public async Task <VerifyTwoFactorModel> VerifyTwoFactorToken(VerifyTwoFactorModel model)
{
var user = await _userManager.FindByIdAsync(model.UserId);
var tokenOptions = new TokenOptions();
model.Verified = await _userManager.VerifyTwoFactorTokenAsync(user, tokenOptions.AuthenticatorTokenProvider, model.Code);
return(model);
}
public async Task <ActionResult> VerifyTwoFactor(VerifyTwoFactorModel model)
{
if (!ModelState.IsValid)
{
return(View("VerifyTwoFactor", model));
}
string userId = await GetTwoFactorLoginUserIdAsync();
if (userId == null)
{
return(Unauthorized());
}
var user = await UserManager.FindByIdAsync(userId);
if (user == null)
{
return(Unauthorized());
}
var logonTwoFactor = user.TwoFactor.FirstOrDefault(x => x.Component == TwoFactorComponentType.Login);
if (logonTwoFactor == null)
{
return(Unauthorized());
}
if (await UserManager.VerifyUserTwoFactorCodeAsync(logonTwoFactor.Component, userId, model.Data))
{
await SignInAsync(user);
return(RedirectToLocal("Home"));
}
await UserManager.AccessFailedAsync(user.Id);
if (await UserManager.IsLockedOutAsync(user.Id))
{
await EmailService.Send(EmailType.PasswordLockout, user, Request.GetIPAddress());
ModelState.AddModelError("", "Your account is locked.");
return(View("Login"));
}
ModelState.AddModelError("", "Invalid code");
return(View("VerifyTwoFactor", model));
}
public async Task <ActionResult> VerifyTwoFactor(VerifyTwoFactorModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var userId = await GetTwoFactorLoginUserIdAsync();
if (!userId.HasValue)
{
return(View("Error"));
}
var user = await UserManager.FindByIdAsync(userId.Value);
if (user == null)
{
return(View("Error"));
}
if (await UserManager.IsLockedOutAsync(user.Id))
{
ModelState.AddModelError("", string.Format(Resources.Account.LoginErrorMessageAccountLocked, GetLockoutExpireTime(user)));
return(View(nameof(Login), new LoginViewModel()));
}
if (!await UserManager.CheckTwoFactorAsync(user, model.SecurityCode))
{
await RecordLoginAttempt(user.Id, LogonType.LoginTwoFactorFailed);
await IncrementAccessFailedCount(user, Resources.Account.LoginErrorMessageInvalidTwoFactor);
return(View(model));
}
// Invalidate the temp cookie
AuthenticationManager.SignOut(DefaultAuthenticationTypes.TwoFactorCookie);
await SignInAsync(user);
return(RedirectToLocal(model.ReturnUrl));
}
public async Task <List <ValidationResult> > VerifyTwoFactorToken(VerifyTwoFactorModel model)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
results.Add(new ValidationResult($"User with {model.Email} does not exist"));
return(results);
}
var result = await _userManager.VerifyTwoFactorTokenAsync(user,
_userManager.Options.Tokens.ChangePhoneNumberTokenProvider, model.Token);
if (!result)
{
results.Add(new ValidationResult($"Failed to verify user"));
return(results);
}
return(results);
}
public async Task <IActionResult> LoginWith2Fa(LoginWith2FaViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var userId = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (userId == null)
{
throw new InvalidOperationException($"Unable to load two-factor authentication user.");
}
var verify2FaToken = new VerifyTwoFactorModel
{
UserId = userId,
Code = model.TwoFactorCode.Replace(" ", string.Empty).Replace("-", string.Empty),
RememberMachine = model.RememberMachine
};
var result = await _accountsEndpoint.VerifyTwoFactorTokenAsync(verify2FaToken);
if (result.Verified)
{
await _signInManager.DoTwoFactorSignInAsync(userId, model.RememberMachine);
_logger.LogInformation("User with ID '{UserId}' logged in with 2fa.", userId);
returnUrl ??= Url.Content("~/");
return(LocalRedirect(returnUrl));
}
_logger.LogWarning("Invalid authenticator code entered for user with ID '{UserId}'.", userId);
ModelState.AddModelError(string.Empty, "Invalid authenticator code.");
return(View(model));
}
public async Task <VerifyTwoFactorModel> VerifyTwoFactorTokenAsync(VerifyTwoFactorModel model)
{
return(await _apiHelper.PostAsync(model, "api/Account/VerifyTwoFactorToken"));
}