public void Registration_BadApiKey()
{
var client = new AuthyClient(badApiKey, true);
var result = client.RegisterUser("*****@*****.**", "123-456-7890");
Assert.AreEqual(AuthyStatus.Unauthorized, result.Status);
}
public ActionResult Verify(string token)
{
if (!IsAuthState(1))
{
return(Redirect("/"));
}
TwoFactorAuthenticationConfig config = Config.Get <TwoFactorAuthenticationConfig>();
var authy = new AuthyClient(config.ApiKey, test: false);
string authyId = Session["tfa.authyId"].ToString();
VerifyTokenResult result = authy.VerifyToken(authyId, token);
if (result.Success)
{
var loggedInUsers = SecurityManager.GetLoggedInBackendUsers();
if (loggedInUsers.Where(u => u.UserName == Session["tfa.wrap_name"].ToString()).Count() > 0)
{
}
return(Redirect(GetLoginUri()));
}
else
{
var model = new LoginModel();
ModelState.AddModelError("InvalidToken", "Incorrect Token");
return(View("Verify", model));
}
}
public void Verification_BadApiKey()
{
var client = new AuthyClient(badApiKey, true);
var result = client.VerifyToken("1", "0000000");
Assert.AreEqual(AuthyStatus.Unauthorized, result.Status);
}
public void Registration_InvalidApiKey() {
var client = new AuthyClient(invalidApiKey, true);
var result = client.RegisterUser("*****@*****.**", "317-338-9302", 93);
Assert.AreEqual(AuthyStatus.Unauthorized, result.Status);
Assert.AreEqual(result.Success, false);
Assert.AreEqual(result.Message, "Invalid API key.");
}
public void Registration_InvalidApiKey()
{
var client = new AuthyClient(invalidApiKey, true);
var result = client.RegisterUser("*****@*****.**", "317-338-9302", 93);
Assert.AreEqual(AuthyStatus.Unauthorized, result.Status);
Assert.AreEqual(result.Success, false);
Assert.AreEqual(result.Message, "Invalid API key.");
}
public void Verification_InvalidApiKey()
{
var client = new AuthyClient(invalidApiKey, true);
var result = client.VerifyToken("1", "0000000");
Assert.AreEqual(result.Status, AuthyStatus.Unauthorized);
Assert.AreEqual(result.Success, false);
Assert.AreEqual(result.Message, "Invalid API key.");
}
public void Verification_InvalidApiKey() {
var client = new AuthyClient(invalidApiKey, true);
var result = client.VerifyToken("1", "0000000");
Assert.AreEqual(result.Status, AuthyStatus.Unauthorized);
Assert.AreEqual(result.Success, false);
Assert.AreEqual(result.Message, "Invalid API key.");
}
public ActionResult Verify(string token)
{
if (!IsAuthState(1))
{
return Redirect("/");
}
TwoFactorAuthenticationConfig config = Config.Get<TwoFactorAuthenticationConfig>();
var authy = new AuthyClient(config.ApiKey, test: false);
string authyId = Session["tfa.authyId"].ToString();
VerifyTokenResult result = authy.VerifyToken(authyId, token);
if (result.Success)
{
var loggedInUsers = SecurityManager.GetLoggedInBackendUsers();
if (loggedInUsers.Where(u => u.UserName == Session["tfa.wrap_name"].ToString()).Count() > 0)
{
}
return Redirect(GetLoginUri());
}
else
{
var model = new LoginModel();
ModelState.AddModelError("InvalidToken", "Incorrect Token");
return View("Verify", model);
}
}
public void Verification_BadApiKey()
{
var client = new AuthyClient(badApiKey, true);
var result = client.VerifyToken("1", "0000000");
Assert.AreEqual(AuthyStatus.Unauthorized, result.Status);
}
public void Registration_BadApiKey()
{
var client = new AuthyClient(badApiKey, true);
var result = client.RegisterUser("*****@*****.**", "123-456-7890");
Assert.AreEqual(AuthyStatus.Unauthorized, result.Status);
}
public async Task <ActionResult> Verify2FA()
{
// 0 - userId
// 1 - userName
// 2 - displayName
// 3 - md5 (4)
// 4 - isActive (5)
// 5 - NewHash (6)
string[] u = Request.Form["2FAUser"][0].FromBase64().Split('|');
bool md5 = Convert.ToBoolean(u[3]), isActive = Convert.ToBoolean(u[4]);
var user = _context.Users.Where(x => x.Id == Convert.ToInt32(u[0])).Single();
//var u = User.GetPassword(txtUserName.Text);
bool tfaValid = false;
if (!Regex.IsMatch(user.TwoFactor, @"^[\d]+$"))
{
TwoFactorAuthenticator tfa = new TwoFactorAuthenticator();
if (tfa.ValidateTwoFactorPIN(user.TwoFactor, Request.Form["TwoFactorCode"][0]))
{
tfaValid = true;
}
}
else
{
var client = new AuthyClient(settings.AuthyApiKey);
if (client.VerifyToken(Convert.ToInt32(user.TwoFactor), Convert.ToInt32(Request.Form["TwoFactorCode"][0])))
{
tfaValid = true;
}
}
if (tfaValid)
{
if ((md5 && !isActive) || isActive)
{
await _signInManager.SignInAsync(user, false);
//FormsAuthentication.RedirectFromLoginPage(u[1], false);
if (NumTries > 0)
{
Response.Cookies.Delete("InvalidTries");
}
if (md5)
{
user.UserPassword = u[5];
user.EmailConfirmation = Guid.NewGuid();
user.IsActive = true;
_context.Users.Update(user);
}
}
else
{
TempData["2FAError"] = true;
//ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "LoginError", "$.magnificPopup.open({ items: { src: '#loginModalPopup' }, prependTo:'form#aspnetForm', closeOnBgClick: false });", true);
TempData["2FAErrorMessage"] = "Sorry, there's a problem with your account. <a href=\"/Contact\">Contact us</a> to get it resolved.";
//FailureText.Visible = true;
int tries = NumTries + 1;
NumTries = tries;
}
}
else
{
// Display error and re-display popup
TempData["2FAError"] = true;
TempData["2FAErrorMessage"] = "Invalid token. Please try again.";
//TwoFactorError.InnerText = "Invalid token. Please try again.";
//ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "changePassword", "$.magnificPopup.open({ items: { src: '#twoFAModal' }, prependTo:'form#aspnetForm', closeOnBgClick: false });", true);
}
string url = Request.Form["loginPage"];
if (Url.IsLocalUrl(url))
{
return(Redirect(url));
}
else
{
return(Redirect("/"));
}
}
