;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 为 <paramref name="user"/> 设置 <paramref name="email"/> 地址
    /// </summary>
    /// <param name="user"></param>
    /// <param name="email"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetEmail(User user, string email, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.EmailAddress = email;
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的电子邮件地址
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<string> GetEmailAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.EmailAddress);
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的电子邮件地址
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual string GetEmail(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.EmailAddress;
    }

    /// <summary>
    /// 返回指定 <paramref name="user"/> 的规范化电子邮件。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<string> GetNormalizedEmailAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.NormalizedEmailAddress);
    }

    /// <summary>
    /// 返回指定 <paramref name="user"/> 的规范化电子邮件。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual string GetNormalizedEmail(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.NormalizedEmailAddress;
    }

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置规范化的电子邮件
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedEmail"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetNormalizedEmailAsync(User user, string normalizedEmail, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.NormalizedEmailAddress = normalizedEmail;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置规范化的电子邮件
    /// </summary>
    /// <param name="user"></param>
    /// <param name="normalizedEmail"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetNormalizedEmail(User user, string normalizedEmail, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.NormalizedEmailAddress = normalizedEmail;
    }

    /// <summary>
    /// 获取与指定的规范化电子邮件地址关联的用户（如果有）
    /// </summary>
    /// <param name="normalizedEmail"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<User> FindByEmailAsync(string normalizedEmail, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            return await UserRepository.FirstOrDefaultAsync(u => u.NormalizedEmailAddress == normalizedEmail);
        });
    }

    /// <summary>
    /// 获取与指定的规范化电子邮件地址关联的用户（如果有）
    /// </summary>
    /// <param name="normalizedEmail"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual User FindByEmail(string normalizedEmail, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            return UserRepository.FirstOrDefault(u => u.NormalizedEmailAddress == normalizedEmail);
        });
    }

    #endregion Email

    #region Lockout

    /// <summary>
    /// 获取最后一个 <see cref="DateTimeOffset"/> 用户的最后一次锁定过期（如果有）。
    /// 过去的任何时间都应该表示用户没有被锁定。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<DateTimeOffset?> GetLockoutEndDateAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        if (!user.LockoutEndDateUtc.HasValue)
        {
            return Task.FromResult<DateTimeOffset?>(null);
        }

        var lockoutEndDate = DateTime.SpecifyKind(user.LockoutEndDateUtc.Value, DateTimeKind.Utc);

        return Task.FromResult<DateTimeOffset?>(new DateTimeOffset(lockoutEndDate));
    }

    /// <summary>
    /// 获取最后一个 <see cref="DateTimeOffset"/> 用户的最后一次锁定过期（如果有）。
    /// 过去的任何时间都应该表示用户没有被锁定。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual DateTimeOffset? GetLockoutEndDate(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        if (!user.LockoutEndDateUtc.HasValue)
        {
            return null;
        }

        var lockoutEndDate = DateTime.SpecifyKind(user.LockoutEndDateUtc.Value, DateTimeKind.Utc);

        return new DateTimeOffset(lockoutEndDate);
    }

    /// <summary>
    /// 在指定的结束日期过去之前锁定用户。 设置过去的结束日期会立即解锁用户。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="lockoutEnd"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetLockoutEndDateAsync(User user, DateTimeOffset? lockoutEnd, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.LockoutEndDateUtc = lockoutEnd?.UtcDateTime;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 在指定的结束日期过去之前锁定用户。 设置过去的结束日期会立即解锁用户。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="lockoutEnd"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetLockoutEndDate(User user, DateTimeOffset? lockoutEnd, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.LockoutEndDateUtc = lockoutEnd?.UtcDateTime;
    }

    /// <summary>
    /// 记录发生访问失败，增加失败访问计数。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<int> IncrementAccessFailedCountAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.AccessFailedCount++;

        return Task.FromResult(user.AccessFailedCount);
    }

    /// <summary>
    /// 记录发生访问失败，增加失败访问计数。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual int IncrementAccessFailedCount(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.AccessFailedCount++;

        return user.AccessFailedCount;
    }

    /// <summary>
    /// 重置用户的失败访问计数。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    /// <remarks>这通常在成功访问帐户后调用。</remarks>
    public virtual Task ResetAccessFailedCountAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.AccessFailedCount = 0;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 重置用户的失败访问计数。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    /// <remarks>这通常在成功访问帐户后调用。</remarks>
    public virtual void ResetAccessFailedCount(
        User user,
        CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.AccessFailedCount = 0;
    }

    /// <summary>
    /// 检索指定 <paramref name="user"/> 的当前失败访问计数
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<int> GetAccessFailedCountAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.AccessFailedCount);
    }

    /// <summary>
    /// 检索指定 <paramref name="user"/> 的当前失败访问计数
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual int GetAccessFailedCount(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.AccessFailedCount;
    }

    /// <summary>
    /// 检索指示是否可以为指定用户启用用户锁定的标志。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<bool> GetLockoutEnabledAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.IsLockoutEnabled);
    }

    /// <summary>
    /// 检索指示是否可以为指定用户启用用户锁定的标志。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual bool GetLockoutEnabled(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.IsLockoutEnabled;
    }

    /// <summary>
    /// 设置指示是否可以锁定指定的 <paramref name="user"/> 的标志..
    /// </summary>
    /// <param name="user"></param>
    /// <param name="enabled"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetLockoutEnabledAsync(User user, bool enabled, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsLockoutEnabled = enabled;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 设置指示是否可以锁定指定的 <paramref name="user"/> 的标志..
    /// </summary>
    /// <param name="user"></param>
    /// <param name="enabled"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetLockoutEnabled(User user, bool enabled, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsLockoutEnabled = enabled;
    }

    #endregion Lockout

    #region PhoneNumber

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置电话号码。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="phoneNumber"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetPhoneNumberAsync(User user, string phoneNumber, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.PhoneNumber = phoneNumber;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置电话号码。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="phoneNumber"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual void SetPhoneNumber(User user, string phoneNumber, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.PhoneNumber = phoneNumber;
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的电话号码（如果有）。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual Task<string> GetPhoneNumberAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.PhoneNumber);
    }

    /// <summary>
    /// 获取指定 <paramref name="user"/> 的电话号码（如果有）。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual string GetPhoneNumber(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.PhoneNumber;
    }

    /// <summary>
    /// 获取一个标志，该标志指示指定的<paramref name="user"/> 的电话号码是否已被确认。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<bool> GetPhoneNumberConfirmedAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.IsPhoneNumberConfirmed);
    }

    /// <summary>
    /// 获取一个标志，该标志指示指定的<paramref name="user"/> 的电话号码是否已被确认。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual bool GetPhoneNumberConfirmed(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.IsPhoneNumberConfirmed;
    }

    /// <summary>
    /// 设置一个标志，指示指定的 <paramref name="user"/> 的电话号码是否已被确认。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="confirmed"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetPhoneNumberConfirmedAsync(User user, bool confirmed, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsPhoneNumberConfirmed = confirmed;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 设置一个标志，指示指定的 <paramref name="user"/> 的电话号码是否已被确认。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="confirmed"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetPhoneNumberConfirmed(User user, bool confirmed, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsPhoneNumberConfirmed = confirmed;
    }

    #endregion PhoneNumber

    #region SecurityStamp & TwoFactor

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置提供的安全性 <paramref name="stamp"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="stamp"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task SetSecurityStampAsync(User user, string stamp, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.SecurityStamp = stamp;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 为指定的 <paramref name="user"/> 设置提供的安全性 <paramref name="stamp"/>。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="stamp"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetSecurityStamp(User user, string stamp, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.SecurityStamp = stamp;
    }

    /// <summary>
    /// 获取指定 <paramref name="user" /> 的安全标记。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<string> GetSecurityStampAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.SecurityStamp);
    }

    /// <summary>
    /// 获取指定 <paramref name="user" /> 的安全标记。
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual string GetSecurityStamp(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.SecurityStamp;
    }

    /// <summary>
    /// 设置一个标志，指示指定的 <paramref name="user"/> 是否启用了双因素身份验证
    /// </summary>
    /// <param name="user"></param>
    /// <param name="enabled"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual Task SetTwoFactorEnabledAsync(User user, bool enabled, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsTwoFactorEnabled = enabled;

        return Task.CompletedTask;
    }

    /// <summary>
    /// 设置一个标志，指示指定的 <paramref name="user"/> 是否启用了双因素身份验证
    /// </summary>
    /// <param name="user"></param>
    /// <param name="enabled"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>

    public virtual void SetTwoFactorEnabled(User user, bool enabled, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        user.IsTwoFactorEnabled = enabled;
    }

    /// <summary>
    /// 返回一个标志，指示指定的 <paramref name="user"/> 是否启用了两因素身份验证
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual Task<bool> GetTwoFactorEnabledAsync(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return Task.FromResult(user.IsTwoFactorEnabled);
    }

    /// <summary>
    /// 返回一个标志，指示指定的 <paramref name="user"/> 是否启用了两因素身份验证
    /// </summary>
    /// <param name="user"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual bool GetTwoFactorEnabled(User user, CancellationToken cancellationToken = default)
    {
        cancellationToken.ThrowIfCancellationRequested();

        Check.NotNull(user, nameof(user));

        return user.IsTwoFactorEnabled;
    }

    #endregion SecurityStamp & TwoFactor

    #region Token

    /// <summary>
    /// 设置特定用户的 Token
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="name"></param>
    /// <param name="value"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task SetTokenAsync(User user, string loginProvider, string name, string value,
        CancellationToken cancellationToken)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Tokens, cancellationToken);

            var token = user.Tokens.FirstOrDefault(t => t?.LoginProvider == loginProvider && t?.Name == name);
            if (token == null)
            {
                user.Tokens.Add(new UserToken(user, loginProvider, name, value));
            }
            else
            {
                token.Value = value;
            }
        });
    }

    /// <summary>
    /// 设置特定用户的 Token
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="name"></param>
    /// <param name="value"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual void SetToken(User user, string loginProvider, string name, string value,
        CancellationToken cancellationToken)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();

            Check.NotNull(user, nameof(user));

            UserRepository.EnsureCollectionLoaded(user, u => u.Tokens, cancellationToken);

            var token = user.Tokens.FirstOrDefault(t => t?.LoginProvider == loginProvider && t?.Name == name);
            if (token == null)
            {
                user.Tokens.Add(new UserToken(user, loginProvider, name, value));
            }
            else
            {
                token.Value = value;
            }
        });
    }

    /// <summary>
    /// 删除用户的 Token
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="name"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task RemoveTokenAsync(User user, string loginProvider, string name, CancellationToken cancellationToken)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Tokens, cancellationToken);
            user.Tokens.RemoveAll(t => t.LoginProvider == loginProvider && t.Name == name);
        });
    }

    /// <summary>
    /// 删除用户的 Token
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="name"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public void RemoveToken(User user, string loginProvider, string name, CancellationToken cancellationToken)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            UserRepository.EnsureCollectionLoaded(user, u => u.Tokens, cancellationToken);
            user.Tokens.RemoveAll(t => t.LoginProvider == loginProvider && t.Name == name);
        });
    }

    /// <summary>
    /// 获取用户的 Token
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="name"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public virtual async Task<string> GetTokenAsync(User user, string loginProvider, string name,
        CancellationToken cancellationToken)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Tokens, cancellationToken);
            return user.Tokens.FirstOrDefault(t => t?.LoginProvider == loginProvider && t?.Name == name)?.Value;
        });
    }

    /// <summary>
    /// 获取用户的 Token
    /// </summary>
    /// <param name="user"></param>
    /// <param name="loginProvider"></param>
    /// <param name="name"></param>
    /// <param name="cancellationToken"><see cref="CancellationToken"/> 取消操作的通知</param>
    public string GetToken(User user, string loginProvider, string name, CancellationToken cancellationToken)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            UserRepository.EnsureCollectionLoaded(user, u => u.Tokens, cancellationToken);
            return user.Tokens.FirstOrDefault(t => t?.LoginProvider == loginProvider && t?.Name == name)?.Value;
        });
    }

    #endregion Token

    /// <summary>
    /// 尝试在当前租户中查找具有用户名或电子邮件地址的用户。
    /// </summary>
    /// <param name="userNameOrEmailOrPhone"></param>
    public virtual async Task<User> FindByNameOrEmailOrPhoneAsync(string userNameOrEmailOrPhone)
    {
        var uep = NormalizeKey(userNameOrEmailOrPhone);

        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            return await UserRepository.FirstOrDefaultAsync(
                user => (user.NormalizedUserName == uep ||
                         user.NormalizedEmailAddress == uep ||
                         user.PhoneNumber == uep)
            );
        });
    }

    /// <summary>
    /// 尝试在当前租户中查找具有用户名或电子邮件地址的用户。
    /// </summary>
    /// <param name="userNameOrEmailOrPhone"></param>
    public virtual User FindByNameOrEmailOrPhone(string userNameOrEmailOrPhone)
    {
        var uep = NormalizeKey(userNameOrEmailOrPhone);

        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            return UserRepository.FirstOrDefault(
                user => (user.NormalizedUserName == uep ||
                         user.NormalizedEmailAddress == uep ||
                         user.PhoneNumber == uep)
            );
        });
    }

    /// <summary>
    /// 尝试在给定租户中查找具有用户名或电子邮件地址的用户。
    /// </summary>
    /// <param name="tenantId"></param>
    /// <param name="userNameOrEmailOrPhone"></param>

    public virtual async Task<User> FindByNameOrEmailOrPhoneAsync(int? tenantId, string userNameOrEmailOrPhone)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            using (_unitOfWorkManager.Current.SetTenantId(tenantId))
            {
                return await FindByNameOrEmailOrPhoneAsync(userNameOrEmailOrPhone);
            }
        });
    }

    /// <summary>
    /// 尝试在给定租户中查找具有用户名或电子邮件地址的用户。
    /// </summary>
    /// <param name="tenantId"></param>
    /// <param name="userNameOrEmailOrPhone"></param>

    public virtual User FindByNameOrEmailOrPhone(int? tenantId, string userNameOrEmailOrPhone)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            using (_unitOfWorkManager.Current.SetTenantId(tenantId))
            {
                return FindByNameOrEmailOrPhone(userNameOrEmailOrPhone);
            }
        });
    }

    public virtual async Task<User> FindByPhoneAsync(string phoneNumber)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            return await UserRepository.FirstOrDefaultAsync(user => (user.PhoneNumber == phoneNumber));
        });
    }

    public virtual User FindByPhone(string phoneNumber)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            return UserRepository.FirstOrDefault(user => (user.PhoneNumber == phoneNumber));
        });
    }

    public virtual async Task<User> FindByPhoneAsync(int? tenantId, string phoneNumber)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            using (_unitOfWorkManager.Current.SetTenantId(tenantId))
            {
                return await UserRepository.FirstOrDefaultAsync(user => (user.PhoneNumber == phoneNumber));
            }
        });
    }

    public virtual User FindByPhone(int? tenantId, string phoneNumber)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            using (_unitOfWorkManager.Current.SetTenantId(tenantId))
            {
                return UserRepository.FirstOrDefault(user => (user.PhoneNumber == phoneNumber));
            }
        });
    }

    public virtual async Task<User> FindAsync(UserLoginInfo login)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            var userLogin = await _userLoginRepository.FirstOrDefaultAsync(
                ul => ul.LoginProvider == login.LoginProvider && ul.ProviderKey == login.ProviderKey
            );

            if (userLogin == null)
            {
                return null;
            }

            return await UserRepository.FirstOrDefaultAsync(u => u.Id == userLogin.UserId);
        });
    }

    public virtual User Find(UserLoginInfo login)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            var userLogin = _userLoginRepository.FirstOrDefault(
                ul => ul.LoginProvider == login.LoginProvider && ul.ProviderKey == login.ProviderKey
            );

            if (userLogin == null)
            {
                return null;
            }

            return UserRepository.FirstOrDefault(u => u.Id == userLogin.UserId);
        });
    }

    public virtual async Task<List<User>> FindAllAsync(UserLoginInfo login)
    {
        var result = _unitOfWorkManager.WithUnitOfWork(() =>
        {
            var query = from userLogin in _userLoginRepository.GetAll()
                        join user in UserRepository.GetAll() on userLogin.UserId equals user.Id
                        where userLogin.LoginProvider == login.LoginProvider && userLogin.ProviderKey == login.ProviderKey
                        select user;

            return query.ToList();
        });

        return await Task.FromResult(result);
    }

    public virtual List<User> FindAll(UserLoginInfo login)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            var query = from userLogin in _userLoginRepository.GetAll()
                        join user in UserRepository.GetAll() on userLogin.UserId equals user.Id
                        where userLogin.LoginProvider == login.LoginProvider && userLogin.ProviderKey == login.ProviderKey
                        select user;

            return query.ToList();
        });
    }

    public virtual async Task<User> FindAsync(int? tenantId, UserLoginInfo login)
    {
        var result = _unitOfWorkManager.WithUnitOfWork(() =>
        {
            using (_unitOfWorkManager.Current.SetTenantId(tenantId))
            {
                var query = from userLogin in _userLoginRepository.GetAll()
                            join user in UserRepository.GetAll() on userLogin.UserId equals user.Id
                            where userLogin.LoginProvider == login.LoginProvider &&
                                  userLogin.ProviderKey == login.ProviderKey
                            select user;

                return query.FirstOrDefault();
            }
        });

        return await Task.FromResult(result);
    }

    public virtual User Find(int? tenantId, UserLoginInfo login)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            using (_unitOfWorkManager.Current.SetTenantId(tenantId))
            {
                var query = from userLogin in _userLoginRepository.GetAll()
                            join user in UserRepository.GetAll() on userLogin.UserId equals user.Id
                            where userLogin.LoginProvider == login.LoginProvider &&
                                  userLogin.ProviderKey == login.ProviderKey
                            select user;

                return query.FirstOrDefault();
            }
        });
    }

    public virtual async Task<string> GetUserNameFromDatabaseAsync(long userId)
    {
        using var uow = _unitOfWorkManager.Begin(new UnitOfWorkOptions
        {
            Scope = TransactionScopeOption.Suppress
        });
        var user = await UserRepository.GetAsync(userId);
        await uow.CompleteAsync();
        return user.UserName;
    }

    public string GetUserNameFromDatabase(long userId)
    {
        using var uow = _unitOfWorkManager.Begin(new UnitOfWorkOptions
        {
            Scope = TransactionScopeOption.Suppress
        });
        var user = UserRepository.Get(userId);
        uow.Complete();
        return user.UserName;
    }

    public virtual async Task AddPermissionAsync(User user, PermissionGrantInfo permissionGrant)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            if (await HasPermissionAsync(user.Id, permissionGrant))
            {
                return;
            }

            await _userPermissionSettingRepository.InsertAsync(
                new UserPermissionSetting(user.Id)
                {
                    TenantId = user.TenantId,
                    //UserId = user.Id,
                    Name = permissionGrant.Name,
                    IsGranted = permissionGrant.IsGranted
                }
            );
        });
    }

    public virtual void AddPermission(User user, PermissionGrantInfo permissionGrant)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            if (HasPermission(user.Id, permissionGrant))
            {
                return;
            }

            _userPermissionSettingRepository.Insert(
                new UserPermissionSetting(user.Id)
                {
                    TenantId = user.TenantId,
                    //UserId = user.Id,
                    Name = permissionGrant.Name,
                    IsGranted = permissionGrant.IsGranted
                }
            );
        });
    }

    public virtual async Task RemovePermissionAsync(User user, PermissionGrantInfo permissionGrant)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            await _userPermissionSettingRepository.DeleteAsync(
                permissionSetting => permissionSetting.UserId == user.Id &&
                                     permissionSetting.Name == permissionGrant.Name &&
                                     permissionSetting.IsGranted == permissionGrant.IsGranted
            );
        });
    }

    public virtual void RemovePermission(User user, PermissionGrantInfo permissionGrant)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            _userPermissionSettingRepository.Delete(
                permissionSetting => permissionSetting.UserId == user.Id &&
                                     permissionSetting.Name == permissionGrant.Name &&
                                     permissionSetting.IsGranted == permissionGrant.IsGranted
            );
        });
    }

    public virtual async Task<IList<PermissionGrantInfo>> GetPermissionsAsync(long userId)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            return (await _userPermissionSettingRepository.GetAllListAsync(p => p.UserId == userId))
                .Select(p => new PermissionGrantInfo(p.Name, p.IsGranted))
                .ToList();
        });
    }

    public virtual IList<PermissionGrantInfo> GetPermissions(long userId)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            return (_userPermissionSettingRepository.GetAllList(p => p.UserId == userId))
                .Select(p => new PermissionGrantInfo(p.Name, p.IsGranted))
                .ToList();
        });
    }

    public virtual async Task<bool> HasPermissionAsync(long userId, PermissionGrantInfo permissionGrant)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            return await _userPermissionSettingRepository.FirstOrDefaultAsync(
                p => p.UserId == userId &&
                     p.Name == permissionGrant.Name &&
                     p.IsGranted == permissionGrant.IsGranted
            ) != null;
        });
    }

    public virtual bool HasPermission(long userId, PermissionGrantInfo permissionGrant)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            return _userPermissionSettingRepository.FirstOrDefault(
                p => p.UserId == userId &&
                     p.Name == permissionGrant.Name &&
                     p.IsGranted == permissionGrant.IsGranted
            ) != null;
        });
    }

    public virtual async Task RemoveAllPermissionSettingsAsync(User user)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            await _userPermissionSettingRepository.DeleteAsync(s => s.UserId == user.Id);
        });
    }

    public virtual void RemoveAllPermissionSettings(User user)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            _userPermissionSettingRepository.Delete(s => s.UserId == user.Id);
        });
    }

    private const string InternalLoginProvider = "[AspNeAbpUserStore]";
    private const string AuthenticatorKeyTokenName = "AuthenticatorKey";
    private const string TokenValidityKeyProvider = "TokenValidityKeyProvider";

    public virtual async Task SetAuthenticatorKeyAsync(User user, string key, CancellationToken cancellationToken)
    {
        await SetTokenAsync(user, InternalLoginProvider, AuthenticatorKeyTokenName, key, cancellationToken);
    }

    public virtual void SetAuthenticatorKey(User user, string key, CancellationToken cancellationToken)
    {
        SetToken(user, InternalLoginProvider, AuthenticatorKeyTokenName, key, cancellationToken);
    }

    public virtual async Task<string> GetAuthenticatorKeyAsync(User user, CancellationToken cancellationToken)
    {
        return await GetTokenAsync(user, InternalLoginProvider, AuthenticatorKeyTokenName, cancellationToken);
    }

    public string GetAuthenticatorKey(User user, CancellationToken cancellationToken)
    {
        return GetToken(user, InternalLoginProvider, AuthenticatorKeyTokenName, cancellationToken);
    }

    public virtual async Task AddTokenValidityKeyAsync(User user, string tokenValidityKey, DateTime expireDate, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Tokens, cancellationToken);
            user.Tokens.Add(new UserToken(user, TokenValidityKeyProvider, tokenValidityKey, null, expireDate));
        });
    }

    public virtual void AddTokenValidityKey(User user, string tokenValidityKey, DateTime expireDate, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            UserRepository.EnsureCollectionLoaded(user, u => u.Tokens, cancellationToken);
            user.Tokens.Add(new UserToken(user, TokenValidityKeyProvider, tokenValidityKey, null, expireDate));
        });
    }

    public virtual async Task<bool> IsTokenValidityKeyValidAsync(User user, string tokenValidityKey, CancellationToken cancellationToken = default)
    {
        return await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Tokens, cancellationToken);
            return user.Tokens.Any(t => t?.LoginProvider == TokenValidityKeyProvider &&
                                        t.Name == tokenValidityKey &&
                                        t.ExpireDate > DateTime.UtcNow);
        });
    }

    public virtual bool IsTokenValidityKeyValid(User user, string tokenValidityKey, CancellationToken cancellationToken = default)
    {
        return _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            UserRepository.EnsureCollectionLoaded(user, u => u.Tokens, cancellationToken);
            var isValidityKeyValid = user.Tokens.Any(t => t?.LoginProvider == TokenValidityKeyProvider &&
                                                          t.Name == tokenValidityKey &&
                                                          t.ExpireDate > DateTime.UtcNow);

            user.Tokens.RemoveAll(t =>
                t?.LoginProvider == TokenValidityKeyProvider && t.ExpireDate <= DateTime.UtcNow);

            return isValidityKeyValid;
        });
    }

    public virtual async Task RemoveTokenValidityKeyAsync(User user, string tokenValidityKey, CancellationToken cancellationToken = default)
    {
        await _unitOfWorkManager.WithUnitOfWorkAsync(async () =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            await UserRepository.EnsureCollectionLoadedAsync(user, u => u.Tokens, cancellationToken);
            user.Tokens.RemoveAll(t => t.LoginProvider == TokenValidityKeyProvider && t.Name == tokenValidityKey);
        });
    }

    public virtual void RemoveTokenValidityKey(User user, string tokenValidityKey, CancellationToken cancellationToken = default)
    {
        _unitOfWorkManager.WithUnitOfWork(() =>
        {
            cancellationToken.ThrowIfCancellationRequested();
            Check.NotNull(user, nameof(user));
            UserRepository.EnsureCollectionLoaded(user, u => u.Tokens, cancellationToken);
            user.Tokens.Remove(user.Tokens.FirstOrDefault(t =>
                t?.LoginProvider == TokenValidityKeyProvider && t.Name == tokenValidityKey)
            );
        });
    }

    protected virtual string NormalizeKey(string key)
    {
        return key.ToUpperInvariant();
    }
}