public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var createUser = false;
var raw = context.Request.Raw;
var credential = raw.Get(OidcConstants.TokenRequest.GrantType);
if (credential != null && credential == Constants.IdentityConstants.GrantType.VerifyPhoneNumber)
{
var phoneNumber = raw.Get(Constants.IdentityConstants.TokenRequest.PhoneNumber);
var verificationToken = raw.Get(Constants.IdentityConstants.TokenRequest.Token);
var user = await _userManager.Users.SingleOrDefaultAsync(x => x.PhoneNumber == _userManager.NormalizeKey(phoneNumber));
if (user == null)
{
user = new ApplicationUser
{
UserName = phoneNumber,
PhoneNumber = phoneNumber,
SecurityStamp = phoneNumber.Sha256()
};
createUser = true;
}
var result = await _phoneNumberTokenProvider.ValidateAsync("verify_number", verificationToken, _userManager, user);
if (result)
{
if (createUser)
{
user.PhoneNumberConfirmed = true;
var resultCreation = await _userManager.CreateAsync(user);
if (resultCreation != IdentityResult.Success)
{
_logger.LogInformation("User creation failed: {username}, reason: invalid user", phoneNumber);
await _events.RaiseAsync(new UserLoginFailureEvent(phoneNumber, resultCreation.Errors.Select(x => x.Description).Aggregate((a, b) => a + ", " + b), false));
return;
}
}
_logger.LogInformation("Credentials validated for username: {phoneNumber}", phoneNumber);
await _events.RaiseAsync(new UserLoginSuccessEvent(phoneNumber, user.Id, phoneNumber, false));
await _signInManager.SignInAsync(user, true);
context.Result = new GrantValidationResult(user.Id, OidcConstants.AuthenticationMethods.ConfirmationBySms);
}
else
{
_logger.LogInformation("Authentication failed for token: {token}, reason: invalid token", verificationToken);
await _events.RaiseAsync(new UserLoginFailureEvent(verificationToken, "invalid token or verification id", false));
}
}
else
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "invalid verify_phone_number_token credential");
}
}
public async Task <int> VerifyResetPassword(ApplicationUser _User, string token, string newPassword)
{
if (_User != null && token != null)
{
PhoneNumberTokenProvider <ApplicationUser> phoneNumberTokenProvider = new PhoneNumberTokenProvider <ApplicationUser>();
var isValidToken = await phoneNumberTokenProvider.ValidateAsync("ResetPassword", token, _userManager, _User);
if (isValidToken)
{
var status = await _userManager.AddPasswordAsync(_User, newPassword);
if (status.Succeeded)
{
return(1);
}
}
return(-1);
}
return(0);
}
public async Task <ApplicationUser> AuthenticateAsync(
string key,
string phoneNumber,
string verificationToken,
bool createUserIfNotExists = false)
{
if (string.IsNullOrEmpty(key))
{
throw new ArgumentException(nameof(key));
}
if (string.IsNullOrEmpty(phoneNumber))
{
throw new ArgumentException(nameof(phoneNumber));
}
if (string.IsNullOrEmpty(verificationToken))
{
throw new ArgumentException(nameof(verificationToken));
}
var user = await GetUserByPhoneAsync(phoneNumber);
var userExists = user.Id != DummyUserId;
var valid = await _phoneNumberTokenProvider
.ValidateAsync($"{PhoneNumberVerificationPurpose}-{key}", verificationToken, _userManager, user);
if (!valid)
{
_logger.LogInformation("Authentication failed for token: {token}, reason: invalid token",
verificationToken);
await _events.RaiseAsync(new UserLoginFailureEvent(verificationToken,
"invalid token or verification id", false));
return(null);
}
_logger.LogInformation("Phone number verified: {phoneNumber}", phoneNumber);
await _events.RaiseAsync(new UserLoginSuccessEvent(phoneNumber, user.Id, phoneNumber, false));
if (!userExists && createUserIfNotExists)
{
user.Id = Guid.NewGuid().ToString();
user.PhoneNumberConfirmed = true;
var result = await _userManager.CreateAsync(user);
if (result != IdentityResult.Success)
{
var reason = result.Errors.Select(x => x.Description)
.Aggregate((a, b) => a + ", " + b);
_logger.LogInformation("User creation failed: {username}, reason: {reason}",
phoneNumber, reason);
await _events.RaiseAsync(new UserLoginFailureEvent(phoneNumber,
reason, false));
return(null);
}
userExists = true;
}
if (!userExists)
{
return(null);
}
await _signInManager.SignInAsync(user, true);
return(user);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var raw = context.Request.Raw;
var acr_values = raw.ToNameValueCollection(OidcConstants.AuthorizeRequest.AcrValues);
var phoneNumber = raw.Get(TokenRequest.PhoneNumber);
var verificationToken = raw.Get(TokenRequest.VerificationToken);
var protectToken = raw.Get(TokenRequest.ProtectToken);
var device_id = acr_values.Get("device_id");
var notification_id = acr_values.Get("notification_id");
var credential = raw.Get(OidcConstants.TokenRequest.GrantType);
if (credential == null || credential != MobileAuthConstants.GrantType.PhoneNumberToken)
{
_logger.LogInformation("Invalid grant_type support", credential);
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, $"invalid grant_type {MobileAuthConstants.GrantType.PhoneNumberToken}");
return;
}
if (string.IsNullOrEmpty(device_id))
{
_logger.LogInformation("Invalid device_id support", credential);
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidTarget, $"invalid device_id ");
return;
}
var user = await _userManager.Users.FirstOrDefaultAsync(x => x.PhoneNumber == phoneNumber);
if (user == null)
{
_logger.LogInformation("User creation failed: {username}, reason: invalid user", phoneNumber);
await _events.RaiseAsync(new UserLoginFailureEvent(phoneNumber, "User not found on provided phone_number", false));
return;
}
if (!await _userManager.VerifyUserTokenAsync(user, "Default", TokenPurpose.MobilePasswordAuth, protectToken))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, $"invalid or missing {TokenRequest.ProtectToken}");
return;
}
var result = await _phoneNumberTokenProvider.ValidateAsync(TokenPurpose.MobilePasswordAuth, verificationToken, _userManager, user);
if (!result)
{
_logger.LogInformation("Authentication failed for token: {token}, reason: invalid token",
verificationToken);
await _events.RaiseAsync(new UserLoginFailureEvent(verificationToken,
"invalid token or verification id", false));
return;
}
await _userManager.UpdateSecurityStampAsync(user);
var claims = await _userManager.GetClaimsAsync(user);
var claim_device_id = claims.FirstOrDefault(x => x.Type == "device_id");
if (claim_device_id != null)
{
await _userManager.RemoveClaimAsync(user, claim_device_id);
}
claim_device_id = new Claim("device_id", device_id);
var claimresult = await _userManager.AddClaimAsync(user, claim_device_id);
var claim_notification_id = claims.FirstOrDefault(x => x.Type == "notification_id");
if (claim_notification_id != null)
{
await _userManager.RemoveClaimAsync(user, claim_notification_id);
}
claim_notification_id = new Claim("notification_id", notification_id);
await _userManager.AddClaimAsync(user, claim_notification_id);
_logger.LogInformation("Credentials validated for username: {phoneNumber}", phoneNumber);
await _events.RaiseAsync(new UserLoginSuccessEvent(phoneNumber, user.Id.ToString(), phoneNumber, false));
await _signInManager.SignInAsync(user, true);
context.Result = new GrantValidationResult(user.Id.ToString(), OidcConstants.AuthenticationMethods.ConfirmationBySms);
}