public async Task <ActionResult> Create(TwoFactorComponent componentType) { var user = UserManager.FindById(User.Identity.GetUserId()); if (user == null) { return(Unauthorized()); } // If twofactor exists something is dodgy, return unauthorised var twofactor = user.TwoFactor.FirstOrDefault(x => x.Component == componentType && x.Type != TwoFactorType.None); if (twofactor != null) { return(RedirectToRoute("Security")); } var hasExistingGoogle = user.TwoFactor.Any(x => x.Type == TwoFactorType.GoogleCode); var hasExistingCryptopia = user.TwoFactor.Any(x => x.Type == TwoFactorType.CryptopiaCode); return(await Task.FromResult(View(new CreateTwoFactorModel { ComponentType = componentType, GoogleData = GoogleAuthenticationHelper.GetGoogleTwoFactorData(user.UserName), HasExistingGoogle = hasExistingGoogle, HasExistingCryptopia = hasExistingCryptopia, ApplyToAllEmpty = true }))); }
public async Task <bool> VerifyUserTwoFactorCodeAsync(TwoFactorComponent component, string userid, string data, string data2) { var user = await FindByIdAsync(userid); if (user == null) { return(false); } var twofactorMethod = user.TwoFactor.FirstOrDefault(x => x.Component == component); if (twofactorMethod == null || twofactorMethod.Type == TwoFactorType.None) { return(true); } if (twofactorMethod.Type == TwoFactorType.PinCode) { return(twofactorMethod.Data == data); } if (twofactorMethod.Type == TwoFactorType.EmailCode) { return(await VerifyTwoFactorTokenAsync(userid, twofactorMethod.Type.ToString(), data)); } if (twofactorMethod.Type == TwoFactorType.GoogleCode) { return(GoogleAuthenticationHelper.VerifyGoogleTwoFactorCode(twofactorMethod.Data, data)); } if (twofactorMethod.Type == TwoFactorType.CryptopiaCode) { return(await CryptopiaAuthenticationHelper.VerifyTwoFactorCode(userid, data)); } if (twofactorMethod.Type == TwoFactorType.Password) { return(PasswordHasher.VerifyHashedPassword(user.PasswordHash, data) != PasswordVerificationResult.Failed); } if (twofactorMethod.Type == TwoFactorType.Question) { return(data.Equals(twofactorMethod.Data2, StringComparison.OrdinalIgnoreCase) && data2.Equals(twofactorMethod.Data4, StringComparison.OrdinalIgnoreCase)); } return(false); }
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context) { if (context.Principal != null) { Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "Access token is not valid"); Helpers.ThrowIfConditionFailed(() => context.RefreshToken == "ValidRefreshToken", "Refresh token is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetEmail(context.User) == "*****@*****.**", "Email is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetId(context.User) == "106790274378320830963", "Id is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetFamilyName(context.User) == "AspnetvnextTest", "FamilyName is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid"); Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(1200), "ExpiresIn is not valid"); Helpers.ThrowIfConditionFailed(() => context.User != null, "User object is not valid"); context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false")); } await Task.FromResult(0); }
protected override async Task <AuthenticationTicket> CreateTicketAsync( ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { log.LogDebug("CreateTicketAsync called tokens.AccessToken was " + tokens.AccessToken); // Get the Google user var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken); var response = await Backchannel.SendAsync(request, Context.RequestAborted); //string r = await response.Content.ReadAsStringAsync(); //log.LogInformation(r); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var identifier = GoogleAuthenticationHelper.GetId(payload); if (!string.IsNullOrEmpty(identifier)) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer)); } var givenName = GoogleAuthenticationHelper.GetGivenName(payload); if (!string.IsNullOrEmpty(givenName)) { identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer)); } var familyName = GoogleAuthenticationHelper.GetFamilyName(payload); if (!string.IsNullOrEmpty(familyName)) { identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer)); } var name = GoogleAuthenticationHelper.GetName(payload); if (!string.IsNullOrEmpty(name)) { identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer)); } var email = GoogleAuthenticationHelper.GetEmail(payload); if (!string.IsNullOrEmpty(email)) { identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer)); } var profile = GoogleAuthenticationHelper.GetProfile(payload); if (!string.IsNullOrEmpty(profile)) { identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); ISiteSettings site = siteResolver.Resolve(); if (site != null) { Claim siteGuidClaim = new Claim("SiteGuid", site.SiteGuid.ToString()); if (!identity.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value)) { identity.AddClaim(siteGuidClaim); } } //return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme); return(new AuthenticationTicket(notification.Principal, notification.Properties, AuthenticationScheme.External)); }
public ActionResult VerifyGoogleCode(string key, string code) { return(GoogleAuthenticationHelper.VerifyGoogleTwoFactorCode(key, code) ? JsonSuccess() : JsonError()); }