/* Checkes two factor code and returns a token to remember the client (browser) if needed */
private async Task <string> TwoFactorAuthenticateAsync(User user, AuthenticateModel authenticateModel)
{
var twoFactorCodeCache = _cacheManager.GetTwoFactorCodeCache();
var userIdentifier = user.ToUserIdentifier().ToString();
var cachedCode = await twoFactorCodeCache.GetOrDefaultAsync(userIdentifier);
var provider = _cacheManager.GetCache("ProviderCache").Get("Provider", cache => cache).ToString();
if (provider == GoogleAuthenticatorProvider.Name)
{
await _googleAuthenticatorProvider.ValidateAsync("TwoFactor", authenticateModel.TwoFactorVerificationCode, _userManager, user);
}
else if (cachedCode?.Code == null || cachedCode.Code != authenticateModel.TwoFactorVerificationCode)
{
throw new UserFriendlyException(L("InvalidSecurityCode"));
}
//Delete from the cache since it was a single usage code
await twoFactorCodeCache.RemoveAsync(userIdentifier);
if (authenticateModel.RememberClient)
{
if (await SettingManager.GetSettingValueAsync <bool>(AbpZeroSettingNames.UserManagement.TwoFactorLogin.IsRememberBrowserEnabled))
{
return(CreateAccessToken(new[]
{
new Claim(UserIdentifierClaimType, user.ToUserIdentifier().ToString())
},
TimeSpan.FromDays(365)
));
}
}
return(null);
}
