public async Task <TwoFactorValidateResponse> ValidateTwoFactor(string accountSecretKey, string twoFactorCodeFromClient) { var response = new TwoFactorValidateResponse { IsValid = _twoFactorSetupRepository.ValidateTwoFactorPin(accountSecretKey, twoFactorCodeFromClient) }; return(await Task.FromResult(response)); }
protected Task <byte[]> MockExecuteRest(string endpoint, ApiRequestPayload payload, IAuth auth) { if (auth.Endpoint.Server != DataVault.DefaultEnvironment) { return(Task.FromException <byte[]>(new KeeperRegionRedirect(DataVault.DefaultEnvironment))); } byte[] response = null; switch (endpoint) { case "authentication/register_device": { var device = new Device() { EncryptedDeviceToken = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(64)), }; response = device.ToByteArray(); } break; case "authentication/start_login": { var lrs = new LoginResponse { EncryptedLoginToken = ByteString.CopyFrom(DataVault.EncryptedLoginToken), }; if (StopAtDeviceApproval) { lrs.LoginState = LoginState.DeviceApprovalRequired; } else if (StopAtTwoFactor) { lrs.LoginState = LoginState.Requires2Fa; lrs.Channels.Add(new TwoFactorChannelInfo { ChannelType = TwoFactorChannelType.TwoFaCtTotp, ChannelUid = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)), ChannelName = "Mock", }); } else if (StopAtPassword) { lrs.LoginState = LoginState.RequiresAuthHash; lrs.Salt.Add(new Salt { Iterations = DataVault.UserIterations, Salt_ = ByteString.CopyFrom(DataVault.UserSalt), Name = "Mock", Uid = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)), }); } else { lrs.LoginState = LoginState.LoggedIn; lrs.AccountUid = ByteString.CopyFrom(DataVault.AccountUid); lrs.PrimaryUsername = DataVault.UserName; lrs.CloneCode = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)); lrs.EncryptedSessionToken = ByteString.CopyFrom(DataVault.SessionToken); var device = auth.Storage.Devices.List.FirstOrDefault(); var devicePrivateKey = CryptoUtils.LoadPrivateEcKey(device.DeviceKey); var devicePublicKey = CryptoUtils.GetPublicEcKey(devicePrivateKey); lrs.EncryptedDataKey = ByteString.CopyFrom(CryptoUtils.EncryptEc(DataVault.UserDataKey, devicePublicKey)); lrs.EncryptedDataKeyType = EncryptedDataKeyType.ByDevicePublicKey; } response = lrs.ToByteArray(); } break; case "authentication/validate_auth_hash": { var request = ValidateAuthHashRequest.Parser.ParseFrom(payload.Payload); var expectedPassword = CryptoUtils.DeriveV1KeyHash(DataVault.UserPassword, DataVault.UserSalt, DataVault.UserIterations); if (request.AuthResponse.SequenceEqual(expectedPassword)) { var lrs = new LoginResponse { LoginState = LoginState.LoggedIn, EncryptedLoginToken = ByteString.CopyFrom(DataVault.EncryptedLoginToken), AccountUid = ByteString.CopyFrom(DataVault.AccountUid), PrimaryUsername = DataVault.UserName, CloneCode = ByteString.CopyFrom(CryptoUtils.GetRandomBytes(8)), EncryptedSessionToken = ByteString.CopyFrom(DataVault.SessionToken), EncryptedDataKey = ByteString.CopyFrom(DataVault.EncryptionParams), EncryptedDataKeyType = EncryptedDataKeyType.ByPassword, }; response = lrs.ToByteArray(); } else { return(Task.FromException <byte[]>(new KeeperAuthFailed())); } } break; case "authentication/request_device_verification": StopAtDeviceApproval = false; response = new byte[0]; break; case "authentication/2fa_send_push": if (StopAtDeviceApproval) { StopAtDeviceApproval = false; } response = new byte[0]; break; case "authentication/2fa_validate": var tfvr = TwoFactorValidateRequest.Parser.ParseFrom(payload.Payload); if (tfvr.Value == DataVault.TwoFactorOneTimeToken) { StopAtTwoFactor = false; var tfars = new TwoFactorValidateResponse { EncryptedLoginToken = tfvr.EncryptedLoginToken }; response = tfars.ToByteArray(); } else { return(Task.FromException <byte[]>(new KeeperAuthFailed())); } break; case "vault/execute_v2_command": break; case "authentication/validate_device_verification_code": var vdvcr = ValidateDeviceVerificationCodeRequest.Parser.ParseFrom(payload.Payload); if (vdvcr.VerificationCode == DataVault.DeviceVerificationEmailCode) { StopAtDeviceApproval = false; response = new byte[0]; } else { return(Task.FromException <byte[]>(new KeeperAuthFailed())); } break; case "login/account_summary": { response = auth.ProcessAccountSummary().ToByteArray(); } break; } if (response != null) { return(Task.FromResult(response)); } return(Task.FromException <byte[]>(new KeeperCanceled())); }