/// <summary> /// Authenticate user with existing associated external account /// </summary> /// <param name="associatedUser">Associated with passed external authentication parameters user</param> /// <param name="currentLoggedInUser">Current logged-in user</param> /// <param name="returnUrl">URL to which the user will return after authentication</param> /// <returns> /// A task that represents the asynchronous operation /// The task result contains the result of an authentication /// </returns> protected virtual async Task<IActionResult> AuthenticateExistingUserAsync(Customer associatedUser, Customer currentLoggedInUser, string returnUrl) { //log in guest user if (currentLoggedInUser == null) return await _customerRegistrationService.SignInCustomerAsync(associatedUser, returnUrl); //account is already assigned to another user if (currentLoggedInUser.Id != associatedUser.Id) return ErrorAuthentication(new[] { await _localizationService.GetResourceAsync("Account.AssociatedExternalAuth.AccountAlreadyAssigned") }, returnUrl); //or the user try to log in as himself. bit weird return SuccessfulAuthentication(returnUrl); }
public async Task <IActionResult> VerifyGoogleAuthenticator(TokenModel model) { var customerMultiFactorAuthenticationInfo = HttpContext.Session.Get <CustomerMultiFactorAuthenticationInfo>(NopCustomerDefaults.CustomerMultiFactorAuthenticationInfo); var username = customerMultiFactorAuthenticationInfo.UserName; var returnUrl = customerMultiFactorAuthenticationInfo.ReturnUrl; var isPersist = customerMultiFactorAuthenticationInfo.RememberMe; var customer = _customerSettings.UsernamesEnabled ? await _customerService.GetCustomerByUsernameAsync(username) : await _customerService.GetCustomerByEmailAsync(username); if (customer == null) { return(RedirectToRoute("Login")); } var record = _googleAuthenticatorService.GetConfigurationByCustomerEmail(customer.Email); if (record != null) { var isValidToken = _googleAuthenticatorService.ValidateTwoFactorToken(record.SecretKey, model.Token); if (isValidToken) { HttpContext.Session.Set <CustomerMultiFactorAuthenticationInfo>(NopCustomerDefaults.CustomerMultiFactorAuthenticationInfo, null); return(await _customerRegistrationService.SignInCustomerAsync(customer, returnUrl, isPersist)); } else { _notificationService.ErrorNotification(await _localizationService.GetResourceAsync("Plugins.MultiFactorAuth.GoogleAuthenticator.Token.Unsuccessful")); } } else { _notificationService.ErrorNotification(await _localizationService.GetResourceAsync("Plugins.MultiFactorAuth.GoogleAuthenticator.Record.Notfound")); } return(RedirectToRoute("MultiFactorVerification")); }