public bool GetMethodDefault(UserLoginMethod method)
{
switch (method)
{
case UserLoginMethod.EmailPassword: return(true);
default: return(false);
}
}
public async Task <IActionResult> UpdateLoginMethod(UserLoginMethod method, bool enabled, string ReturnUrl)
{
ViewData["Controller"] = "Account";
ViewData["Action"] = nameof(SetupLoginMethod);
var user = await GetCurrentUserAsync();
var result = await _auth.UpdateLoginMethodAllowed(user.UserId.Value, method, enabled, _auth.GetMethodDefault(method));
switch (result.Result)
{
case UpdateLoginMethodResult.ResultType.NoError:
if (enabled)
{
return(RedirectToAction(nameof(SetupLoginMethod), new { method }));
}
else
{
return(RedirectToAction(nameof(Index)));
}
case UpdateLoginMethodResult.ResultType.NotAllowed:
ModelState.AddModelError(nameof(enabled), $"{method.GetDisplayName()} cannot be changed");
break;
case UpdateLoginMethodResult.ResultType.MinimumOneAllowedLoginMethod:
ModelState.AddModelError(nameof(enabled), $"Cannot remove {method.GetDisplayName()}, must have at least one login method");
break;
}
if (string.IsNullOrWhiteSpace(ReturnUrl))
{
return(RedirectToAction(nameof(SetupLoginMethod), new { method }));
}
else
{
return(Redirect(ReturnUrl));
}
// return View(nameof(SetupLoginMethod), new SetupLoginMethodViewModel()
// {
// MyProfile = user,
// Allowed = await _auth.LoginMethodAllowed(user.Id, method, _auth.GetMethodDefault(method)),
// AllowedByDefault = _auth.GetMethodDefault(method),
// Method = method,
// ReturnUrl = ReturnUrl,
// });
}
public async Task <IActionResult> SetupLoginMethod(UserLoginMethod method, string ReturnUrl)
{
ViewData["Controller"] = "Account";
ViewData["Action"] = nameof(SetupLoginMethod);
var user = await GetCurrentUserAsync();
var allowed = await _auth.LoginMethodAllowed(user.UserId.Value, method, _auth.GetMethodDefault(method));
var model = new SetupLoginMethodViewModel()
{
MyProfile = user,
Allowed = allowed,
AllowedByDefault = _auth.GetMethodDefault(method),
Method = method,
ReturnUrl = ReturnUrl,
};
if (allowed)
{
switch (method)
{
case UserLoginMethod.EmailPassword:
model.LoginModel = new ChangePasswordViewModel();
break;
case UserLoginMethod.RecoveryKey:
model.LoginModel = new SetupRecoveryViewModel()
{
RecoveryKeys = await _auth.GetRecoveryKeys(user.UserId.Value)
};
break;
default: return(Redirect("/Error/404"));
}
}
// var secretKey = new byte[] { };
// var hotp = new Hotp(secretKey, mode: OtpHashMode.Sha512);
// hotp.VerifyHotp();
return(View(model));
}
public async Task <UpdateLoginMethodResult> UpdateLoginMethodAllowed(int userId, UserLoginMethod method, bool value, bool defaultValue)
{
var result = new UpdateLoginMethodResult()
{
Result = UpdateLoginMethodResult.ResultType.NoError
};
var methods = await GetOverriddenLoginMethodsForUser(userId);
var methodsAllowed = methods.Where(m => m.Enabled).Select(m => m.Method).ToHashSet();
var methodsRemoved = methods.Where(m => !m.Enabled).Select(m => m.Method).ToHashSet();
var allowedMethodCountAfter = 0;
foreach (var m in Enum.GetValues(typeof(UserLoginMethod)).Cast <UserLoginMethod>())
{
if (m != method)
{
if (methodsAllowed.Contains(m))
{
allowedMethodCountAfter++;
}
else if (methodsRemoved.Contains(m))
{
allowedMethodCountAfter--;
}
else if (GetMethodDefault(m))
{
allowedMethodCountAfter++;
}
}
else if (value)
{
allowedMethodCountAfter++;
}
}
if (allowedMethodCountAfter < 1)
{
result.Result = UpdateLoginMethodResult.ResultType.MinimumOneAllowedLoginMethod;
return(result);
}
var exists = methods.FirstOrDefault(m => m.Method == method);
if (exists != null)
{
if (value == defaultValue)
{
_db.UserLoginMethods.Remove(exists);
}
else if (exists.Enabled != value)
{
exists.Enabled = value;
}
else
{
return(result);
}
}
else
{
if (value != defaultValue)
{
_db.UserLoginMethods.Add(new UserLoginMethodModel()
{
Enabled = value,
Method = method,
UserId = userId,
WhenCreated = DateTime.UtcNow,
});
}
else
{
return(result);
}
}
await _db.SaveChangesAsync();
return(result);
}
public async Task <bool> LoginMethodAllowed(int userId, UserLoginMethod method, bool defaultValue)
{
var exists = await _db.UserLoginMethods.FirstOrDefaultAsync(ulm => ulm.Enabled && ulm.Method == method && ulm.UserId == userId);
return(exists?.Enabled ?? defaultValue);
}
