public void TestSignWithCustomTime()
{
long fake_current_time = 1300157874 - 75;
DateTime fake_current_dt = new DateTime(1970, 1, 1).AddSeconds(fake_current_time);
string request_sig = DuoWeb.SignRequest(IKEY, SKEY, AKEY, USER, fake_current_dt);
Assert.AreEqual(request_sig, OLD_REQUEST);
}
public void TestVerifyExpiredUserWithCustomTime()
{
long fake_current_unixtime = 1300157874 - 60;
DateTime fake_current_dt = new DateTime(1970, 1, 1).AddSeconds(fake_current_unixtime);
string expired_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, EXPIRED_RESPONSE + ":" + OLD_REQUEST_APP_SIG, fake_current_dt);
Assert.AreEqual(expired_user, USER);
}
public void SetUp()
{
var request_sig = DuoWeb.SignRequest(IKEY, SKEY, AKEY, USER);
var sigs = request_sig.Split(':');
valid_app_sig = sigs[1];
request_sig = DuoWeb.SignRequest(IKEY, SKEY, "invalidinvalidinvalidinvalidinvalidinvalid", USER);
sigs = request_sig.Split(':');
invalid_app_sig = sigs[1];
}
public async Task <bool> ValidateAsync(string purpose, string token, UserManager <User> manager, User user)
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
if (!HasProperMetaData(provider))
{
return(false);
}
var response = DuoWeb.VerifyResponse((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
_globalSettings.Duo.AKey, token);
return(response == user.Email);
}
public async Task <string> GenerateAsync(string purpose, UserManager <User> manager, User user)
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
if (!HasProperMetaData(provider))
{
return(null);
}
var signatureRequest = DuoWeb.SignRequest((string)provider.MetaData["IKey"],
(string)provider.MetaData["SKey"], _globalSettings.Duo.AKey, user.Email);
return(signatureRequest);
}
public Task <bool> ValidateAsync(string token, Organization organization, User user)
{
if (organization == null || !organization.Enabled || !organization.Use2fa)
{
return(Task.FromResult(false));
}
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
if (!HasProperMetaData(provider))
{
return(Task.FromResult(false));
}
var response = DuoWeb.VerifyResponse(provider.MetaData["IKey"].ToString(),
provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, token);
return(Task.FromResult(response == user.Email));
}
public Task <string> GenerateAsync(Organization organization, User user)
{
if (organization == null || !organization.Enabled || !organization.Use2fa)
{
return(Task.FromResult <string>(null));
}
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
if (!HasProperMetaData(provider))
{
return(Task.FromResult <string>(null));
}
var signatureRequest = DuoWeb.SignRequest(provider.MetaData["IKey"].ToString(),
provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, user.Email);
return(Task.FromResult(signatureRequest));
}
private static string doPost(HttpListenerRequest request)
{
using (Stream body = request.InputStream)
{
using (StreamReader reader = new StreamReader(body, request.ContentEncoding))
{
string bodyStream = reader.ReadToEnd();
var form = bodyStream.Split('=');
var sig_response_val = WebUtility.UrlDecode(form[1]);
string responseUser = DuoWeb.VerifyResponse(ikey, skey, akey, sig_response_val);
if (string.IsNullOrEmpty(responseUser))
{
return("Did not authenticate with Duo.");
}
return($"Authenticated with Duo as {responseUser}.");
}
}
}
private static string doGet(HttpListenerRequest request)
{
string response;
try
{
response = File.ReadAllText(Path.GetFileName(request.RawUrl));
}
catch
{
string userName = request.QueryString.Get("user");
if (string.IsNullOrEmpty(userName))
{
return("You must include a user to authenticate with Duo");
}
var sig_request = DuoWeb.SignRequest(ikey, skey, akey, userName);
response = $@"<html>
<head>
<title>Duo Authentication</title>
<meta name='viewport' content='width=device-width, initial-scale=1'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
<link rel='stylesheet' type='text/css' href='Duo-Frame.css'>
</head>
<body>
<h1>Duo Authentication</h1>
<script src='/Duo-Web-v2.js'></script>
<iframe id='duo_iframe'
title='Two-Factor Authentication'
frameborder='0'
data-host='{host}'
data-sig-request='{sig_request}'>
</iframe>
</body>
</html>";
}
return(response);
}
public void TestVerifyFutureUserInvalidAppSig()
{
string future_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ":" + invalid_app_sig);
Assert.IsNull(future_user);
}
public void TestSign()
{
string request_sig = DuoWeb.SignRequest(IKEY, SKEY, AKEY, USER);
Assert.IsNotNull(request_sig);
}
public void TestVerifyInvalidUser()
{
string invalid_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, INVALID_RESPONSE + ":" + valid_app_sig);
Assert.IsNull(invalid_user);
}
public void TestVerifyExpiredUser()
{
string expired_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, EXPIRED_RESPONSE + ":" + valid_app_sig);
Assert.IsNull(expired_user);
}
public void TestVerifyFutureUserWrongIkey()
{
string future_user = DuoWeb.VerifyResponse(WRONG_IKEY, SKEY, AKEY, FUTURE_RESPONSE + ":" + valid_app_sig);
Assert.IsNull(future_user);
}
public void TestVerifyFutureUserWrongAppSigFormat()
{
string future_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ":" + WRONG_PARAMS_APP);
Assert.IsNull(future_user);
}
public void TestVerifyFutureUserWrongResponseFormat()
{
string future_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, WRONG_PARAMS_RESPONSE + ":" + valid_app_sig);
Assert.IsNull(future_user, USER);
}
public void TestSignBadUsername()
{
string request_sig = DuoWeb.SignRequest(IKEY, SKEY, AKEY, "in|valid");
Assert.AreEqual(request_sig, DuoWeb.ERR_USER);
}
public void TestSignBadAkey()
{
string request_sig = DuoWeb.SignRequest(IKEY, SKEY, "invalid", USER);
Assert.AreEqual(request_sig, DuoWeb.ERR_AKEY);
}
public void TestVerifyFutureUserValidAppSig()
{
string future_user = DuoWeb.VerifyResponse(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ":" + valid_app_sig);
Assert.AreEqual(future_user, USER);
}
