private string EncryptedUserEmail()
{
TwoStepAuth testObj = new TwoStepAuth();
var encryption = testObj.GetEncryptionDecryption;
string result = encryption.EncryptText("*****@*****.**", ATMConstants.emailEncKey);
return(result);
}
public async Task <ActionResult> SelectTwoStepSetup()
{
EditModel model = new EditModel();
Manager.NeedUser();
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(Manager.UserId);
if (user == null)
{
throw new InternalError("User with id {0} not found", Manager.UserId);
}
using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
string ext = await logInfoDP.GetExternalLoginProviderAsync(Manager.UserId);
if (ext != null)
{
return(View("ShowMessage", this.__ResStr("extUser", "Your account uses a {0} account - Two-step authentication must be set up using your {0} account.", ext), UseAreaViewName: false));
}
}
TwoStepAuth twoStep = new TwoStepAuth();
List <ITwoStepAuth> list = await twoStep.GetTwoStepAuthProcessorsAsync();
List <string> procs = (from p in list select p.Name).ToList();
List <string> enabledTwoStepAuths = (from e in user.EnabledTwoStepAuthentications select e.Name).ToList();
foreach (string proc in procs)
{
ITwoStepAuth auth = await twoStep.GetTwoStepAuthProcessorByNameAsync(proc);
if (auth != null)
{
ModuleAction action = await auth.GetSetupActionAsync();
if (action != null)
{
string status;
if (enabledTwoStepAuths.Contains(auth.Name))
{
status = this.__ResStr("enabled", "(Enabled)");
}
else
{
status = this.__ResStr("notEnabled", "(Not Enabled)");
}
model.AuthMethods.Add(new Controllers.SelectTwoStepSetupModuleController.EditModel.AuthMethod {
Action = action,
Status = status,
Description = auth.GetDescription()
});
}
}
}
model.AuthMethods = (from a in model.AuthMethods orderby a.Action.LinkText select a).ToList();
}
return(View(model));
}
public async Task <List <string> > GetEnabledAndAvailableTwoStepAuthenticationsAsync()
{
TwoStepAuth twoStep = new TwoStepAuth();
List <ITwoStepAuth> list = await twoStep.GetTwoStepAuthProcessorsAsync();
List <string> procs = (from p in list select p.Name).ToList();
List <string> enabledTwoStepAuths = (from e in EnabledTwoStepAuthentications select e.Name).ToList();
procs = procs.Intersect(enabledTwoStepAuths).ToList();
return(procs);
}
/// <summary>
/// Returns an action result to start the two-step authentication process (if any).
/// </summary>
private async Task <ActionResult> TwoStepAuthetication(UserDefinition user)
{
TwoStepAuth twoStep = new TwoStepAuth();
List <string> enabledTwoStepAuthentications = (from e in user.EnabledTwoStepAuthentications select e.Name).ToList();
ModuleAction action = await twoStep.GetLoginActionAsync(enabledTwoStepAuthentications, user.UserId, user.UserName, user.Email);
if (action == null)
{
return(null);
}
return(Redirect(action));
}
public async Task <ActionResult> RecoveryCodes()
{
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(Manager.UserId);
if (user == null)
{
throw new InternalError("User with id {0} not found", Manager.UserId);
}
// Make sure this user is not using an external account
using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
if (await logInfoDP.IsExternalUserAsync(Manager.UserId))
{
return(new EmptyResult());
}
}
// Make sure there are any 2fa processors
TwoStepAuth twoStep = new TwoStepAuth();
List <ITwoStepAuth> list = await twoStep.GetTwoStepAuthProcessorsAsync();
if (list.Count == 0)
{
return(new EmptyResult());
}
// If there is no recovery code, generate one (upgraded system)
if (user.RecoveryCode == null)
{
await GenerateRecoveryCodeAsync(userDP, user);
}
EditModel.ModelProgressEnum progress = (EditModel.ModelProgressEnum)Manager.SessionSettings.SiteSettings.GetValue <int>(IDENTITY_RECOVERY_PROGRESS, (int)EditModel.ModelProgressEnum.New);
EditModel model = new EditModel()
{
ModelProgress = progress,
};
model.UpdateData(user);
await Manager.AddOnManager.AddAddOnNamedAsync("YetaWF_ComponentsHTML", "clipboardjs.com.clipboard");// add clipboard support which is needed later (after partial form update)
return(View(model));
}
}
public async Task <ActionResult> SelectTwoStepAuth(int userId, string userName, string userEmail)
{
EditModel model = new EditModel {
UserId = userId,
UserName = userName,
UserEmail = userEmail,
};
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user == null)
{
throw new InternalError("User with id {0} not found", userId);
}
TwoStepAuth twoStep = new TwoStepAuth();
List <ITwoStepAuth> list = await twoStep.GetTwoStepAuthProcessorsAsync();
List <string> procs = (from p in list select p.Name).ToList();
List <string> enabledTwoStepAuths = (from e in user.EnabledTwoStepAuthentications select e.Name).ToList();
procs = procs.Intersect(enabledTwoStepAuths).ToList();
foreach (string proc in procs)
{
ITwoStepAuth auth = await twoStep.GetTwoStepAuthProcessorByNameAsync(proc);
if (auth != null)
{
model.Actions.New(await auth.GetLoginActionAsync(userId, userName, userEmail));
}
}
if (model.Actions.Count == 0)
{
throw new InternalError("There are no two-step authentication providers installed");
}
}
return(View(model));
}
public async Task <ActionResult> Login()
{
// verify that the user already entered the name/password correctly
int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(IDENTITY_TWOSTEP_USERID, 0);
bool closeOnLogin = Manager.SessionSettings.SiteSettings.GetValue <bool>(IDENTITY_TWOSTEP_CLOSEONLOGIN, false);
string returnUrl = Manager.SessionSettings.SiteSettings.GetValue <string>(IDENTITY_TWOSTEP_NEXTURL);
Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_NEXTURL);
Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_CLOSEONLOGIN);
Manager.SessionSettings.SiteSettings.Save();
if (userId == 0)
{
return(Redirect(Manager.CurrentSite.HomePageUrl));
}
// verify that the TwoStepAuthorization provider just verified this user
TwoStepAuth twoStep = new TwoStepAuth();
if (!await twoStep.VerifyTwoStepAutheticationDoneAsync(userId))
{
return(Redirect(Manager.CurrentSite.HomePageUrl));
}
await twoStep.ClearTwoStepAutheticationAsync(userId);
await Resource.ResourceAccess.LoginAsAsync(userId);
if (closeOnLogin)
{
return(View("YetaWF_Identity_TwoStepDone"));
}
else
{
returnUrl = QueryHelper.AddRando(returnUrl); // to defeat client-side caching
return(Redirect(returnUrl));
}
}
private async Task <ActionResult> CompleteLoginAsync(LoginModel model, LoginConfigData config, bool useTwoStep)
{
Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_NEXTURL);
Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_CLOSEONLOGIN);
Manager.SessionSettings.SiteSettings.Save();
model.Success = false;
// make sure it's a valid user
UserDefinition user = await Managers.GetUserManager().FindByNameAsync(model.UserName);
if (user == null)
{
Logging.AddErrorLog("User login failed: {0} - no such user", model.UserName);
ModelState.AddModelError(nameof(LoginModel.Email), this.__ResStr("invLogin", "Invalid user name or password"));
ModelState.AddModelError(nameof(LoginModel.UserName), this.__ResStr("invLogin", "Invalid user name or password"));
ModelState.AddModelError(nameof(LoginModel.Password), this.__ResStr("invLogin", "Invalid user name or password"));
return(PartialView(model));
}
using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
if (await logInfoDP.IsExternalUserAsync(user.UserId))
{
throw new Error(this.__ResStr("extUser", "This account can only be accessed using an external login provider"));
}
}
TwoStepAuth twoStep = new TwoStepAuth();// clear any two-step info we may have
await twoStep.ClearTwoStepAutheticationAsync(user.UserId);
if (config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures)
{
ModelState.AddModelError(nameof(LoginModel.Email), this.__ResStr("maxAttemps", "The maximum number of login attempts has been exceeded - Your account has been suspended"));
ModelState.AddModelError(nameof(LoginModel.UserName), this.__ResStr("maxAttemps", "The maximum number of login attempts has been exceeded - Your account has been suspended"));
if (user.UserStatus != UserStatusEnum.Suspended)
{
user.UserStatus = UserStatusEnum.Suspended;
await Managers.GetUserManager().UpdateAsync(user);
}
return(PartialView(model));
}
UserDefinition foundUser = user;
user = null;
// Handle random super user password (only supported on Core)
if (foundUser.UserId == SuperuserDefinitionDataProvider.SuperUserId && SuperuserDefinitionDataProvider.SuperuserAvailable && SuperuserDefinitionDataProvider.SuperUserPasswordRandom &&
model.UserName == SuperuserDefinitionDataProvider.SuperUserName && model.Password == SuperuserDefinitionDataProvider.SuperUserPassword)
{
user = foundUser;
}
if (user == null)
{
user = await Managers.GetUserManager().FindByNameAsync(model.UserName);
if (string.IsNullOrWhiteSpace(model.Password) || !await Managers.GetUserManager().CheckPasswordAsync(user, model.Password))
{
user = null;
}
}
if (user == null)
{
foundUser.LoginFailures = foundUser.LoginFailures + 1;
await Managers.GetUserManager().UpdateAsync(foundUser);
Logging.AddErrorLog("User login failed: {0}, {1}, {2}", model.UserName, model.Password, model.VerificationCode);
ModelState.AddModelError(nameof(LoginModel.Email), this.__ResStr("invLogin", "Invalid user name or password"));
ModelState.AddModelError(nameof(LoginModel.UserName), this.__ResStr("invLogin", "Invalid user name or password"));
ModelState.AddModelError(nameof(LoginModel.Password), this.__ResStr("invLogin", "Invalid user name or password"));
return(PartialView(model));
}
// if verification code valid, advance user to approved or needs approval
if (user.UserStatus == UserStatusEnum.NeedValidation && model.VerificationCode == user.VerificationCode)
{
Logging.AddLog("User {0} validated ({1})", model.UserName, model.VerificationCode);
if (config.ApproveNewUsers)
{
user.UserStatus = UserStatusEnum.NeedApproval;
user.LastActivityDate = DateTime.UtcNow;
user.LastActivityIP = Manager.UserHostAddress;
await Managers.GetUserManager().UpdateAsync(user);
Emails emails = new Emails();
await emails.SendApprovalNeededAsync(user);
string nextPage = string.IsNullOrWhiteSpace(config.ApprovalPendingUrl) ? Manager.CurrentSite.HomePageUrl : config.ApprovalPendingUrl;
return(FormProcessed(model,
this.__ResStr("notApproved", "You just verified your account. Now your account has to be approved by the site administrator. You will receive an email confirmation as soon as your account is active."),
NextPage: nextPage));
}
user.UserStatus = UserStatusEnum.Approved;
// this is saved below, before we're logged in
}
// check what to do based on account status
if (user.UserStatus == UserStatusEnum.NeedValidation)
{
if (model.ShowVerification)
{
Logging.AddErrorLog("User {0} - invalid verification code({1})", model.UserName, model.VerificationCode);
ModelState.AddModelError(nameof(LoginModel.VerificationCode), this.__ResStr("invVerification", "The verification code is invalid. Please make sure to copy/paste it from the email to avoid any typos."));
user.LoginFailures = user.LoginFailures + 1;
await Managers.GetUserManager().UpdateAsync(user);
}
else
{
ModelState.AddModelError(nameof(LoginModel.VerificationCode), this.__ResStr("notValidated", "Your account has not yet been verified. You will receive an email with verification information. Please copy and enter the verification code here."));
}
model.ShowVerification = true;
model.ResendVerificationCode = await Module.GetAction_ResendVerificationEmailAsync(user.UserName);
model.ShowCaptcha = false;
return(PartialView(model));
}
else if (user.UserStatus == UserStatusEnum.NeedApproval)
{
Logging.AddErrorLog("User {0} - not yet approved", model.UserName);
string nextPage = string.IsNullOrWhiteSpace(config.ApprovalPendingUrl) ? Manager.CurrentSite.HomePageUrl : config.ApprovalPendingUrl;
return(FormProcessed(model,
this.__ResStr("notApproved2", "Your account has not yet been approved by the site administrator. You will receive an email confirmation as soon as your account is active."),
NextPage: nextPage));
}
else if (user.UserStatus == UserStatusEnum.Rejected)
{
Logging.AddErrorLog("User {0} - rejected user", model.UserName);
string nextPage = string.IsNullOrWhiteSpace(config.RejectedUrl) ? Manager.CurrentSite.HomePageUrl : config.RejectedUrl;
return(FormProcessed(model,
this.__ResStr("accountRejected", "Your account has been rejected by the site administrator."),
NextPage: nextPage));
}
else if (user.UserStatus == UserStatusEnum.Suspended)
{
Logging.AddErrorLog("User {0} - suspended user", model.UserName);
string nextPage = string.IsNullOrWhiteSpace(config.SuspendedUrl) ? Manager.CurrentSite.HomePageUrl : config.SuspendedUrl;
return(FormProcessed(model,
this.__ResStr("accountSuspended", "Your account has been suspended."),
NextPage: nextPage));
}
else if (user.UserStatus == UserStatusEnum.Approved)
{
string nextUrl = null;
if (Manager.HaveReturnToUrl)
{
nextUrl = Manager.ReturnToUrl;
}
if (string.IsNullOrWhiteSpace(nextUrl))
{
nextUrl = await Resource.ResourceAccess.GetUserPostLoginUrlAsync((from u in user.RolesList select u.RoleId).ToList());
}
if (string.IsNullOrWhiteSpace(nextUrl))
{
nextUrl = Manager.CurrentSite.PostLoginUrl;
}
if (string.IsNullOrWhiteSpace(nextUrl))
{
nextUrl = YetaWFManager.Manager.CurrentSite.HomePageUrl;
}
if (useTwoStep)
{
ActionResult actionResult = await TwoStepAuthetication(user);
if (actionResult != null)
{
Manager.SessionSettings.SiteSettings.SetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID, user.UserId);// marker that user has entered correct name/password
Manager.SessionSettings.SiteSettings.SetValue <string>(LoginTwoStepController.IDENTITY_TWOSTEP_NEXTURL, nextUrl);
Manager.SessionSettings.SiteSettings.SetValue <bool>(LoginTwoStepController.IDENTITY_TWOSTEP_CLOSEONLOGIN, model.CloseOnLogin);
Manager.SessionSettings.SiteSettings.Save();
return(actionResult);
}
}
await LoginModuleController.UserLoginAsync(user, model.RememberMe);
model.Success = true;
Logging.AddLog("User {0} - logged on", model.UserName);
return(FormProcessed(model, OnClose: OnCloseEnum.GotoNewPage, OnPopupClose: OnPopupCloseEnum.GotoNewPage, NextPage: nextUrl, ForceRedirect: true));
}
else
{
throw new InternalError("badUserStatus", "Unexpected account status {0}", user.UserStatus);
}
}
