private void Validate(ModelStateDictionary modelstate, CreateTwoFactorModel model, IdentityUser user)
{
if (model.Type == TwoFactorType.EmailCode)
{
if (string.IsNullOrEmpty(model.DataEmail))
{
modelstate.AddModelError("DataEmail", Resources.TwoFactor.ErrorMessageEmailRequired);
}
if (model.DataEmail.Equals(user.Email, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelError("DataEmail", Resources.TwoFactor.ErrorMessageEmailNotAllowed);
}
if (!ValidationExtensions.IsValidEmailAddress(model.DataEmail))
{
modelstate.AddModelError("DataEmail", string.Format(Resources.TwoFactor.ErrorMessageInvalidEmail, model.DataEmail));
}
}
else if (model.Type == TwoFactorType.OtpCode)
{
if (string.IsNullOrEmpty(model.OtpData))
{
modelstate.AddModelError("", Resources.TwoFactor.ErrorMessageOtpUnknown);
}
}
else if (model.Type == TwoFactorType.PinCode)
{
if (model.DataPin.Length < 4 || model.DataPin.Length > 8)
{
modelstate.AddModelError("DataPin", Resources.TwoFactor.ErrorMessagePinValidation);
}
}
}
public async Task <ActionResult> Create(CreateTwoFactorModel model)
{
var user = UserManager.FindById(User.Identity.GetId());
if (user == null)
{
return(Unauthorized());
}
Validate(ModelState, model, user);
if (!ModelState.IsValid)
{
return(View("Create", model));
}
// If twofactor exists something is dodgy, return unauthorised
if (user.TwoFactorType != TwoFactorType.None)
{
return(RedirectToAction("Index", "AccountSettings"));
}
SetTwoFactorValues(model, user);
await UserManager.UpdateAsync(user);
return(RedirectToAction("Index", "AccountSettings"));
}
private void SetTwoFactorValues(TwoFactorComponent componentType, CreateTwoFactorModel model, UserTwoFactor entity)
{
entity.ClearData();
entity.Type = model.Type;
entity.Component = componentType;
entity.IsEnabled = true;
if (model.Type == TwoFactorType.EmailCode)
{
entity.Data = model.DataEmail;
}
else if (model.Type == TwoFactorType.PinCode)
{
entity.Data = model.DataPin;
}
else if (model.Type == TwoFactorType.GoogleCode)
{
entity.Data = model.GoogleData.PrivateKey;
entity.Data2 = model.GoogleData.PublicKey;
}
else if (model.Type == TwoFactorType.Question)
{
entity.Data = model.DataQuestion1;
entity.Data2 = model.DataAnswer1;
entity.Data3 = model.DataQuestion2;
entity.Data4 = model.DataAnswer2;
}
}
public async Task <ActionResult> Create(CreateTwoFactorModel model)
{
if (!model.IsValid(ModelState))
{
return(View("Create", model));
}
var user = UserManager.FindById(User.Id());
if (user == null)
{
return(Unauthorized());
}
// If twofactor exists something is dodgy, return unauthorised
var twofactor = user.TwoFactor.FirstOrDefault(x => x.Component == model.ComponentType);
if (twofactor != null && twofactor.Type != TwoFactorType.None)
{
return(RedirectToRoute("Security"));
}
// If no TFA exists, create and redirect to TFA view partial
if (twofactor == null)
{
user.TwoFactor.Add(new UserTwoFactor
{
Type = model.Type,
Component = model.ComponentType,
Data = model.Data,
Data2 = model.GoogleData.PublicKey,
Created = DateTime.UtcNow,
Updated = DateTime.UtcNow,
IsEnabled = true
});
await UserManager.UpdateAsync(user);
return(RedirectToRoute("Security"));
}
twofactor.ClearData();
twofactor.Type = model.Type;
twofactor.Data = model.Data;
twofactor.Data2 = model.GoogleData.PublicKey;
twofactor.Updated = DateTime.UtcNow;
await UserManager.UpdateAsync(user);
return(RedirectToRoute("Security"));
}
private void SetTwoFactorValues(CreateTwoFactorModel model, IdentityUser entity)
{
entity.TwoFactorType = model.Type;
if (model.Type == TwoFactorType.EmailCode)
{
entity.TwoFactorPublicKey = model.DataEmail;
}
else if (model.Type == TwoFactorType.PinCode)
{
entity.TwoFactorPublicKey = model.DataPin;
}
else if (model.Type == TwoFactorType.OtpCode)
{
entity.TwoFactorPublicKey = model.OtpData;
}
}
public async Task <ActionResult> Create(CreateTwoFactorModel model)
{
await Validate(ModelState, model);
if (!ModelState.IsValid)
{
return(View("Create", model));
}
var user = UserManager.FindById(User.Identity.GetUserId());
if (user == null)
{
return(Unauthorized());
}
// If twofactor exists something is dodgy, return unauthorised
var userTwoFactor = user.TwoFactor.ToList();
var twofactor = userTwoFactor.FirstOrDefault(x => x.Component == model.ComponentType);
if (twofactor != null && twofactor.Type != TwoFactorType.None)
{
return(RedirectToRoute("Security"));
}
if (model.Type == TwoFactorType.GoogleCode)
{
var existing = user.TwoFactor.FirstOrDefault(x => x.Type == TwoFactorType.GoogleCode);
if (existing != null)
{
model.GoogleData.PrivateKey = existing.Data;
model.GoogleData.PublicKey = existing.Data2;
}
}
if (model.Type == TwoFactorType.CryptopiaCode)
{
var existing = user.TwoFactor.FirstOrDefault(x => x.Type == TwoFactorType.CryptopiaCode);
if (existing == null)
{
using (var context = new ApplicationDbContext())
{
if (!await context.TwoFactorCode.AnyAsync(x => x.UserId == user.Id && x.SerialNumber == model.CryptopiaSerial))
{
ModelState.AddModelError("", Resources.Authorization.twoFactorCryptopiaNoDeviceError);
return(View("Create", model));
}
}
}
}
if (model.ApplyToAllEmpty)
{
foreach (TwoFactorComponent twoFactorComponent in Enum.GetValues(typeof(TwoFactorComponent)))
{
var existing = userTwoFactor.FirstOrDefault(x => x.Component == twoFactorComponent);
if (existing != null && existing.Type != TwoFactorType.None)
{
continue;
}
if (existing == null)
{
existing = new UserTwoFactor();
SetTwoFactorValues(twoFactorComponent, model, existing);
user.TwoFactor.Add(existing);
continue;
}
SetTwoFactorValues(twoFactorComponent, model, existing);
}
await UserManager.UpdateAsync(user);
return(RedirectToRoute("Security"));
}
// If no TFA exists, create and redirect to TFA view partial
if (twofactor == null)
{
twofactor = new UserTwoFactor();
SetTwoFactorValues(model.ComponentType, model, twofactor);
user.TwoFactor.Add(twofactor);
await UserManager.UpdateAsync(user);
return(RedirectToRoute("Security"));
}
SetTwoFactorValues(twofactor.Component, model, twofactor);
await UserManager.UpdateAsync(user);
return(RedirectToRoute("Security"));
}
private async Task Validate(ModelStateDictionary modelstate, CreateTwoFactorModel model)
{
if (model.Type == TwoFactorType.EmailCode)
{
if (string.IsNullOrEmpty(model.DataEmail))
{
modelstate.AddModelError("DataEmail", Resources.Authorization.twoFactorCreateEmailRequiredError);
}
if (!ValidationHelpers.IsValidEmailAddress(model.DataEmail))
{
modelstate.AddModelError("DataEmail", Resources.Authorization.twoFactorCreateEmailInvalidError);
}
}
else if (model.Type == TwoFactorType.GoogleCode)
{
if (!model.GoogleData.IsValid)
{
modelstate.AddModelError("", Resources.Authorization.twoFactorCreateGoogleApiError);
}
}
else if (model.Type == TwoFactorType.PinCode)
{
if (model.DataPin.Length < 4 || model.DataPin.Length > 8)
{
modelstate.AddModelError("DataPin", Cryptopia.Resources.Authorization.twoFactorDataPinPatternError);
}
}
else if (model.Type == TwoFactorType.CryptopiaCode)
{
using (var context = new ApplicationDbContext())
{
var userId = User.Identity.GetUserId();
var userTwofactor = await context.TwoFactorCode.FirstOrDefaultAsync(x => x.UserId == userId);
if (userTwofactor == null)
{
modelstate.AddModelError("", Resources.Authorization.twoFactorCreateCryptopiaNoDeviceError);
}
}
}
else if (model.Type == TwoFactorType.Question)
{
if (string.IsNullOrEmpty(model.DataQuestion1))
{
modelstate.AddModelError("DataQuestion1", Resources.Authorization.twoFactorCreateQuestionRequiredError);
}
if (string.IsNullOrEmpty(model.DataQuestion2))
{
modelstate.AddModelError("DataQuestion2", Resources.Authorization.twoFactorCreateQuestionRequiredError);
}
if (string.IsNullOrEmpty(model.DataAnswer1))
{
modelstate.AddModelError("DataAnswer1", Resources.Authorization.twoFactorCreateAnswerRequiredError);
}
if (string.IsNullOrEmpty(model.DataAnswer2))
{
modelstate.AddModelError("DataAnswer2", Resources.Authorization.twoFactorCreateAnswerRequiredError);
}
}
}