public async Task <ActionResult> Create(TwoFactorComponent componentType)
{
var user = UserManager.FindById(User.Identity.GetUserId());
if (user == null)
{
return(Unauthorized());
}
// If twofactor exists something is dodgy, return unauthorised
var twofactor = user.TwoFactor.FirstOrDefault(x => x.Component == componentType && x.Type != TwoFactorType.None);
if (twofactor != null)
{
return(RedirectToRoute("Security"));
}
var hasExistingGoogle = user.TwoFactor.Any(x => x.Type == TwoFactorType.GoogleCode);
var hasExistingCryptopia = user.TwoFactor.Any(x => x.Type == TwoFactorType.CryptopiaCode);
return(await Task.FromResult(View(new CreateTwoFactorModel
{
ComponentType = componentType,
GoogleData = GoogleAuthenticationHelper.GetGoogleTwoFactorData(user.UserName),
HasExistingGoogle = hasExistingGoogle,
HasExistingCryptopia = hasExistingCryptopia,
ApplyToAllEmpty = true
})));
}
public async Task <bool> VerifyUserTwoFactorCodeAsync(TwoFactorComponent component, string userid, string data, string data2)
{
var user = await FindByIdAsync(userid);
if (user == null)
{
return(false);
}
var twofactorMethod = user.TwoFactor.FirstOrDefault(x => x.Component == component);
if (twofactorMethod == null || twofactorMethod.Type == TwoFactorType.None)
{
return(true);
}
if (twofactorMethod.Type == TwoFactorType.PinCode)
{
return(twofactorMethod.Data == data);
}
if (twofactorMethod.Type == TwoFactorType.EmailCode)
{
return(await VerifyTwoFactorTokenAsync(userid, twofactorMethod.Type.ToString(), data));
}
if (twofactorMethod.Type == TwoFactorType.GoogleCode)
{
return(GoogleAuthenticationHelper.VerifyGoogleTwoFactorCode(twofactorMethod.Data, data));
}
if (twofactorMethod.Type == TwoFactorType.CryptopiaCode)
{
return(await CryptopiaAuthenticationHelper.VerifyTwoFactorCode(userid, data));
}
if (twofactorMethod.Type == TwoFactorType.Password)
{
return(PasswordHasher.VerifyHashedPassword(user.PasswordHash, data) != PasswordVerificationResult.Failed);
}
if (twofactorMethod.Type == TwoFactorType.Question)
{
return(data.Equals(twofactorMethod.Data2, StringComparison.OrdinalIgnoreCase) && data2.Equals(twofactorMethod.Data4, StringComparison.OrdinalIgnoreCase));
}
return(false);
}
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context)
{
if (context.Principal != null)
{
Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "Access token is not valid");
Helpers.ThrowIfConditionFailed(() => context.RefreshToken == "ValidRefreshToken", "Refresh token is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetEmail(context.User) == "*****@*****.**", "Email is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetId(context.User) == "106790274378320830963", "Id is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetFamilyName(context.User) == "AspnetvnextTest", "FamilyName is not valid");
Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid");
Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(1200), "ExpiresIn is not valid");
Helpers.ThrowIfConditionFailed(() => context.User != null, "User object is not valid");
context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false"));
}
await Task.FromResult(0);
}
protected override async Task <AuthenticationTicket> CreateTicketAsync(
ClaimsIdentity identity,
AuthenticationProperties properties,
OAuthTokenResponse tokens)
{
log.LogDebug("CreateTicketAsync called tokens.AccessToken was " + tokens.AccessToken);
// Get the Google user
var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
var response = await Backchannel.SendAsync(request, Context.RequestAborted);
//string r = await response.Content.ReadAsStringAsync();
//log.LogInformation(r);
response.EnsureSuccessStatusCode();
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
{
Properties = properties,
Principal = new ClaimsPrincipal(identity)
};
var identifier = GoogleAuthenticationHelper.GetId(payload);
if (!string.IsNullOrEmpty(identifier))
{
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var givenName = GoogleAuthenticationHelper.GetGivenName(payload);
if (!string.IsNullOrEmpty(givenName))
{
identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var familyName = GoogleAuthenticationHelper.GetFamilyName(payload);
if (!string.IsNullOrEmpty(familyName))
{
identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var name = GoogleAuthenticationHelper.GetName(payload);
if (!string.IsNullOrEmpty(name))
{
identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var email = GoogleAuthenticationHelper.GetEmail(payload);
if (!string.IsNullOrEmpty(email))
{
identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var profile = GoogleAuthenticationHelper.GetProfile(payload);
if (!string.IsNullOrEmpty(profile))
{
identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
}
await Options.Notifications.Authenticated(notification);
ISiteSettings site = siteResolver.Resolve();
if (site != null)
{
Claim siteGuidClaim = new Claim("SiteGuid", site.SiteGuid.ToString());
if (!identity.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value))
{
identity.AddClaim(siteGuidClaim);
}
}
//return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
return(new AuthenticationTicket(notification.Principal, notification.Properties, AuthenticationScheme.External));
}
public ActionResult VerifyGoogleCode(string key, string code)
{
return(GoogleAuthenticationHelper.VerifyGoogleTwoFactorCode(key, code) ? JsonSuccess() : JsonError());
}
