/// <summary>
/// Validate code passed by user
/// </summary>
public static bool Validate(string code, string secret)
{
bool valid = false;
int tokeni;
if (code != null && int.TryParse(code, out tokeni))
{
var totpv = new TotpValidator(_totpGenerator);
valid = totpv.Validate(
secret,
tokeni,
GenerationPeriodSeconds
);
}
return(valid);
}
public bool ValidateToken(string phoneNumber, int token)
{
return(true);
var existingToken = _totpTokenRepository.GetToken(phoneNumber);
if (existingToken == 0)
{
throw new UnregisteredPhoneNumberException();
}
if (existingToken != token)
{
throw new InvalidTokenException();
}
var totpValidator = new TotpValidator(_totpGenerator);
return(totpValidator.Validate(_secretKey, token, _totpTokenLifetimeInSeconds));
}
/// <summary>
/// 登录
/// </summary>
/// <param name="userName">用户名</param>
/// <param name="password">密码</param>
/// <param name="authenticateNum">验证码</param>
/// <returns>登录结果及用户信息</returns>
public ExcutedResult SignIn(string userName, string password, int authenticateNum)
{
//query manager by userName
var manager = Repository.FirstOrDefault(p => p.Account == userName && p.State == (int)EnumState.Normal);
if (manager == null)
{
return(ExcutedResult.FailedResult(BusinessResultCode.NoUserOrPasswordError, "用户不存在或被删除"));
}
ExcutedResult result;
//verify error times and last error time
if (manager.ErrorTimes > 5)
{
if (manager.LastErrorTime.HasValue)
{
var endTime = manager.LastErrorTime.Value.AddHours(12);
if (endTime > DateTime.UtcNow)
{
return(ExcutedResult.FailedResult(BusinessResultCode.AccountLockedTryLater,
$"{BusinessResultCode.AccountLockedTryLater}:{endTime.ToStandardFormat()}。"));
}
}
else
{
manager.LastErrorTime = DateTime.UtcNow;
var endTime = manager.LastErrorTime.Value.AddHours(12);
Repository.Update(manager);
return(ExcutedResult.FailedResult(BusinessResultCode.AccountLockedTryLater,
$"{BusinessResultCode.AccountLockedTryLater}:{endTime.ToStandardFormat()}。"));
}
}
//securtyKey=manager.Id+salt
var securtyKey = manager.Id + manager.Salt;
var validator = new TotpValidator(new TotpGenerator());
//hashpwd=hash(salt+hash(password + salt))
var hashPwd = GetHashPwd(password, manager.Salt);
//hashpwd equal manager.hashpwd
//verify authenticateNum
if (validator.Validate(securtyKey, authenticateNum) && hashPwd.Equals(manager.Pwd))
{
manager.ErrorTimes = 0;
manager.LastErrorTime = null;
manager.LastLoginTime = DateTime.UtcNow;
//if success, return userinfo
var baseInfo = new PrincipalUser
{
UserName = manager.Account,
Id = manager.Id,
Mobile = manager.Mobile,
NickName = manager.Name,
Role = manager.ManagerType
};
result = ExcutedResult.SuccessResult(baseInfo);
}
else
{
manager.ErrorTimes++;
manager.LastErrorTime = DateTime.UtcNow;
result = ExcutedResult.FailedResult(BusinessResultCode.NoUserOrPasswordError, "用户不存在或密码错误");
}
//update error times and last error time
Repository.Update(manager);
return(result);
}
