public async Task <IActionResult> LoginWith2Fa(LoginWith2FaViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var userId = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (userId == null)
{
throw new InvalidOperationException($"Unable to load two-factor authentication user.");
}
var verify2FaToken = new VerifyTwoFactorModel
{
UserId = userId,
Code = model.TwoFactorCode.Replace(" ", string.Empty).Replace("-", string.Empty),
RememberMachine = model.RememberMachine
};
var result = await _accountsEndpoint.VerifyTwoFactorTokenAsync(verify2FaToken);
if (result.Verified)
{
await _signInManager.DoTwoFactorSignInAsync(userId, model.RememberMachine);
_logger.LogInformation("User with ID '{UserId}' logged in with 2fa.", userId);
returnUrl ??= Url.Content("~/");
return(LocalRedirect(returnUrl));
}
_logger.LogWarning("Invalid authenticator code entered for user with ID '{UserId}'.", userId);
ModelState.AddModelError(string.Empty, "Invalid authenticator code.");
return(View(model));
}
public async Task <IActionResult> EnableAuthenticator(EnableAuthenticatorModel model)
{
if (!ModelState.IsValid)
{
model = await LoadEnableAuthenticatorModel(UserId);
HasErrors(model);
return(View(model));
}
var verifyTwoFactorTokenModel = new VerifyTwoFactorTokenModel
{
UserId = UserId,
VerificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty)
};
verifyTwoFactorTokenModel = await _manageEndpoint.VerifyTwoFactorTokenAsync(verifyTwoFactorTokenModel);
if (HasErrors(verifyTwoFactorTokenModel))
{
return(View(model));
}
if (!verifyTwoFactorTokenModel.IsTokenValid)
{
ModelState.AddModelError("Code", "Verification code is invalid.");
model = await LoadEnableAuthenticatorModel(UserId);
HasErrors(model);
return(View(model));
}
await _signInManager.DoTwoFactorSignInAsync(UserId, false);
var setTwoFactorEnabledModel = new SetTwoFactorEnabledModel
{
UserId = UserId,
SetEnabled = true
};
var set2FaEnabled = await _manageEndpoint.SetTwoFactorEnabledAsync(setTwoFactorEnabledModel);
if (HasErrors(set2FaEnabled))
{
_logger.LogError("Failed to enable 2FA with an authenticator app for User with ID '{UserId}'.", set2FaEnabled.UserId);
return(View(model));
}
_logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", set2FaEnabled.UserId);
model.StatusMessage = "Your authenticator app has been verified.";
var recoveryCodeStatus = new RecoveryCodeStatusModel {
UserId = UserId
};
recoveryCodeStatus = await _manageEndpoint.CheckRecoveryCodesStatus(recoveryCodeStatus);
if (HasErrors(model))
{
return(View(model));
}
if (recoveryCodeStatus.IsUpdated)
{
var showRecoveryCodesModel = new ShowRecoveryCodesModel()
{
StatusMessage = model.StatusMessage,
RecoveryCodes = recoveryCodeStatus.RecoveryCodes.ToArray()
};
return(RedirectToAction("ShowRecoveryCodes", showRecoveryCodesModel));
}
return(RedirectToAction("TwoFactorAuthentication"));
}