Exemplo n.º 1
0
        public async Task <IActionResult> Register(LoginSystem loginSystem)
        {
            loginSystem.Step = "register";

            if (ModelState.IsValid)
            {
                try
                {
                    var securityToken = SecurityUsing.CreateCryptographicallySecureGuid().ToString();

                    // Chiffrement du token (avec la passphrase du site et le mot de passe utilisateur)
                    var firstCrypt  = SecurityUsing.BytesToHex(Aes.Encrypt(_globalSettings.Value.AesPassphrase, securityToken));
                    var secondCrypt = SecurityUsing.BytesToHex(Aes.Encrypt(loginSystem.RegisterModel.Password, firstCrypt));

                    await _vaultClient.V1.Secrets.KeyValue.V2.WriteSecretAsync($"safeblock/io/tokens/{SecurityUsing.Sha1(loginSystem.RegisterModel.Mail)}", new Dictionary <string, object>
                    {
                        { "token", secondCrypt },
                        { "timestamp", DateTimeOffset.Now.ToUnixTimeSeconds() }
                    });

                    var newUser = new ApplicationUser()
                    {
                        UserName        = loginSystem.RegisterModel.Mail.ToLower(),
                        Email           = loginSystem.RegisterModel.Mail.ToLower(),
                        Token           = securityToken,
                        AccountType     = "User",
                        RegisterDate    = DateTime.Now,
                        HasUsingTor     = SecurityUsing.IsTorVisitor(HttpContext.Connection.RemoteIpAddress.ToString()),
                        RegisterIp      = HttpContext.Connection.RemoteIpAddress.ToString(),
                        RegisterContext = JsonConvert.SerializeObject(HttpContext.Request.Headers, Formatting.Indented),
                        IsAllowed       = true,
                        TwoFactorPolicy = "None"
                    };

                    var creationResult = await _userManager.CreateAsync(newUser, securityToken);

                    if (creationResult.Succeeded)
                    {
                        if (!_env.IsDevelopment())
                        {
                            var code = await _userManager.GenerateEmailConfirmationTokenAsync(newUser);

                            var callbackUrl = Url.Page(
                                "/account/activate/",
                                pageHandler: null,
                                values: new { userId = newUser.Id, code },
                                protocol: Request.Scheme);
                            await MailUsing.SendConfirmationEmail(loginSystem.RegisterModel.Mail, callbackUrl, @"F:\SafeBlock.io\Backup\unx\SafeBlock.io\robots.txt");
                        }
                        await _signInManager.SignInAsync(newUser, loginSystem.LoginModel.KeepSession);

                        return(RedirectToAction("Index", "Dashboard", new { firstLogin = true }));
                    }
                    foreach (var resultError in creationResult.Errors)
                    {
                        ModelState.AddModelError(string.Empty, resultError.Description);
                    }
                }
                catch (Exception e)
                {
                    ViewBag.CreationError = true;
                    ViewBag.Exception     = e.Message;
                }
            }

            return(View("GettingStarted", loginSystem));
        }
Exemplo n.º 2
0
        public async Task <IActionResult> Login(LoginSystem loginSystem)
        {
            loginSystem.Step = "login";

            if (ModelState.IsValid)
            {
                var getUser = await _userManager.FindByEmailAsync(loginSystem.LoginModel.Mail);

                //ModelState.AddModelError("LoginModel.Mail", "This account does not exists.");

                try
                {
                    var fullyCryptedToken = await _vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync($"safeblock/io/tokens/{SecurityUsing.Sha1(loginSystem.LoginModel.Mail)}");

                    var halfCryptedToken = Aes.Decrypt(loginSystem.LoginModel.Password, SecurityUsing.HexToBytes(fullyCryptedToken.Data.Data["token"].ToString()));
                    var token            = Aes.Decrypt(_globalSettings.Value.AesPassphrase, SecurityUsing.HexToBytes(halfCryptedToken));

                    if (getUser.Token.Equals(token))
                    {
                        var loginResult = await _signInManager.PasswordSignInAsync(getUser, token, loginSystem.LoginModel.KeepSession, true);

                        if (loginResult.Succeeded)
                        {
                            return(RedirectToAction("Index", "Dashboard"));
                        }
                        if (loginResult.RequiresTwoFactor)
                        {
                            //TODO: redirect to 2FA
                        }
                        if (loginResult.IsLockedOut)
                        {
                            //TODO: redirect to lockout
                        }
                        else
                        {
                            ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                        }
                    }
                    else
                    {
                        ModelState.AddModelError("LoginModel.Mail", "Invalid login attempt.");
                    }
                }
                catch (Exception e)
                {
                    getUser.AccessFailedCount++;
                    await _userManager.UpdateAsync(getUser);

                    ModelState.AddModelError("LoginModel.Mail", "Unable to decrypt your account.");
                }
            }
            return(View("GettingStarted", loginSystem));
        }