Exemplo n.º 1
0
        public async Task <HttpResponseMessage> GetNextOtpServer(dynamic authData)
        {
            #region Check Input Data
            if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId))
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                   "The userId value cannot be null or zero."));
            }

            if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId))
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                   "The appId value cannot be null or zero."));
            }

            //if ( ReferenceEquals ( null, authData.localCounter ) || Equals ( 0, authData.localCounter ) )
            //{
            //    return Request.CreateErrorResponse ( HttpStatusCode.BadRequest,
            //                                         "The localCounter value cannot be null or zero." );
            //}

            #endregion

            Logging.Logger logger = new Logging.Logger(LogName);

            int userId = authData.userId;
            int appId  = authData.appId;

            //First sync that Data, use it later
            //var syncData = await SyncOtpCounterHere ( authData );

            //var syncDataObject = await JsonConvert.DeserializeObjectAsync ( syncData );

            var secret = await GetCurrentUserOtpSecret(userId, appId);

            long srvCounter = await GetDbOtpCounterValue(userId, appId);

            if (srvCounter == -1)
            {
                var errorData = new
                {
                    LastOtp    = "",
                    NewOtp     = "",
                    NewCounter = ""
                };

                await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                  , "GetNextOtpServer", "Parameter Errror."), LogName));


                var error = await JsonConvert.SerializeObjectAsync(errorData);

                return(Request.CreateResponse <string>(error));
            }

            try
            {
                OTPAlgo algo = new OTPAlgo((ulong)srvCounter, secret);

                var currentOtp = algo.GetCurrentOTP();

                //invalidate the current otp
                await SetOtpCounterInvalid(userId, appId);

                //Get the next otp, save and set it valid
                var nextOtp = algo.GetNextOTP();


                //This updates the OTP counter and sets it valid.
                await SetOtpCounterValid(userId, appId, (long)algo.Counter);

                var nextOtpData = new
                {
                    LastOtp = currentOtp,
                    NewOtp  = nextOtp,
                };

                var serialized = await JsonConvert.SerializeObjectAsync(nextOtpData);

                return(Request.CreateResponse <string>(serialized));
            }
            catch (Exception ex)
            {
                logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                            , "GetNextOtpServer", ex.ToString()), LogName)).Wait();

                return(Request.CreateResponse(HttpStatusCode.BadRequest, ex.ToString()));
            }
        }
Exemplo n.º 2
0
        public async Task <HttpResponseMessage> OtpLogin(dynamic authData)
        {
            #region Check Input Data
            if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId))
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                   "The userId value cannot be null or zero."));
            }

            if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId))
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                   "The appId value cannot be null or zero."));
            }

            if (ReferenceEquals(null, authData.Otp) || Equals(String.Empty, authData.Otp))
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
                                                   "The appId value cannot be null or zero."));
            }
            #endregion
            Logging.Logger logger = new Logging.Logger(LogName);
            try
            {
                int    userId = authData.userId;
                int    appId  = authData.appId;
                string otp    = authData.Otp;


                if (userId <= 0)
                {
                    await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                      , "OtpLogin", "Userid invalid."), LogName));

                    return(Request.CreateResponse <string>("PARAMERRORUSERID"));
                }

                if (appId <= 0)
                {
                    await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                      , "OtpLogin", "AppId invalid."), LogName));

                    return(Request.CreateResponse <string>("PARAMERRORAPPID"));
                }

                if (String.IsNullOrEmpty(otp))
                {
                    await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                      , "OtpLogin", "Otp invalid."), LogName));

                    return(Request.CreateResponse <string>("PARAMERROROTP"));
                }


                var otpValid = await IsCurrentOtpValid(userId, appId);

                if (!otpValid.SeqValid)
                {
                    await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                      , "OtpLogin", "OTP Invalid"), LogName));

                    return(Request.CreateResponse <string>("OTPINVALID"));
                }

                var counter = await GetDbOtpCounterValue(userId, appId);

                var secret = await GetCurrentUserOtpSecret(userId, appId);

                OTPAlgo algo = new OTPAlgo((ulong)counter, secret);

                var currentOtp = algo.GetCurrentOTP();

                if (currentOtp.Equals(otp))
                {
                    //Successfull, create a new secret, and create a new otp
                    var invalid = await SetOtpCounterInvalid(userId, appId);

                    if (invalid)
                    {
                        await GenerateNewSecret(userId, appId);

                        await logger.StoreNewLogMessage(new Logging.Message(String.Format("OTPLOGINSUCCES by user {0} for appId {1}", userId, appId),
                                                                            LogName));

                        return(Request.CreateResponse <string>("SUCCESS"));
                    }
                    else
                    {
                        await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                          , "OtpLogin", "Counter could not be set valid."), LogName));

                        return(Request.CreateResponse <string>("INVALIDATEERROR"));
                    }
                }
                else
                {
                    await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                                      , "OtpLogin", "Wrong OTP."), LogName));

                    //Not successfull, check if OTP is still valid
                    return(Request.CreateResponse <string>("WRONGOTP"));
                }
            }
            catch (Exception ex)
            {
                logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
                                                                            , "OtpLogin", ex.ToString()), LogName)).Wait();

                return(Request.CreateResponse <string>("SYSERROR"));
            }
        }