public async Task <ActionResult <ApiResult <IEnumerable <string> > > > MfaGetBackups([FromBody] UserSudoModel data, CancellationToken cancellationToken = default) { var user = this.RosettaUser; var pwd = await this.UserRepository.GetUserPasswordAsync(user.Id, cancellationToken); if (pwd == null || !await this.Password.ValidatePasswordHashAsync(data.Password, pwd)) { return(this.StatusCode(401, ApiResult.FromError <SessionPreview>(new ApiError(ApiErrorCode.InvalidCredentials, "Specified credentials were invalid.")))); } var mfa = await this.MfaRepository.GetMfaSettingsAsync(user.Id, cancellationToken); if (mfa == null) { return(this.StatusCode(401, ApiResult.FromError <SessionPreview>(new ApiError(ApiErrorCode.InvalidCredentials, "MFA not configured.")))); } var codes = this.MfaValidator.GenerateRecoveryCodes(mfa); return(this.Ok(ApiResult.FromResult(codes))); }
public async Task <ActionResult <ApiResult <MfaSettingsModel> > > StartMfaEnable([FromBody] UserSudoModel data, CancellationToken cancellationToken = default) { var user = this.RosettaUser; var pwd = await this.UserRepository.GetUserPasswordAsync(user.Id, cancellationToken); if (pwd == null || !await this.Password.ValidatePasswordHashAsync(data.Password, pwd)) { return(this.StatusCode(401, ApiResult.FromError <SessionPreview>(new ApiError(ApiErrorCode.InvalidCredentials, "Specified credentials were invalid.")))); } var mfa = await this.MfaRepository.GetMfaSettingsAsync(user.Id, cancellationToken); if (mfa != null && mfa.IsConfirmed) { return(this.StatusCode(400, ApiResult.FromError <SessionPreview>(new ApiError(ApiErrorCode.AlreadyConfigured, "MFA is already configured.")))); } var tkpair = this.ActionTokenPairHandler.IssueTokenPair(TokenActionMFAConfigure); var stateId = await this.MfaStateRepository.GenerateStateAsync(this.HttpContext.Connection.RemoteIpAddress.ToString(), tkpair.Server, cancellationToken); var state = this.PackState(stateId, tkpair.Client); mfa = await this.MfaValidator.GenerateMfaAsync(this.MfaRepository, user.Id, false, cancellationToken); var rmfa = this.MfaValidator.GenerateClientData(mfa, user.Username, this.EventConfiguration.Name, state); return(this.Ok(ApiResult.FromResult(rmfa))); }