public void GetQrCodeImageAsDataUriThrowsOnInvalidSize()
{
var qr = new TestQrProvider();
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, qr);
target.GetQrCodeImageAsDataUri("Test", "VMR466AB62ZBOKHE", 0);
}
public void CreateSecretThrowsOnInsecureRNGProvider()
{
var rng = new TestRNGProvider();
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng);
target.CreateSecret();
}
public void VerifyCorrectTimeSliceIsReturned()
{
var target = new TwoFactorAuth();
// We test with discrapancy 3 (so total of 7 codes: c-3, c-2, c-1, c, c+1, c+2, c+3
// Ensure each corresponding timeslice is returned correctly
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "534113", 3, 1426847190, out long timeslice1));
Assert.AreEqual(47561570, timeslice1);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "819652", 3, 1426847190, out long timeslice2));
Assert.AreEqual(47561571, timeslice2);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "915954", 3, 1426847190, out long timeslice3));
Assert.AreEqual(47561572, timeslice3);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 3, 1426847190, out long timeslice4));
Assert.AreEqual(47561573, timeslice4);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "348401", 3, 1426847190, out long timeslice5));
Assert.AreEqual(47561574, timeslice5);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "648525", 3, 1426847190, out long timeslice6));
Assert.AreEqual(47561575, timeslice6);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "170645", 3, 1426847190, out long timeslice7));
Assert.AreEqual(47561576, timeslice7);
// Incorrect code should return false and a 0 timeslice
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "111111", 3, 1426847190, out long timeslice8));
Assert.AreEqual(0, timeslice8);
}
public async Task ExecuteAsync(RequestData <GuriPacket> requestData)
{
if (requestData.ClientSession.MfaValidated != false || requestData.ClientSession.Account.MfaSecret == null)
{
return;
}
var tfa = new TwoFactorAuth();
if (tfa.VerifyCode(requestData.ClientSession.Account.MfaSecret, requestData.Data.Value))
{
requestData.ClientSession.MfaValidated = true;
await requestData.ClientSession.HandlePacketsAsync(new[] { new EntryPointPacket() });
}
else
{
await requestData.ClientSession.SendPacketAsync(new NosCore.Packets.ServerPackets.UI.GuriPacket
{
Type = GuriPacketType.Effect,
Argument = 3,
EntityId = 0
}).ConfigureAwait(false);
await requestData.ClientSession.SendPacketAsync(new InfoiPacket { Message = Game18NConstString.IncorrectPassword }).ConfigureAwait(false);
}
}
public void VerifyTotpUriIsCorrect()
{
var target = new TwoFactorAuth(issuer: "Test&Issuer");
var data = target.GetQrText("Test&Label", "VMR466AB62ZBOKHE");
Assert.AreEqual("otpauth://totp/Test%26Label?secret=VMR466AB62ZBOKHE&issuer=Test%26Issuer&period=30&algorithm=SHA1&digits=6", data);
}
protected void Unnamed1_Click(object sender, EventArgs e)
{
tfa = new TwoFactorAuth(WWWVars.SiteName);
Accounts useracc = null;
string userid = (string)Session["userid"];
using (VendingModelContainer dc = new VendingModelContainer())
{
var useraccs = dc.Set <Accounts>();
useracc = useraccs.First(x => x.UserID == userid);
}
if (useracc.TOTPSecret != "" && totp.Text != null)
{
if (tfa.VerifyCode(useracc.TOTPSecret, totp.Text))
{
Session["userid"] = "";
FormsAuthentication.RedirectFromLoginPage(useracc.UserID, false);
Logger.AccountLog(Request.UserHostAddress, "Доступ предоставлен", "Введен правильный одноразовый код", useracc.ID);
Logger.SystemLog(Request.UserHostAddress, "Доступ в систему предоставлен", useracc.UserID, "Server");
}
else
{
totpmsg.Text = "Неверный одноразовый пароль";
loginbox.Visible = false;
totpbox.Visible = true;
Logger.AccountLog(Request.UserHostAddress, "Доступ запрещен", "Введен неправильный одноразовый код", useracc.ID);
Logger.SystemLog(Request.UserHostAddress, "Ошибка: неверный одноразовый код", useracc.UserID, "Server");
}
}
}
public void CreateSecretThrowsOnInsecureRNGProvider()
{
var rng = new TestRNGProvider();
var target = new TwoFactorAuth(rngprovider: rng);
target.CreateSecret();
}
public void GetQrCodeImageAsDataUriThrowsOnInvalidSize()
{
var qr = new TestQrProvider();
var target = new TwoFactorAuth(qrcodeprovider: qr);
target.GetQrCodeImageAsDataUri("Test", "VMR466AB62ZBOKHE", 0);
}
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnSecureRNG()
{
var rng = new TestRNGProvider(true);
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng);
var r = target.CreateSecret();
Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret());
}
protected void Page_Load(object sender, EventArgs e)
{
Accounts useracc = null;
using (VendingModelContainer dc = new VendingModelContainer())
{
var useraccs = dc.Set <Accounts>();
useracc = useraccs.First(x => x.UserID == User.Identity.Name);
}
if (IsPostBack)
{
return;
}
if (useracc.TOTPSecret == "")
{
tfa = new TwoFactorAuth(WWWVars.SiteName);
string secret = tfa.CreateSecret(160);
totps.ImageUrl = tfa.GetQrCodeImageAsDataUri(User.Identity.Name, secret, 200);
Session["totps"] = secret;
twofasetupcompletebox.Visible = false;
}
else
{
twofasetupcompletebox.Visible = true;
twofasetupbox.Visible = false;
}
}
public IActionResult setup2FA([FromHeader] string token)
{
// Check if the user managed to login with user and password but don't check 2fa here
if (Logins.Verify(token, false, false) != null)
{
// Check if the user has 2fa enabled
List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';");
LoginSession u = v.Count > 0 ? v.First() : null;
// Get the user that owns this session
List <User> users = Program.db.Query <User>($"SELECT * FROM User WHERE id='{u.userId}';");
User user = users.Last();
if (user.twoFactorConfirmed)
{
return(BadRequest("2FA is already enabled for this account."));
}
else
{
TwoFactorAuth tfa = new TwoFactorAuth("Cashier API", qrcodeprovider: new SkiaSharpQrCodeProvider()); //TODO: Change org to company name from global settings (WIP)
string secret = tfa.CreateSecret(160);
user.twoFactorSecret = secret;
user.twoFactorConfirmed = false;
Program.db.Update(user);
return(Ok(tfa.GetQrCodeImageAsDataUri("Cashier API", secret)));
}
}
else
{
return(Unauthorized());
}
}
public async Task <IActionResult> Create(string groupName)
{
if (!string.IsNullOrWhiteSpace(groupName))
{
if (await this.groupRepository.GetByName(groupName) != null)
{
return(Ok("Helaas bestaat deze naam al"));
}
var tfa = new TwoFactorAuth(groupName);
var group = new Group()
{
Name = groupName,
Secret = tfa.CreateSecret(160)
};
if (await this.groupRepository.Save(group) && group.GroupId.HasValue)
{
var jwt = JoinGroupJwtBased(group);
group.RefreshToken = GenerateRefreshToken();
await this.groupRepository.Save(group);
return(new JsonResult(new
{
name = group.Name,
qrCode = tfa.GetQrCodeImageAsDataUri(group.Name, group.Secret),
token = jwt,
refreshToken = group.RefreshToken
}));
}
}
return(Ok("Er is geen naam ontvangen"));
}
public IActionResult confirmTFA([FromBody] string tfaCode, [FromHeader] string token)
{
// Check if the user managed to login with user and password but don't check 2fa here
if (Logins.Verify(token, false, false) != null)
{
// Check if the user has 2fa enabled
List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';");
LoginSession u = v.Count > 0 ? v.First() : null;
// Get the user that owns this session
List <User> users = Program.db.Query <User>($"SELECT * FROM User WHERE id='{u.userId}';");
User user = users.Last();
if (u.passed2FA)
{
return(BadRequest("2FA is already validated for this session."));
}
if (users.Count > 0)
{
if (!string.IsNullOrEmpty(user.twoFactorSecret))
{
var tfa = new TwoFactorAuth("Cashier API"); //TODO: Change org to company name from global settings (WIP)
// Verify if 2FA code is valid
if (tfa.VerifyCode(user.twoFactorSecret, tfaCode))
{
// Code seems legit, update db and return session info.
u.passed2FA = true;
Program.db.Update(u);
// If 2FA was never confirmed let's make it confirmed as we validated a code.
if (!user.twoFactorConfirmed)
{
user.twoFactorConfirmed = true;
Program.db.Update(user);
}
return(Ok(u));
}
else
{
return(Unauthorized("Incorrect 2FA code"));
}
}
else
{
return(BadRequest("2FA is not enabled for this account."));
}
}
else
{
return(BadRequest("No user found with this login token."));
}
}
else
{
return(Unauthorized());
}
}
public async Task <IActionResult> VerifyQrCode(string UserName, string key)
{
try
{
TwoFactorAuth TFAuth = new TwoFactorAuth();
string sCode = UserName;
string sKey = string.Empty;
sKey = key; //TFAuth.CreateSecret(160);
bool st = TFAuth.VerifyCode(sKey, sCode, 5);
if (st)
{
return(Ok(new BizResponseClass {
ReturnCode = enResponseCode.Success, ReturnMsg = "Success"
}));
}
else
{
return(Ok(new BizResponseClass {
ReturnCode = enResponseCode.Success, ReturnMsg = "Fail"
}));
}
}
catch (Exception ex)
{
return(BadRequest(new BizResponseClass {
ReturnCode = enResponseCode.InternalError, ReturnMsg = ex.ToString(), ErrorCode = enErrorCode.Status500InternalServerError
}));
}
}
public async Task <IActionResult> GetQrCode(string UserName)
{
try
{
TwoFactorAuth TFAuth = new TwoFactorAuth();
string URL;
string sKey = string.Empty;
string sName = string.Empty;
sKey = TFAuth.CreateSecret(160);
sName = UserName; // dSetReq.Tables(0).Rows(0)("NAME");
sKey = TFAuth.CreateSecret(160);
URL = TFAuth.GetQrCodeImageAsDataUri(sName, sKey);
string value = URL + "" + sKey;
return(Ok(new BizResponseClass {
ReturnCode = enResponseCode.Success, ReturnMsg = value,
}));
}
catch (Exception ex)
{
//return BadRequest(ex.ToString());
return(BadRequest(new BizResponseClass {
ReturnCode = enResponseCode.InternalError, ReturnMsg = ex.ToString(), ErrorCode = enErrorCode.Status500InternalServerError
}));
}
}
public void GetCodeReturnsCorrectResults()
{
var target = new TwoFactorAuth();
Assert.AreEqual("543160", target.GetCode("VMR466AB62ZBOKHE", 1426847216));
Assert.AreEqual("538532", target.GetCode("VMR466AB62ZBOKHE", 0));
}
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnInsecureRNG()
{
var rng = new TestRNGProvider(false);
var target = new TwoFactorAuth(rngprovider: rng);
var r = target.CreateSecret(80, CryptoSecureRequirement.AllowInsecure);
Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret(80, CryptoSecureRequirement.AllowInsecure));
}
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnSecureRNG()
{
var rng = new TestRNGProvider(true);
var target = new TwoFactorAuth(rngprovider: rng);
var r = target.CreateSecret();
Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret());
}
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnSecureRNG()
{
var rng = new TestRNGProvider(true);
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng);
var r = target.CreateSecret();
Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret());
}
public async Task <IActionResult> ConnectUserAsync(ApiSession session)
{
if (!ModelState.IsValid)
{
return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_ERROR)));
}
var account = await _accountDao.FirstOrDefaultAsync(s => s.Name == session.Identity).ConfigureAwait(false);
if (account == null)
{
return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_ERROR)));
}
var tfa = new TwoFactorAuth();
if (!string.IsNullOrEmpty(account.MfaSecret) && !tfa.VerifyCode(account.MfaSecret, session.Mfa))
{
return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.MFA_INCORRECT)));
}
if (account.Password !.ToLower(CultureInfo.CurrentCulture) != (_hasher.Hash(session.Password)) &&
account.NewAuthPassword !.ToLower(CultureInfo.CurrentCulture) != (_hasher.Hash(session.Password, account.NewAuthSalt !)))
{
return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_INCORRECT)));
}
account.Language = Enum.Parse <RegionType>(session.GfLang?.ToUpper(CultureInfo.CurrentCulture) ?? "");
account = await _accountDao.TryInsertOrUpdateAsync(account).ConfigureAwait(false);
var platformGameAccountId = Guid.NewGuid();
var claims = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, session.Identity),
new Claim(ClaimTypes.Sid, platformGameAccountId.ToString()),
new Claim(ClaimTypes.Role, account.Authority.ToString())
});
var password = _hasher.Hash(_apiConfiguration.Value.Password !, _apiConfiguration.Value.Salt);
var keyByteArray = Encoding.Default.GetBytes(password);
var signinKey = new SymmetricSecurityKey(keyByteArray);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Subject = claims,
Issuer = "Issuer",
Audience = "Audience",
SigningCredentials = new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256Signature)
});
_logger.Information(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_API_SUCCESS),
session.Identity, platformGameAccountId, session.Locale);
return(Ok(new
{
token = handler.WriteToken(securityToken),
platformGameAccountId
}));
}
public void EnsureCorrectTimeThrowsOnInCorrectTime1()
{
var testdate = new DateTime(2017, 2, 18, 17, 15, 46);
var tp1 = new TestTimeProvider(testdate);
var tp2 = new TestTimeProvider(testdate.AddSeconds(6)); //Positive
var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA1, new TestQrProvider(), new TestRNGProvider(), tp1);
target.EnsureCorrectTime(new[] { tp2 }, 5);
}
public void EnsureCorrectTimeDoesNotThrowOnCorrectTimeWithinLeniency()
{
var testdate = new DateTime(2017, 2, 18, 17, 15, 46);
var tp1 = new TestTimeProvider(testdate);
var tp2 = new TestTimeProvider(testdate.AddSeconds(5));
var target = new TwoFactorAuth(timeprovider: tp1);
target.EnsureCorrectTime(new[] { tp2 }, 5);
}
public void EnsureCorrectTimeDoesNotThrowOnCorrectTime()
{
var testdate = new DateTime(2017, 2, 18, 17, 15, 46);
var tp1 = new TestTimeProvider(testdate);
var tp2 = new TestTimeProvider(testdate);
var target = new TwoFactorAuth(timeprovider: tp1);
target.EnsureCorrectTime(new[] { tp2 }, 0);
}
public void EnsureCorrectTimeThrowsOnInCorrectTime2()
{
var testdate = new DateTime(2017, 2, 18, 17, 15, 46);
var tp1 = new TestTimeProvider(testdate);
var tp2 = new TestTimeProvider(testdate.AddSeconds(-6)); //Negative
var target = new TwoFactorAuth(timeprovider: tp1);
target.EnsureCorrectTime(new[] { tp2 }, 5);
}
public async Task <IActionResult> EnableAuthenticator([FromBody] EnableAuthenticatorCodeViewModel model)
{
try
{
// var user = await _userManager.FindByNameAsync(model.UserName);
var user = await GetCurrentUserAsync();
if (user != null)
{
TwoFactorAuth TFAuth = new TwoFactorAuth();
//sKey = key; //TFAuth.CreateSecret(160);
string code = TFAuth.GetCode(user.PhoneNumber);
if (model.Code == code)
// bool st = TFAuth.VerifyCode(user.PhoneNumber, model.Code, 5);
//if (st)
{
user.TwoFactorEnabled = true;
await _userManager.UpdateAsync(user);
return(Ok(new EnableAuthenticationResponse {
ReturnCode = enResponseCode.Success, ReturnMsg = EnResponseMessage.EnableTwoFactor
}));
}
else
{
return(BadRequest(new EnableAuthenticationResponse {
ReturnCode = enResponseCode.Fail, ReturnMsg = EnResponseMessage.TwoFactorVerification, ErrorCode = enErrorCode.Status4079TwoFAcodeInvalide
}));
}
}
return(BadRequest(new EnableAuthenticationResponse {
ReturnCode = enResponseCode.Fail, ReturnMsg = EnResponseMessage.TwoFactorVerification, ErrorCode = enErrorCode.Status4079TwoFAcodeInvalide
}));
//var user = await GetCurrentUserAsync();
//// Strip spaces and hypens
//var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
//var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(
// user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
//if (!is2faTokenValid)
//{
// return BadRequest(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Fail, ReturnMsg = EnResponseMessage.TwoFactorVerification, ErrorCode = enErrorCode.Status4079TwoFAcodeInvalide });
//}
//await _userManager.SetTwoFactorEnabledAsync(user, true);
//return Ok(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Success, ReturnMsg = EnResponseMessage.EnableTwoFactor });
}
catch (Exception ex)
{
return(BadRequest(new TwoFactorAuthResponse {
ReturnCode = enResponseCode.InternalError, ReturnMsg = ex.ToString(), ErrorCode = enErrorCode.Status500InternalServerError
}));
}
}
public ReexController(IWalletManagementService walletManagementService, IMemoryCache memoryCache, IConfiguration configuration, IFirebaseDbService firebaseDbService)
{
this.walletManagementService = walletManagementService;
this.memoryCache = memoryCache;
this.cacheEntryOptions = new MemoryCacheEntryOptions()
.SetAbsoluteExpiration(TimeSpan.FromMinutes(int.Parse(configuration["CacheExpiryInMinutes"] ?? "60")));
this.firebaseDbService = firebaseDbService;
this.issuer = configuration["MyCompany"];
this.twoFactorAuth = new TwoFactorAuth(issuer);
}
public void VerifyCodeReturnsFalseOnIncorrectCodes()
{
var target = new TwoFactorAuth();
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190));
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543161", 0, 1426847190)); //Incorrect code
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543159", 0, 1426847190)); //Incorrect code
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "54316", 0, 1426847190)); //Incorrect length
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "5431600", 0, 1426847190)); //Incorrect length
}
public async Task<ActionResult> Validate([FromBody] JObject validation)
{
var group = (await this.groupRepository.GetById(this.GroupId().Value));
var tfa = new TwoFactorAuth(group.Name);
if (tfa.VerifyCode(group.Secret, validation.Property("token").Value.ToString()))
{
return Ok("Correct, klaar om te gebruiken");
}
return Ok("Validatie is incorrect");
}
public void VerifyTotpUriIsCorrect()
{
var qr = new TestQrProvider();
var target = new TwoFactorAuth(issuer: "Test&Issuer", qrcodeprovider: qr);
var data = DecodeDataUri(target.GetQrCodeImageAsDataUri("Test&Label", "VMR466AB62ZBOKHE"));
Assert.AreEqual("test/test", data["mimetype"]);
Assert.AreEqual("base64", data["encoding"]);
Assert.AreEqual("otpauth://totp/Test%26Label?secret=VMR466AB62ZBOKHE&issuer=Test%26Issuer&period=30&algorithm=SHA1&digits=6@200", data["data"]);
}
public void CreateSecretGeneratesDesiredAmountOfEntropy()
{
var rng = new TestRNGProvider(true);
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng);
Assert.AreEqual("A", target.CreateSecret(5));
Assert.AreEqual("AB", target.CreateSecret(6));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ", target.CreateSecret(128));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(160));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(320));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567A", target.CreateSecret(321));
}
public void CreateSecretGeneratesDesiredAmountOfEntropy()
{
var rng = new TestRNGProvider(true);
var target = new TwoFactorAuth(rngprovider: rng);
Assert.AreEqual("A", target.CreateSecret(5));
Assert.AreEqual("AB", target.CreateSecret(6));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ", target.CreateSecret(128));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(160));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(320));
Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567A", target.CreateSecret(321));
}
private void wizardPage2_Initialize(object sender, AeroWizard.WizardPageInitEventArgs e)
{
if (!wizardPage2.AllowNext)
{
tfa = new TwoFactorAuth("Vending control system");
if (otpsecret == "")
{
otpsecret = tfa.CreateSecret(160);
}
var pic = Convert.FromBase64String(tfa.GetQrCodeImageAsDataUri(adminemailtextbox.Text, otpsecret, 150).Substring(22));
Image image = Image.FromStream(new MemoryStream(pic));
otpsecretpicture.Image = image;
}
}
public void GetCodeThrowsOnInvalidBase32String2()
{
var target = new TwoFactorAuth();
target.GetCode("mzxw6==="); // Lowercase
}
public void CreateSecretThrowsOnInsecureRNGProvider()
{
var rng = new TestRNGProvider();
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng);
target.CreateSecret();
}
public void GetCodeReturnsCorrectResults()
{
var target = new TwoFactorAuth();
Assert.AreEqual("543160", target.GetCode("VMR466AB62ZBOKHE", 1426847216));
Assert.AreEqual("538532", target.GetCode("VMR466AB62ZBOKHE", 0));
}
public void ConstructorThrowsOnInvalidAlgorithm()
{
var target = new TwoFactorAuth(null, 6, 30, (Algorithm)999);
}
public void ConstructorThrowsOnInvalidPeriod()
{
var target = new TwoFactorAuth(null, 6, 0);
}
public void KnownTestVectors_SHA512()
{
//Known test vectors for SHA512: https://tools.ietf.org/html/rfc6238#page-15
var secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNA"; //== base32encode('1234567890123456789012345678901234567890123456789012345678901234')
var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA512);
// Test specific timestamps
Assert.AreEqual("90693936", target.GetCode(secret, 59));
Assert.AreEqual("25091201", target.GetCode(secret, 1111111109));
Assert.AreEqual("99943326", target.GetCode(secret, 1111111111));
Assert.AreEqual("93441116", target.GetCode(secret, 1234567890));
Assert.AreEqual("38618901", target.GetCode(secret, 2000000000));
Assert.AreEqual("47863826", target.GetCode(secret, 20000000000));
// Same values, this time as DateTime instead of timestamp
Assert.AreEqual("90693936", target.GetCode(secret, new DateTime(1970, 1, 1, 0, 0, 59, DateTimeKind.Utc)));
Assert.AreEqual("25091201", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 29, DateTimeKind.Utc)));
Assert.AreEqual("99943326", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 31, DateTimeKind.Utc)));
Assert.AreEqual("93441116", target.GetCode(secret, new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.AreEqual("38618901", target.GetCode(secret, new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc)));
Assert.AreEqual("47863826", target.GetCode(secret, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
}
public void KnownTestVectors_SHA256()
{
//Known test vectors for SHA256: https://tools.ietf.org/html/rfc6238#page-15
var secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZA"; //== base32encode('12345678901234567890123456789012')
var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA256);
// Test specific timestamps
Assert.AreEqual("46119246", target.GetCode(secret, 59));
Assert.AreEqual("68084774", target.GetCode(secret, 1111111109));
Assert.AreEqual("67062674", target.GetCode(secret, 1111111111));
Assert.AreEqual("91819424", target.GetCode(secret, 1234567890));
Assert.AreEqual("90698825", target.GetCode(secret, 2000000000));
Assert.AreEqual("77737706", target.GetCode(secret, 20000000000));
// Same values, this time as DateTime instead of timestamp
Assert.AreEqual("46119246", target.GetCode(secret, new DateTime(1970, 1, 1, 0, 0, 59, DateTimeKind.Utc)));
Assert.AreEqual("68084774", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 29, DateTimeKind.Utc)));
Assert.AreEqual("67062674", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 31, DateTimeKind.Utc)));
Assert.AreEqual("91819424", target.GetCode(secret, new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.AreEqual("90698825", target.GetCode(secret, new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc)));
Assert.AreEqual("77737706", target.GetCode(secret, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
}
public void ConstructorThrowsOnInvalidDigits()
{
var target = new TwoFactorAuth(null, 0);
}
public void GetCodeThrowsOnInvalidBase32String1()
{
var target = new TwoFactorAuth();
target.GetCode("FOO1BAR8BAZ9"); // 1, 8 & 9 are invalid chars
}
public void GetQrCodeImageAsDataUriThrowsOnInvalidSize()
{
var qr = new TestQrProvider();
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, qr);
target.GetQrCodeImageAsDataUri("Test", "VMR466AB62ZBOKHE", 0);
}
public void VerifyTotpUriIsCorrect()
{
var qr = new TestQrProvider();
var target = new TwoFactorAuth("Test&Issuer", 6, 30, Algorithm.SHA1, qr);
var data = DecodeDataUri(target.GetQrCodeImageAsDataUri("Test&Label", "VMR466AB62ZBOKHE"));
Assert.AreEqual("test/test", data["mimetype"]);
Assert.AreEqual("base64", data["encoding"]);
Assert.AreEqual("otpauth://totp/Test%26Label?secret=VMR466AB62ZBOKHE&issuer=Test%26Issuer&period=30&algorithm=SHA1&digits=6@200", data["data"]);
}
public void VerifyCodeAllowsNegativeDiscrepancy()
{
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", -2, 1426847205 - 65)); // Test negative discrepancy
}
public void VerifyCodeWorksCorrectly()
{
var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1);
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847190));
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190 + 29)); // Test discrepancy
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190 + 30)); // Test discrepancy
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190 - 1)); // Test discrepancy
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 + 0)); // Test discrepancy
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 + 35)); // Test discrepancy
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 - 35)); // Test discrepancy
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 + 65)); // Test discrepancy
Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 - 65)); // Test discrepancy
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 2, 1426847205 + 65)); // Test discrepancy
Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 2, 1426847205 - 65)); // Test discrepancy
}
public void KnownTestVectors_SHA1()
{
//Known test vectors for SHA1: https://tools.ietf.org/html/rfc6238#page-15
var secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ"; //== base32encode('12345678901234567890')
var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA1);
// Test specific timestamps
Assert.AreEqual("94287082", target.GetCode(secret, 59));
Assert.AreEqual("07081804", target.GetCode(secret, 1111111109));
Assert.AreEqual("14050471", target.GetCode(secret, 1111111111));
Assert.AreEqual("89005924", target.GetCode(secret, 1234567890));
Assert.AreEqual("69279037", target.GetCode(secret, 2000000000));
Assert.AreEqual("65353130", target.GetCode(secret, 20000000000));
// Same values, this time as DateTime instead of timestamp
Assert.AreEqual("94287082", target.GetCode(secret, new DateTime(1970, 1, 1, 0, 0, 59, DateTimeKind.Utc)));
Assert.AreEqual("07081804", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 29, DateTimeKind.Utc)));
Assert.AreEqual("14050471", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 31, DateTimeKind.Utc)));
Assert.AreEqual("89005924", target.GetCode(secret, new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc)));
Assert.AreEqual("69279037", target.GetCode(secret, new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc)));
Assert.AreEqual("65353130", target.GetCode(secret, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc)));
}
