public async Task <TwoFactorDuoResponseModel> GetOrganizationDuo(string id, [FromBody] TwoFactorRequestModel model) { var user = await CheckAsync(model.MasterPasswordHash, false); var orgIdGuid = new Guid(id); if (!_currentContext.ManagePolicies(orgIdGuid)) { throw new NotFoundException(); } var organization = await _organizationRepository.GetByIdAsync(orgIdGuid); if (organization == null) { throw new NotFoundException(); } var response = new TwoFactorDuoResponseModel(organization); return(response); }
public async Task <TwoFactorResponseModel> SendTwoFactorAsync(TwoFactorRequestModel model) { var twoFactorResponse = new TwoFactorResponseModel(); var result = new TwoFactorCodeModel(); try { var protectorProvider = _provider.GetService <IDataProtectionProvider>(); var userIdFromHeader = _httpContextAccessor.HttpContext.Request.Headers["user_id"]; var twoFactorToken = model.TwoFactorToken; // If two factor token is null we dont want to further execute this method if (!string.IsNullOrEmpty(twoFactorToken) && !string.IsNullOrEmpty(userIdFromHeader)) { var userId = DecryptData(userIdFromHeader, _dataProtectionKeys.ApplicationUserKey).ToString(); // First find user with that Id id two-factor Table // If user was found, check if the token is valid or expired var userResult = await _db.TwoFactorCodes.Where(x => x.UserId == userId && x.CodeExpired == false && x.CodeIsUsed == false && x.ExpiryDate > DateTime.UtcNow).FirstOrDefaultAsync(); if (userResult != null) { // Decrypted Two-Factor-Token from request var protector = protectorProvider.CreateProtector(userResult.EncryptionKey2Fa); var decryptedTwoFactorToken = protector.Unprotect(twoFactorToken); // Get the Application User var appUser = await _userManager.FindByIdAsync(userId); // If both the values match request vs DB if (userResult.Token != null && decryptedTwoFactorToken != null && userResult.Token == decryptedTwoFactorToken) { // check in current request if they want to remember userResult.RememberDevice = model.RememberDevice; await using var dbContextTransaction = await _db.Database.BeginTransactionAsync(); _db.Entry(userResult).State = EntityState.Modified; await _db.SaveChangesAsync(); await dbContextTransaction.CommitAsync(); twoFactorResponse.IsValid = true; twoFactorResponse.Email = appUser.Email; twoFactorResponse.Code = userResult.TwoFactorCode; twoFactorResponse.RememberDevice = userResult.RememberDevice; twoFactorResponse.ResponseMessage = new ResponseStatusInfoModel { Message = "Authentication Success", StatusCode = HttpStatusCode.OK }; protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey); var protectedUserId = protector.Protect(userId); _cookieSvc.SetCookie("user_id", protectedUserId, Convert.ToInt32(userResult.ExpiryDate.Subtract(DateTime.UtcNow).TotalMinutes)); return(twoFactorResponse); } } } twoFactorResponse.IsValid = false; twoFactorResponse.Email = string.Empty; twoFactorResponse.Code = string.Empty; twoFactorResponse.RememberDevice = false; twoFactorResponse.ResponseMessage = new ResponseStatusInfoModel { Message = "Authentication Failed", StatusCode = HttpStatusCode.Unauthorized }; } catch (Exception ex) { Log.Error("An error occurred at ValidateTwoFactorAsync {Error} {StackTrace} {InnerException} {Source}", ex.Message, ex.StackTrace, ex.InnerException, ex.Source); } return(twoFactorResponse); }