JObject ProcessOtpRequest(RequestInfo requestInfo) { // check if (requestInfo.Extra == null) { throw new InvalidRequestException(); } // prepare var id = requestInfo.Extra.ContainsKey("ID") ? requestInfo.Extra["ID"].Decrypt(this.EncryptionKey) : ""; var stamp = requestInfo.Extra.ContainsKey("Stamp") ? requestInfo.Extra["Stamp"].Decrypt(this.EncryptionKey) : ""; var key = $"{id}@{stamp}".ToLower().GetHMACHash(this.AuthenticationKey.ToBytes(), "SHA512"); var response = new JObject(); // setup for provisioning if (requestInfo.Extra.ContainsKey("Setup")) { var account = requestInfo.Extra.ContainsKey("Account") ? requestInfo.Extra["Account"].Decrypt(this.EncryptionKey) : ""; var issuer = requestInfo.Extra.ContainsKey("Issuer") ? requestInfo.Extra["Issuer"].Decrypt(this.EncryptionKey) : ""; if (string.IsNullOrWhiteSpace(issuer)) { issuer = UtilityService.GetAppSetting("OTPs:Issuer", "VIEApps NGX"); } var size = requestInfo.Extra.ContainsKey("Size") ? requestInfo.Extra["Size"].CastAs <int>() : UtilityService.GetAppSetting("OTPs:QRCode-Size", "300").CastAs <int>(); var ecl = requestInfo.Extra.ContainsKey("ECCLevel") ? requestInfo.Extra["ECCLevel"] : UtilityService.GetAppSetting("OTPs:QRCode-ECCLevel", "L"); var provisioningUri = OTPService.GenerateProvisioningUri(account, key, issuer.UrlEncode()); response["URI"] = this.GetHttpURI("Files", "https://fs.vieapps.net") + $"/qrcodes/{UtilityService.NewUUID.Encrypt(null, true).Substring(UtilityService.GetRandomNumber(13, 43), 13)}" + $"?v={provisioningUri.Encrypt(this.EncryptionKey).ToBase64Url(true)}" + $"&t={DateTime.Now.ToUnixTimestamp().ToString().Encrypt(this.EncryptionKey).ToBase64Url(true)}" + $"&s={size}&ecl={ecl}"; } // validate input of client else { var password = requestInfo.Extra.ContainsKey("Password") ? requestInfo.Extra["Password"].Decrypt(this.EncryptionKey) : ""; if (string.IsNullOrWhiteSpace(password)) { throw new OTPLoginFailedException(); } var interval = "App".IsEquals(requestInfo.Extra.ContainsKey("Type") ? requestInfo.Extra["Type"] : "App") ? 30 : 300; if (!password.Equals(OTPService.GeneratePassword(key, interval))) { throw new OTPLoginFailedException(); } } // response return(response); }