private async Task <bool> CreateExternalLogin(DAL.Models.Identity.User user, LoginProvider provider, UserInfo userInfo)
{
// attach login
var res = await UserManager.AddLoginAsync(user, new UserLoginInfo(provider.ToString(), userInfo.Id, provider.ToString()));
// sign in
if (res.Succeeded)
{
return(true);
}
return(false);
}
// ---
/// <summary>
/// Persist user activity record
/// </summary>
public static DAL.Models.UserActivity CreateUserActivity(DAL.Models.Identity.User user, UserActivityType type, string comment, string ip, string agent, Locale locale)
{
return(new DAL.Models.UserActivity()
{
UserId = user.Id,
Ip = ip,
Agent = agent.Limit(DAL.Models.FieldMaxLength.UserAgent),
Type = type.ToString().ToLowerInvariant(),
Comment = comment.Limit(DAL.Models.FieldMaxLength.Comment),
TimeCreated = DateTime.UtcNow,
Locale = locale,
});
}
private VerificationView MakeVerificationView(DAL.Models.Identity.User user)
{
if (user == null)
{
throw new ArgumentException("User must be specified");
}
var kycFinished = CoreLogic.User.HasKycVerification(user.UserVerification);
var kycPending =
!kycFinished &&
user.UserVerification?.LastKycTicket != null &&
user.UserVerification.LastKycTicket.TimeResponded == null &&
(DateTime.UtcNow - user.UserVerification.LastKycTicket.TimeCreated) < AllowedPeriodBetweenKycRequests
;
var rcfg = RuntimeConfigHolder.Clone();
var agrSigned = CoreLogic.User.HasTosSigned(user.UserVerification);
var ret = new VerificationView()
{
IsFormFilled = CoreLogic.User.HasFilledPersonalData(user?.UserVerification),
IsKycPending = kycPending,
IsKycFinished = kycFinished,
IsAgreementSigned = agrSigned,
FirstName = user.UserVerification?.FirstName ?? "",
MiddleName = user.UserVerification?.MiddleName ?? "",
LastName = user.UserVerification?.LastName ?? "",
Dob = user.UserVerification?.DoB?.ToString("dd.MM.yyyy") ?? "",
PhoneNumber = user.UserVerification?.PhoneNumber ?? "",
Country = user.UserVerification?.CountryCode ?? "",
State = user.UserVerification?.State ?? "",
City = user.UserVerification?.City ?? "",
PostalCode = user.UserVerification?.PostalCode ?? "",
Street = user.UserVerification?.Street ?? "",
Apartment = user.UserVerification?.Apartment ?? "",
};
return(ret);
}
// ---
/// <summary>
/// User's tier
/// </summary>
public static UserTier GetTier(DAL.Models.Identity.User user)
{
var tier = UserTier.Tier0;
var hasAgreement = HasTosSigned(user?.UserVerification);
var hasPersData = HasFilledPersonalData(user?.UserVerification);
var hasKyc = HasKycVerification(user?.UserVerification);
if (hasAgreement)
{
tier = UserTier.Tier1;
}
if (hasAgreement && hasPersData && hasKyc)
{
tier = UserTier.Tier2;
}
return(tier);
}
private TfaView MakeTFASetupView(DAL.Models.Identity.User user)
{
var ret = new TfaView()
{
Enabled = user.TwoFactorEnabled,
QrData = null,
Secret = null,
};
if (!user.TwoFactorEnabled)
{
var secretBytes = System.Text.Encoding.ASCII.GetBytes(user.TfaSecret);
var secretBase32 = Wiry.Base32.Base32Encoding.Standard.GetString(secretBytes).Replace("=", "").ToUpper();
ret.QrData = Core.Tokens.GoogleAuthenticator.MakeQRCode(AppConfig.Auth.TwoFactorIssuer, user.UserName, secretBase32);
ret.Secret = secretBase32;
}
return(ret);
}
private APIResponse OnSignInResultCheck(IServiceProvider services, SignInResult result, DAL.Models.Identity.User user, JwtAudience audience, bool tfaRequired)
{
if (result != null)
{
if (result.Succeeded || result.RequiresTwoFactor)
{
// denied
var accessRightsMask = Core.UserAccount.ResolveAccessRightsMask(services, audience, user);
if (accessRightsMask == null)
{
return(null);
}
// tfa token
if (tfaRequired || result.RequiresTwoFactor)
{
return(APIResponse.Success(
new AuthenticateView()
{
Token = JWT.CreateAuthToken(
appConfig: AppConfig,
user: user,
audience: audience,
area: JwtArea.Tfa,
rightsMask: accessRightsMask.Value
),
TfaRequired = true,
}
));
}
// new jwt salt
UserAccount.GenerateJwtSalt(user, audience);
DbContext.SaveChanges();
// auth token
return(APIResponse.Success(
new AuthenticateView()
{
Token = JWT.CreateAuthToken(
appConfig: AppConfig,
user: user,
audience: audience,
area: JwtArea.Authorized,
rightsMask: accessRightsMask.Value
),
TfaRequired = false,
}
));
}
if (result.IsLockedOut)
{
return(APIResponse.BadRequest(APIErrorCode.AccountLocked, "Too many unsuccessful attempts to sign in. Account is locked, try to sign in later"));
}
if (result.IsNotAllowed)
{
return(APIResponse.BadRequest(APIErrorCode.AccountEmailNotConfirmed, "Email is not confirmed yet"));
}
}
// not found
return(null);
}
