コード例 #1
0
        public async Task <Response> EnableAuthenticator(EnableAuthenticatorRequest request, string userId)
        {
            _logger.LogInformation("Enabled authenticator for {userId}", userId);
            var user = await _userManager.FindByIdAsync(userId);

            if (user.TwoFactorEnabled)
            {
                return(Response.ForError("2FA already enabled."));
            }
            if (request.Code.IsNullOrEmpty())
            {
                return(Response.ForError("Code is missing."));
            }
            var verificationCode = CleanCode(request.Code);

            var is2FaTokenValid = await _userManager.VerifyTwoFactorTokenAsync(user,
                                                                               _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);

            if (!is2FaTokenValid)
            {
                return(Response.ForError("2FA token is not valid."));
            }

            var result = await _userManager.SetTwoFactorEnabledAsync(user, true);

            if (!result.Succeeded)
            {
                return(Response.ForErrors(result.Errors.Select(c => $"{c.Code} - {c.Description}")));
            }

            return(Response.ForSuccess());
        }
コード例 #2
0
        public async Task <Response <TIdentity> > CheckCredentials(string username, string password)
        {
            _logger.LogInformation("Check credentials for {username}", username);
            var user = await _userManager.FindByNameAsync(username);

            if (user == null)
            {
                return(Response.ForError("Invalid credentials."));
            }

            Response lockout;

            if ((lockout = await GetLockedStatus(user)) != null)
            {
                return(lockout);
            }

            if (await _userManager.CheckPasswordAsync(user, password))
            {
                await _userManager.ResetAccessFailedCountAsync(user);

                _logger.LogInformation("Credentials valid for {username}, access failed count is reset.", username);
                return(Response <TIdentity> .ForSuccess(user));
            }

            await _userManager.AccessFailedAsync(user);

            if ((lockout = await GetLockedStatus(user)) != null)
            {
                return(lockout);
            }

            return(Response.ForError("Invalid credentials."));
        }
コード例 #3
0
        public async Task <Response <AuthenticatorKey> > GetAuthenticatorKey(string userId)
        {
            _logger.LogInformation("Get authentication key {userId}", userId);

            var user = await _userManager.FindByIdAsync(userId);

            if (user == null)
            {
                _logger.LogInformation("User {userId} not found", userId);
                return(Response.ForError("Credentials are not valid."));
            }
            if (user.TwoFactorEnabled)
            {
                return(Response.ForError("2FA already enabled."));
            }

            var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);

            if (string.IsNullOrEmpty(unformattedKey))
            {
                await _userManager.ResetAuthenticatorKeyAsync(user);

                unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
            }

            return(Response <AuthenticatorKey> .ForSuccess(new AuthenticatorKey
            {
                SharedKey = FormatKey(unformattedKey),
                AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey)
            }));
        }
コード例 #4
0
        public async Task <Response <TIdentity> > Verify(string code, string username, string password)
        {
            _logger.LogInformation("Verify {code}", code);
            if (code.IsNullOrEmpty())
            {
                return(Response.ForError("Code is missing."));
            }

            var user = await _userManager.FindByNameAsync(username);

            if (user == null)
            {
                _logger.LogInformation("User {username} not found", username);
                return(Response.ForError("Credentials are not valid."));
            }

            if (!await _userManager.CheckPasswordAsync(user, password))
            {
                return(Response.ForError("Credentials are not valid."));
            }

            var authenticatorCode = CleanCode(code);

            _logger.LogInformation("Cleaned {authenticatorCode}", authenticatorCode); // it's ok to log this, as this info is transient

            var is2FaTokenValid = await _userManager.VerifyTwoFactorTokenAsync(user, _userManager.Options.Tokens.AuthenticatorTokenProvider, authenticatorCode);

            if (!is2FaTokenValid)
            {
                return(Response.ForError("2FA token is not valid."));
            }

            return(Response <TIdentity> .ForSuccess());
        }
コード例 #5
0
        public async Task <Response <AuthorizationCodeTokenResponse> > GetAccessToken(Requests.AuthorizationCodeTokenRequest request)
        {
            var authority = _idpOptions.Enable ? _idpOptions.AuthorityUrl : _partyDetailsOptions.BaseUri;

            using (var requestBody = new FormUrlEncodedContent(new Dictionary <string, string>
            {
                { "grant_type", "authorization_code" },
                { "scope", "iSHARE" },
                { "client_id", _spaOptions.SpaClientId },
                { "client_secret", _spaOptions.SpaClientSecret },
                { "redirect_uri", Path.Combine(_spaOptions.BaseUri, "callback") },
                { "code", request.Code }
            }))
            {
                var tokenResponse = await authority.AppendPathSegment("connect/token")
                                    .PostAsync(requestBody)

                ;

                if (tokenResponse.StatusCode == HttpStatusCode.OK)
                {
                    var content = await Task.FromResult(tokenResponse).ReceiveJson();

                    return(Response <AuthorizationCodeTokenResponse> .ForSuccess(
                               new AuthorizationCodeTokenResponse
                    {
                        AccessToken = (string)content.access_token,
                        ExpiresIn = (int)content.expires_in
                    }));
                }
            }
            return(Response.ForError("Token retrieval failed"));
        }
コード例 #6
0
        private async Task <Response> GetLockedStatus(TIdentity user)
        {
            if (!await _userManager.IsLockedOutAsync(user))
            {
                return(null);
            }

            _logger.LogInformation("Username {username} is locked out", user.UserName);
            return(Response.ForError("Your account has been locked out due to multiple failed login attempts."));
        }
コード例 #7
0
        public async Task <Response> Logout()
        {
            string token     = _httpContext.HttpContext.Request.Headers["Authorization"];
            var    authority = _idpOptions.Enable ? _idpOptions.AuthorityUrl : _partyDetailsOptions.BaseUri;

            if (!string.IsNullOrEmpty(token) && token.StartsWith("Bearer "))
            {
                var result = await _httpClient.RevokeTokenAsync(new TokenRevocationRequest
                {
                    Address      = Path.Combine(authority, "connect/revocation"),
                    ClientId     = _spaOptions.SpaClientId,
                    ClientSecret = _spaOptions.SpaClientSecret,
                    Token        = token.Substring("Bearer ".Length).Trim()
                });
            }

            return(Response.ForSuccess());
        }
コード例 #8
0
        public async Task <Response <TIdentity> > Login(LoginRequest request)
        {
            _logger.LogInformation("Login for {username}", request?.Username);
            if (request == null)
            {
                return(Response.ForError(LoginErrorMessages.InvalidCredentials));
            }

            var result = await CheckCredentials(request.Username, request.Password);

            if (!result.Success)
            {
                return(Response.ForError(result.Errors.FirstOrDefault()));
            }

            if (!_spaOptions.TwoFactorEnabled.HasValue || !_spaOptions.TwoFactorEnabled.Value)
            {
                return(Response <TIdentity> .ForSuccess(result.Model));
            }

            if (result.Model.TwoFactorEnabled)
            {
                if (request.TwoFactorCode.IsNullOrEmpty())
                {
                    return(Response.ForError(LoginErrorMessages.TwoFactorCodeRequired));
                }
                var result2Fa = await Verify(request.TwoFactorCode, request.Username, request.Password);

                if (!result2Fa.Success)
                {
                    return(Response.ForError(LoginErrorMessages.InvalidCredentials));
                }
            }
            else
            {
                return(Response.ForError(LoginErrorMessages.TwoFactorSetupRequired));
            }

            return(Response <TIdentity> .ForSuccess(result.Model));
        }