public async Task <CreateLocalAccountResult> CreateAsync(Guid identityId, string loginId, string password)
{
var passwordSalt = new byte[_options.NumberOfBytesInPasswordSalt];
var totpSecret = new byte[64];
CryptoRandom.GetBytes(passwordSalt);
CryptoRandom.GetBytes(totpSecret);
var localAccount = new LocalAccount
{
IdentityId = identityId,
IterationCount = _options.IterationCount,
PasswordSalt = passwordSalt,
SharedTotpSecret = totpSecret,
LoginId = loginId
};
localAccount.PasswordHash = GetPasswordHash(password, localAccount);
try
{
await _localAccountStorage.CreateAsync(localAccount);
}
catch (IdentityAlreadyExistException e)
{
_log.LogError(0, e, "Local account already exist");
return(CreateLocalAccountResult.AlreadyExist());
}
return(CreateLocalAccountResult.Success(localAccount));
}
public async Task<CreateLocalAccountResult> CreateAsync(Guid identityId, string loginId, string password)
{
var bytes = new byte[_options.NumberOfBytesInPasswordSalt];
CryptoRandom.GetBytes(bytes);
var localAccount = new LocalAccount
{
IdentityId = identityId,
IterationCount = _options.IterationCount,
PasswordSalt = bytes,
LoginId = loginId,
Created = DateTimeOffset.Now,
Updated = DateTimeOffset.Now
};
localAccount.PasswordHash = GetPasswordHash(password, localAccount);
try
{
await _localAccountStorage.CreateAsync(localAccount);
}
catch (IdentityAlreadyExistException e)
{
_log.LogError(0, e, "Local account already exist");
return CreateLocalAccountResult.AlreadyExist();
}
return CreateLocalAccountResult.Success(localAccount);
}
private void ValidatePassword(LocalAccount localAccount, string password)
{
if (!localAccount.PasswordHash.SequenceEqual(GetPasswordHash(password, localAccount)))
{
InvalidPassword(localAccount);
}
}
public static CreateLocalAccountResult Success(LocalAccount localAccount)
{
return(new CreateLocalAccountResult(localAccount)
{
Succeeded = true
});
}
public async Task CreateAsync(LocalAccount localAccount)
{
using (var connection = new SqlConnection(_identityOptions.ConnectionString))
{
try
{
using (var command = new SqlCommand(_insertSql, connection))
{
command.Parameters.Add(new SqlParameter("@Created", localAccount.Created));
command.Parameters.Add(new SqlParameter("@FailedLoginCount", localAccount.FailedLoginCount));
command.Parameters.Add(new SqlParameter("@IdentityId", localAccount.IdentityId));
command.Parameters.Add(new SqlParameter("@IsDisabled", localAccount.IsDisabled));
command.Parameters.Add(new SqlParameter("@IterationCount", localAccount.IterationCount));
command.Parameters.Add(new SqlParameter("@LoginId", localAccount.LoginId));
command.Parameters.Add(new SqlParameter("@PasswordHash", localAccount.PasswordHash));
command.Parameters.Add(new SqlParameter("@PasswordSalt", localAccount.PasswordSalt));
command.Parameters.Add(new SqlParameter("@Updated", localAccount.Updated));
connection.Open();
localAccount.Id = (int)await command.ExecuteScalarAsync();
}
}
catch (SqlException ex)
{
// 2601 - Violation in unique index
// 2627 - Violation in unique constraint
if (ex.Number == 2601 || ex.Number == 2627)
{
throw new LocalAccountAlreadyExistException($"Identity {localAccount.LoginId} already exist for user {localAccount.IdentityId}", ex);
}
throw;
}
}
}
private async Task ValidatePassword(LocalAccount localAccount, string password)
{
if (!localAccount.PasswordHash.SequenceEqual(GetPasswordHash(password, localAccount)))
{
await InvalidPassword(localAccount);
}
}
private void InvalidPassword(LocalAccount localAccount)
{
localAccount.FailedLoginCount++;
localAccount.Updated = DateTimeOffset.Now;
_log.LogWarning("Invalid password for local account {0} with iteration count {1}", localAccount.IdentityId, localAccount.IterationCount);
_localAccountStorage.UpdateFailedLoginCountAsync(localAccount);
throw new UnauthorizedAccessException("Invalid password");
}
public async Task UpdateFailedLoginCountAsync(LocalAccount localAccount)
{
using (var connection = new SqlConnection(_identityOptions.ConnectionString))
{
using (var command = new SqlCommand(_updateFailedLoginCount, connection))
{
command.Parameters.Add(new SqlParameter("@FailedLoginCount", localAccount.FailedLoginCount));
command.Parameters.Add(new SqlParameter("@Updated", localAccount.Updated));
command.Parameters.Add(new SqlParameter("@IdentityId", localAccount.IdentityId));
connection.Open();
var result = await command.ExecuteNonQueryAsync();
}
}
}
public async Task CreateAsync(LocalAccount localAccount)
{
localAccount.Created = DateTimeOffset.Now;
localAccount.Updated = DateTimeOffset.Now;
using (var connection = new SqlConnection(_identityOptions.ConnectionString))
{
try
{
using (var command = new SqlCommand(_insertSql, connection))
{
command.Parameters.Add(new SqlParameter("@Created", localAccount.Created));
command.Parameters.Add(new SqlParameter("@FailedLoginCount", localAccount.FailedLoginCount));
command.Parameters.Add(new SqlParameter("@IdentityId", localAccount.IdentityId));
command.Parameters.Add(new SqlParameter("@IsDisabled", localAccount.IsDisabled));
command.Parameters.Add(new SqlParameter("@IterationCount", localAccount.IterationCount));
command.Parameters.Add(new SqlParameter("@LoginId", localAccount.LoginId));
command.Parameters.Add(new SqlParameter("@PasswordHash", localAccount.PasswordHash));
command.Parameters.Add(new SqlParameter("@PasswordSalt", localAccount.PasswordSalt));
command.Parameters.Add(new SqlParameter("@Updated", localAccount.Updated));
command.Parameters.AddWithNullableValue("@SharedTotpSecret", localAccount.SharedTotpSecret);
command.Parameters.AddWithNullableValue("@TwoFactorAppNotificationEnabled", localAccount.TwoFactorAppNotificationEnabled);
command.Parameters.AddWithNullableValue("@TwoFactorEmailEnabled", localAccount.TwoFactorEmailEnabled);
command.Parameters.AddWithNullableValue("@TwoFactorSmsEnabled", localAccount.TwoFactorSmsEnabled);
command.Parameters.AddWithNullableValue("@TwoFactorTotpEnabled", localAccount.TwoFactorTotpEnabled);
command.Parameters.AddWithNullableValue("@Deleted", localAccount.Deleted);
await connection.OpenAsync();
localAccount.Id = (int)await command.ExecuteScalarAsync();
}
}
catch (SqlException ex)
{
// 2601 - Violation in unique index
// 2627 - Violation in unique constraint
if (ex.Number == 2601 || ex.Number == 2627)
{
throw new LocalAccountAlreadyExistException($"Identity {localAccount.LoginId} already exist for user {localAccount.IdentityId}", ex);
}
throw;
}
}
}
private byte[] GetPasswordHash(string password, LocalAccount localAccount)
{
return _passwordHashGenerator.GetPasswordHash(localAccount.PasswordSalt, password, localAccount.IterationCount, _options.NumberOfBytesInPasswordHash);
}
private void SetFailedLoginCountToZero(LocalAccount localAccount)
{
localAccount.FailedLoginCount = 0;
localAccount.Updated = DateTimeOffset.Now;
_localAccountStorage.UpdateFailedLoginCountAsync(localAccount);
}
public CreateLocalAccountResult(LocalAccount localAccount)
{
LocalAccount = localAccount;
}
public Task UpdateAsync(LocalAccount localAccount)
{
throw new NotImplementedException();
}
public Task DeleteAsync(LocalAccount localAccount)
{
localAccount.Deleted = DateTimeOffset.Now;
return(UpdateAsync(localAccount));
}
