/// <summary> /// Validate code passed by user /// </summary> public static bool Validate(string code, string secret) { bool valid = false; int tokeni; if (code != null && int.TryParse(code, out tokeni)) { var totpv = new TotpValidator(_totpGenerator); valid = totpv.Validate( secret, tokeni, GenerationPeriodSeconds ); } return(valid); }
public bool ValidateToken(string phoneNumber, int token) { return(true); var existingToken = _totpTokenRepository.GetToken(phoneNumber); if (existingToken == 0) { throw new UnregisteredPhoneNumberException(); } if (existingToken != token) { throw new InvalidTokenException(); } var totpValidator = new TotpValidator(_totpGenerator); return(totpValidator.Validate(_secretKey, token, _totpTokenLifetimeInSeconds)); }
/// <summary> /// 登录 /// </summary> /// <param name="userName">用户名</param> /// <param name="password">密码</param> /// <param name="authenticateNum">验证码</param> /// <returns>登录结果及用户信息</returns> public ExcutedResult SignIn(string userName, string password, int authenticateNum) { //query manager by userName var manager = Repository.FirstOrDefault(p => p.Account == userName && p.State == (int)EnumState.Normal); if (manager == null) { return(ExcutedResult.FailedResult(BusinessResultCode.NoUserOrPasswordError, "用户不存在或被删除")); } ExcutedResult result; //verify error times and last error time if (manager.ErrorTimes > 5) { if (manager.LastErrorTime.HasValue) { var endTime = manager.LastErrorTime.Value.AddHours(12); if (endTime > DateTime.UtcNow) { return(ExcutedResult.FailedResult(BusinessResultCode.AccountLockedTryLater, $"{BusinessResultCode.AccountLockedTryLater}:{endTime.ToStandardFormat()}。")); } } else { manager.LastErrorTime = DateTime.UtcNow; var endTime = manager.LastErrorTime.Value.AddHours(12); Repository.Update(manager); return(ExcutedResult.FailedResult(BusinessResultCode.AccountLockedTryLater, $"{BusinessResultCode.AccountLockedTryLater}:{endTime.ToStandardFormat()}。")); } } //securtyKey=manager.Id+salt var securtyKey = manager.Id + manager.Salt; var validator = new TotpValidator(new TotpGenerator()); //hashpwd=hash(salt+hash(password + salt)) var hashPwd = GetHashPwd(password, manager.Salt); //hashpwd equal manager.hashpwd //verify authenticateNum if (validator.Validate(securtyKey, authenticateNum) && hashPwd.Equals(manager.Pwd)) { manager.ErrorTimes = 0; manager.LastErrorTime = null; manager.LastLoginTime = DateTime.UtcNow; //if success, return userinfo var baseInfo = new PrincipalUser { UserName = manager.Account, Id = manager.Id, Mobile = manager.Mobile, NickName = manager.Name, Role = manager.ManagerType }; result = ExcutedResult.SuccessResult(baseInfo); } else { manager.ErrorTimes++; manager.LastErrorTime = DateTime.UtcNow; result = ExcutedResult.FailedResult(BusinessResultCode.NoUserOrPasswordError, "用户不存在或密码错误"); } //update error times and last error time Repository.Update(manager); return(result); }