public IHttpActionResult ValidateMicrosoftOTP(User user)
{
User getuser =
UserContext.users.Where(x => x.Email == user.Email).Where(x => x.Password == user.Password).FirstOrDefault();
if (getuser != null && getuser.TwoFactorConfig == true)
{
IList <string> otps = TimeSensitivePassCode.GetListOfOTPs(getuser.PresharedKey);
if (user.OTP == Convert.ToInt32(otps[0]) || user.OTP == Convert.ToInt32(otps[1]))
{
return(Ok("Valid User"));
}
return(NotFound());
}
return(NotFound());
}
public static bool HasValidTotp(this HttpRequestMessage request, string key)
{
if (request.Headers.Contains(OTP_HEADER))
{
string otp = request.Headers.GetValues(OTP_HEADER).First();
// We need to check the passcode against the past, current, and future passcodes
if (!string.IsNullOrWhiteSpace(otp))
{
if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp)))
{
return(true);
}
}
}
return(false);
}
public static bool HasValidTotp(this HttpRequestMessage request, string key)
{
//guarda se l'header contiene l'X-OTP ossia il codice di google a 6 cifre
if (request.Headers.Contains(OTP_HEADER))
{
string otp = request.Headers.GetValues(OTP_HEADER).First();
// We need to check the passcode against the past, current, and future passcodes
if (!string.IsNullOrWhiteSpace(otp))
{
//qui verifica se il codice inserito è uno dei tre generati in base alla chiave applicativa univoca per l'utente corrente
if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp)))
{
return(true);
}
}
}
return(false);
}
public static bool HasValidTotp(this Microsoft.AspNetCore.Http.HttpRequest request, string key)
{
//request.Headers.ContainsKey()
//if (request.Headers.Contains(OTP_HEADER))
//{
// string otp = request.Headers.GetValues(OTP_HEADER).First();
// // We need to check the passcode against the past, current, and future passcodes
// if (!string.IsNullOrWhiteSpace(otp))
// {
// if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp)))
// {
// return true;
// }
// }
//}
//return false;
if (request.Headers.ContainsKey(OTP_HEADER))
{
var otp = new StringValues();
request.Headers.TryGetValue(OTP_HEADER, out otp);
//string otp = request.Headers.GetValues(OTP_HEADER).First();
// We need to check the passcode against the past, current, and future passcodes
if (!string.IsNullOrWhiteSpace(otp))
{
if (TimeSensitivePassCode.GetListOfOTPs(key).Any(t => t.Equals(otp)))
{
return(true);
}
}
}
return(false);
}
private int GenerateOTP(string presharedKey)
{
IList <string> otps = TimeSensitivePassCode.GetListOfOTPs(presharedKey);
return(Convert.ToInt32(otps[1]));
}