public IActionResult Index()
{
if (!HttpContext.Session.IsAvailable)
{
return(View("Index"));
}
var loggedInUser = GetLoggedInUser();
if (loggedInUser != null)
{
var authenticated = IsAuthenticated();
if (authenticated)
{
return(RedirectToAction("Index", "Home"));
}
var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(loggedInUser.Id) && DateTime.UtcNow < x.ExpiryUtc);
if (firstToken == null)
{
var token = SmsAuthHelper.RequestToken(loggedInUser.PhoneNumber).GetAwaiter().GetResult();
var smsToken = new Token
{
TokenString = token,
ExpiryUtc = DateTime.UtcNow.AddMinutes(5),
UserId = loggedInUser.Id,
User = loggedInUser
};
_db.Tokens.Add(smsToken);
_db.SaveChanges();
}
return(View("Auth"));
}
return(View());
}
public async Task <IActionResult> Auth()
{
if (!HttpContext.Session.IsAvailable)
{
return(View("Index"));
}
var loggedInUser = GetLoggedInUser();
var authenticated = IsAuthenticated();
if (loggedInUser == null)
{
return(View("Index"));
}
if (loggedInUser.AccessBlocked)
{
if (DateTime.UtcNow < loggedInUser.AccessBlockedUntilUtc)
{
return(View("Blocked", loggedInUser.AccessBlockedUntilUtc.Value));
}
loggedInUser.AccessBlocked = false;
loggedInUser.AccessBlockedUntilUtc = null;
_db.Users.Update(loggedInUser).State = EntityState.Modified;
_db.SaveChanges();
}
if (authenticated)
{
return(RedirectToAction("Index", "Dashboard"));
}
var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(loggedInUser.Id) && DateTime.UtcNow < x.ExpiryUtc);
if (firstToken == null)
{
var token = await SmsAuthHelper.RequestToken(loggedInUser.PhoneNumber);
var smsToken = new Token
{
TokenString = token,
ExpiryUtc = DateTime.UtcNow.AddMinutes(5),
UserId = loggedInUser.Id,
User = loggedInUser
};
_db.Tokens.Add(smsToken);
_db.SaveChanges();
}
return(View());
}
public IActionResult Index(string username, string password)
{
if (!HttpContext.Session.IsAvailable)
{
return(View("Index"));
}
var loggedInUser = GetLoggedInUser();
if (loggedInUser != null)
{
if (loggedInUser.AccessBlocked)
{
if (DateTime.UtcNow < loggedInUser.AccessBlockedUntilUtc)
{
return(View("Blocked", loggedInUser.AccessBlockedUntilUtc.Value));
}
loggedInUser.AccessBlocked = false;
loggedInUser.AccessBlockedUntilUtc = null;
_db.Users.Update(loggedInUser).State = EntityState.Modified;
_db.SaveChanges();
}
var authenticated = IsAuthenticated();
if (authenticated)
{
return(RedirectToAction("Index", "Home"));
}
var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(loggedInUser.Id) && DateTime.UtcNow < x.ExpiryUtc);
if (firstToken == null)
{
var token = SmsAuthHelper.RequestToken(loggedInUser.PhoneNumber).GetAwaiter().GetResult();
var smsToken = new Token
{
TokenString = token,
ExpiryUtc = DateTime.UtcNow.AddMinutes(5),
UserId = loggedInUser.Id,
User = loggedInUser
};
_db.Tokens.Add(smsToken);
_db.SaveChanges();
}
return(View("Auth"));
}
else
{
var user = _db.Users.SingleOrDefault(x => x.Username.Equals(username));
if (user == null)
{
return(View());
}
if (user.AccessBlocked)
{
if (DateTime.UtcNow < user.AccessBlockedUntilUtc)
{
return(View("Blocked", user.AccessBlockedUntilUtc.Value));
}
user.AccessBlocked = false;
user.AccessBlockedUntilUtc = null;
_db.Users.Update(user).State = EntityState.Modified;
_db.SaveChanges();
}
var validPass = CryptoHelper.VerifyHash(password, user.Password);
if (!validPass)
{
var tries = HttpContext.Session.GetInt32("LoginFails") ?? 0;
tries++;
if (tries >= 3)
{
user.AccessBlocked = true;
user.AccessBlockedUntilUtc = DateTime.UtcNow.AddMinutes(5);
_db.Users.Update(user).State = EntityState.Modified;
_db.SaveChanges();
HttpContext.Session.SetInt32("LoginFails", 0);
HttpContext.Session.CommitAsync();
return(View("Blocked", user.AccessBlockedUntilUtc.Value));
}
HttpContext.Session.SetInt32("LoginFails", tries);
HttpContext.Session.CommitAsync();
return(View());
}
HttpContext.Session.SetString("LoggedInUser", user.Id.ToString());
HttpContext.Session.CommitAsync();
var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(user.Id));
if (firstToken == null)
{
var token = SmsAuthHelper.RequestToken(user.PhoneNumber).GetAwaiter().GetResult();
var smsToken = new Token
{
TokenString = token,
ExpiryUtc = DateTime.UtcNow.AddMinutes(5),
UserId = user.Id,
User = user
};
_db.Tokens.Add(smsToken);
_db.SaveChanges();
}
return(View("Auth"));
}
}
