C# (CSharp) LoginUtils.ValidateOTP Examples

Example #1

File: ApplicationOAuthProvider.cs Project: quickbird-uk/Hive-Server

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            /*Gets Extra keys sent form the user's computer, however we will make this unnessesary
             * var data = await context.Request.ReadFormAsync();
             * string email = data.GetValues("email").First(); */

            //setup nessesary variables
            var             userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
            ApplicationUser user        = null;
            bool            loggedIn    = false;


            if (string.IsNullOrWhiteSpace(context.Password))                                                                   //check if valid password was provided
            {
                context.SetError(ErrorResponse.PasswordIsBad.error.ToString(), ErrorResponse.PasswordIsBad.error_description); //rejects, password is wrong
                return;
            }
            else
            {
                user = await LoginUtils.findByIdentifierAsync(context.UserName, userManager);
            }



            if (user == null)
            {
                context.SetError(ErrorResponse.CantLogin.error.ToString(), ErrorResponse.CantLogin.error_description); //rejects, no user found
                return;
            }

            var PasswordCheck = userManager.PasswordHasher.VerifyHashedPassword(user.PasswordHash, context.Password); //check if password was correct

            if (PasswordCheck.Equals(PasswordVerificationResult.Success) && user.PhoneNumberConfirmed)                //user provided correct creentials
            {
                loggedIn = true;
            }
            else if (PasswordCheck.Equals(PasswordVerificationResult.Success))
            {
                //Send an SMS!!
                string otp = Base.LoginUtils.GenerateOTP(user);
                await SMSService.SendMessage(user.PhoneNumber.ToString(), String.Format("Your SMS code is {0} use it to confirm your phone number withing {1} min", otp, LoginUtils.Interval / 60));

                context.SetError(ErrorResponse.PhoneNumberUnconfirmed.error.ToString(), ErrorResponse.PhoneNumberUnconfirmed.error_description);
            }
            else if (!loggedIn)// log in with SMS code
            {
                loggedIn = LoginUtils.ValidateOTP(user, context.Password);

                if (!user.PhoneNumberConfirmed && loggedIn) //if the user's phone number is not confirmed, and if logged in set it confirmed
                {
                    user.PhoneNumberConfirmed = true;
                    await userManager.UpdateAsync(user);
                }
            }


            if (loggedIn)                                                                        //user provided correct creentials
            {
                ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, //generates identity
                                                                                    OAuthDefaults.AuthenticationType);

                AuthenticationProperties properties = CreateProperties(user.Id.ToString());        //generates properties

                AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); //puts properties and idenity into authentication ticket

                context.Validated(ticket);
            }
            else
            {
                context.SetError(ErrorResponse.CantLogin.error.ToString(), ErrorResponse.CantLogin.error_description); //rejects, password is wrong
            }


            /*ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
             *  CookieAuthenticationDefaults.AuthenticationType);
             */
            //context.Request.Context.Authentication.SignIn(cookiesIdentity);
        }