/// <summary>
/// Handles the click event of the btnGenerate control
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnGenerate_Click(object sender, EventArgs e)
{
if (!Page.IsValid)
{
return;
}
pnlPhoneNumber.Visible = false;
var smsAuthentication = new SMSAuthentication();
var success = smsAuthentication.SendSMSAuthentication(GetPhoneNumber());
if (success)
{
pnlCode.Visible = true;
}
else
{
lbResolve.Text = GetAttributeValue("ResolveMessage");
pnlResolve.Visible = true;
if (!string.IsNullOrWhiteSpace(GetAttributeValue("ResolveNumberPage")))
{
btnResolve.Visible = true;
}
}
}
/// <summary>
/// Handles the Click event for the btnLogin control
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
nbError.Visible = false;
if (Page.IsValid)
{
RockContext rockContext = new RockContext();
var smsAuthentication = new SMSAuthentication();
string error;
var person = smsAuthentication.GetNumberOwner(GetPhoneNumber(), rockContext, out error);
if (person == null)
{
nbError.Text = error;
nbError.Visible = true;
return;
}
var userLoginService = new UserLoginService(rockContext);
var userLogin = userLoginService.GetByUserName("SMS_" + person.Id.ToString());
if (userLogin != null && userLogin.EntityType != null)
{
if (smsAuthentication.Authenticate(userLogin, tbCode.Text))
{
CheckUser(userLogin, Request.QueryString["returnurl"], true);
return;
}
}
}
nbError.Text = "Sorry, the code you entered did not match the code we generated.";
nbError.Visible = true;
}
public static LoggedUser Authenticate2FA(string token, string id)
{
SMSAuthentication auth = new SMSAuthentication()
{
id = id,
token = token
};
return(Authenticate2FA(auth));
}
private System.Threading.Tasks.Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (!string.IsNullOrEmpty(context.UserName) && !string.IsNullOrEmpty(context.Password))
{
var rockContext = new RockContext();
var userLoginService = new UserLoginService(rockContext);
//Older Avalanche Clients use __PHONENUMBER__+1 prefix vs the newer SMS_ prefix
//This makes sure we are using the new ROCK external sms authentication
var userName = context.UserName.Replace("__PHONENUMBER__+1", "SMS_");
//SMS login does not use the phone number as the username.
//Instead we need to change it to use the person's id.
if (userName.StartsWith("SMS_"))
{
string error;
var smsAuthentication = new SMSAuthentication();
var person = smsAuthentication.GetNumberOwner(userName.Split('_').Last(), rockContext, out error);
if (person != null)
{
userName = string.Format("SMS_{0}", person.Id);
}
//If we cannot find a person, do nothing and just pass through the existing username
}
var userLogin = userLoginService.GetByUserName(userName);
if (userLogin != null && userLogin.EntityType != null)
{
var component = AuthenticationContainer.GetComponent(userLogin.EntityType.Name);
if (component != null && component.IsActive &&
(!component.RequiresRemoteAuthentication || component.TypeName == "Rock.Security.ExternalAuthentication.SMSAuthentication"))
{
if (component.Authenticate(userLogin, context.Password))
{
if ((userLogin.IsConfirmed ?? true) && !(userLogin.IsLockedOut ?? false))
{
OAuthContext oAuthContext = new OAuthContext();
ClientScopeService clientScopeService = new ClientScopeService(oAuthContext);
AuthorizationService authorizationService = new AuthorizationService(oAuthContext);
ClientService clientService = new ClientService(oAuthContext);
var scopes = (context.Scope.FirstOrDefault() ?? "").Split(',');
bool scopesApproved = false;
Client OAuthClient = clientService.GetByApiKey(context.ClientId.AsGuid());
string[] authorizedScopes = authorizationService.Queryable().Where(a => a.Client.Id == OAuthClient.Id && a.UserLogin.UserName == userName && a.Active == true).Select(a => a.Scope.Identifier).ToArray <string>();
if (!clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Any() ||
(authorizedScopes != null && scopes.Where(s => !authorizedScopes.Select(a => a.ToLower()).Contains(s.ToLower())).Count() == 0))
{
scopesApproved = true;
}
if (scopesApproved)
{
var identity = new ClaimsIdentity(new GenericIdentity(userName, OAuthDefaults.AuthenticationType));
//only allow claims that have been requested and the client has been authorized for
foreach (var scope in scopes.Where(s => clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(cs => cs.Scope.Identifier.ToLower()).Contains(s.ToLower())))
{
identity.AddClaim(new Claim("urn:oauth:scope", scope));
}
UserLoginService.UpdateLastLogin(userName);
context.Validated(identity);
return(System.Threading.Tasks.Task.FromResult(0));
}
else
{
context.Rejected();
context.SetError("Authentication Error", "All scopes are not authorized for this user.");
}
}
if (!userLogin.IsConfirmed ?? true)
{
context.Rejected();
context.SetError("Authentication Error", "Account email is unconfirmed.");
}
if (userLogin.IsLockedOut ?? false)
{
context.Rejected();
context.SetError("Authentication Error", "Account is locked.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Authentication Configuration.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
return(System.Threading.Tasks.Task.FromResult(0));
}
public static LoggedUser Authenticate2FA(SMSAuthentication auth)
{
var response = new TinderEndpoint.RestMethods(TinderAPI.Authenticate2FA).Post <LoggedUser>(auth);
return(response);
}
