public bool SendTfaSecret([RestMessage(RestMessageFormat.Json)] TfaRequestInfo resetInfo) { try { var resetService = ApplicationContext.Current.GetService <ITwoFactorRequestService>(); if (resetService == null) { throw new InvalidOperationException(Strings.err_reset_not_supported); } resetService.SendVerificationCode(resetInfo.ResetMechanism, resetInfo.Verification, resetInfo.UserName, resetInfo.Purpose); return(true); } catch (Exception e) { this.m_tracer.TraceError("Error getting sending secret: {0}", e); throw; } }
/// <summary> /// Creates security reset information /// </summary> public void SendTfaSecret(TfaRequestInfo resetInfo) { var securityRepository = ApplicationContext.Current.GetService <ISecurityRepositoryService>(); var securityUser = securityRepository.GetUser(resetInfo.UserName); // don't throw an error if the user is not found, just act as if we sent it. // this is to make sure that people cannot guess users if (securityUser == null) { this.traceSource.TraceEvent(TraceEventType.Warning, 0, "Attempt to get TFA reset code for {0} which is not a valid user", resetInfo.UserName); WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.NoContent; return; } // Identity provider var identityProvider = ApplicationContext.Current.GetService <IIdentityProviderService>(); var tfaSecret = identityProvider.GenerateTfaSecret(securityUser.UserName); // Add a claim if (resetInfo.Purpose == "PasswordReset") { new PolicyPermission(PermissionState.Unrestricted, PermissionPolicyIdentifiers.LoginAsService); identityProvider.AddClaim(securityUser.UserName, new System.Security.Claims.Claim(OpenIzClaimTypes.OpenIZPasswordlessAuth, "true")); } var tfaRelay = ApplicationContext.Current.GetService <ITfaRelayService>(); if (tfaRelay == null) { throw new InvalidOperationException("TFA relay not specified"); } // Now issue the TFA secret tfaRelay.SendSecret(resetInfo.ResetMechanism, securityUser, resetInfo.Verification, tfaSecret); WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.NoContent; }
// TODO: override a finalizer only if Dispose(bool disposing) above has code to free unmanaged resources. // ~AmiServiceClient() { // // Do not change this code. Put cleanup code in Dispose(bool disposing) above. // Dispose(false); // } #endregion IDisposable Support /// <summary> /// Create security password reset request. /// </summary> /// <param name="resetInfo">The reset information.</param> public void SendTfaSecret(TfaRequestInfo resetInfo) { this.Client.Post <TfaRequestInfo, object>("tfa", this.Client.Accept, resetInfo); }