public async Task IncrementHotp(int position)
{
if (Authenticators.ElementAtOrDefault(position) == null)
{
return;
}
var info = Authenticators[position];
var auth = GetAuthenticator(info);
if (auth.Type != OtpType.Hotp)
{
return;
}
var secret = Base32.Decode(auth.Secret);
var hotp = new Hotp(secret, auth.Algorithm);
auth.Counter++;
auth.Code = hotp.ComputeHotp(auth.Counter);
auth.TimeRenew = DateTime.Now.AddSeconds(10);
Authenticators[position] = auth;
await _connection.UpdateAsync(auth);
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator auther = null;
if (kind == CredentialKind.External)
{
string providerName = credential.Type.Split('.')[1];
Authenticators.TryGetValue(providerName, out auther);
}
var credentialViewModel = new CredentialViewModel
{
Key = credential.Key,
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = auther?.GetUI(),
// Set the description as the value for legacy API keys
Description = credential.Description,
Value = kind == CredentialKind.Token && credential.Description == null ? credential.Value : null,
Scopes = credential.Scopes.Select(s => new ScopeViewModel(s.Subject, NuGetScopes.Describe(s.AllowedAction))).ToList(),
ExpirationDuration = credential.ExpirationTicks != null ? new TimeSpan?(new TimeSpan(credential.ExpirationTicks.Value)) : null
};
credentialViewModel.HasExpired = credential.HasExpired ||
(credentialViewModel.IsNonScopedV1ApiKey &&
!credential.HasBeenUsedInLastDays(_config.ExpirationInDaysForApiKeyV1));
return(credentialViewModel);
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator auther = null;
if (kind == CredentialKind.External)
{
string providerName = credential.Type.Split('.')[1];
if (!Authenticators.TryGetValue(providerName, out auther))
{
auther = null;
}
}
return(new CredentialViewModel
{
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Value = kind == CredentialKind.Token ? credential.Value : String.Empty,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = auther?.GetUI()
});
}
public async Task IncrementCounter(int position)
{
var auth = Authenticators.ElementAtOrDefault(position);
if (auth == null)
{
return;
}
auth.Counter++;
await _connection.UpdateAsync(auth);
}
public virtual async Task <AuthenticateExternalLoginResult> ReadExternalLoginCredential(IOwinContext context)
{
var result = await context.Authentication.AuthenticateAsync(AuthenticationTypes.External);
if (result == null)
{
_trace.Information("No external login found.");
return(new AuthenticateExternalLoginResult());
}
var idClaim = result.Identity.FindFirst(ClaimTypes.NameIdentifier);
if (idClaim == null)
{
_trace.Error("External Authentication is missing required claim: " + ClaimTypes.NameIdentifier);
return(new AuthenticateExternalLoginResult());
}
var nameClaim = result.Identity.FindFirst(ClaimTypes.Name);
if (nameClaim == null)
{
_trace.Error("External Authentication is missing required claim: " + ClaimTypes.Name);
return(new AuthenticateExternalLoginResult());
}
var emailClaim = result.Identity.FindFirst(ClaimTypes.Email);
string emailSuffix = emailClaim == null ? String.Empty : (" <" + emailClaim.Value + ">");
var tenantIdClaim = result.Identity.FindFirst(tenantIdClaimType);
Authenticator auther;
string authenticationType = idClaim.Issuer;
if (!Authenticators.TryGetValue(idClaim.Issuer, out auther))
{
foreach (var authenticator in Authenticators.Values)
{
if (authenticator.TryMapIssuerToAuthenticationType(idClaim.Issuer, out authenticationType))
{
auther = authenticator;
break;
}
}
}
return(new AuthenticateExternalLoginResult()
{
Authentication = null,
ExternalIdentity = result.Identity,
Authenticator = auther,
Credential = _credentialBuilder.CreateExternalCredential(authenticationType, idClaim.Value, nameClaim.Value + emailSuffix, tenantIdClaim?.Value)
});
}
private string FormatExternalCredentialType(string externalType)
{
Authenticator authenticator;
if (!Authenticators.TryGetValue(externalType, out authenticator))
{
return(externalType);
}
var ui = authenticator.GetUI();
return(ui == null ? authenticator.Name : ui.AccountNoun);
}
public async Task Rename(int position, string issuer, string username)
{
var auth = Authenticators.ElementAtOrDefault(position);
if (auth == null)
{
return;
}
auth.Issuer = issuer;
auth.Username = username;
await _connection.UpdateAsync(auth);
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator authenticator = null;
if (kind == CredentialKind.External)
{
if (string.IsNullOrEmpty(credential.TenantId))
{
string providerName = credential.Type.Split('.')[1];
Authenticators.TryGetValue(providerName, out authenticator);
}
else
{
authenticator = Authenticators
.Values
.FirstOrDefault(provider => provider.Name.Equals(AzureActiveDirectoryV2Authenticator.DefaultAuthenticationType, StringComparison.OrdinalIgnoreCase));
}
}
var credentialViewModel = new CredentialViewModel
{
Key = credential.Key,
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = authenticator?.GetUI(),
// Set the description as the value for legacy API keys
Description = credential.Description,
Value = kind == CredentialKind.Token && credential.Description == null ? credential.Value : null,
Scopes = credential.Scopes.Select(s => new ScopeViewModel(
s.Owner?.Username ?? credential.User.Username,
s.Subject,
NuGetScopes.Describe(s.AllowedAction)))
.ToList(),
ExpirationDuration = credential.ExpirationTicks != null ? new TimeSpan?(new TimeSpan(credential.ExpirationTicks.Value)) : null
};
credentialViewModel.HasExpired = credential.HasExpired ||
(credentialViewModel.IsNonScopedApiKey &&
!credential.HasBeenUsedInLastDays(_config.ExpirationInDaysForApiKeyV1));
credentialViewModel.Description = credentialViewModel.IsNonScopedApiKey
? Strings.NonScopedApiKeyDescription : credentialViewModel.Description;
return(credentialViewModel);
}
public async Task Rename(int position, string issuer, string username)
{
if (Authenticators.ElementAtOrDefault(position) == null)
{
return;
}
var info = Authenticators[position];
var auth = GetAuthenticator(info);
auth.Issuer = issuer.Trim().Truncate(32);
auth.Username = username.Trim().Truncate(32);
await _connection.UpdateAsync(auth);
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator authenticator = null;
if (kind == CredentialKind.External)
{
if (string.IsNullOrEmpty(credential.TenantId))
{
string providerName = credential.Type.Split('.')[1];
Authenticators.TryGetValue(providerName, out authenticator);
}
else
{
authenticator = Authenticators
.Values
.FirstOrDefault(provider => provider.Name.Equals(AzureActiveDirectoryV2Authenticator.DefaultAuthenticationType, StringComparison.OrdinalIgnoreCase));
}
}
var credentialViewModel = new CredentialViewModel
{
Key = credential.Key,
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = authenticator?.GetUI(),
Description = credential.Description,
Scopes = credential.Scopes.Select(s => new ScopeViewModel(
s.Owner?.Username ?? credential.User.Username,
s.Subject,
NuGetScopes.Describe(s.AllowedAction)))
.ToList(),
ExpirationDuration = credential.ExpirationTicks != null ? new TimeSpan?(new TimeSpan(credential.ExpirationTicks.Value)) : null,
RevocationSource = credential.RevocationSourceKey != null?Enum.GetName(typeof(CredentialRevocationSource), credential.RevocationSourceKey) : null,
};
credentialViewModel.HasExpired = IsCredentialExpiredOrNonScopedApiKeyNotUsedInLastDays(credential);
credentialViewModel.Description = credentialViewModel.IsNonScopedApiKey
? ServicesStrings.NonScopedApiKeyDescription : credentialViewModel.Description;
return(credentialViewModel);
}
public async Task Delete(int position)
{
var auth = Authenticators.ElementAtOrDefault(position);
if (auth == null)
{
return;
}
await _connection.DeleteAsync <Authenticator>(auth.Secret);
Authenticators.Remove(auth);
_all.Remove(auth);
const string sql = "DELETE FROM authenticatorcategory WHERE authenticatorSecret = ?";
await _connection.ExecuteAsync(sql, auth.Secret);
}
public async virtual Task <AuthenticateExternalLoginResult> ReadExternalLoginCredential(IOwinContext context)
{
var result = await context.Authentication.AuthenticateAsync(AuthenticationTypes.External);
if (result == null)
{
Trace.Information("No external login found.");
return(new AuthenticateExternalLoginResult());
}
var idClaim = result.Identity.FindFirst(ClaimTypes.NameIdentifier);
if (idClaim == null)
{
Trace.Error("External Authentication is missing required claim: " + ClaimTypes.NameIdentifier);
return(new AuthenticateExternalLoginResult());
}
var nameClaim = result.Identity.FindFirst(ClaimTypes.Name);
if (nameClaim == null)
{
Trace.Error("External Authentication is missing required claim: " + ClaimTypes.Name);
return(new AuthenticateExternalLoginResult());
}
var emailClaim = result.Identity.FindFirst(ClaimTypes.Email);
string emailSuffix = emailClaim == null ? String.Empty : (" <" + emailClaim.Value + ">");
Authenticator auther;
if (!Authenticators.TryGetValue(idClaim.Issuer, out auther))
{
auther = null;
}
return(new AuthenticateExternalLoginResult()
{
Authentication = null,
ExternalIdentity = result.Identity,
Authenticator = auther,
Credential = CredentialBuilder.CreateExternalCredential(idClaim.Issuer, idClaim.Value, nameClaim.Value + emailSuffix)
});
}
public Authenticator Get(int position)
{
if (Authenticators.ElementAtOrDefault(position) == null)
{
return(null);
}
var info = Authenticators[position];
var auth = GetAuthenticator(info);
if (auth.Type == OtpType.Totp && auth.TimeRenew <= DateTime.Now)
{
var secret = Base32.Decode(auth.Secret);
var totp = new Totp(secret, auth.Period, auth.Algorithm, auth.Digits);
auth.Code = totp.ComputeTotp();
auth.TimeRenew = DateTime.Now.AddSeconds(totp.RemainingSeconds());
}
return(auth);
}
public async Task Delete(int position)
{
if (Authenticators.ElementAtOrDefault(position) == null)
{
return;
}
var info = Authenticators[position];
var auth = GetAuthenticator(info);
await _connection.DeleteAsync <Authenticator>(auth.Secret);
Authenticators.Remove(info);
_all.Remove(auth);
var sql = "DELETE FROM authenticatorcategory WHERE authenticatorSecret = ?";
object[] args = { auth.Secret };
await _connection.ExecuteAsync(sql, args);
}
public virtual ActionResult Challenge(string providerName, string redirectUrl)
{
Authenticator provider;
if (!Authenticators.TryGetValue(providerName, out provider))
{
throw new InvalidOperationException(String.Format(
CultureInfo.CurrentCulture,
Strings.UnknownAuthenticationProvider,
providerName));
}
if (!provider.BaseConfig.Enabled)
{
throw new InvalidOperationException(String.Format(
CultureInfo.CurrentCulture,
Strings.AuthenticationProviderDisabled,
providerName));
}
return(provider.Challenge(redirectUrl));
}
public IEnumerable <ValidationResult> Validate(ValidationContext validationContext)
{
foreach (var application in Applications)
{
var name = application.IdentityProviderBinding.Name;
if (!IdentityProviders.Any(i => i.Name == name))
{
yield return(new ValidationResult($"No identity provider with name '{name}' configured.", new string[] { nameof(Applications) }));
}
if (application.AuthenticatorBindings != null)
{
foreach (var authBinding in application.AuthenticatorBindings)
{
var authName = authBinding.Name;
if (Authenticators is null || !Authenticators.Any(a => a.Name == authName))
{
yield return(new ValidationResult($"No authenticator with name '{authName}' configured.", new string[] { nameof(Applications) }));
}
}
}
}
}
public AuthManOptions AddAuth <T>() where T : IAuthenticate
{
Authenticators.Add(typeof(T));
return(this);
}
public AuthManOptions AddAuth(IEnumerable <Type> types)
{
// TODO: add validation for IAuthenticate interface
Authenticators.AddRange(types);
return(this);
}
public AuthManOptions AddUserAuth <TUserMan, TUser>() where TUserMan : IUserMan <TUser>
{
Authenticators.Add(typeof(TUserMan));
return(this);
}
public int GetPosition(string secret)
{
return(Authenticators.FindIndex(a => a.Secret == secret));
}
public static void Load()
{
InitializeDefaults();
if (!File.Exists(SettingsFile))
{
return;
}
using (BinaryReader binReader = new BinaryReader(File.OpenRead(SettingsFile)))
{
string fileHeader = "";
for (int i = 0; i < 9; i++)
{
fileHeader += binReader.ReadChar();
}
if (fileHeader != "WINBMACFG")
{
return;
}
int fileVersion = binReader.ReadInt32();
if (fileVersion > 4)
{
System.Windows.MessageBox.Show("The settings database was created with a newer version of WinBMA. We were unable to load your settings.", "Error", System.Windows.MessageBoxButton.OK, System.Windows.MessageBoxImage.Error);
return;
}
int numOfAuths = binReader.ReadInt32();
for (int i = 0; i < numOfAuths; i++)
{
string name = binReader.ReadString();
string serial = binReader.ReadString();
bool? isRestorable = null;
AuthAPI.Security.EncryptionProvider.EncryptionType encType = AuthAPI.Security.EncryptionProvider.EncryptionType.None;
int tokenLen = 20;
if (fileVersion > 2)
{
isRestorable = binReader.ReadBoolean();
encType = (AuthAPI.Security.EncryptionProvider.EncryptionType)binReader.ReadByte();
tokenLen = binReader.ReadInt32();
}
byte[] token = binReader.ReadBytes(tokenLen);
Authenticators.Add(new AuthAPI.Authenticator(name, serial, token, isRestorable, encType));
}
if (fileVersion < 3)
{
for (int i = 0; i < 2; i++)
{
DateTime storedLastSync = DateTime.FromBinary(binReader.ReadInt64());
Int64 storedOffset = binReader.ReadInt64();
if (storedLastSync > _lastSyncTime)
{
_lastSyncTime = storedLastSync;
_timeOffset = storedOffset;
}
}
}
else
{
_lastSyncTime = DateTime.FromBinary(binReader.ReadInt64());
_timeOffset = binReader.ReadInt64();
}
if (fileVersion == 1)
{
return;
}
SelectedAuthenticatorIndex = binReader.ReadInt32();
if (fileVersion == 2)
{
return;
}
_autoSync = binReader.ReadBoolean();
_alwaysOnTop = binReader.ReadBoolean();
_autoCopyToClipboard = binReader.ReadBoolean();
_theme = binReader.ReadString();
_checkForUpdates = binReader.ReadBoolean();
_lastUpdateCheck = DateTime.FromBinary(binReader.ReadInt64());
if (fileVersion == 3)
{
return;
}
_hotkeyEnabled = binReader.ReadBoolean();
_hotkeyModifiers = (Utilities.SystemHotKey.ModifierKeys)binReader.ReadByte();
_hotkey = (Utilities.Keys)binReader.ReadInt32();
}
}
