public async Task <HttpResponseMessage> GetNextOtpServer(dynamic authData)
{
#region Check Input Data
if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The userId value cannot be null or zero."));
}
if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The appId value cannot be null or zero."));
}
//if ( ReferenceEquals ( null, authData.localCounter ) || Equals ( 0, authData.localCounter ) )
//{
// return Request.CreateErrorResponse ( HttpStatusCode.BadRequest,
// "The localCounter value cannot be null or zero." );
//}
#endregion
Logging.Logger logger = new Logging.Logger(LogName);
int userId = authData.userId;
int appId = authData.appId;
//First sync that Data, use it later
//var syncData = await SyncOtpCounterHere ( authData );
//var syncDataObject = await JsonConvert.DeserializeObjectAsync ( syncData );
var secret = await GetCurrentUserOtpSecret(userId, appId);
long srvCounter = await GetDbOtpCounterValue(userId, appId);
if (srvCounter == -1)
{
var errorData = new
{
LastOtp = "",
NewOtp = "",
NewCounter = ""
};
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "GetNextOtpServer", "Parameter Errror."), LogName));
var error = await JsonConvert.SerializeObjectAsync(errorData);
return(Request.CreateResponse <string>(error));
}
try
{
OTPAlgo algo = new OTPAlgo((ulong)srvCounter, secret);
var currentOtp = algo.GetCurrentOTP();
//invalidate the current otp
await SetOtpCounterInvalid(userId, appId);
//Get the next otp, save and set it valid
var nextOtp = algo.GetNextOTP();
//This updates the OTP counter and sets it valid.
await SetOtpCounterValid(userId, appId, (long)algo.Counter);
var nextOtpData = new
{
LastOtp = currentOtp,
NewOtp = nextOtp,
};
var serialized = await JsonConvert.SerializeObjectAsync(nextOtpData);
return(Request.CreateResponse <string>(serialized));
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "GetNextOtpServer", ex.ToString()), LogName)).Wait();
return(Request.CreateResponse(HttpStatusCode.BadRequest, ex.ToString()));
}
}
public async Task <HttpResponseMessage> OtpLogin(dynamic authData)
{
#region Check Input Data
if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The userId value cannot be null or zero."));
}
if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The appId value cannot be null or zero."));
}
if (ReferenceEquals(null, authData.Otp) || Equals(String.Empty, authData.Otp))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The appId value cannot be null or zero."));
}
#endregion
Logging.Logger logger = new Logging.Logger(LogName);
try
{
int userId = authData.userId;
int appId = authData.appId;
string otp = authData.Otp;
if (userId <= 0)
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", "Userid invalid."), LogName));
return(Request.CreateResponse <string>("PARAMERRORUSERID"));
}
if (appId <= 0)
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", "AppId invalid."), LogName));
return(Request.CreateResponse <string>("PARAMERRORAPPID"));
}
if (String.IsNullOrEmpty(otp))
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", "Otp invalid."), LogName));
return(Request.CreateResponse <string>("PARAMERROROTP"));
}
var otpValid = await IsCurrentOtpValid(userId, appId);
if (!otpValid.SeqValid)
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", "OTP Invalid"), LogName));
return(Request.CreateResponse <string>("OTPINVALID"));
}
var counter = await GetDbOtpCounterValue(userId, appId);
var secret = await GetCurrentUserOtpSecret(userId, appId);
OTPAlgo algo = new OTPAlgo((ulong)counter, secret);
var currentOtp = algo.GetCurrentOTP();
if (currentOtp.Equals(otp))
{
//Successfull, create a new secret, and create a new otp
var invalid = await SetOtpCounterInvalid(userId, appId);
if (invalid)
{
await GenerateNewSecret(userId, appId);
await logger.StoreNewLogMessage(new Logging.Message(String.Format("OTPLOGINSUCCES by user {0} for appId {1}", userId, appId),
LogName));
return(Request.CreateResponse <string>("SUCCESS"));
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", "Counter could not be set valid."), LogName));
return(Request.CreateResponse <string>("INVALIDATEERROR"));
}
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", "Wrong OTP."), LogName));
//Not successfull, check if OTP is still valid
return(Request.CreateResponse <string>("WRONGOTP"));
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "OtpLogin", ex.ToString()), LogName)).Wait();
return(Request.CreateResponse <string>("SYSERROR"));
}
}
