public User ValidateCode(int userId, int code, string newEmail)
{
var user = Find(userId);
var securityToken = new SecurityToken(Encoding.Unicode.GetBytes(user.SecurityStamp));
if (Rfc6238AuthenticationService.ValidateCode(securityToken, code, newEmail))
{
user.Email = newEmail;
Update(user);
return(user);
}
return(null);
}
/// <summary>
/// Returns a flag indicating whether the specified <paramref name="token"/> is valid for the given
/// <paramref name="user"/> and <paramref name="purpose"/>.
/// </summary>
/// <param name="purpose">The purpose the token will be used for.</param>
/// <param name="token">The token to validate.</param>
/// <param name="manager">The <see cref="UserManager{TUser}"/> that can be used to retrieve user properties.</param>
/// <param name="user">The user a token should be validated for.</param>
/// <returns>
/// The <see cref="Task"/> that represents the asynchronous operation, containing the a flag indicating the result
/// of validating the <paramref name="token"> for the specified </paramref><paramref name="user"/> and <paramref name="purpose"/>.
/// The task will return true if the token is valid, otherwise false.
/// </returns>
public virtual async Task <bool> ValidateAsync(string purpose, string token, UserManager <TUser> manager, TUser user)
{
if (manager == null)
{
throw new ArgumentNullException(nameof(manager));
}
int code;
if (!int.TryParse(token, out code))
{
return(false);
}
var securityToken = await manager.CreateSecurityTokenAsync(user).ConfigureAwait(false);
var modifier = await GetUserModifierAsync(purpose, manager, user).ConfigureAwait(false);
return(securityToken != null && Rfc6238AuthenticationService.ValidateCode(securityToken, code, modifier));
}
/// <inheritdoc />
public async Task <TotpResult> Verify(ClaimsPrincipal principal, string code, TotpProviderType?provider = null, string purpose = null, string securityToken = null, string phoneNumberOrEmail = null)
{
var totpResult = ValidateParameters(principal, securityToken, phoneNumberOrEmail);
if (!totpResult.Success)
{
return(totpResult);
}
purpose ??= TotpConstants.TokenGenerationPurpose.StrongCustomerAuthentication;
if (principal != null)
{
var user = await _userManager.GetUserAsync(principal);
var providerName = provider.HasValue ? $"{provider}" : TokenOptions.DefaultPhoneProvider;
var verified = await _userManager.VerifyUserTokenAsync(user, providerName, purpose, code);
if (verified)
{
await _userManager.UpdateSecurityStampAsync(user);
return(TotpResult.SuccessResult);
}
else
{
return(TotpResult.ErrorResult(_localizer["The verification code is invalid."]));
}
}
if (!string.IsNullOrEmpty(securityToken))
{
if (!int.TryParse(code, out var codeInt))
{
return(TotpResult.ErrorResult(_localizer["Totp must be an integer value."]));
}
var modifier = GetModifier(purpose, phoneNumberOrEmail);
var encodedToken = Encoding.Unicode.GetBytes(securityToken);
var isValidTotp = _rfc6238AuthenticationService.ValidateCode(encodedToken, codeInt, modifier);
totpResult.Success = isValidTotp;
}
return(totpResult);
}
