protected virtual async Task <IActionResult> HandleTwoFactorLoginAsync(OpenIddictRequest request, IdentityUser user)
{
var twoFactorProvider = request.GetParameter("TwoFactorProvider")?.ToString();
var twoFactorCode = request.GetParameter("TwoFactorCode")?.ToString();;
if (!twoFactorProvider.IsNullOrWhiteSpace() && !twoFactorCode.IsNullOrWhiteSpace())
{
var providers = await UserManager.GetValidTwoFactorProvidersAsync(user);
if (providers.Contains(twoFactorProvider) && await UserManager.VerifyTwoFactorTokenAsync(user, twoFactorProvider, twoFactorCode))
{
return(await SetSuccessResultAsync(request, user));
}
Logger.LogInformation("Authentication failed for username: {username}, reason: InvalidAuthenticatorCode", request.Username);
var properties = new AuthenticationProperties(new Dictionary <string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "Invalid authenticator code!"
});
return(Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme));
}
else
{
Logger.LogInformation("Authentication failed for username: {username}, reason: RequiresTwoFactor", request.Username);
var twoFactorToken = await UserManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, nameof(SignInResult.RequiresTwoFactor));
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
{
Identity = OpenIddictSecurityLogIdentityConsts.OpenIddict,
Action = OpenIddictSecurityLogActionConsts.LoginRequiresTwoFactor,
UserName = request.Username,
ClientId = request.ClientId
});
var properties = new AuthenticationProperties(new Dictionary <string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = nameof(SignInResult.RequiresTwoFactor),
["userId"] = user.Id.ToString("N"),
["twoFactorToken"] = twoFactorToken
});
return(Forbid(properties, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme));
}
}
public void PropertySetter_AddsExpectedParameter(string property, string name, OpenIddictParameter value)
{
// Arrange
var request = new OpenIddictRequest();
// Act
typeof(OpenIddictRequest).GetProperty(property) !.SetValue(request, value.Value);
// Assert
Assert.Equal(value, request.GetParameter(name));
}