public override State Advance(TwoFactorAuth owner)
            {
                var validAnswers = new[] { Ui.Answer.Check, Ui.Answer.Resend, Ui.Answer.Email };
                var answer       = owner._ui.AskToWaitForOob(owner._settings.Devices[_deviceIndex].Name,
                                                             owner._settings.Email,
                                                             validAnswers);

                switch (answer)
                {
                case Ui.Answer.Check:
                    return(Check(owner));

                case Ui.Answer.Resend:
                    Client.AuthSendPush(owner._clientInfo,
                                        owner._settings.Devices[_deviceIndex].Id,
                                        owner._settings.TransactionId,
                                        owner._rest);
                    return(this);

                case Ui.Answer.Email:
                    Client.AuthSendEmail(owner._clientInfo,
                                         owner._settings.Email,
                                         owner._settings.TransactionId,
                                         owner._rest);
                    return(new WaitForEmail());
                }

                throw new InternalErrorException($"Invalid answer '{answer}'");
            }
            public override State Advance(TwoFactorAuth owner)
            {
                var names        = owner._settings.Devices.Select(i => i.Name).ToArray();
                var validAnswers = Enumerable.Range(0, owner._settings.Devices.Length)
                                   .Select(i => Ui.Answer.Device0 + i)
                                   .Concat(new[] { Ui.Answer.Email })
                                   .ToArray();
                var answer = owner._ui.AskToChooseOob(names, owner._settings.Email, validAnswers);

                if (answer == Ui.Answer.Email)
                {
                    Client.AuthSendEmail(owner._clientInfo,
                                         owner._settings.Email,
                                         owner._settings.TransactionId,
                                         owner._rest);
                    return(new WaitForEmail());
                }

                var deviceIndex = answer - Ui.Answer.Device0;

                if (deviceIndex >= 0 && deviceIndex < owner._settings.Devices.Length)
                {
                    Client.AuthSendPush(owner._clientInfo,
                                        owner._settings.Devices[deviceIndex].Id,
                                        owner._settings.TransactionId,
                                        owner._rest);
                    return(new WaitForOob(deviceIndex));
                }

                throw new InternalErrorException($"Invalid answer '{answer}'");
            }
            // TODO: Shared code for most states. It's not really good that it's in the base class.
            protected State Check(TwoFactorAuth owner)
            {
                var result = Client.AuthCheck(owner._clientInfo,
                                              owner._settings.TransactionId,
                                              owner._rest);

                return(new Done(result));
            }
 public override State Advance(TwoFactorAuth owner)
 {
     Client.AuthSendPush(owner._clientInfo,
                         owner._settings.Devices[_deviceIndex].Id,
                         owner._settings.TransactionId,
                         owner._rest);
     return(new WaitForOob(_deviceIndex));
 }
 public override State Advance(TwoFactorAuth owner)
 {
     Client.AuthSendEmail(owner._clientInfo,
                          owner._settings.Email,
                          owner._settings.TransactionId,
                          owner._rest);
     return(new WaitForEmail());
 }
            // TODO: Shared code for most states. It's not really good that it's in the base class.
            protected State Check(TwoFactorAuth owner)
            {
                var result = Client.AuthCheck(owner._clientInfo,
                                              owner._settings.TransactionId,
                                              owner._rest);

                if (result == null)
                {
                    return(new Failure("Failed"));
                }
                return(new Done(result));
            }
 public override State Advance(TwoFactorAuth owner) => throw new NotImplementedException();
 public abstract State Advance(TwoFactorAuth owner);
 public virtual State Advance(TwoFactorAuth owner)
 {
     throw new InternalErrorException("Unreachable code");
 }
Ejemplo n.º 10
0
        public static Account[] OpenVault(string username,
                                          string password,
                                          Ui ui,
                                          ISecureStorage storage,
                                          IRestTransport transport)
        {
            var rest = new RestClient(transport);

            // Step 1: Register a new deice or use the existing one from the previous run.
            var deviceInfo = LoadDeviceInfo(storage) ?? RegisterNewDevice("truekey-sharp", rest);

            // Step 2: Parse the token to decode OTP information.
            var otpInfo = Util.ParseClientToken(deviceInfo.Token);

            // Step 3: Validate the OTP info to make sure it's got only the
            //         things we support at the moment.
            Util.ValidateOtpInfo(otpInfo);

            // Store the token and ID for the next time.
            StoreDeviceInfo(deviceInfo, storage);

            // Bundle up everything in one place
            var clientInfo = new ClientInfo(username, "truekey-sharp", deviceInfo, otpInfo);

            // Step 4: Auth step 1 gives us a transaction id to pass along to the next step.
            var transactionId = AuthStep1(clientInfo, rest);

            // Step 5: Auth step 2 gives us the instructions on what to do next. For a new client that
            //         would be some form of second factor auth. For a known client that would be a
            //         pair of OAuth tokens.
            var whatsNext = AuthStep2(clientInfo, password, transactionId, rest);

            // The device is trusted if it's already authenticated at this point and
            // no second factor is needed.
            var isTrusted = whatsNext.IsAuthenticated;

            // Step 6: Auth FSM -- walk through all the auth steps until we're done.
            var oauthToken = TwoFactorAuth.Start(clientInfo, whatsNext, ui, rest);

            // Step 7: Save this device as trusted not to repeat the two factor dance next times.
            if (!isTrusted)
            {
                SaveDeviceAsTrusted(clientInfo, transactionId, oauthToken, rest);
            }

            // Step 8: Get the vault from the server.
            var encryptedVault = GetVault(oauthToken, rest);

            // Step 9: Compute the master key.
            var masterKey = Util.DecryptMasterKey(password,
                                                  encryptedVault.MasterKeySalt,
                                                  encryptedVault.EncryptedMasterKey);

            // Step 10: Decrypt the accounts.
            var accounts = encryptedVault
                           .EncryptedAccounts
                           .Select(i => new Account(id: i.Id,
                                                    name: i.Name,
                                                    username: i.Username,
                                                    password: Util.Decrypt(masterKey, i.EncryptedPassword).ToUtf8(),
                                                    url: i.Url,
                                                    note: Util.Decrypt(masterKey, i.EncryptedNote).ToUtf8()))
                           .ToArray();

            return(accounts);
        }