Beispiel #1
0
        public void ValidateOtp_test_validates_with_an_empty_validity_period()
        {
            var key         = Sha1ReferenceKey;
            var generator   = new TimeBasedOtpGenerator(key, 8);
            var currentTime = new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc);
            var zeroSeconds = TimeSpan.FromSeconds(0);

            Assert.IsFalse(generator.ValidateOtp("69279037", currentTime.AddSeconds(-30), zeroSeconds), "30 seconds prior should be invalid");
            Assert.IsTrue(generator.ValidateOtp("69279037", currentTime.AddSeconds(-01), zeroSeconds), "1 second prior should be valid (due to a 30-second precision)");
            Assert.IsTrue(generator.ValidateOtp("69279037", currentTime.AddSeconds(+00), zeroSeconds), "The exact time should be valid");
            Assert.IsTrue(generator.ValidateOtp("69279037", currentTime.AddSeconds(+01), zeroSeconds), "1 seconds after should be valid (due to a 30-second precision)");
            Assert.IsFalse(generator.ValidateOtp("69279037", currentTime.AddSeconds(+30), zeroSeconds), "30 seconds after should be invalid");
        }
Beispiel #2
0
        public void ValidateOtp_test_validates_within_60_second_validity_period()
        {
            var key          = Sha1ReferenceKey;
            var generator    = new TimeBasedOtpGenerator(key, 8);
            var currentTime  = new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc);
            var sixtySeconds = TimeSpan.FromSeconds(60);

            Assert.IsFalse(generator.ValidateOtp("89005924", currentTime.AddSeconds(-90), sixtySeconds), "90 seconds prior should be invalid");
            Assert.IsTrue(generator.ValidateOtp("89005924", currentTime.AddSeconds(-60), sixtySeconds), "60 seconds prior should be valid");
            Assert.IsTrue(generator.ValidateOtp("89005924", currentTime.AddSeconds(-15), sixtySeconds), "15 seconds prior should be valid");
            Assert.IsTrue(generator.ValidateOtp("89005924", currentTime.AddSeconds(+00), sixtySeconds), "The exact time should be valid");
            Assert.IsTrue(generator.ValidateOtp("89005924", currentTime.AddSeconds(+15), sixtySeconds), "15 seconds after should be valid");
            Assert.IsTrue(generator.ValidateOtp("89005924", currentTime.AddSeconds(+60), sixtySeconds), "60 seconds after should be valid");
            Assert.IsFalse(generator.ValidateOtp("89005924", currentTime.AddSeconds(+90), sixtySeconds), "90 seconds after should be invalid");
        }
Beispiel #3
0
        public void ValidateOtp_test_validates_within_50_second_validity_period()
        {
            var key          = Sha1ReferenceKey;
            var generator    = new TimeBasedOtpGenerator(key, 8);
            var currentTime  = new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc);
            var fiftySeconds = TimeSpan.FromSeconds(50);

            Assert.IsFalse(generator.ValidateOtp("69279037", currentTime.AddSeconds(-90), fiftySeconds), "90 seconds prior should be invalid");
            Assert.IsFalse(generator.ValidateOtp("69279037", currentTime.AddSeconds(-60), fiftySeconds), "60 seconds prior should be invalid");
            Assert.IsTrue(generator.ValidateOtp("69279037", currentTime.AddSeconds(-30), fiftySeconds), "30 seconds prior should be valid");
            Assert.IsTrue(generator.ValidateOtp("69279037", currentTime.AddSeconds(+00), fiftySeconds), "The exact time should be valid");
            Assert.IsTrue(generator.ValidateOtp("69279037", currentTime.AddSeconds(+30), fiftySeconds), "30 seconds after should be valid");
            Assert.IsFalse(generator.ValidateOtp("69279037", currentTime.AddSeconds(+60), fiftySeconds), "60 seconds after should be invalid");
            Assert.IsFalse(generator.ValidateOtp("69279037", currentTime.AddSeconds(+90), fiftySeconds), "90 seconds after should be invalid");
        }
        public async Task <bool> CheckOneTimePassword([FromBody] OtpCodeDto otpCodeDto)
        {
            var secretkey = string.Empty;
            var email     = string.Empty;
            var userId    = string.Empty;


            if (otpCodeDto.ChannelId == "sms")
            {
                var smsUser = this._context.SmsUser.Where(smsuser => smsuser.UserName == otpCodeDto.UserName).FirstOrDefault();

                if (smsUser == null)
                {
                    return(false);
                }

                secretkey = smsUser.SecretKey;
                email     = smsUser.EMail;
                userId    = smsUser.UserId;
            }

            if (otpCodeDto.ChannelId == "directline")
            {
                var directLineUser = this._context.DirectLineUser.Where(smsuser => smsuser.UserName == otpCodeDto.UserName).FirstOrDefault();

                if (directLineUser == null)
                {
                    return(false);
                }

                secretkey = directLineUser.SecretKey;
                email     = directLineUser.EMail;
                userId    = directLineUser.UserId;
            }

            int otpDigits = 6;

            var secretKey = secretkey;

            Key key    = new Key(secretKey);
            var secret = key.Base32;

            TimeBasedOtpGenerator otp = new TimeBasedOtpGenerator(key, otpDigits);
            var time      = GetNistTime();
            var tst       = otp.GenerateOtp(time);
            Key keySecret = new Key(secretKey);

            time = GetNistTime();

            TimeBasedOtpGenerator otp3 = new TimeBasedOtpGenerator(keySecret, otpDigits);

            var valid = otp.ValidateOtp(otpCodeDto.OneTimePasswordCode, time);

            if (valid)
            {
                var jwtoken        = new JwtManager();
                var expirationTime = DateTime.UtcNow.AddMinutes(59);
                var jwt            = jwtoken.GenerateJwtToken(email, userId, 60);

                if (otpCodeDto.ChannelId == "sms")
                {
                    _context.SmsLogin.Add(new Data.Entities.SmsLogin {
                        UserName = otpCodeDto.UserName, ExpirationTime = expirationTime, Jwt = jwt
                    });
                    _context.SaveChanges();
                }

                if (otpCodeDto.ChannelId == "directline")
                {
                    _context.DirectLineLogins.Add(new Data.Entities.DirectLineLogins {
                        UserName = otpCodeDto.UserName, ExpirationTime = expirationTime, Jwt = jwt.ToString()
                    });
                    _context.SaveChanges();
                }
            }

            return(valid);
        }