public async Task <IActionResult> Register2FAAuthenticator(TwoFactorInputModel model, string redirectUrl = null)
{
var user = await _userManager.GetUserAsync(HttpContext.User);
if (ModelState.IsValid)
{
model.OTP = model.OTP.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2FaTokenValid = await _userManager.VerifyTwoFactorTokenAsync(user, _userManager.Options.Tokens.AuthenticatorTokenProvider, model.OTP);
if (is2FaTokenValid)
{
await _userManager.SetTwoFactorEnabledAsync(user, true);
await _signInManager.SignInAsync(user, isPersistent : false);
await _userManager.SetAuthenticatorTokenVerifiedAsync(user);
return(RedirectToAction("Register2FAAuthenticatorComplete", new { redirectUrl = redirectUrl }));
}
else
{
ModelState.AddModelError(string.Empty, "Token is invalid");
}
}
return(View(await GetRegister2FAAuthenticatorViewModel(redirectUrl, user.Id, false)));
}
public async Task <IActionResult> Verify2FAAuthenticator(TwoFactorInputModel model, string button)
{
// the user clicked the "cancel" button
if (button != "validate")
{
return(await CancelTokenRequest(model.RedirectUrl));
}
if (ModelState.IsValid)
{
model.OTP = model.OTP.Replace(" ", string.Empty).Replace("-", string.Empty);
Microsoft.AspNetCore.Identity.SignInResult result;
if (model.IsRecoveryCode)
{
result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(model.OTP);
}
else
{
result = await _signInManager.TwoFactorAuthenticatorSignInAsync(model.OTP, false, false);
}
if (result.Succeeded)
{
return(RedirectToAction("Index", "TermsOfService", new { returnUrl = model.RedirectUrl }));
}
if (result.IsLockedOut)
{
ModelState.AddModelError(string.Empty, "Your account is locked out");
}
else
{
ModelState.AddModelError(string.Empty, $"{(model.IsRecoveryCode ? "Recovery code" : "OTP")} is invalid");
}
ModelState.Remove("OTP");
}
// something went wrong, show form with error
return(View(await GetTwoFactorViewModelAsync(model.RedirectUrl, model.Username)));
}