/// <summary> /// Gets bytes to encode by file. FL = 4 bytes, FNL = 4 bytes, FN = computed, Payload = computed /// </summary> /// <param name="filePath"></param> /// <returns></returns> private byte[] GetSecretBytesToEmbed(SecretFile file) { byte[] fileLength = BitConverter.GetBytes(file.Payload.Length);//4 bytes byte[] fileName = Encoding.UTF8.GetBytes(file.FileName); byte[] fileNameLength = BitConverter.GetBytes(fileName.Length);//length of file name (in bytes) is stored in 4 byte byte[] resultBytes = new byte[4 + 4 + fileName.Length + file.Payload.Length]; Buffer.BlockCopy(fileLength, 0, resultBytes, 0, fileLength.Length); Buffer.BlockCopy(fileNameLength, 0, resultBytes, fileLength.Length, fileNameLength.Length); Buffer.BlockCopy(fileName, 0, resultBytes, fileLength.Length + fileNameLength.Length, fileName.Length); Buffer.BlockCopy(file.Payload, 0, resultBytes, fileLength.Length + fileNameLength.Length + fileName.Length, file.Payload.Length); return(resultBytes); }
public async Task <IActionResult> OnPostAsync() { string verboseError = "Invalid username or file! Please also check you have file authentication enabled!"; if (!(ModelState.IsValid)) { return(Page()); } LodgerUser = await _userManager.FindByNameAsync(UserName); if (LodgerUser == null) { ModelState.AddModelError("Error!", verboseError); return(Page()); } if (LodgerUser.AccessFailedCount >= 3) { LodgerUser.AccessFailedCount = 0; LodgerUser.LockoutEnd = DateTime.Now.Add(new TimeSpan(0, 15, 0)); } string SecretFileHashString = ""; using (var ms = new MemoryStream()) { SecretFile.CopyTo(ms); byte[] SecretFileBytes = ms.ToArray(); byte[] SecretFileHashBytes = SHA512.Create().ComputeHash(SecretFileBytes); SecretFileHashString = Encoding.UTF8.GetString(SecretFileHashBytes); }; if (LodgerUser.secretFileVerificationHash != SecretFileHashString) { ModelState.AddModelError("Error!", verboseError); LodgerUser.AccessFailedCount += 1; return(Page()); } if (LodgerUser.LockoutEnd != null) { ModelState.AddModelError(string.Empty, "Sorry! Account locked out!"); return(Page()); } if (LodgerUser.RequireAdditionalVerification) { userAlertMessage = "Please log in to your registered email to verify your new IP Address"; return(RedirectToPage("/Index", new { area = "" })); } if (LodgerUser.IPAddress != Request.HttpContext.Connection.RemoteIpAddress.MapToIPv4().ToString()) { LodgerUser.RequireAdditionalVerification = true; LodgerUser.AdditionalVerificationSecret = Guid.NewGuid().ToString(); var callbackUrl = Url.Page( "/VerifyIdentity/Index", pageHandler: null, values: new { userId = LodgerUser.Id, code = LodgerUser.AdditionalVerificationSecret }, protocol: Request.Scheme); await _emailSender.SendEmailAsync(LodgerUser.Email, "Verify your Identity", $"<div style=width: 70%; margin: 0 auto;'><p><img style='display: block; margin-left: auto; margin-right: auto;' src='https://image.ibb.co/dyXbEy/test.png' alt='Infinite Lodging' width='198' height='94' /></p><h3 style='text-align: center;'>For security reasons, please verify your identity.</h3><p style='text-align: center;'><a href='{callbackUrl}'><img src='https://image.ibb.co/htz0EJ/airplane.png' alt='Verify your Identity' /></a></p><p style='text-align: center;'> </p><span style='color: #808080; font-size: small;'><em>This message was sent to {LodgerUser.Email}. You are receiving this because you're a ∞Lodging member, or you've signed up to receive email from us. Manage your preferences or unsubscribe. </em></span></div>" ); userAlertMessage = "We've detected that you are logging in from a new IP Address, confirm your identity using your registered email!"; await _context.SaveChangesAsync(); return(RedirectToPage("/Index", new { area = "" })); } await _signInManager.SignInAsync(LodgerUser, false); return(RedirectToPage("/Index", new { area = "" })); }