public async Task <IActionResult> Register([FromBody] RegisterUserVm model) { var user = new AppUser { UserName = model.Username, Email = model.Email, PSK = TimeSensitivePassCode.GeneratePresharedKey() }; var result = await _userManager.CreateAsync(user, model.Password); if (result.Succeeded) { await _signInManager.SignInAsync(user, false); var retVal = new { user, token = GenerateJwtToken(model.Username, user, false) }; // NOTE: Return the PSK to be able to register via Google/Microsoft Authenticator return(Ok(retVal)); } throw new ApplicationException("UNKNOWN_ERROR"); }
public void GetOtps_Returns3Otps() { var key = TimeSensitivePassCode.GenerateSharedPrivateKey(); var otps = TimeSensitivePassCode.GetOtps(key); Assert.AreEqual(3, otps.Count); }
public async Task <IHttpActionResult> GetOtp(LoginModel login) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var valid = _userManager.ValidateCredentials(login.UserName, login.Password); if (!valid) { return(NotFound()); } var user = _userManager.GetUser(login.UserName); var code = TimeSensitivePassCode.GetListOfOtPs(PskService.GetPsk(user.EmployeeId).Psk)[1]; if (!string.IsNullOrEmpty(user.VoiceTelephoneNumber)) { await new SmsService().SendAsync(new IdentityMessage { Body = $"Your Pin Is:\n {code}", Destination = user.VoiceTelephoneNumber }); } else { ModelState.AddModelError("PhoneNumber", "user's Phone number is not available"); return(BadRequest(ModelState)); } return(Ok(code)); }
public void GetOtps_ReturnsOtpsWithLength6() { var key = TimeSensitivePassCode.GenerateSharedPrivateKey(); var otps = TimeSensitivePassCode.GetOtps(key); foreach (var otp in otps) { Assert.AreEqual(6, otp.Length); } }
public static bool HasValidTotp(this HttpRequestMessage request, string key) { if (!request.Headers.Contains(otpHeader)) { return(false); } string otp = request.Headers.GetValues(otpHeader).First(); // We need to check the passcode against the past, current, and future passcodes return(!string.IsNullOrWhiteSpace(otp) && TimeSensitivePassCode.GetListOfOtp(key).Any(t => t.Equals(otp))); }
public async Task <IdentityResult> RegisterUser(UserModel userModel) { var user = new ApplicationUser { UserName = userModel.UserName, TwoFactorEnabled = true, Psk = TimeSensitivePassCode.GeneratePresharedKey() }; IdentityResult result = await userManager.CreateAsync(user, userModel.Password); return(result); }
//----------------------------------------------------------------------------------------------------------------- //public bool Smtp() //{ // var client = new TcpClient(); // var server = "smtp.gmail.com"; // var port = 465; // try // { // client.Connect(server, port); // // As GMail requires SSL we should use SslStream // // If your SMTP server doesn't support SSL you can // // work directly with the underlying stream // var stream = client.GetStream(); // var sslStream = new SslStream(stream); // sslStream.AuthenticateAsClient(server); // var writer = new StreamWriter(sslStream); // var reader = new StreamReader(sslStream); // if (reader.ReadLine().IndexOf("220 smtp.gmail.com ") == 0) // { // return true; // } // else // return false; // } // catch (Exception e) // { // return false; // } //} ////----------------------------------------------------------------------------------------------------------------------- //public bool testWeb(string url, string res) //{ // try // { // HttpWebRequest r = (HttpWebRequest)WebRequest.Create(url); // HttpWebResponse response = (HttpWebResponse)r.GetResponse(); // // request.Timeout = 3000; // StreamReader reader = new StreamReader(response.GetResponseStream()); // string content = reader.ReadToEnd(); // if (content.IndexOf(res, StringComparison.CurrentCulture) > 0) // { // return true; // } // else return false; // } // catch (Exception ex) // { // return false; // } //} //----------------------------------------------------------------------------------------------------------------------- public string inscription(string username, string lastname, string adresse, string birthdate, string email, int tel, string login, string pwd) { int verif; string PSK = TimeSensitivePassCode.GeneratePresharedKey(); string data = "otpauth://totp/" + login + "?secret=" + PSK; QRCodeGenerator qrg = new QRCodeGenerator(); QRCodeGenerator.QRCode qc = qrg.CreateQrCode(data, QRCodeGenerator.ECCLevel.H); Bitmap bm = qc.GetGraphic(20); MemoryStream ms = new MemoryStream(); bm.Save(ms, ImageFormat.Gif); Byte[] b = ms.ToArray(); string bcd = Convert.ToBase64String(b); connection.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = connection; cmd.CommandText = "INSERT INTO Employe(Nom,Prenom,Adresse,DateDeNaissance,Email,Tel,Psk,Login,Pwd,access) VALUES (@username,@lastname,@adresse,@birthdate,@email,@tel,@psk,@login,@pwd,0)"; cmd.Parameters.AddWithValue("@username", username.Trim()); cmd.Parameters.AddWithValue("@lastname", lastname); cmd.Parameters.AddWithValue("@adresse", adresse); cmd.Parameters.AddWithValue("@birthdate", birthdate); cmd.Parameters.AddWithValue("@email", email); cmd.Parameters.AddWithValue("@tel", tel); cmd.Parameters.AddWithValue("@PSK", PSK); cmd.Parameters.AddWithValue("@login", login); cmd.Parameters.AddWithValue("@pwd", pwd); DataTable dt = new DataTable(); dt.Columns.Add("Error", typeof(string)); DataSet ds = new DataSet(); dt.Columns.Add("SKey", typeof(string)); dt.Columns.Add("SourceImage", typeof(string)); try { verif = cmd.ExecuteNonQuery(); dt.Rows.Add("true", PSK, bcd); } catch (Exception ex) { dt.Rows.Add("Probl�me" + ex.Message, "fff", "******"); } ds.Tables.Add(dt); return(bcd); }
public async Task <IdentityResult> RegisterUser(UserModel userModel) { //le proprietà diefinite qui vengono recuperate con il claim di principal ApplicationUser user = new ApplicationUser { UserName = userModel.UserName, TwoFactorEnabled = true, // PSK = OneTimePass.GenerateSharedPrivateKey() PSK = TimeSensitivePassCode.GeneratePresharedKey() }; var result = await _userManager.CreateAsync(user, userModel.Password); return(result); }
public bool Populate(string email, string password) { bool getUser = FindUser(email, password); string presharedKey = TimeSensitivePassCode.GeneratePresharedKey(); int otp = GenerateOTP(presharedKey); if (getUser == false) { UserContext.users.Add(new User { Email = email, Password = password, OTP = otp, PresharedKey = presharedKey, TwoFactorConfig = false }); UserContext.SaveChanges(); return(true); } return(false); }
public IHttpActionResult ValidateMicrosoftOTP(User user) { User getuser = UserContext.users.Where(x => x.Email == user.Email).Where(x => x.Password == user.Password).FirstOrDefault(); if (getuser != null && getuser.TwoFactorConfig == true) { IList <string> otps = TimeSensitivePassCode.GetListOfOTPs(getuser.PresharedKey); if (user.OTP == Convert.ToInt32(otps[0]) || user.OTP == Convert.ToInt32(otps[1])) { return(Ok("Valid User")); } return(NotFound()); } return(NotFound()); }
public async Task <IHttpActionResult> VerifyOtp(VerifyOtpModel login) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var valid = await Task.FromResult(_userManager.ValidateCredentials(login.UserName, login.Password)); var user = _userManager.GetUser(login.UserName); if (user == null) { return(NotFound()); } var state = TimeSensitivePassCode.GetListOfOtPs(PskService.GetPsk(user.EmployeeId).Psk).Any(c => c.Equals(login.Code)); return(Ok(new { state = state })); }
public static USerPsk GetPsk(string employeeId) { using (var context = new AdContext()) { var psk = context.USerPsks.FirstOrDefault(o => o.EmployeeId == employeeId); if (psk != null) { return(context.USerPsks.FirstOrDefault(o => o.EmployeeId == employeeId)); } { context.USerPsks.Add(new USerPsk { EmployeeId = employeeId, Psk = TimeSensitivePassCode.GeneratePresharedKey() }); context.SaveChanges(); return(context.USerPsks.FirstOrDefault(o => o.EmployeeId == employeeId)); } } }
public static bool HasValidTotp(this HttpRequestMessage request, string key) { //guarda se l'header contiene l'X-OTP ossia il codice di google a 6 cifre if (request.Headers.Contains(OTP_HEADER)) { string otp = request.Headers.GetValues(OTP_HEADER).First(); // We need to check the passcode against the past, current, and future passcodes if (!string.IsNullOrWhiteSpace(otp)) { //qui verifica se il codice inserito è uno dei tre generati in base alla chiave applicativa univoca per l'utente corrente if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp))) { return(true); } } } return(false); }
public static bool HasValidTotp(this Microsoft.AspNetCore.Http.HttpRequest request, string key) { //request.Headers.ContainsKey() //if (request.Headers.Contains(OTP_HEADER)) //{ // string otp = request.Headers.GetValues(OTP_HEADER).First(); // // We need to check the passcode against the past, current, and future passcodes // if (!string.IsNullOrWhiteSpace(otp)) // { // if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp))) // { // return true; // } // } //} //return false; if (request.Headers.ContainsKey(OTP_HEADER)) { var otp = new StringValues(); request.Headers.TryGetValue(OTP_HEADER, out otp); //string otp = request.Headers.GetValues(OTP_HEADER).First(); // We need to check the passcode against the past, current, and future passcodes if (!string.IsNullOrWhiteSpace(otp)) { if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp))) { return(true); } } } return(false); }
public void GenerateSharedPrivateKey_ReturnsKeyWithPermittedChars() { var key = TimeSensitivePassCode.GenerateSharedPrivateKey(); Assert.IsTrue(key.All(c => _permittedChars.Contains(c))); }
private int GenerateOTP(string presharedKey) { IList <string> otps = TimeSensitivePassCode.GetListOfOTPs(presharedKey); return(Convert.ToInt32(otps[1])); }
public void GenerateSharedPrivateKey_ReturnNonEmptyKey() { var key = TimeSensitivePassCode.GenerateSharedPrivateKey(); Assert.IsFalse(string.IsNullOrWhiteSpace(key)); }
public void GenerateSharedPrivateKey_ReturnsA16CharKey() { var key = TimeSensitivePassCode.GenerateSharedPrivateKey(); Assert.IsTrue(key.Length == 16); }