protected override async Task <CacheItem> ProcessFido2RegisterResponseAsync(CacheItem relatedItem,
string publicKey, uint signatureCounter, string credentialId)
{
await _linkHandler.OnLinkAsync(relatedItem.DID, new OwnIdConnection
{
PublicKey = publicKey,
Fido2CredentialId = credentialId,
Fido2SignatureCounter = signatureCounter.ToString(),
AuthType = ConnectionAuthType.Fido2
});
return(await CacheItemRepository.UpdateAsync(relatedItem.Context, item =>
{
item.FinishFlow(relatedItem.DID, publicKey);
item.Fido2CredentialId = credentialId;
}));
}
public async Task <AuthResult> ExecuteAsync(AddConnectionRequest request)
{
var cacheItem = await _cacheItemRepository.GetAsync(request.Context);
if (cacheItem.Nonce != request.Nonce || cacheItem.Status != CacheItemStatus.Popped)
{
throw new CommandValidationException(
$"No cacheItem with context {request.Context} and nonce {request.Nonce}");
}
if (cacheItem.FlowType != FlowType.Fido2Register && cacheItem.FlowType != FlowType.PartialAuthorize)
{
throw new CommandValidationException($"Wrong flow type {cacheItem.FlowType}");
}
var connectionState = await _accountLinkHandler.GetCurrentUserLinkStateAsync(request.Payload);
if (connectionState.ConnectedDevicesCount >= _coreConfiguration.MaximumNumberOfConnectedDevices)
{
return(new AuthResult(_localizationService.GetLocalizedString("Error_PhoneAlreadyConnected")));
}
var connectionExists = !string.IsNullOrEmpty(cacheItem.Fido2CredentialId)
? await _userHandlerAdapter.IsFido2UserExistsAsync(cacheItem.Fido2CredentialId)
: await _userHandlerAdapter.IsUserExistsAsync(cacheItem.PublicKey);
if (connectionExists)
{
return(new AuthResult("Can not add connection. Connection already exists"));
}
await _accountLinkHandler.OnLinkAsync(connectionState.DID, new OwnIdConnection
{
Fido2CredentialId = cacheItem.Fido2CredentialId,
Fido2SignatureCounter = cacheItem.Fido2SignatureCounter.ToString(),
PublicKey = cacheItem.PublicKey,
RecoveryToken = cacheItem.RecoveryToken,
RecoveryData = cacheItem.RecoveryData,
AuthType = cacheItem.AuthCookieType switch
{
CookieType.Fido2 => ConnectionAuthType.Fido2,
CookieType.Passcode => ConnectionAuthType.Passcode,
_ => ConnectionAuthType.Basic
}
});
public async Task <CacheItem> ExecuteAsync(JwtContainer input, CacheItem relatedItem)
{
var userData = _jwtService.GetDataFromJwt <UserIdentitiesData>(input.Jwt).Data;
if (relatedItem.ChallengeType == ChallengeType.Link && relatedItem.DID != userData.DID)
{
throw new CommandValidationException($"Wrong user for linking {userData.DID}");
}
var userExists = await _userHandlerAdapter.IsUserExistsAsync(userData.PublicKey);
if (userExists)
{
throw new OwnIdException(ErrorType.UserAlreadyExists);
}
// preventing data substitution
userData.DID = relatedItem.DID;
// TODO: code duplication
var recoveryToken = !string.IsNullOrEmpty(userData.RecoveryData) ? Guid.NewGuid().ToString("N") : null;
var connection = new OwnIdConnection
{
PublicKey = userData.PublicKey,
RecoveryToken = recoveryToken,
RecoveryData = userData.RecoveryData,
AuthType = relatedItem.AuthCookieType switch
{
CookieType.Fido2 => ConnectionAuthType.Fido2,
CookieType.Passcode => ConnectionAuthType.Passcode,
_ => ConnectionAuthType.Basic
}
};
await _linkHandler.OnLinkAsync(userData.DID, connection);
return(await _cacheItemRepository.UpdateAsync(relatedItem.Context, item =>
{
item.RecoveryToken = recoveryToken;
item.RecoveryData = userData.RecoveryData;
item.FinishFlow(userData.DID, userData.PublicKey);
}));
}