public void FromBase32StringShouldThrowArgumentNullExceptionOnInputParamWhiteSpace()
{
// Arrange
const string data = "";
// Act
// Assert
Assert.Throws <ArgumentNullException>(() => Base32Encoder.FromBase32String(data));
}
public void FromBase32StringShouldThrowArgumentExceptionOnInvalidBase32InputChar()
{
// Arrange
const string data = "0"; // NOTE: 0 is an invalid char
// Act
// Assert
Assert.Throws <ArgumentException>(() => Base32Encoder.FromBase32String(data));
}
public void FromBase32StringShould_DO_STUFF()
{
// Arrange
var bytes = Encoding.UTF8.GetBytes("test string.");
const string data = "ORSXG5BAON2HE2LOM4XA";
// Act
var result = Base32Encoder.FromBase32String(data);
// Assert
//var viewResult = Assert.IsType<byte[]>(result);
//Assert.Equal(bytes, viewResult);
}
public void FromBase32StringShouldReturnBase32DecodedBytesForUppercaseString()
{
// Arrange
var bytes = Encoding.UTF8.GetBytes("test string");
const string data = "ORSXG5BAON2HE2LOM4"; // EQ: 'test string' as bytes
// Act
var result = Base32Encoder.FromBase32String(data);
// Assert
var viewResult = Assert.IsType <byte[]>(result);
Assert.Equal(bytes, viewResult);
}
public ActionResult SecondFactor(SecondFactorModel model, string returnUrl)
{
var user = TempData[CurrentUserTempDataKey] as MvcTFAProfile;
TempData.Keep();
if (user != null)
{
var secretKey = Base32Encoder.FromBase32String(user.SecretKey);
var currentInterval = GoogleAuthenticator.CurrentInterval;
var secondFactorMatched = false;
// The currentInterval +- 1 has been added to allow for devices which are slightly out of sync
// to connect still, this does decrease the security of the application slightly but I feel that
// the modification is an acceptable usability/security compromise.
if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval) == model.SecondFactor)
{
secondFactorMatched = true;
}
else if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval + 1) == model.SecondFactor)
{
secondFactorMatched = true;
}
else if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval - 1) == model.SecondFactor)
{
secondFactorMatched = true;
}
if (secondFactorMatched)
{
var rememberMe = TempData[RememberMeTempDataKey] != null && (bool)TempData[RememberMeTempDataKey];
FormsAuthentication.SetAuthCookie(user.UserName, rememberMe);
return(RedirectToLocal(returnUrl));
}
ModelState.AddModelError("SecondFactor", "The one time password you speccified is incorrect");
}
else
{
ModelState.AddModelError("", "A problem occurred while retrieving your session");
}
return(View(model));
}
public async Task <ActionResult> Authenticator(AuthenticatorViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var loginViewModel = TempData.Peek("LoginAuthenticatorViewModel") as LoginAuthenticatorViewModel;
if (loginViewModel == null)
{
return(RedirectToAction("Login"));
}
//var secretKey = Base32Encoder.FromBase32String(SecretKey);
var secretKey = Base32Encoder.FromBase32String(loginViewModel.AuthenticatorSecrete);
var currentInterval = GoogleAuthenticator.CurrentInterval;
if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval) == model.Factor)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(loginViewModel.Email, loginViewModel.Password, loginViewModel.RememberMe, false);
switch (result)
{
case SignInStatus.Success:
{
TempData.Remove("LoginViewModel");
return(RedirectToLocal(returnUrl));
}
case SignInStatus.LockedOut:
{
TempData.Remove("LoginViewModel");
return(View("Lockout"));
}
case SignInStatus.RequiresVerification:
{
TempData.Remove("LoginViewModel");
return(RedirectToAction("SendCode", new
{
ReturnUrl = returnUrl,
loginViewModel.RememberMe
}));
}
case SignInStatus.Failure:
default:
{
ModelState.AddModelError("", "Invalid authenticator attempt.");
return(View(model));
}
}
}
ModelState.AddModelError("", "Invalid authenticator attempt.");
return(View(model));
}
