public async Task <Tuple <bool, Organization> > RequiresTwoFactorAsync(User user)
{
var individualRequired = _userManager.SupportsUserTwoFactor &&
await _userManager.GetTwoFactorEnabledAsync(user) &&
(await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;
Organization firstEnabledOrg = null;
var orgs = (await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id))
.ToList();
if (orgs.Any())
{
var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
var twoFactorOrgs = orgs.Where(o => OrgUsing2fa(orgAbilities, o.Id));
if (twoFactorOrgs.Any())
{
var userOrgs = await _organizationRepository.GetManyByUserIdAsync(user.Id);
firstEnabledOrg = userOrgs.FirstOrDefault(
o => orgs.Any(om => om.Id == o.Id) && o.TwoFactorIsEnabled());
}
}
return(new Tuple <bool, Organization>(individualRequired || firstEnabledOrg != null, firstEnabledOrg));
}
private async Task <Tuple <bool, bool, Organization> > RequiresTwoFactorAsync(User user, ValidatedTokenRequest request)
{
if (request.GrantType == "client_credentials")
{
// Do not require MFA for api key logins
return(new Tuple <bool, bool, Organization>(false, false, null));
}
var individualRequired = _userManager.SupportsUserTwoFactor &&
await _userManager.GetTwoFactorEnabledAsync(user) &&
(await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;
Organization firstEnabledOrg = null;
var orgs = (await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id))
.ToList();
if (orgs.Any())
{
var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
var twoFactorOrgs = orgs.Where(o => OrgUsing2fa(orgAbilities, o.Id));
if (twoFactorOrgs.Any())
{
var userOrgs = await _organizationRepository.GetManyByUserIdAsync(user.Id);
firstEnabledOrg = userOrgs.FirstOrDefault(
o => orgs.Any(om => om.Id == o.Id) && o.TwoFactorIsEnabled());
}
}
var requires2FA = individualRequired || firstEnabledOrg != null;
var requires2FABecauseNewDevice = !requires2FA
&&
await _userService.Needs2FABecauseNewDeviceAsync(
user,
GetDeviceFromRequest(request)?.Identifier,
request.GrantType);
requires2FA = requires2FA || requires2FABecauseNewDevice;
return(new Tuple <bool, bool, Organization>(requires2FA, requires2FABecauseNewDevice, firstEnabledOrg));
}
public async Task LogUserEventAsync(Guid userId, EventType type)
{
var now = DateTime.UtcNow;
var events = new List <IEvent>
{
new EventMessage(_currentContext)
{
UserId = userId,
ActingUserId = userId,
Type = type,
Date = now
}
};
var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, userId);
var orgEvents = orgs.Where(o => CanUseEvents(orgAbilities, o.Id))
.Select(o => new EventMessage(_currentContext)
{
OrganizationId = o.Id,
UserId = userId,
ActingUserId = userId,
Type = type,
Date = DateTime.UtcNow
});
if (orgEvents.Any())
{
events.AddRange(orgEvents);
await _eventWriteService.CreateManyAsync(events);
}
else
{
await _eventWriteService.CreateAsync(events.First());
}
}
public async Task <bool> CanAccessPremium(User user)
{
if (user.Premium)
{
return(true);
}
if (!_currentContext?.Organizations?.Any() ?? true)
{
return(false);
}
var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
return(_currentContext.Organizations.Any(o => orgAbilities.ContainsKey(o.Id) &&
orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled));
}
public async Task <bool> CanAccessPremium(User user)
{
if (user.Premium)
{
return(true);
}
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
if (!orgs.Any())
{
return(false);
}
var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
return(orgs.Any(o => orgAbilities.ContainsKey(o.Id) &&
orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled));
}
