/// <summary>
/// This is a helper that sends out an SMS.
/// </summary>
/// <param name="model"></param>
/// <param name="user"></param>
/// <returns></returns>
private ActionResult SendSmsCode(string userId,string phone,string AddMessage="")
{
string code = UserManager.GenerateChangePhoneNumberToken(userId, phone);
try
{
if (!string.IsNullOrEmpty(AddMessage))
{
AddMessage = " - " + AddMessage;
}
UserManager.SendSms(userId, string.Format("Please confirm your phone no: '{0}' by sending Code: {1} {2}", phone, code, AddMessage));
VerifyPhoneNumberViewModel vpv=new VerifyPhoneNumberViewModel { PhoneNumber = phone };
return RedirectToAction("GetCodeOrLogin", vpv);
}
catch
{
throw;
}
}
public ActionResult VerifyCode(VerifyPhoneNumberViewModel model)
{
//the code used here is a dummy to help with redirection
if (!ModelState.IsValid)
{
return View(model);
}
// The following code protects for brute force attacks against the two factor codes.
// If a user enters incorrect codes for a specified amount of time then the user account
// will be locked out for a specified amount of time.
// You can configure the account lockout settings in IdentityConfig
//var result = await SignInManager.TwoFactorSignInAsync(model.Provider, model.Code, isPersistent: model.RememberMe, rememberBrowser: model.RememberBrowser);
var userFound = UserManager.FindByName(model.PhoneNumber);
var result = UserManager.ChangePhoneNumber(userFound.Id, userFound.PhoneNumber, model.Code);
//if the result is successful, then the phone number is now verified. Therefore switch on verify
switch (result.Succeeded)
{
case true:
userFound.PhoneNumberConfirmed = true;
var updateresult = UserManager.Update(userFound);
if (!updateresult.Succeeded)
{
string additionalMsg = "Update Failed. Enter New number";
SendSmsCode(userFound.Id, userFound.PhoneNumber, additionalMsg);
}
break;
default:
//we need to do something here to fail a brute force attack
//Best is to fail silently.... and send a new SMS number
string msg = "Your try was wrong. If it was not you, then someone is trying to hack your number. Pls inform us immediately.";
SendSmsCode(userFound.Id, userFound.PhoneNumber, msg);
break;
}
switch (result.Succeeded)
{
case true: return View("Login", new LoginViewModel { Phone= userFound.PhoneNumber,Password=string.Empty});
default:
ModelState.AddModelError("", "Unable to update user Verification.");
return View(model);
}
}
public ActionResult GetCodeOrLogin(VerifyPhoneNumberViewModel fVM)
{
return View(fVM);
}
public ActionResult VerifyCode(string phoneNumber)
{
// Require that the user has already logged in via username/password or external login
//if (!await SignInManager.HasBeenVerifiedAsync())
//{
// return View("Error");
//}
//return View(new VerifyCodeViewModel { UserId=userId});
VerifyPhoneNumberViewModel vpvm = new VerifyPhoneNumberViewModel { PhoneNumber = phoneNumber};
//return VerifyCode (vpvm,"xxxx" );
return View(vpvm);
}
