public async Task <ActionResult> Index(TwoFactorAuthenticationModel model)
{
// we're only allowed here when we have a partial sign-in
var ctx = Request.GetOwinContext();
var partialSignInUser = await ctx.Environment.GetIdentityServerPartialLoginAsync();
if (partialSignInUser == null)
{
return(View("No partially signed-in user found."));
}
if (ModelState.IsValid)
{
using (var twoFactorTokenService = new TwoFactorTokenService())
{
if (twoFactorTokenService.VerifyTwoFactorCodeFor(partialSignInUser.GetSubjectId(), model.Code))
{
// continue where we left off
return(Redirect(await ctx.Environment.GetPartialLoginResumeUrlAsync()));
}
else
{
// show error
return(View("This code is invalid."));
}
}
}
return(View());
}
public async Task <ActionResult> EnableAuthenticator([FromBody] TwoFactorAuthenticationModel twoFactorAuthentication)
{
var user = await _userManager.FindByIdAsync(twoFactorAuthentication.UserId);
if (user == null)
{
throw new HttpStatusErrorException(HttpStatusCode.NotFound, $"Unable to load user with ID '{twoFactorAuthentication.UserId}'.");
}
// Strip spaces and hypens
var code = twoFactorAuthentication.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(user, _userManager.Options.Tokens.AuthenticatorTokenProvider, code);
if (!is2faTokenValid)
{
throw new HttpStatusErrorException(HttpStatusCode.BadRequest, "Verification code is invalid.");
}
await _userManager.SetTwoFactorEnabledAsync(user, true);
_logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", twoFactorAuthentication.UserId);
if (await _userManager.CountRecoveryCodesAsync(user) == 0)
{
var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
return(Ok(recoveryCodes));
}
return(Ok($"User with ID '{twoFactorAuthentication.UserId}' has enabled 2FA with an authenticator app and he already has recovery codes"));
}
//
// GET: Account/TwoFactorAuthenticate
//public ActionResult TwoFactorAuthenticate(string returnUrl)
//{
// return View();
//}
//
// POST: Account/TwoFactorAuthenticate
public ActionResult TwoFactorAuthenticate(TwoFactorAuthenticationModel model, string returnUrl)
{
if (ModelState.IsValid && true)
{
return(RedirectToLocal(returnUrl));
}
return(View(model));
}
// ReSharper disable once RedundantAssignment
public async Task <IActionResult> TwoFactorAuthentication(TwoFactorAuthenticationModel model)
{
await _signInManager.ForgetTwoFactorClientAsync();
model = await _manageEndpoint.TwoFactorAuthentication(UserId);
model.StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code.";
return(View(model));
}
public async Task <ActionResult> Index(TwoFactorAuthenticationModel model)
{
var partialSignInUser = await EnsurePartialSignedUserFound();
if (!ModelState.IsValid)
{
return(View());
}
return(await ValidateCode(model, partialSignInUser));
}
public async Task <IActionResult> TwoFactorAuthentication(TwoFactorAuthenticationModel model)
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
}
await _signInManager.ForgetTwoFactorClientAsync();
StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code.";
return(RedirectToAction());
}
private async Task <ActionResult> ValidateCode(TwoFactorAuthenticationModel model,
ClaimsIdentity partialSignInUser)
{
var twoFactorTokenService = new TwoFactorTokenService();
var codeValid = twoFactorTokenService.VerifyTwoFactorCodeFor(
partialSignInUser.GetSubjectId(), model.Code);
if (codeValid)
{
return(Redirect(await GetOwinContext().Environment.GetPartialLoginResumeUrlAsync()));
}
return(View("This code is invalid."));
}
public async Task <IActionResult> TwoFactorAuthentication()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
var model = new TwoFactorAuthenticationModel
{
HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null,
Is2faEnabled = user.TwoFactorEnabled,
RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user),
};
return(View(model));
}
public async Task <TwoFactorAuthenticationModel> TwoFactorAuthentication(string userId)
{
var model = new TwoFactorAuthenticationModel();
var user = await GetUser(userId, model);
if (user == null)
{
return(LogErrorReturnModel(model));
}
model.HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null;
model.Is2FaEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
model.RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user);
return(model);
}
public async Task <IActionResult> TwoFactorAuthenticationUser([FromBody] TwoFactorAuthenticationModel twoFactorAuthentication)
{
if (!ModelState.IsValid)
{
throw new HttpStatusErrorException(HttpStatusCode.BadRequest, Constants.ModelIsNotValidMessage);
}
var user = await _userManager.FindByIdAsync(twoFactorAuthentication.UserId);
if (user == null)
{
throw new HttpStatusErrorException(HttpStatusCode.NotFound, $"Unable to load user with ID '{twoFactorAuthentication.UserId}'.");
}
if (!user.TwoFactorEnabled)
{
throw new HttpStatusErrorException(HttpStatusCode.BadRequest, "The current user is not using two-factor authentication.");
}
// Strip spaces and hypens
var code = twoFactorAuthentication.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(code, twoFactorAuthentication.IsPersistent, twoFactorAuthentication.RememberMe);
if (result.Succeeded)
{
_logger.LogInformation("User with ID '{UserId}' logged in with 2fa.", user.Id);
return(Ok($"User with ID '{user.Id}' logged in with 2fa."));
}
if (result.IsLockedOut)
{
_logger.LogWarning(Constants.UserIsLockedOutMessage, user.Id);
throw new HttpStatusErrorException(HttpStatusCode.BadRequest, Constants.UserIsLockedOutMessage);
}
_logger.LogWarning("Invalid authenticator code entered for user with ID '{UserId}'.", user.Id);
throw new HttpStatusErrorException(HttpStatusCode.BadRequest, $"Invalid authenticator code entered for user with ID '{user.Id}");
}
public async Task <IActionResult> TwoFactorAuthentication()
{
var model = new TwoFactorAuthenticationModel();
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
}
model.HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null;
model.Is2faEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
model.IsMachineRemembered = await _signInManager.IsTwoFactorClientRememberedAsync(user);
model.RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user);
return(View(model));
}
