public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model) { if (!ModelState.IsValid) { return(View(model)); } var user = await _userManager.GetUserAsync(User); if (user == null) { throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } // Strip spaces and hypens var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync( user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode); if (!is2faTokenValid) { ModelState.AddModelError("model.Code", "Verification code is invalid."); return(View(model)); } await _userManager.SetTwoFactorEnabledAsync(user, true); _logger.LogInformation("User with ID {UserId} has enabled 2FA with an authenticator app.", user.Id); return(RedirectToAction(nameof(GenerateRecoveryCodes))); }
public async Task <IActionResult> EnableAuthenticator() { var user = await _userManager.GetUserAsync(User); if (user == null) { throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); if (string.IsNullOrEmpty(unformattedKey)) { await _userManager.ResetAuthenticatorKeyAsync(user); unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); } var model = new EnableAuthenticatorModel { SharedKey = FormatKey(unformattedKey), AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey) }; return(View(model)); }
private string GenerateQrCodeUri(EnableAuthenticatorModel model, string email, string unformattedKey) { string AuthenticatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6"; return(string.Format( AuthenticatorUriFormat, _urlEncoder.Encode("HomeManager"), _urlEncoder.Encode(email), unformattedKey)); }
private async Task <EnableAuthenticatorModel> LoadEnableAuthenticatorModel(string userId) { var authenticatorKeyModel = await _manageEndpoint.LoadSharedKeyAndQrCodeUriAsync(userId); var model = new EnableAuthenticatorModel { Errors = authenticatorKeyModel.Errors, SharedKey = authenticatorKeyModel.SharedKey, AuthenticatorUri = authenticatorKeyModel.AuthenticatorUri }; return(model); }
private async Task LoadSharedKeyAndQrCodeUriAsync(IUser user, EnableAuthenticatorModel model) { var unformattedKey = await UserManager.GetAuthenticatorKeyAsync(user); if (string.IsNullOrEmpty(unformattedKey)) { await UserManager.ResetAuthenticatorKeyAsync(user); unformattedKey = await UserManager.GetAuthenticatorKeyAsync(user); } model.SharedKey = FormatKey(unformattedKey); model.AuthenticatorUri = UserManager.FormatAuthenticatorUri(user.UserName, user.Email, unformattedKey);
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model) { var user = await _userManager.GetUserAsync(User); if (user == null) { return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.")); } if (!ModelState.IsValid) { await LoadSharedKeyAndQrCodeUriAsync(user); return(View(model)); } // Strip spaces and hypens var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync( user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode); if (!is2faTokenValid) { ModelState.AddModelError("Code", "Verification code is invalid."); await LoadSharedKeyAndQrCodeUriAsync(user); return(View(model)); } await _userManager.SetTwoFactorEnabledAsync(user, true); var userId = await _userManager.GetUserIdAsync(user); _logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", userId); StatusMessage = "Your authenticator app has been verified."; if (await _userManager.CountRecoveryCodesAsync(user) == 0) { var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10); RecoveryCodes = recoveryCodes.ToArray(); return(RedirectToAction("ShowRecoveryCodes")); } else { return(RedirectToAction("TwoFactorAuthentication")); } }
/*private string GenerateQrCodeUri(string email, string unformattedKey) * { * return string.Format( * AuthenticatorUriFormat, * _urlEncoder.Encode("WebApplication4"), * _urlEncoder.Encode(email), * unformattedKey); * }*/ private async Task LoadSharedKeyAndQrCodeUriAsync(ApplicationUser user, EnableAuthenticatorModel model) { var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); if (string.IsNullOrEmpty(unformattedKey)) { await _userManager.ResetAuthenticatorKeyAsync(user); unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); } model.SharedKey = FormatKey(unformattedKey); //model.AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey); }
public async Task <IActionResult> EnableAuthenticator() { var model = new EnableAuthenticatorModel(); var user = await _userManager.GetUserAsync(User); if (user == null) { return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.")); } await LoadSharedKeyAndQrCodeUriAsync(model, user); return(View(model)); }
public async Task <IActionResult> EnableAuthenticator() { var user = await _userManager.GetUserAsync(User); if (user == null) { throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } var model = new EnableAuthenticatorModel(); await LoadSharedKeyAndQrCodeUriAsync(user, model); return(View(model)); }
public async Task <IActionResult> EnableAuthenticator(string username) { var user = await GetUserAsync(); if (!user.HasUserName(username)) { return(NotFound()); } var model = new EnableAuthenticatorModel(); await LoadSharedKeyAndQrCodeUriAsync(user, model); return(View(model)); }
public async Task LoadSharedKeyAndQrCodeUriAsync(EnableAuthenticatorModel model, User user) { var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); if (string.IsNullOrEmpty(unformattedKey)) { await _userManager.ResetAuthenticatorKeyAsync(user); unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); } model.SharedKey = FormatKey(unformattedKey); var email = await _userManager.GetEmailAsync(user); model.AuthenticatorUri = GenerateQrCodeUri(model, email, unformattedKey); }
// ReSharper disable once UnusedParameter.Global public async Task <IActionResult> ResetAuthenticator(ResetAuthenticatorModel model) { model.UserId = UserId; model = await _manageEndpoint.ResetAuthenticatorAsync(model); if (HasErrors(model)) { return(View(model)); } _logger.LogInformation("User with ID '{UserId}' has reset their authentication app key.", model.UserId); var enableAuthenticatorModel = new EnableAuthenticatorModel { StatusMessage = "Your authenticator app key has been reset, you will need to configure your authenticator app using the new key." }; return(RedirectToAction("EnableAuthenticator", "Manage", enableAuthenticatorModel)); }
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model) { var user = await _userManager.GetUserAsync(User); if (user == null) { throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } if (!ModelState.IsValid) { await LoadSharedKeyAndQrCodeUriAsync(user, model); return(BadRequest(model)); } // Strip spaces and hypens var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync( user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode); if (!is2faTokenValid) { ModelState.AddModelError("Code", "Verification code is invalid."); await LoadSharedKeyAndQrCodeUriAsync(user, model); return(BadRequest(model)); } await _userManager.SetTwoFactorEnabledAsync(user, true); _logger.LogInformation("User with ID {UserId} has enabled 2FA with an authenticator app.", user.Id); var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10); //TempData[RecoveryCodesKey] = recoveryCodes.ToArray(); return(RedirectToAction("")); }
public async Task EnableAuthenticator_ModelStateNotValid_ReturnsCurrentView() { var sut = new Pegasus.Controllers.ManageController(_manageEndpoint.Object, null, _logger.Object) { ControllerContext = _controllerContext }; sut.ModelState.AddModelError("TestError", "Something went wrong"); var model = new EnableAuthenticatorModel { AuthenticatorUri = "https://originalbaseUri/", SharedKey = "original shared key" }; var result = await sut.EnableAuthenticator(model); Assert.IsInstanceOf <ViewResult>(result); Assert.IsInstanceOf <EnableAuthenticatorModel>(((ViewResult)result).Model); var returnedModel = (EnableAuthenticatorModel)((ViewResult)result).Model; Assert.AreEqual("https://validAuthenticator", returnedModel.AuthenticatorUri); }
public async Task <IActionResult> EnableAuthenticator(string username, EnableAuthenticatorModel model) { var user = await GetUserAsync(); if (!user.HasUserName(username)) { return(NotFound()); } if (!ModelState.IsValid) { await LoadSharedKeyAndQrCodeUriAsync(user, model); return(View(model)); } // Strip spaces and hypens var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var is2faTokenValid = await UserManager.VerifyTwoFactorTokenAsync( user, UserManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode); if (!is2faTokenValid) { ModelState.AddModelError("Code", "Verification code is invalid."); await LoadSharedKeyAndQrCodeUriAsync(user, model); return(View(model)); } await UserManager.SetTwoFactorEnabledAsync(user, true); await HttpContext.AuditAsync("enabled 2fa", $"{user.Id}"); await UserManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10); StatusMessage = "Authenticator app enrolled! New recovery codes are generated and showed bellow. Please keep them."; return(RedirectToAction(nameof(TwoFactorAuthentication))); }
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model) { if (!ModelState.IsValid) { model = await LoadEnableAuthenticatorModel(UserId); HasErrors(model); return(View(model)); } var verifyTwoFactorTokenModel = new VerifyTwoFactorTokenModel { UserId = UserId, VerificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty) }; verifyTwoFactorTokenModel = await _manageEndpoint.VerifyTwoFactorTokenAsync(verifyTwoFactorTokenModel); if (HasErrors(verifyTwoFactorTokenModel)) { return(View(model)); } if (!verifyTwoFactorTokenModel.IsTokenValid) { ModelState.AddModelError("Code", "Verification code is invalid."); model = await LoadEnableAuthenticatorModel(UserId); HasErrors(model); return(View(model)); } await _signInManager.DoTwoFactorSignInAsync(UserId, false); var setTwoFactorEnabledModel = new SetTwoFactorEnabledModel { UserId = UserId, SetEnabled = true }; var set2FaEnabled = await _manageEndpoint.SetTwoFactorEnabledAsync(setTwoFactorEnabledModel); if (HasErrors(set2FaEnabled)) { _logger.LogError("Failed to enable 2FA with an authenticator app for User with ID '{UserId}'.", set2FaEnabled.UserId); return(View(model)); } _logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", set2FaEnabled.UserId); model.StatusMessage = "Your authenticator app has been verified."; var recoveryCodeStatus = new RecoveryCodeStatusModel { UserId = UserId }; recoveryCodeStatus = await _manageEndpoint.CheckRecoveryCodesStatus(recoveryCodeStatus); if (HasErrors(model)) { return(View(model)); } if (recoveryCodeStatus.IsUpdated) { var showRecoveryCodesModel = new ShowRecoveryCodesModel() { StatusMessage = model.StatusMessage, RecoveryCodes = recoveryCodeStatus.RecoveryCodes.ToArray() }; return(RedirectToAction("ShowRecoveryCodes", showRecoveryCodesModel)); } return(RedirectToAction("TwoFactorAuthentication")); }