/// <summary> /// Looks for a custom header named “X-OTP” <see cref="Constants.RequestHeaders.TwoFactorOtpKey"/> in the HTTP request. /// Validates the OTP, if present. /// </summary> /// <param name="httpRequestMessage"></param> /// <param name="code"></param> /// <returns>True, if OTP is valid.</returns> public static bool HasValidTotp(this HttpRequestMessage httpRequestMessage, string code) { if (httpRequestMessage.Headers.Contains(Constants.RequestHeaders.TwoFactorOtpKey)) { string otp = httpRequestMessage.Headers.GetValues(Constants.RequestHeaders.TwoFactorOtpKey).First(); // We need to check the passcode against the past, current, and future passcodes if (!string.IsNullOrWhiteSpace(otp)) { if (TimeSensitivePassCode.GetOtps(code).Any(t => t.Equals(otp))) { return(true); } } } return(false); }
/// <summary> /// Register a new user. /// </summary> /// <param name="appUserManager">The instance of the <see cref="AppUserManager"/> from the Owin context of the request.</param> /// <param name="registerUserDto"></param> /// <returns>IdentityResult</returns> public static IdentityResult RegisterUser(this AppUserManager appUserManager, RegisterUserReq registerUserDto) { var appUser = new AppUser { UserName = string.IsNullOrWhiteSpace(registerUserDto.UserName) ? registerUserDto.Email : registerUserDto.UserName, Email = registerUserDto.Email, CreatedOnUtc = DateTime.UtcNow, TwoFactorEnabled = registerUserDto.TwoFactorEnabled, }; // If two factor authentication has been enabled, generate a private shared key for it. if (registerUserDto.TwoFactorEnabled) { appUser.TwoFactorPreSharedKey = TimeSensitivePassCode.GenerateSharedPrivateKey(); } var identityResult = appUserManager.Create(appUser, registerUserDto.Password); return(identityResult); }