public async Task <Tuple <bool, Organization> > RequiresTwoFactorAsync(User user) { var individualRequired = _userManager.SupportsUserTwoFactor && await _userManager.GetTwoFactorEnabledAsync(user) && (await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0; Organization firstEnabledOrg = null; var orgs = (await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id)) .ToList(); if (orgs.Any()) { var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); var twoFactorOrgs = orgs.Where(o => OrgUsing2fa(orgAbilities, o.Id)); if (twoFactorOrgs.Any()) { var userOrgs = await _organizationRepository.GetManyByUserIdAsync(user.Id); firstEnabledOrg = userOrgs.FirstOrDefault( o => orgs.Any(om => om.Id == o.Id) && o.TwoFactorIsEnabled()); } } return(new Tuple <bool, Organization>(individualRequired || firstEnabledOrg != null, firstEnabledOrg)); }
private async Task <Tuple <bool, bool, Organization> > RequiresTwoFactorAsync(User user, ValidatedTokenRequest request) { if (request.GrantType == "client_credentials") { // Do not require MFA for api key logins return(new Tuple <bool, bool, Organization>(false, false, null)); } var individualRequired = _userManager.SupportsUserTwoFactor && await _userManager.GetTwoFactorEnabledAsync(user) && (await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0; Organization firstEnabledOrg = null; var orgs = (await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id)) .ToList(); if (orgs.Any()) { var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); var twoFactorOrgs = orgs.Where(o => OrgUsing2fa(orgAbilities, o.Id)); if (twoFactorOrgs.Any()) { var userOrgs = await _organizationRepository.GetManyByUserIdAsync(user.Id); firstEnabledOrg = userOrgs.FirstOrDefault( o => orgs.Any(om => om.Id == o.Id) && o.TwoFactorIsEnabled()); } } var requires2FA = individualRequired || firstEnabledOrg != null; var requires2FABecauseNewDevice = !requires2FA && await _userService.Needs2FABecauseNewDeviceAsync( user, GetDeviceFromRequest(request)?.Identifier, request.GrantType); requires2FA = requires2FA || requires2FABecauseNewDevice; return(new Tuple <bool, bool, Organization>(requires2FA, requires2FABecauseNewDevice, firstEnabledOrg)); }
public async Task LogUserEventAsync(Guid userId, EventType type) { var now = DateTime.UtcNow; var events = new List <IEvent> { new EventMessage(_currentContext) { UserId = userId, ActingUserId = userId, Type = type, Date = now } }; var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, userId); var orgEvents = orgs.Where(o => CanUseEvents(orgAbilities, o.Id)) .Select(o => new EventMessage(_currentContext) { OrganizationId = o.Id, UserId = userId, ActingUserId = userId, Type = type, Date = DateTime.UtcNow }); if (orgEvents.Any()) { events.AddRange(orgEvents); await _eventWriteService.CreateManyAsync(events); } else { await _eventWriteService.CreateAsync(events.First()); } }
public async Task <bool> CanAccessPremium(User user) { if (user.Premium) { return(true); } if (!_currentContext?.Organizations?.Any() ?? true) { return(false); } var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); return(_currentContext.Organizations.Any(o => orgAbilities.ContainsKey(o.Id) && orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled)); }
public async Task <bool> CanAccessPremium(User user) { if (user.Premium) { return(true); } var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id); if (!orgs.Any()) { return(false); } var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); return(orgs.Any(o => orgAbilities.ContainsKey(o.Id) && orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled)); }