public async Task <IActionResult> EditSharedAccountOtp(string id, EditSharedAccountOtpDto sharedAccountDto)
{
if (id != sharedAccountDto.Id)
{
return(BadRequest());
}
try
{
var sharedAccount = await _sharedAccountService.GetSharedAccountByIdAsync(id);
var accountOtp = new AccountOtp()
{
OtpSecret = sharedAccountDto.OtpSecret
};
var vaultIds = await _sharedAccountService.EditSharedAccountOtpAsync(sharedAccount, accountOtp);
_remoteDeviceConnectionsService.StartUpdateHardwareVaultAccounts(vaultIds);
}
catch (Exception ex)
{
_logger.LogError(ex.Message);
return(StatusCode(500, new { error = ex.Message }));
}
return(NoContent());
}
public async Task <IActionResult> EditAccountOtp(string id, EditAccountOtpDto accountDto)
{
if (id != accountDto.Id)
{
return(BadRequest());
}
try
{
var account = await _employeeService.GetAccountByIdAsync(id);
if (account == null)
{
return(BadRequest("Account not found."));
}
var accountOtp = new AccountOtp()
{
OtpSecret = accountDto.OtpSercret
};
await _employeeService.EditPersonalAccountOtpAsync(account, accountOtp);
_remoteDeviceConnectionsService.StartUpdateHardwareVaultAccounts(await _employeeService.GetEmployeeVaultIdsAsync(account.EmployeeId));
}
catch (Exception ex)
{
_logger.LogError(ex.Message);
return(StatusCode(500, new { error = ex.Message }));
}
return(NoContent());
}
public async Task EditPersonalAccountOtpAsync(Account account, AccountOtp accountOtp)
{
if (account == null)
{
throw new ArgumentNullException(nameof(account));
}
if (accountOtp == null)
{
throw new ArgumentNullException(nameof(accountOtp));
}
_dataProtectionService.Validate();
var employee = await GetEmployeeByIdAsync(account.EmployeeId);
account.UpdatedAt = DateTime.UtcNow;
account.OtpUpdatedAt = Validation.VerifyOtpSecret(accountOtp.OtpSecret) == null ? null : (DateTime?)DateTime.UtcNow;
// Update otp field if there are no vaults
if (employee.HardwareVaults.Count == 0)
{
account.OtpSecret = _dataProtectionService.Encrypt(accountOtp.OtpSecret);
}
// Create tasks if there are vaults
List <HardwareVaultTask> tasks = new List <HardwareVaultTask>();
foreach (var vault in employee.HardwareVaults)
{
tasks.Add(_hardwareVaultTaskService.GetAccountOtpUpdateTask(vault.Id, account.Id, _dataProtectionService.Encrypt(accountOtp.OtpSecret ?? string.Empty)));
}
using (TransactionScope transactionScope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
await _accountService.UpdateOnlyPropAsync(account, new string[] { nameof(Account.UpdatedAt), nameof(Account.OtpUpdatedAt), nameof(Account.OtpSecret) });
if (tasks.Count > 0)
{
await _hardwareVaultTaskService.AddRangeTasksAsync(tasks);
await _hardwareVaultService.UpdateNeedSyncAsync(employee.HardwareVaults, true);
}
transactionScope.Complete();
}
}
public async Task <List <string> > EditSharedAccountOtpAsync(SharedAccount sharedAccount, AccountOtp accountOtp)
{
if (sharedAccount == null)
{
throw new ArgumentNullException(nameof(sharedAccount));
}
if (accountOtp == null)
{
throw new ArgumentNullException(nameof(accountOtp));
}
_dataProtectionService.Validate();
Validation.VerifyOtpSecret(accountOtp.OtpSecret);
// Update Shared Account
sharedAccount.OtpSecret = !string.IsNullOrWhiteSpace(accountOtp.OtpSecret) ? _dataProtectionService.Encrypt(accountOtp.OtpSecret) : null;
sharedAccount.OtpSecretChangedAt = !string.IsNullOrWhiteSpace(accountOtp.OtpSecret) ? new DateTime?(DateTime.UtcNow) : null;
// Get all accounts where used this shared account
var accounts = await _accountService
.Query()
.Include(x => x.Employee.HardwareVaults)
.Where(x => x.SharedAccountId == sharedAccount.Id && x.Deleted == false)
.AsNoTracking()
.ToListAsync();
List <HardwareVaultTask> tasks = new List <HardwareVaultTask>();
foreach (var account in accounts)
{
account.UpdatedAt = DateTime.UtcNow;
account.OtpUpdatedAt = sharedAccount.OtpSecretChangedAt;
foreach (var vault in account.Employee.HardwareVaults)
{
tasks.Add(_hardwareVaultTaskService.GetAccountOtpUpdateTask(vault.Id, account.Id, sharedAccount.OtpSecret));
}
}
using (TransactionScope transactionScope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
await _sharedAccountRepository.UpdateOnlyPropAsync(sharedAccount, new string[] { nameof(SharedAccount.OtpSecret), nameof(SharedAccount.OtpSecretChangedAt) });
await _accountService.UpdateOnlyPropAsync(accounts, new string[] { nameof(Account.UpdatedAt), nameof(Account.OtpUpdatedAt) });
await _hardwareVaultTaskService.AddRangeTasksAsync(tasks);
transactionScope.Complete();
}
return(accounts.SelectMany(x => x.Employee.HardwareVaults.Select(s => s.Id)).ToList());
}
