public async Task <TwoFactorDuoResponseModel> GetOrganizationDuo(string id,
[FromBody] TwoFactorRequestModel model)
{
var user = await CheckAsync(model.MasterPasswordHash, false);
var orgIdGuid = new Guid(id);
if (!_currentContext.ManagePolicies(orgIdGuid))
{
throw new NotFoundException();
}
var organization = await _organizationRepository.GetByIdAsync(orgIdGuid);
if (organization == null)
{
throw new NotFoundException();
}
var response = new TwoFactorDuoResponseModel(organization);
return(response);
}
public async Task <TwoFactorResponseModel> SendTwoFactorAsync(TwoFactorRequestModel model)
{
var twoFactorResponse = new TwoFactorResponseModel();
var result = new TwoFactorCodeModel();
try
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var userIdFromHeader = _httpContextAccessor.HttpContext.Request.Headers["user_id"];
var twoFactorToken = model.TwoFactorToken;
// If two factor token is null we dont want to further execute this method
if (!string.IsNullOrEmpty(twoFactorToken) && !string.IsNullOrEmpty(userIdFromHeader))
{
var userId = DecryptData(userIdFromHeader, _dataProtectionKeys.ApplicationUserKey).ToString();
// First find user with that Id id two-factor Table
// If user was found, check if the token is valid or expired
var userResult = await _db.TwoFactorCodes.Where(x =>
x.UserId == userId &&
x.CodeExpired == false &&
x.CodeIsUsed == false &&
x.ExpiryDate > DateTime.UtcNow).FirstOrDefaultAsync();
if (userResult != null)
{
// Decrypted Two-Factor-Token from request
var protector = protectorProvider.CreateProtector(userResult.EncryptionKey2Fa);
var decryptedTwoFactorToken = protector.Unprotect(twoFactorToken);
// Get the Application User
var appUser = await _userManager.FindByIdAsync(userId);
// If both the values match request vs DB
if (userResult.Token != null && decryptedTwoFactorToken != null && userResult.Token == decryptedTwoFactorToken)
{
// check in current request if they want to remember
userResult.RememberDevice = model.RememberDevice;
await using var dbContextTransaction = await _db.Database.BeginTransactionAsync();
_db.Entry(userResult).State = EntityState.Modified;
await _db.SaveChangesAsync();
await dbContextTransaction.CommitAsync();
twoFactorResponse.IsValid = true;
twoFactorResponse.Email = appUser.Email;
twoFactorResponse.Code = userResult.TwoFactorCode;
twoFactorResponse.RememberDevice = userResult.RememberDevice;
twoFactorResponse.ResponseMessage = new ResponseStatusInfoModel
{
Message = "Authentication Success",
StatusCode = HttpStatusCode.OK
};
protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var protectedUserId = protector.Protect(userId);
_cookieSvc.SetCookie("user_id", protectedUserId, Convert.ToInt32(userResult.ExpiryDate.Subtract(DateTime.UtcNow).TotalMinutes));
return(twoFactorResponse);
}
}
}
twoFactorResponse.IsValid = false;
twoFactorResponse.Email = string.Empty;
twoFactorResponse.Code = string.Empty;
twoFactorResponse.RememberDevice = false;
twoFactorResponse.ResponseMessage = new ResponseStatusInfoModel
{
Message = "Authentication Failed",
StatusCode = HttpStatusCode.Unauthorized
};
}
catch (Exception ex)
{
Log.Error("An error occurred at ValidateTwoFactorAsync {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
return(twoFactorResponse);
}
