public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
// Strip spaces and hypens
var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(
user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
if (!is2faTokenValid)
{
ModelState.AddModelError("model.Code", "Verification code is invalid.");
return(View(model));
}
await _userManager.SetTwoFactorEnabledAsync(user, true);
_logger.LogInformation("User with ID {UserId} has enabled 2FA with an authenticator app.", user.Id);
return(RedirectToAction(nameof(GenerateRecoveryCodes)));
}
public async Task <IActionResult> EnableAuthenticator()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
await _userManager.ResetAuthenticatorKeyAsync(user);
unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}
var model = new EnableAuthenticatorModel
{
SharedKey = FormatKey(unformattedKey),
AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey)
};
return(View(model));
}
private string GenerateQrCodeUri(EnableAuthenticatorModel model, string email, string unformattedKey)
{
string AuthenticatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6";
return(string.Format(
AuthenticatorUriFormat,
_urlEncoder.Encode("HomeManager"),
_urlEncoder.Encode(email),
unformattedKey));
}
private async Task <EnableAuthenticatorModel> LoadEnableAuthenticatorModel(string userId)
{
var authenticatorKeyModel = await _manageEndpoint.LoadSharedKeyAndQrCodeUriAsync(userId);
var model = new EnableAuthenticatorModel
{
Errors = authenticatorKeyModel.Errors,
SharedKey = authenticatorKeyModel.SharedKey,
AuthenticatorUri = authenticatorKeyModel.AuthenticatorUri
};
return(model);
}
private async Task LoadSharedKeyAndQrCodeUriAsync(IUser user, EnableAuthenticatorModel model)
{
var unformattedKey = await UserManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
await UserManager.ResetAuthenticatorKeyAsync(user);
unformattedKey = await UserManager.GetAuthenticatorKeyAsync(user);
}
model.SharedKey = FormatKey(unformattedKey);
model.AuthenticatorUri = UserManager.FormatAuthenticatorUri(user.UserName, user.Email, unformattedKey);
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model)
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
}
if (!ModelState.IsValid)
{
await LoadSharedKeyAndQrCodeUriAsync(user);
return(View(model));
}
// Strip spaces and hypens
var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(
user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
if (!is2faTokenValid)
{
ModelState.AddModelError("Code", "Verification code is invalid.");
await LoadSharedKeyAndQrCodeUriAsync(user);
return(View(model));
}
await _userManager.SetTwoFactorEnabledAsync(user, true);
var userId = await _userManager.GetUserIdAsync(user);
_logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", userId);
StatusMessage = "Your authenticator app has been verified.";
if (await _userManager.CountRecoveryCodesAsync(user) == 0)
{
var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
RecoveryCodes = recoveryCodes.ToArray();
return(RedirectToAction("ShowRecoveryCodes"));
}
else
{
return(RedirectToAction("TwoFactorAuthentication"));
}
}
/*private string GenerateQrCodeUri(string email, string unformattedKey)
* {
* return string.Format(
* AuthenticatorUriFormat,
* _urlEncoder.Encode("WebApplication4"),
* _urlEncoder.Encode(email),
* unformattedKey);
* }*/
private async Task LoadSharedKeyAndQrCodeUriAsync(ApplicationUser user, EnableAuthenticatorModel model)
{
var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
await _userManager.ResetAuthenticatorKeyAsync(user);
unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}
model.SharedKey = FormatKey(unformattedKey);
//model.AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
}
public async Task <IActionResult> EnableAuthenticator()
{
var model = new EnableAuthenticatorModel();
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
}
await LoadSharedKeyAndQrCodeUriAsync(model, user);
return(View(model));
}
public async Task <IActionResult> EnableAuthenticator()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
var model = new EnableAuthenticatorModel();
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(View(model));
}
public async Task <IActionResult> EnableAuthenticator(string username)
{
var user = await GetUserAsync();
if (!user.HasUserName(username))
{
return(NotFound());
}
var model = new EnableAuthenticatorModel();
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(View(model));
}
public async Task LoadSharedKeyAndQrCodeUriAsync(EnableAuthenticatorModel model, User user)
{
var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
await _userManager.ResetAuthenticatorKeyAsync(user);
unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}
model.SharedKey = FormatKey(unformattedKey);
var email = await _userManager.GetEmailAsync(user);
model.AuthenticatorUri = GenerateQrCodeUri(model, email, unformattedKey);
}
// ReSharper disable once UnusedParameter.Global
public async Task <IActionResult> ResetAuthenticator(ResetAuthenticatorModel model)
{
model.UserId = UserId;
model = await _manageEndpoint.ResetAuthenticatorAsync(model);
if (HasErrors(model))
{
return(View(model));
}
_logger.LogInformation("User with ID '{UserId}' has reset their authentication app key.", model.UserId);
var enableAuthenticatorModel = new EnableAuthenticatorModel
{
StatusMessage =
"Your authenticator app key has been reset, you will need to configure your authenticator app using the new key."
};
return(RedirectToAction("EnableAuthenticator", "Manage", enableAuthenticatorModel));
}
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model)
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
if (!ModelState.IsValid)
{
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(BadRequest(model));
}
// Strip spaces and hypens
var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(
user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
if (!is2faTokenValid)
{
ModelState.AddModelError("Code", "Verification code is invalid.");
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(BadRequest(model));
}
await _userManager.SetTwoFactorEnabledAsync(user, true);
_logger.LogInformation("User with ID {UserId} has enabled 2FA with an authenticator app.", user.Id);
var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
//TempData[RecoveryCodesKey] = recoveryCodes.ToArray();
return(RedirectToAction(""));
}
public async Task EnableAuthenticator_ModelStateNotValid_ReturnsCurrentView()
{
var sut = new Pegasus.Controllers.ManageController(_manageEndpoint.Object, null, _logger.Object)
{
ControllerContext = _controllerContext
};
sut.ModelState.AddModelError("TestError", "Something went wrong");
var model = new EnableAuthenticatorModel
{
AuthenticatorUri = "https://originalbaseUri/",
SharedKey = "original shared key"
};
var result = await sut.EnableAuthenticator(model);
Assert.IsInstanceOf <ViewResult>(result);
Assert.IsInstanceOf <EnableAuthenticatorModel>(((ViewResult)result).Model);
var returnedModel = (EnableAuthenticatorModel)((ViewResult)result).Model;
Assert.AreEqual("https://validAuthenticator", returnedModel.AuthenticatorUri);
}
public async Task <IActionResult> EnableAuthenticator(string username, EnableAuthenticatorModel model)
{
var user = await GetUserAsync();
if (!user.HasUserName(username))
{
return(NotFound());
}
if (!ModelState.IsValid)
{
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(View(model));
}
// Strip spaces and hypens
var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2faTokenValid = await UserManager.VerifyTwoFactorTokenAsync(
user, UserManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
if (!is2faTokenValid)
{
ModelState.AddModelError("Code", "Verification code is invalid.");
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(View(model));
}
await UserManager.SetTwoFactorEnabledAsync(user, true);
await HttpContext.AuditAsync("enabled 2fa", $"{user.Id}");
await UserManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
StatusMessage = "Authenticator app enrolled! New recovery codes are generated and showed bellow. Please keep them.";
return(RedirectToAction(nameof(TwoFactorAuthentication)));
}
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model)
{
if (!ModelState.IsValid)
{
model = await LoadEnableAuthenticatorModel(UserId);
HasErrors(model);
return(View(model));
}
var verifyTwoFactorTokenModel = new VerifyTwoFactorTokenModel
{
UserId = UserId,
VerificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty)
};
verifyTwoFactorTokenModel = await _manageEndpoint.VerifyTwoFactorTokenAsync(verifyTwoFactorTokenModel);
if (HasErrors(verifyTwoFactorTokenModel))
{
return(View(model));
}
if (!verifyTwoFactorTokenModel.IsTokenValid)
{
ModelState.AddModelError("Code", "Verification code is invalid.");
model = await LoadEnableAuthenticatorModel(UserId);
HasErrors(model);
return(View(model));
}
await _signInManager.DoTwoFactorSignInAsync(UserId, false);
var setTwoFactorEnabledModel = new SetTwoFactorEnabledModel
{
UserId = UserId,
SetEnabled = true
};
var set2FaEnabled = await _manageEndpoint.SetTwoFactorEnabledAsync(setTwoFactorEnabledModel);
if (HasErrors(set2FaEnabled))
{
_logger.LogError("Failed to enable 2FA with an authenticator app for User with ID '{UserId}'.", set2FaEnabled.UserId);
return(View(model));
}
_logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", set2FaEnabled.UserId);
model.StatusMessage = "Your authenticator app has been verified.";
var recoveryCodeStatus = new RecoveryCodeStatusModel {
UserId = UserId
};
recoveryCodeStatus = await _manageEndpoint.CheckRecoveryCodesStatus(recoveryCodeStatus);
if (HasErrors(model))
{
return(View(model));
}
if (recoveryCodeStatus.IsUpdated)
{
var showRecoveryCodesModel = new ShowRecoveryCodesModel()
{
StatusMessage = model.StatusMessage,
RecoveryCodes = recoveryCodeStatus.RecoveryCodes.ToArray()
};
return(RedirectToAction("ShowRecoveryCodes", showRecoveryCodesModel));
}
return(RedirectToAction("TwoFactorAuthentication"));
}
