public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
using (var repository = new AuthRepository(Logger))
{
AppUser user;
var grantType = context.Parameters.Get("grant_type");
switch (grantType)
{
case "password":
user = await repository.FindUser(context.Parameters.Get("UserName"), context.Parameters.Get("Password"));
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
clientId = user.Id;
if (user.IsGoogleAuthenticatorEnabled)
{
var totp = context.Parameters.Get("totp");
if (totp == null)
{
context.SetError("invalid_grant", "Set TOTP code");
return;
}
var validated = await repository.ValidateGoogleAuth(totp, user.Id);
if (!validated)
{
context.SetError("invalid_grant", "TOTP code is incorrect");
return;
}
}
if (Settings.Default.RequiredEmailConfirmation || !user.EmailConfirmed)
{
context.SetError("invalid_grant", "Email confirmation is required");
return;
}
break;
case "esp":
var espIdentifier = context.Parameters.Get("espid");
if (espIdentifier != null)
{
user = await repository.FindEsp(espIdentifier);
if (user == null)
{
context.SetError("invalid_grant", "The esp identifier is incorrect.");
return;
}
clientId = user.Id;
}
else
{
context.SetError("invalid_grant");
return;
}
break;
default:
context.SetError("Bad grant_type");
return;
}
}
context.Validated(clientId);
}