public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Không thể tải người dùng xác thực hai yếu tố.");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
_logger.LogInformation("Người dùng có ID {UserId} đã đăng nhập bằng mã khôi phục.", user.Id);
return(RedirectToLocal(returnUrl));
}
if (result.IsLockedOut)
{
_logger.LogWarning("Người dùng có tài khoản ID {UserId} bị khóa.", user.Id);
return(RedirectToAction(nameof(Lockout)));
}
else
{
_logger.LogWarning("Mã khôi phục không hợp lệ được nhập cho người dùng có ID {UserId}", user.Id);
ModelState.AddModelError(string.Empty, "Mã khôi phục không hợp lệ được nhập.");
return(View());
}
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
_logger.LogInformation("User with ID {UserId} logged in with a recovery code.", user.Id);
return(RedirectToLocal(returnUrl));
}
if (result.IsLockedOut)
{
_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
return(RedirectToAction(nameof(Lockout)));
}
else
{
_logger.LogWarning("Invalid recovery code entered for user with ID {UserId}", user.Id);
ModelState.AddModelError(string.Empty, "Invalid recovery code entered.");
return(View());
}
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new InvalidOperationException(_localizer["Unable2FA"]);
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
return(LocalRedirect(string.IsNullOrEmpty(model.ReturnUrl) ? "~/" : model.ReturnUrl));
}
if (result.IsLockedOut)
{
return(View("Lockout"));
}
ModelState.AddModelError(string.Empty, _localizer["InvalidRecoveryCode"]);
return(View(model));
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Não é possível carregar o usuário de autenticação de dois fatores.");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
_logger.LogInformation("Usuário com ID {UserId} logado com um código de recuperação.", user.Id);
return(RedirectToLocal(returnUrl));
}
if (result.IsLockedOut)
{
_logger.LogWarning("Usuário com ID {UserId} conta bloqueada.", user.Id);
return(RedirectToAction(nameof(Lockout)));
}
else
{
_logger.LogWarning("Código de recuperação inválido digitado para o usuário com o ID {UserId}", user.Id);
ModelState.AddModelError(string.Empty, "Código de recuperação inválido digitado.");
return(View());
}
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
return(View());
}
public virtual async Task <UserLoginResult> TryLoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model)
{
var template = new LoginResultTemplate();
IUserContext userContext = null;
template.User = await SignInManager.GetTwoFactorAuthenticationUserAsync();
if (template.User != null)
{
await LoginRulesProcessor.ProcessAccountLoginRules(template);
}
if (template.User != null)
{
//this will get persisted if login succeeds
template.User.BrowserKey = Guid.NewGuid().ToString();
userContext = new UserContext(template.User);
}
if (userContext != null &&
template.SignInResult == SignInResult.Failed && //initial state
template.RejectReasons.Count == 0
)
{
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
template.SignInResult = await SignInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
}
if (template.SignInResult.Succeeded)
{
//update last login time and browser key
template.User.LastLoginUtc = DateTime.UtcNow;
await UserManager.UpdateAsync(template.User);
if (UserManager.Site.SingleBrowserSessions)
{
//the sign in we just did won't have the new browserkey claim so sign out and sign in again to ensure it gets the claim
await SignInManager.SignOutAsync();
await SignInManager.SignInAsync(template.User, isPersistent : false);
}
}
return(new UserLoginResult(
template.SignInResult,
template.RejectReasons,
userContext,
template.IsNewUserRegistration,
template.MustAcceptTerms,
template.NeedsAccountApproval,
template.NeedsEmailConfirmation,
template.EmailConfirmationToken,
template.NeedsPhoneConfirmation
));
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
LoggerController.AddBeginMethodLog(this.GetType().Name, MethodBase.GetCurrentMethod().Name);
s.Restart();
if (!ModelState.IsValid)
{
s.Stop();
LoggerController.AddEndMethodLog(this.GetType().Name,
MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds);
return(View(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Nie udało się odnaleźć użytkownika.");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
_logger.LogInformation("User with ID {UserId} logged in with a " +
"recovery code.", user.Id);
s.Stop();
LoggerController.AddEndMethodLog(this.GetType().Name,
MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds);
return(RedirectToLocal(returnUrl));
}
if (result.IsLockedOut)
{
_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
s.Stop();
LoggerController.AddEndMethodLog(this.GetType().Name,
MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds);
return(RedirectToAction(nameof(Lockout)));
}
else
{
_logger.LogWarning("Invalid recovery code entered for user with" +
" ID {UserId}", user.Id);
ModelState.AddModelError(string.Empty, "Niepoprawny kod bezpieczeństwa.");
s.Stop();
LoggerController.AddEndMethodLog(this.GetType().Name,
MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds);
return(View());
}
}
public async Task <IActionResult> LoginCode(string returnUrl = null)
{
// Ensure the user has gone through the username & password screen first
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
var model = new LoginWithRecoveryCodeViewModel {
ReturnUrl = returnUrl
};
return(View(model));
}
public async Task <IActionResult> LoginWithRecoveryCode([FromBody] LoginWithRecoveryCodeViewModel model)
{
var userId = await RetrieveBearerTwoFactorUserIdAsync();
if (string.IsNullOrEmpty(userId))
{
return(BadRequest(new ApiBadRequestResponse(ModelState, "Unable to login with 2FA recovery code.")));
}
var user = await _userManager.FindByIdAsync(userId);
if (user is null)
{
_logger.LogWarning("Unable to load user with ID {UserId}.", userId);
return(BadRequest(new ApiBadRequestResponse(ModelState, "Unable to login with 2FA recovery code.")));
}
if (!await _signInManager.CanSignInAsync(user) || (_userManager.SupportsUserLockout && await _userManager.IsLockedOutAsync(user)))
{
_logger.LogWarning("Unable to sign in user with ID {UserId}.", userId);
return(BadRequest(new ApiBadRequestResponse(ModelState, "The specified user cannot sign in.")));
}
// Strip spaces and hypens
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty).Replace("-", string.Empty);
var result = await _userManager.RedeemTwoFactorRecoveryCodeAsync(user, recoveryCode);
if (result.Succeeded)
{
// When token is verified correctly, clear the access failed count used for lockout
if (_userManager.SupportsUserLockout)
{
await _userManager.ResetAccessFailedCountAsync(user);
}
_logger.LogInformation("User with ID {UserId} logged in with 2FA recovery code.", user.Id);
var jwt = await GetUserTokenAsync(user);
return(Ok(new ApiOkResponse(jwt).Result));
}
// We don't protect against brute force attacks since codes are expected to be random
_logger.LogWarning("Invalid recovery code entered for user with ID {UserId}.", user.Id);
return(Unauthorized(new ApiUnauthorizedResponse("Invalid recovery code or already used.")));
}
public async Task <IActionResult> LoginWithRecoveryCode(string returnUrl = null)
{
// Ensure the user has gone through the username & password screen first
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new InvalidOperationException(_localizer["Unable2FA"]);
}
var model = new LoginWithRecoveryCodeViewModel()
{
ReturnUrl = returnUrl
};
return(View(model));
}
public virtual async Task <UserLoginResult> TryLoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model)
{
var template = new LoginResultTemplate();
IUserContext userContext = null;
template.User = await SignInManager.GetTwoFactorAuthenticationUserAsync();
if (template.User != null)
{
await LoginRulesProcessor.ProcessAccountLoginRules(template);
}
if (template.User != null)
{
userContext = new UserContext(template.User);
}
if (userContext != null &&
template.SignInResult == SignInResult.Failed && //initial state
template.RejectReasons.Count == 0
)
{
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
template.SignInResult = await SignInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
}
if (template.SignInResult.Succeeded)
{
//update last login time
template.User.LastLoginUtc = DateTime.UtcNow;
await UserManager.UpdateAsync(template.User);
}
return(new UserLoginResult(
template.SignInResult,
template.RejectReasons,
userContext,
template.IsNewUserRegistration,
template.MustAcceptTerms,
template.NeedsAccountApproval,
template.NeedsEmailConfirmation,
template.EmailConfirmationToken,
template.NeedsPhoneConfirmation
));
}
public async Task <IActionResult> LoginWithRecoveryCode(string returnUrl = null)
{
var user = await _identityService.GetTwoFactorAuthenticationUser();
if (user == null)
{
return(RedirectToAction(nameof(Login)));
}
var model = new LoginWithRecoveryCodeViewModel()
{
ReturnUrl = returnUrl
};
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model,
string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
logger.LogWarning($"Не удается установить двухфакторную аутентификацию пользователя");
throw new ApplicationException($"Не удается установить двухфакторную аутентификацию пользователя");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
await db.AddLogAccess(user.Email, "Пользователь вошел с кодом восстановления",
Request.Headers["User-Agent"].ToString());
return(RedirectToLocal(returnUrl));
}
if (result.IsLockedOut)
{
await db.AddLogAccess(user.Email, "Пользователь заблокирован",
Request.Headers["User-Agent"].ToString());
return(RedirectToAction(nameof(Lockout)));
}
else
{
await db.AddLogAccess(user.Email, "Пользователь неверно ввел код восстановления",
Request.Headers["User-Agent"].ToString());
ModelState.AddModelError(string.Empty, "Неверно введен код восстановления");
return(View());
}
}
public virtual async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
ViewData["Title"] = StringLocalizer["Recovery code verification"];
if (!ModelState.IsValid)
{
return(View(model));
}
var result = await AccountService.TryLoginWithRecoveryCode(model);
if (result.SignInResult.Succeeded)
{
return(await HandleLoginSuccess(result, returnUrl));
}
foreach (var reason in result.RejectReasons)
{
//these reasons are not meant to be shown in the ui
// but we can log them so admin will see failed attempts in the log along with reasons
Log.LogWarning(reason);
}
if (result.SignInResult.IsNotAllowed)
{
return(await HandleLoginNotAllowed(result, returnUrl));
}
if (result.SignInResult.IsLockedOut)
{
return(await HandleLockout(result));
}
else
{
Analytics.HandleLoginFail("Onsite", StringLocalizer["Invalid recovery code entered."]).Forget();
ModelState.AddModelError(string.Empty, StringLocalizer["Invalid recovery code entered."]);
return(View(model));
}
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return(View(model));
}
try
{
var loginResponse = await _mediator.Send(new LoginRecoveryCommand()
{
RecoveryCode = model.RecoveryCode.Replace(" ", string.Empty),
});
if (loginResponse.LoginResult.SignInResult.Succeeded)
{
if (_interaction.IsValidReturnUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect(Url.HomeLink()));
}
else if (loginResponse.LoginResult.SignInResult.IsLockedOut)
{
return(RedirectToAction(nameof(Lockout)));
}
else
{
ModelState.AddModelError("", "Invalid recovery code entered.");
}
}
catch (ValidationException ex)
{
AddErrors(ex);
}
ViewData["ReturnUrl"] = model.ReturnUrl;
return(View(model));
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, Uri returnUrl = null)
{
if (model == null)
{
return(NotFound());
}
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync().ConfigureAwait(false);
if (user == null)
{
throw new ApplicationException(_localizer[$"Unable to load two-factor authentication user."]);
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty, StringComparison.InvariantCultureIgnoreCase);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode).ConfigureAwait(false);
if (result.Succeeded)
{
_logger.LogInformation(_localizer["User with ID {UserId} logged in with a recovery code."], user.Id);
return(RedirectToLocal(returnUrl?.AbsoluteUri));
}
if (result.IsLockedOut)
{
_logger.LogWarning(_localizer["User with ID {UserId} account locked out."], user.Id);
return(RedirectToAction(nameof(Lockout)));
}
else
{
_logger.LogWarning(_localizer["Invalid recovery code entered for user with ID {UserId}"], user.Id);
ModelState.AddModelError(string.Empty, "Invalid recovery code entered.");
return(View());
}
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
ViewData["Page"] = "loginwithrecoverycode";
if (!ModelState.IsValid)
{
return(View("~/Views/Home/index.cshtml", model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unabletoloadtwo-factorauthenticationuser.");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
if (returnUrl == null)
{
returnUrl = "/account/";
}
return(LocalRedirect(returnUrl));
}
if (result.IsLockedOut)
{
ViewData["Page"] = "lockout";
return(RedirectToAction(nameof(HomeController.Index), "Home"));
}
else
{
ModelState.AddModelError(string.Empty, SiteConfig.generalLocalizer["_invalid_recovery_code_entered"].Value);
return(View("~/Views/Home/index.cshtml"));
}
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(model));
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.IsLockedOut)
{
Ok(new ApiResultOutput {
Success = false, Message = "User account is locked out."
});
}
if (!result.Succeeded)
{
return(BadRequest(new ApiResultOutput {
Success = false, Message = "Invalid recovery code entered."
}));
}
return(Ok(new ApiResultOutput {
Success = true
}));
}
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
ViewData["Title"] = sr["Recovery code verification"];
if (!ModelState.IsValid)
{
return(View(model));
}
//var user = await accountService.GetTwoFactorAuthenticationUserAsync();
//if (user == null)
//{
// throw new ApplicationException($"Unable to load two-factor authentication user.");
//}
//var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty);
//var result = await accountService.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
//if (result.Succeeded)
//{
// //_logger.LogInformation("User with ID {UserId} logged in with a recovery code.", user.Id);
// return LocalRedirect(returnUrl);
//}
//if (result.IsLockedOut)
//{
// //_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
// return HandleLockout();
//}
//else
//{
// //_logger.LogWarning("Invalid recovery code entered for user with ID {UserId}", user.Id);
// ModelState.AddModelError(string.Empty, "Invalid recovery code entered.");
// return View();
//}
var result = await accountService.TryLoginWithRecoveryCode(model);
if (result.SignInResult.Succeeded)
{
return(await HandleLoginSuccess(result, returnUrl));
}
foreach (var reason in result.RejectReasons)
{
//these reasons are not meant to be shown in the ui
// but we can log them so admin will see failed attempts in the log along with reasons
log.LogWarning(reason);
}
if (result.SignInResult.IsNotAllowed)
{
return(HandleLoginNotAllowed(result));
}
if (result.SignInResult.IsLockedOut)
{
return(HandleLockout(result));
}
else
{
analytics.HandleLoginFail("Onsite", sr["Invalid recovery code entered."]).Forget();
ModelState.AddModelError(string.Empty, sr["Invalid recovery code entered."]);
return(View(model));
}
}
