public object Initialize(string releaseAddress)
{
var privateKey = new Key();
var publicKey = privateKey.PubKey.GetAddress(Network.Main);
//TODO : store escrow in database private key, public key and entrypoint
return(new InitializeModel()
{
EntryPoint = SecurityUsing.CreateCryptographicallySecureGuid(),
PublicKey = publicKey.ToString(),
ReleaseAddress = null
});
}
public async Task <IActionResult> Register(LoginSystem loginSystem)
{
loginSystem.Step = "register";
if (ModelState.IsValid)
{
try
{
var securityToken = SecurityUsing.CreateCryptographicallySecureGuid().ToString();
// Chiffrement du token (avec la passphrase du site et le mot de passe utilisateur)
var firstCrypt = SecurityUsing.BytesToHex(Aes.Encrypt(_globalSettings.Value.AesPassphrase, securityToken));
var secondCrypt = SecurityUsing.BytesToHex(Aes.Encrypt(loginSystem.RegisterModel.Password, firstCrypt));
await _vaultClient.V1.Secrets.KeyValue.V2.WriteSecretAsync($"safeblock/io/tokens/{SecurityUsing.Sha1(loginSystem.RegisterModel.Mail)}", new Dictionary <string, object>
{
{ "token", secondCrypt },
{ "timestamp", DateTimeOffset.Now.ToUnixTimeSeconds() }
});
var newUser = new ApplicationUser()
{
UserName = loginSystem.RegisterModel.Mail.ToLower(),
Email = loginSystem.RegisterModel.Mail.ToLower(),
Token = securityToken,
AccountType = "User",
RegisterDate = DateTime.Now,
HasUsingTor = SecurityUsing.IsTorVisitor(HttpContext.Connection.RemoteIpAddress.ToString()),
RegisterIp = HttpContext.Connection.RemoteIpAddress.ToString(),
RegisterContext = JsonConvert.SerializeObject(HttpContext.Request.Headers, Formatting.Indented),
IsAllowed = true,
TwoFactorPolicy = "None"
};
var creationResult = await _userManager.CreateAsync(newUser, securityToken);
if (creationResult.Succeeded)
{
if (!_env.IsDevelopment())
{
var code = await _userManager.GenerateEmailConfirmationTokenAsync(newUser);
var callbackUrl = Url.Page(
"/account/activate/",
pageHandler: null,
values: new { userId = newUser.Id, code },
protocol: Request.Scheme);
await MailUsing.SendConfirmationEmail(loginSystem.RegisterModel.Mail, callbackUrl, @"F:\SafeBlock.io\Backup\unx\SafeBlock.io\robots.txt");
}
await _signInManager.SignInAsync(newUser, loginSystem.LoginModel.KeepSession);
return(RedirectToAction("Index", "Dashboard", new { firstLogin = true }));
}
foreach (var resultError in creationResult.Errors)
{
ModelState.AddModelError(string.Empty, resultError.Description);
}
}
catch (Exception e)
{
ViewBag.CreationError = true;
ViewBag.Exception = e.Message;
}
}
return(View("GettingStarted", loginSystem));
}
public async Task <IActionResult> Login(LoginSystem loginSystem)
{
loginSystem.Step = "login";
if (ModelState.IsValid)
{
var getUser = await _userManager.FindByEmailAsync(loginSystem.LoginModel.Mail);
//ModelState.AddModelError("LoginModel.Mail", "This account does not exists.");
try
{
var fullyCryptedToken = await _vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync($"safeblock/io/tokens/{SecurityUsing.Sha1(loginSystem.LoginModel.Mail)}");
var halfCryptedToken = Aes.Decrypt(loginSystem.LoginModel.Password, SecurityUsing.HexToBytes(fullyCryptedToken.Data.Data["token"].ToString()));
var token = Aes.Decrypt(_globalSettings.Value.AesPassphrase, SecurityUsing.HexToBytes(halfCryptedToken));
if (getUser.Token.Equals(token))
{
var loginResult = await _signInManager.PasswordSignInAsync(getUser, token, loginSystem.LoginModel.KeepSession, true);
if (loginResult.Succeeded)
{
return(RedirectToAction("Index", "Dashboard"));
}
if (loginResult.RequiresTwoFactor)
{
//TODO: redirect to 2FA
}
if (loginResult.IsLockedOut)
{
//TODO: redirect to lockout
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
}
}
else
{
ModelState.AddModelError("LoginModel.Mail", "Invalid login attempt.");
}
}
catch (Exception e)
{
getUser.AccessFailedCount++;
await _userManager.UpdateAsync(getUser);
ModelState.AddModelError("LoginModel.Mail", "Unable to decrypt your account.");
}
}
return(View("GettingStarted", loginSystem));
}
