/// <summary>
/// Authenticate user with existing associated external account
/// </summary>
/// <param name="associatedUser">Associated with passed external authentication parameters user</param>
/// <param name="currentLoggedInUser">Current logged-in user</param>
/// <param name="returnUrl">URL to which the user will return after authentication</param>
/// <returns>
/// A task that represents the asynchronous operation
/// The task result contains the result of an authentication
/// </returns>
protected virtual async Task<IActionResult> AuthenticateExistingUserAsync(Customer associatedUser, Customer currentLoggedInUser, string returnUrl)
{
//log in guest user
if (currentLoggedInUser == null)
return await _customerRegistrationService.SignInCustomerAsync(associatedUser, returnUrl);
//account is already assigned to another user
if (currentLoggedInUser.Id != associatedUser.Id)
return ErrorAuthentication(new[] { await _localizationService.GetResourceAsync("Account.AssociatedExternalAuth.AccountAlreadyAssigned") }, returnUrl);
//or the user try to log in as himself. bit weird
return SuccessfulAuthentication(returnUrl);
}
public async Task <IActionResult> VerifyGoogleAuthenticator(TokenModel model)
{
var customerMultiFactorAuthenticationInfo = HttpContext.Session.Get <CustomerMultiFactorAuthenticationInfo>(NopCustomerDefaults.CustomerMultiFactorAuthenticationInfo);
var username = customerMultiFactorAuthenticationInfo.UserName;
var returnUrl = customerMultiFactorAuthenticationInfo.ReturnUrl;
var isPersist = customerMultiFactorAuthenticationInfo.RememberMe;
var customer = _customerSettings.UsernamesEnabled ? await _customerService.GetCustomerByUsernameAsync(username) : await _customerService.GetCustomerByEmailAsync(username);
if (customer == null)
{
return(RedirectToRoute("Login"));
}
var record = _googleAuthenticatorService.GetConfigurationByCustomerEmail(customer.Email);
if (record != null)
{
var isValidToken = _googleAuthenticatorService.ValidateTwoFactorToken(record.SecretKey, model.Token);
if (isValidToken)
{
HttpContext.Session.Set <CustomerMultiFactorAuthenticationInfo>(NopCustomerDefaults.CustomerMultiFactorAuthenticationInfo, null);
return(await _customerRegistrationService.SignInCustomerAsync(customer, returnUrl, isPersist));
}
else
{
_notificationService.ErrorNotification(await _localizationService.GetResourceAsync("Plugins.MultiFactorAuth.GoogleAuthenticator.Token.Unsuccessful"));
}
}
else
{
_notificationService.ErrorNotification(await _localizationService.GetResourceAsync("Plugins.MultiFactorAuth.GoogleAuthenticator.Record.Notfound"));
}
return(RedirectToRoute("MultiFactorVerification"));
}
