public async Task <IActionResult> ValidateEmailAndSendCode(string emailAddress)
{
var user = await _userManager.FindByEmailAsync(emailAddress);
if (user == null)
{
Random generator = new Random();
string code = generator.Next(0, 999999).ToString("D6");
//var userInformation = new UserInformation() { Code = code, CodeSentOn = DateTime.UtcNow };
var otp = new OneTimePassword()
{
Key = emailAddress, Value = code, CreatedOn = DateTime.Now
};
await _context.OneTimePasswords.AddAsync(otp);
await _context.SaveChangesAsync();
string message = $"Your UPCLASS OTP is <h1>{code}</h1>. This code is valid for next 15 minutes only.";
await _emailSender.SendEmailAsync(emailAddress, "UPCLASS OTP", message);
return(new JsonResult(new { isExist = false, code }));
}
return(new JsonResult(new { isExist = true }));
}
public async Task <IActionResult> ValidatePhoneForgotPassword(string phoneNumber)
{
var user = _context.Users.FirstOrDefault(x => x.PhoneNumber == phoneNumber);
if (user != null)
{
Random generator = new Random();
string code = generator.Next(0, 999999).ToString("D6");
var otp = new OneTimePassword()
{
Key = phoneNumber, Value = code, CreatedOn = DateTime.Now
};
await _context.OneTimePasswords.AddAsync(otp);
await _context.SaveChangesAsync();
string message = $"Your UPCLASS OTP is {code}. This code is valid for next 15 minutes only.";
_smsService.SendSMS(message, phoneNumber);
return(new JsonResult(new { isExist = true, code }));
}
return(new JsonResult(new { isExist = false }));
}
public void TOTP_Validate6_SHA256()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("12345678901234567890123456789012"))
{
Algorithm = OneTimePasswordAlgorithm.Sha256,
Digits = 6
};
Assert.True(o.IsCodeValid(119246, new DateTimeOffset(1970, 01, 01, 01, 00, 59, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(084774, new DateTimeOffset(2005, 03, 18, 02, 58, 29, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(062674, new DateTimeOffset(2005, 03, 18, 02, 58, 31, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(819424, new DateTimeOffset(2009, 02, 14, 00, 31, 30, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(698825, new DateTimeOffset(2033, 05, 18, 04, 33, 20, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(737706, new DateTimeOffset(2603, 10, 11, 12, 33, 20, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(119246, new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(084774, new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(062674, new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(819424, new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(698825, new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(737706, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(119246, new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(084774, new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(062674, new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(819424, new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(698825, new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(737706, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc).ToLocalTime()));
}
public void TOTP_Validate6_SHA512()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("1234567890123456789012345678901234567890123456789012345678901234"))
{
Algorithm = OneTimePasswordAlgorithm.Sha512,
Digits = 6
};
Assert.True(o.IsCodeValid(693936, new DateTimeOffset(1970, 01, 01, 01, 00, 59, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(091201, new DateTimeOffset(2005, 03, 18, 02, 58, 29, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(943326, new DateTimeOffset(2005, 03, 18, 02, 58, 31, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(441116, new DateTimeOffset(2009, 02, 14, 00, 31, 30, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(618901, new DateTimeOffset(2033, 05, 18, 04, 33, 20, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(863826, new DateTimeOffset(2603, 10, 11, 12, 33, 20, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(693936, new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(091201, new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(943326, new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(441116, new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(618901, new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(863826, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(693936, new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(091201, new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(943326, new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(441116, new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(618901, new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(863826, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc).ToLocalTime()));
}
public void TOTP_Generate_SHA512()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("1234567890123456789012345678901234567890123456789012345678901234"))
{
Algorithm = OneTimePasswordAlgorithm.Sha512,
Digits = 8
};
Assert.Equal(90693936, o.GetCode(new DateTimeOffset(1970, 01, 01, 01, 00, 59, TimeSpan.FromHours(1))));
Assert.Equal(25091201, o.GetCode(new DateTimeOffset(2005, 03, 18, 02, 58, 29, TimeSpan.FromHours(1))));
Assert.Equal(99943326, o.GetCode(new DateTimeOffset(2005, 03, 18, 02, 58, 31, TimeSpan.FromHours(1))));
Assert.Equal(93441116, o.GetCode(new DateTimeOffset(2009, 02, 14, 00, 31, 30, TimeSpan.FromHours(1))));
Assert.Equal(38618901, o.GetCode(new DateTimeOffset(2033, 05, 18, 04, 33, 20, TimeSpan.FromHours(1))));
Assert.Equal(47863826, o.GetCode(new DateTimeOffset(2603, 10, 11, 12, 33, 20, TimeSpan.FromHours(1))));
Assert.Equal(90693936, o.GetCode(new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc)));
Assert.Equal(25091201, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc)));
Assert.Equal(99943326, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc)));
Assert.Equal(93441116, o.GetCode(new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.Equal(38618901, o.GetCode(new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc)));
Assert.Equal(47863826, o.GetCode(new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
Assert.Equal(90693936, o.GetCode(new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(25091201, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(99943326, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(93441116, o.GetCode(new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(38618901, o.GetCode(new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(47863826, o.GetCode(new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(o.GetCode(), o.GetCode(DateTime.UtcNow));
Assert.Equal(o.GetCode(), o.GetCode(DateTime.Now));
}
public void TOTP_Validate6_SHA1()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("12345678901234567890"))
{
Digits = 6
};
Assert.True(o.IsCodeValid(287082, new DateTimeOffset(1970, 01, 01, 01, 00, 59, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(081804, new DateTimeOffset(2005, 03, 18, 02, 58, 29, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(050471, new DateTimeOffset(2005, 03, 18, 02, 58, 31, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(005924, new DateTimeOffset(2009, 02, 14, 00, 31, 30, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(279037, new DateTimeOffset(2033, 05, 18, 04, 33, 20, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(353130, new DateTimeOffset(2603, 10, 11, 12, 33, 20, TimeSpan.FromHours(1))));
Assert.True(o.IsCodeValid(287082, new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(081804, new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(050471, new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(005924, new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(279037, new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(353130, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
Assert.True(o.IsCodeValid(287082, new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(081804, new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(050471, new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(005924, new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(279037, new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.True(o.IsCodeValid(353130, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc).ToLocalTime()));
}
public void TOTP_Generate_SHA256()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("12345678901234567890123456789012"))
{
Algorithm = OneTimePasswordAlgorithm.Sha256,
Digits = 8
};
Assert.Equal(46119246, o.GetCode(new DateTimeOffset(1970, 01, 01, 01, 00, 59, TimeSpan.FromHours(1))));
Assert.Equal(68084774, o.GetCode(new DateTimeOffset(2005, 03, 18, 02, 58, 29, TimeSpan.FromHours(1))));
Assert.Equal(67062674, o.GetCode(new DateTimeOffset(2005, 03, 18, 02, 58, 31, TimeSpan.FromHours(1))));
Assert.Equal(91819424, o.GetCode(new DateTimeOffset(2009, 02, 14, 00, 31, 30, TimeSpan.FromHours(1))));
Assert.Equal(90698825, o.GetCode(new DateTimeOffset(2033, 05, 18, 04, 33, 20, TimeSpan.FromHours(1))));
Assert.Equal(77737706, o.GetCode(new DateTimeOffset(2603, 10, 11, 12, 33, 20, TimeSpan.FromHours(1))));
Assert.Equal(46119246, o.GetCode(new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc)));
Assert.Equal(68084774, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc)));
Assert.Equal(67062674, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc)));
Assert.Equal(91819424, o.GetCode(new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.Equal(90698825, o.GetCode(new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc)));
Assert.Equal(77737706, o.GetCode(new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
Assert.Equal(46119246, o.GetCode(new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(68084774, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(67062674, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(91819424, o.GetCode(new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(90698825, o.GetCode(new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(77737706, o.GetCode(new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(o.GetCode(), o.GetCode(DateTime.UtcNow));
Assert.Equal(o.GetCode(), o.GetCode(DateTime.Now));
}
public void TOTP_Generate_SHA1()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("12345678901234567890"))
{
Digits = 8
};
Assert.Equal(94287082, o.GetCode(new DateTimeOffset(1970, 01, 01, 01, 00, 59, TimeSpan.FromHours(1))));
Assert.Equal(07081804, o.GetCode(new DateTimeOffset(2005, 03, 18, 02, 58, 29, TimeSpan.FromHours(1))));
Assert.Equal(14050471, o.GetCode(new DateTimeOffset(2005, 03, 18, 02, 58, 31, TimeSpan.FromHours(1))));
Assert.Equal(89005924, o.GetCode(new DateTimeOffset(2009, 02, 14, 00, 31, 30, TimeSpan.FromHours(1))));
Assert.Equal(69279037, o.GetCode(new DateTimeOffset(2033, 05, 18, 04, 33, 20, TimeSpan.FromHours(1))));
Assert.Equal(65353130, o.GetCode(new DateTimeOffset(2603, 10, 11, 12, 33, 20, TimeSpan.FromHours(1))));
Assert.Equal(94287082, o.GetCode(new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc)));
Assert.Equal(07081804, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc)));
Assert.Equal(14050471, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc)));
Assert.Equal(89005924, o.GetCode(new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.Equal(69279037, o.GetCode(new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc)));
Assert.Equal(65353130, o.GetCode(new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
Assert.Equal(94287082, o.GetCode(new DateTime(1970, 01, 01, 00, 00, 59, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(07081804, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 29, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(14050471, o.GetCode(new DateTime(2005, 03, 18, 01, 58, 31, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(89005924, o.GetCode(new DateTime(2009, 02, 13, 23, 31, 30, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(69279037, o.GetCode(new DateTime(2033, 05, 18, 03, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(65353130, o.GetCode(new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc).ToLocalTime()));
Assert.Equal(o.GetCode(), o.GetCode(DateTime.UtcNow));
Assert.Equal(o.GetCode(), o.GetCode(DateTime.Now));
}
public async Task <IActionResult> GenerateEmailOneTimePassword([FromBody] EmailViewModel model)
{
string id = User.FindFirst("id").Value;
User user = await UserManager.FindByIdAsync(id);
if (user == null)
{
return(Unauthorized());
}
// TODO: Use inbuild tokens
OneTimePassword password = await Auth.GenerateOneTimePassword(user, OnePasswordType.Email);
var pvm = Mapper.Map <OneTimePasswordViewModel>(password);
string body = model.Body;
try
{
string code = Encoding.ASCII.ToBase64(password.Code);
body = string.Format(body, code);
}
catch (Exception ex)
{
Logger.LogError(ex, "An error occured while formatting input body.\n{0}", body);
return(BadRequest("The format of the email body is invalid."));
}
await EmailService.SendEmailAsync(user.Email.ToLower(), model.Subject, body);
return(Ok(pvm));
}
private void btnOK_Click(object sender, EventArgs e)
{
foreach (Control control in pnl.Controls)
{
if (control.Tag is Record record)
{
if (record.RecordType == RecordType.TwoFactorKey)
{
var buffer = new byte[1024];
try {
OneTimePassword.FromBase32(control.Text, buffer, out var bytesLength);
var bytes = new byte[bytesLength];
try {
Buffer.BlockCopy(buffer, 0, bytes, 0, bytes.Length);
record.SetBytes(bytes);
} finally {
Array.Clear(bytes, 0, bytes.Length);
}
} catch (FormatException) {
Medo.MessageBox.ShowWarning(this, string.Format("2-factor key {0} is not a valid base-32 string.", control.Text));
} finally {
Array.Clear(buffer, 0, buffer.Length);
}
}
else
{
if (!string.Equals(record.Text, control.Text, StringComparison.Ordinal))
{
record.Text = control.Text;
}
}
}
}
}
/// <summary>
/// Service method to Verify user for now via email.
/// Note: If a user is not verified such a one cannot create a wallet.
/// </summary>
/// <param name="username"></param>
/// <returns></returns>
public async Task <(UserView user, string message)> VerifyUserEmail(OneTimePassword otp)
{
var userExists = await _userrepo.FirstOrDefault(r => r.Username == otp.Username);
if (userExists == null)
{
return(user : null, message : @$ "PLease Create an account with us. {otp.Username} doesn't exist");
}
if (userExists.OTP == otp.Otp)
{
userExists.IsEmailConfirm = true;
userExists.OTP = string.Empty;
await _userrepo.Update(userExists);
var returnView = new UserView
{
Username = userExists.Username,
Email = userExists.Email,
IsVerified = true,
Message = $"{userExists.Username}, your account verified."
};
return(user : returnView, message : "User verified successfully.");
}
return(user : null, message : "User verification unsuccessful.");
}
private IEnumerable <AutotypeToken> GetProcessedTokens(Record record, IEnumerable <AutotypeToken> tokens, AutotypeToken suffixToken = null)
{
var tokenList = new List <AutotypeToken>(AutotypeToken.GetAutotypeTokens(tokens, this.Entry));
if (suffixToken != null)
{
tokenList.Add(suffixToken);
}
var processedTokens = new List <AutotypeToken>();
foreach (var token in tokenList)
{
if ((token.Kind == AutotypeTokenKind.Command) && token.Content.Equals("TwoFactorCode", StringComparison.Ordinal))
{
var bytes = (record != null) ? record.GetBytes() : this.Entry.TwoFactorKey;
var key = OneTimePassword.ToBase32(bytes, bytes.Length, SecretFormatFlags.Spacing | SecretFormatFlags.Padding);
processedTokens.AddRange(AutotypeToken.GetAutotypeTokensFromText(Helpers.GetTwoFactorCode(key)));
}
else
{
processedTokens.Add(token);
}
}
return(processedTokens.AsReadOnly());
}
public void HOTP_Generate_SHA1()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("12345678901234567890"))
{
Digits = 8, TimeStep = 0
};
o.Counter = 0x0000000000000001;
Assert.Equal(94287082, o.GetCode());
o.Counter = 0x00000000023523EC;
Assert.Equal(07081804, o.GetCode());
o.Counter = 0x00000000023523ED;
Assert.Equal(14050471, o.GetCode());
o.Counter = 0x000000000273EF07;
Assert.Equal(89005924, o.GetCode());
o.Counter = 0x0000000003F940AA;
Assert.Equal(69279037, o.GetCode());
o.Counter = 0x0000000027BC86AA;
Assert.Equal(65353130, o.GetCode());
}
public string GenerateOtp()
{
var otp = new OneTimePassword(SecretKey);
var otpCode = otp.GetCode().ToString("000000");
return(otpCode);
}
public OneTimePassword New(string type, AppUser user)
{
var otp = new OneTimePassword
{
ApplicationId = user.ApplicationId,
UserName = user.UserName,
OTP = GenerateOTP().ToString(),
Type = type,
ValidDays = _appSettings.OtpValidDays
};
var list = _context.OneTimePassword.Where(t => t.UserName == user.UserName && t.DelFlag == false);
if (list != null)
{
foreach (var item in list)
{
item.DelFlag = true;
_context.OneTimePassword.Update(item);
}
}
_context.OneTimePassword.Add(otp);
_context.SaveChanges();
return(otp);
}
private bool AuthenticateWithOneTimePassword(Userprofile profile, string password)
{
if (password.Length > 8 || password != Regex.Replace(password, @"[^0-9]", ""))
{
return(false);
}
bool authenticated = false;
var secret = Base32.Decode(profile.SecretKey);
for (int i = 0; !authenticated && i < 3; i++)
{
var passw = OneTimePassword.Get(secret, i);
authenticated = (passw == password);
if (!authenticated && i != -i)
{
passw = OneTimePassword.Get(secret, -i);
authenticated = (passw == password);
}
}
if (authenticated)
{
TokenList.UseToken($"otp/{profile.Username}/{password}");
}
return(authenticated);
}
public void HOTP_Validate_SHA1()
{
var o = new OneTimePassword(ASCIIEncoding.ASCII.GetBytes("12345678901234567890"))
{
Digits = 8, TimeStep = 0
};
o.Counter = 0x0000000000000001;
Assert.Equal(true, o.IsCodeValid(94287082));
Assert.Equal(true, o.IsCodeValid(94287082));
Assert.Equal(false, o.IsCodeValid(94287082));
o.Counter = 0x00000000023523EC;
Assert.Equal(true, o.IsCodeValid("0708 1804"));
o.Counter = 0x00000000023523ED;
Assert.Equal(true, o.IsCodeValid(14050471));
o.Counter = 0x000000000273EF07;
Assert.Equal(true, o.IsCodeValid(89005924));
o.Counter = 0x0000000003F940AA;
Assert.Equal(true, o.IsCodeValid(69279037));
o.Counter = 0x0000000027BC86AA;
Assert.Equal(true, o.IsCodeValid(65353130));
}
public void DbxGetKeyCommandTest020()
{
using (var stream1 = new MemoryStream())
using (var channel1 = new ServiceChannel())
using (var channel2 = new ServiceChannel())
{
channel1.SetWriteStream(stream1, canDispose: false);
Context ctx = new Context();
ctx.ClientIP = IPAddress.None;
ctx.Channel = channel1;
ctx.Query = new QueryMessage {
Command = "dbx-GetKey"
};
ctx.Query.Params["username"] = "******";
ctx.Query.Params["uuid"] = "safevault";
ctx.Query.Params["password"] = OneTimePassword.Get(Base32.Decode("12345678"), 0);
Command.Process(ctx);
stream1.Position = 0;
channel2.SetReadStream(stream1, canDispose: false);
Assert.Catch <SecureChannelException>(() => channel2.ReadObject <ResponseMessage>());
}
}
public void DbxGetKeyCommandTest010()
{
using (var stream1 = new MemoryStream())
using (var channel1 = new ServiceChannel())
using (var channel2 = new ServiceChannel())
{
channel1.SetWriteStream(stream1, canDispose: false);
Context ctx = new Context();
ctx.ClientIP = IPAddress.None;
ctx.Channel = channel1;
ctx.Query = new QueryMessage {
Command = "dbx-GetKey"
};
ctx.Query.Params["username"] = "******";
ctx.Query.Params["uuid"] = "safevault";
ctx.Query.Params["password"] = OneTimePassword.Get(Base32.Decode("12345678"), 0);
Command.Process(ctx);
stream1.Position = 0;
channel2.SetReadStream(stream1, canDispose: false);
channel2.CipherLib["rsa-private"] = RsaCipher
.LoadFromPEM($"{_location}/data/client/test-user/cer.pem", $"{_location}/data/client/test-user/cer.pem.key");
var response = channel2.ReadObject <ResponseMessage>();
Assert.AreEqual(200, response.StatusCode);
var data = response.Header["data"];
Assert.AreEqual("1234567801234567890abcdefghiklmnopqvwxyz12345678012345678901234567890=", data);
}
}
public async Task <bool> GenerateOTP(User user)
{
await UserDataContext.Entry(user).Reference(u => u.OneTimePassword).LoadAsync();
if (user.OneTimePassword != null && !user.OneTimePassword.IsExpired)
{
return(true);
}
await ClearOneTimePasswords(user);
OneTimePassword password = new OneTimePassword(user);
await UserDataContext.OneTimePasswords.AddAsync(password);
await UserDataContext.SaveChangesAsync();
password.Code = Generator.ComputeHOTP(password.Id);
UserDataContext.Update(password);
await UserDataContext.SaveChangesAsync();
string message = $"Your NYSC One Time Password is {password.Code}."
+ " Keep this password should be kept private and should not be shared with anyone.";
await SMS.SendMessage(user.FormattedPhoneNumber, message);
return(true);
}
public string VerifyOtp(Data data)
{
var otp = new OneTimePassword(SecretKey);
var isValid = otp.IsCodeValid(data.OtpCode);
return(isValid ? "The code you supplied is valid" : "The code you supplied is invalid");
}
internal ApiResult SendOneTimePIN(string username, string MethodOfSending)
{
ApiResult apiResult = new ApiResult();
try
{
//Thread.Sleep(new TimeSpan(0, 1, 0));
if (string.IsNullOrEmpty(username))
{
apiResult.StatusCode = Globals.FAILURE_STATUS_CODE;
apiResult.StatusDesc = $"Please Supply a Username";
return(apiResult);
}
if (!Globals.AcceptableMethodsOfSendingOTP.Contains(MethodOfSending.ToUpper()))
{
apiResult.StatusCode = Globals.FAILURE_STATUS_CODE;
apiResult.StatusDesc = $"Please Specify how you want to recieve the OTP";
return(apiResult);
}
SystemUser[] systemUsers = SystemUser.QueryWithStoredProc("GetSystemUserByID", username);
if (systemUsers.Count() <= 0)
{
apiResult.StatusCode = Globals.FAILURE_STATUS_CODE;
apiResult.StatusDesc = $"User with Username [{username}] doesnt exist";
return(apiResult);
}
SystemUser user = systemUsers[0];
OneTimePassword oneTimePassword = new OneTimePassword();
oneTimePassword.CompanyCode = user.CompanyCode;
oneTimePassword.Password = "******";
oneTimePassword.ValidityDurationInSeconds = 5 * 60;
oneTimePassword.Username = user.Username;
oneTimePassword.Save();
ApiResult sendResult = MethodOfSending.ToUpper() == "PHONE" ? NotificationsHandler.SendOneTimePINByPhone(user.PhoneNumber, oneTimePassword.Password) : NotificationsHandler.SendOneTimePINByEmail(user.Email, oneTimePassword.Password);
if (sendResult.StatusCode != Globals.SUCCESS_STATUS_CODE)
{
apiResult.StatusCode = Globals.FAILURE_STATUS_CODE;
apiResult.StatusDesc = "Send One Time PIN failed: " + sendResult.StatusDesc;
return(apiResult);
}
apiResult.StatusCode = Globals.SUCCESS_STATUS_CODE;
apiResult.StatusDesc = $"Successfully Sent One time Password by {MethodOfSending} to {sendResult.PegPayID}. Its Valid for {oneTimePassword.ValidityDurationInSeconds / 60} minute(s)";
return(apiResult);
}
catch (Exception ex)
{
apiResult = HandleException(nameof(SendOneTimePIN), $"{username}, Error:{ex.Message}", ex);
}
return(apiResult);
}
public IActionResult Index()
{
var model = new BankViewModel();
model.QrValue = OneTimePassword.Phrase();
HttpContext.Session.SetString("Phrase", model.QrValue);
return(View(model));
}
public void Parameter_Algorithm_OutOfRange()
{
Assert.Throws <ArgumentOutOfRangeException>(() => {
var o = new OneTimePassword {
Algorithm = (OneTimePasswordAlgorithm)3
};
});
}
public void Parameter_Counter_WrongMode()
{
Assert.Throws <NotSupportedException>(() => {
var o = new OneTimePassword {
Counter = 11
};
});
}
public void Parameter_Digits_TooLong()
{
Assert.Throws <ArgumentOutOfRangeException>(() => {
var o = new OneTimePassword {
Digits = 10
};
});
}
public void Parameter_Digits()
{
var o = new OneTimePassword {
Digits = 4
};
o.Digits = 9;
}
public void MyTestMethod()
{
var secret = OneTimePassword.CreateSharedSecret();
Debug.WriteLine(OneTimePassword.SharedSecretToString(secret));
Debug.WriteLine(OneTimePassword.TimeBasedPassword(secret));
}
public void Basic()
{
var o1 = new OneTimePassword();
var o2 = new OneTimePassword();
Assert.Equal(20, o1.GetSecret().Length);
Assert.NotEqual(BitConverter.ToString(o1.GetSecret()), BitConverter.ToString(o2.GetSecret()));
}
public void Parameter_Algorithm()
{
var o = new OneTimePassword {
Algorithm = OneTimePasswordAlgorithm.Sha1
};
o.Algorithm = OneTimePasswordAlgorithm.Sha256;
o.Algorithm = OneTimePasswordAlgorithm.Sha512;
}
