public void GetQrCodeImageAsDataUriThrowsOnInvalidSize() { var qr = new TestQrProvider(); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, qr); target.GetQrCodeImageAsDataUri("Test", "VMR466AB62ZBOKHE", 0); }
public void CreateSecretThrowsOnInsecureRNGProvider() { var rng = new TestRNGProvider(); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng); target.CreateSecret(); }
public void VerifyCorrectTimeSliceIsReturned() { var target = new TwoFactorAuth(); // We test with discrapancy 3 (so total of 7 codes: c-3, c-2, c-1, c, c+1, c+2, c+3 // Ensure each corresponding timeslice is returned correctly Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "534113", 3, 1426847190, out long timeslice1)); Assert.AreEqual(47561570, timeslice1); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "819652", 3, 1426847190, out long timeslice2)); Assert.AreEqual(47561571, timeslice2); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "915954", 3, 1426847190, out long timeslice3)); Assert.AreEqual(47561572, timeslice3); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 3, 1426847190, out long timeslice4)); Assert.AreEqual(47561573, timeslice4); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "348401", 3, 1426847190, out long timeslice5)); Assert.AreEqual(47561574, timeslice5); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "648525", 3, 1426847190, out long timeslice6)); Assert.AreEqual(47561575, timeslice6); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "170645", 3, 1426847190, out long timeslice7)); Assert.AreEqual(47561576, timeslice7); // Incorrect code should return false and a 0 timeslice Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "111111", 3, 1426847190, out long timeslice8)); Assert.AreEqual(0, timeslice8); }
public async Task ExecuteAsync(RequestData <GuriPacket> requestData) { if (requestData.ClientSession.MfaValidated != false || requestData.ClientSession.Account.MfaSecret == null) { return; } var tfa = new TwoFactorAuth(); if (tfa.VerifyCode(requestData.ClientSession.Account.MfaSecret, requestData.Data.Value)) { requestData.ClientSession.MfaValidated = true; await requestData.ClientSession.HandlePacketsAsync(new[] { new EntryPointPacket() }); } else { await requestData.ClientSession.SendPacketAsync(new NosCore.Packets.ServerPackets.UI.GuriPacket { Type = GuriPacketType.Effect, Argument = 3, EntityId = 0 }).ConfigureAwait(false); await requestData.ClientSession.SendPacketAsync(new InfoiPacket { Message = Game18NConstString.IncorrectPassword }).ConfigureAwait(false); } }
public void VerifyTotpUriIsCorrect() { var target = new TwoFactorAuth(issuer: "Test&Issuer"); var data = target.GetQrText("Test&Label", "VMR466AB62ZBOKHE"); Assert.AreEqual("otpauth://totp/Test%26Label?secret=VMR466AB62ZBOKHE&issuer=Test%26Issuer&period=30&algorithm=SHA1&digits=6", data); }
protected void Unnamed1_Click(object sender, EventArgs e) { tfa = new TwoFactorAuth(WWWVars.SiteName); Accounts useracc = null; string userid = (string)Session["userid"]; using (VendingModelContainer dc = new VendingModelContainer()) { var useraccs = dc.Set <Accounts>(); useracc = useraccs.First(x => x.UserID == userid); } if (useracc.TOTPSecret != "" && totp.Text != null) { if (tfa.VerifyCode(useracc.TOTPSecret, totp.Text)) { Session["userid"] = ""; FormsAuthentication.RedirectFromLoginPage(useracc.UserID, false); Logger.AccountLog(Request.UserHostAddress, "Доступ предоставлен", "Введен правильный одноразовый код", useracc.ID); Logger.SystemLog(Request.UserHostAddress, "Доступ в систему предоставлен", useracc.UserID, "Server"); } else { totpmsg.Text = "Неверный одноразовый пароль"; loginbox.Visible = false; totpbox.Visible = true; Logger.AccountLog(Request.UserHostAddress, "Доступ запрещен", "Введен неправильный одноразовый код", useracc.ID); Logger.SystemLog(Request.UserHostAddress, "Ошибка: неверный одноразовый код", useracc.UserID, "Server"); } } }
public void CreateSecretThrowsOnInsecureRNGProvider() { var rng = new TestRNGProvider(); var target = new TwoFactorAuth(rngprovider: rng); target.CreateSecret(); }
public void GetQrCodeImageAsDataUriThrowsOnInvalidSize() { var qr = new TestQrProvider(); var target = new TwoFactorAuth(qrcodeprovider: qr); target.GetQrCodeImageAsDataUri("Test", "VMR466AB62ZBOKHE", 0); }
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnSecureRNG() { var rng = new TestRNGProvider(true); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng); var r = target.CreateSecret(); Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret()); }
protected void Page_Load(object sender, EventArgs e) { Accounts useracc = null; using (VendingModelContainer dc = new VendingModelContainer()) { var useraccs = dc.Set <Accounts>(); useracc = useraccs.First(x => x.UserID == User.Identity.Name); } if (IsPostBack) { return; } if (useracc.TOTPSecret == "") { tfa = new TwoFactorAuth(WWWVars.SiteName); string secret = tfa.CreateSecret(160); totps.ImageUrl = tfa.GetQrCodeImageAsDataUri(User.Identity.Name, secret, 200); Session["totps"] = secret; twofasetupcompletebox.Visible = false; } else { twofasetupcompletebox.Visible = true; twofasetupbox.Visible = false; } }
public IActionResult setup2FA([FromHeader] string token) { // Check if the user managed to login with user and password but don't check 2fa here if (Logins.Verify(token, false, false) != null) { // Check if the user has 2fa enabled List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';"); LoginSession u = v.Count > 0 ? v.First() : null; // Get the user that owns this session List <User> users = Program.db.Query <User>($"SELECT * FROM User WHERE id='{u.userId}';"); User user = users.Last(); if (user.twoFactorConfirmed) { return(BadRequest("2FA is already enabled for this account.")); } else { TwoFactorAuth tfa = new TwoFactorAuth("Cashier API", qrcodeprovider: new SkiaSharpQrCodeProvider()); //TODO: Change org to company name from global settings (WIP) string secret = tfa.CreateSecret(160); user.twoFactorSecret = secret; user.twoFactorConfirmed = false; Program.db.Update(user); return(Ok(tfa.GetQrCodeImageAsDataUri("Cashier API", secret))); } } else { return(Unauthorized()); } }
public async Task <IActionResult> Create(string groupName) { if (!string.IsNullOrWhiteSpace(groupName)) { if (await this.groupRepository.GetByName(groupName) != null) { return(Ok("Helaas bestaat deze naam al")); } var tfa = new TwoFactorAuth(groupName); var group = new Group() { Name = groupName, Secret = tfa.CreateSecret(160) }; if (await this.groupRepository.Save(group) && group.GroupId.HasValue) { var jwt = JoinGroupJwtBased(group); group.RefreshToken = GenerateRefreshToken(); await this.groupRepository.Save(group); return(new JsonResult(new { name = group.Name, qrCode = tfa.GetQrCodeImageAsDataUri(group.Name, group.Secret), token = jwt, refreshToken = group.RefreshToken })); } } return(Ok("Er is geen naam ontvangen")); }
public IActionResult confirmTFA([FromBody] string tfaCode, [FromHeader] string token) { // Check if the user managed to login with user and password but don't check 2fa here if (Logins.Verify(token, false, false) != null) { // Check if the user has 2fa enabled List <LoginSession> v = Program.db.Query <LoginSession>($"SELECT * FROM LoginSession WHERE id = '{token}';"); LoginSession u = v.Count > 0 ? v.First() : null; // Get the user that owns this session List <User> users = Program.db.Query <User>($"SELECT * FROM User WHERE id='{u.userId}';"); User user = users.Last(); if (u.passed2FA) { return(BadRequest("2FA is already validated for this session.")); } if (users.Count > 0) { if (!string.IsNullOrEmpty(user.twoFactorSecret)) { var tfa = new TwoFactorAuth("Cashier API"); //TODO: Change org to company name from global settings (WIP) // Verify if 2FA code is valid if (tfa.VerifyCode(user.twoFactorSecret, tfaCode)) { // Code seems legit, update db and return session info. u.passed2FA = true; Program.db.Update(u); // If 2FA was never confirmed let's make it confirmed as we validated a code. if (!user.twoFactorConfirmed) { user.twoFactorConfirmed = true; Program.db.Update(user); } return(Ok(u)); } else { return(Unauthorized("Incorrect 2FA code")); } } else { return(BadRequest("2FA is not enabled for this account.")); } } else { return(BadRequest("No user found with this login token.")); } } else { return(Unauthorized()); } }
public async Task <IActionResult> VerifyQrCode(string UserName, string key) { try { TwoFactorAuth TFAuth = new TwoFactorAuth(); string sCode = UserName; string sKey = string.Empty; sKey = key; //TFAuth.CreateSecret(160); bool st = TFAuth.VerifyCode(sKey, sCode, 5); if (st) { return(Ok(new BizResponseClass { ReturnCode = enResponseCode.Success, ReturnMsg = "Success" })); } else { return(Ok(new BizResponseClass { ReturnCode = enResponseCode.Success, ReturnMsg = "Fail" })); } } catch (Exception ex) { return(BadRequest(new BizResponseClass { ReturnCode = enResponseCode.InternalError, ReturnMsg = ex.ToString(), ErrorCode = enErrorCode.Status500InternalServerError })); } }
public async Task <IActionResult> GetQrCode(string UserName) { try { TwoFactorAuth TFAuth = new TwoFactorAuth(); string URL; string sKey = string.Empty; string sName = string.Empty; sKey = TFAuth.CreateSecret(160); sName = UserName; // dSetReq.Tables(0).Rows(0)("NAME"); sKey = TFAuth.CreateSecret(160); URL = TFAuth.GetQrCodeImageAsDataUri(sName, sKey); string value = URL + "" + sKey; return(Ok(new BizResponseClass { ReturnCode = enResponseCode.Success, ReturnMsg = value, })); } catch (Exception ex) { //return BadRequest(ex.ToString()); return(BadRequest(new BizResponseClass { ReturnCode = enResponseCode.InternalError, ReturnMsg = ex.ToString(), ErrorCode = enErrorCode.Status500InternalServerError })); } }
public void GetCodeReturnsCorrectResults() { var target = new TwoFactorAuth(); Assert.AreEqual("543160", target.GetCode("VMR466AB62ZBOKHE", 1426847216)); Assert.AreEqual("538532", target.GetCode("VMR466AB62ZBOKHE", 0)); }
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnInsecureRNG() { var rng = new TestRNGProvider(false); var target = new TwoFactorAuth(rngprovider: rng); var r = target.CreateSecret(80, CryptoSecureRequirement.AllowInsecure); Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret(80, CryptoSecureRequirement.AllowInsecure)); }
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnSecureRNG() { var rng = new TestRNGProvider(true); var target = new TwoFactorAuth(rngprovider: rng); var r = target.CreateSecret(); Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret()); }
public void CreateSecretOverrideAllowInsecureDoesNotThrowOnSecureRNG() { var rng = new TestRNGProvider(true); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng); var r = target.CreateSecret(); Assert.AreEqual("ABCDEFGHIJKLMNOP", target.CreateSecret()); }
public async Task <IActionResult> ConnectUserAsync(ApiSession session) { if (!ModelState.IsValid) { return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_ERROR))); } var account = await _accountDao.FirstOrDefaultAsync(s => s.Name == session.Identity).ConfigureAwait(false); if (account == null) { return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_ERROR))); } var tfa = new TwoFactorAuth(); if (!string.IsNullOrEmpty(account.MfaSecret) && !tfa.VerifyCode(account.MfaSecret, session.Mfa)) { return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.MFA_INCORRECT))); } if (account.Password !.ToLower(CultureInfo.CurrentCulture) != (_hasher.Hash(session.Password)) && account.NewAuthPassword !.ToLower(CultureInfo.CurrentCulture) != (_hasher.Hash(session.Password, account.NewAuthSalt !))) { return(BadRequest(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_INCORRECT))); } account.Language = Enum.Parse <RegionType>(session.GfLang?.ToUpper(CultureInfo.CurrentCulture) ?? ""); account = await _accountDao.TryInsertOrUpdateAsync(account).ConfigureAwait(false); var platformGameAccountId = Guid.NewGuid(); var claims = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, session.Identity), new Claim(ClaimTypes.Sid, platformGameAccountId.ToString()), new Claim(ClaimTypes.Role, account.Authority.ToString()) }); var password = _hasher.Hash(_apiConfiguration.Value.Password !, _apiConfiguration.Value.Salt); var keyByteArray = Encoding.Default.GetBytes(password); var signinKey = new SymmetricSecurityKey(keyByteArray); var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Subject = claims, Issuer = "Issuer", Audience = "Audience", SigningCredentials = new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256Signature) }); _logger.Information(LogLanguage.Instance.GetMessageFromKey(LogLanguageKey.AUTH_API_SUCCESS), session.Identity, platformGameAccountId, session.Locale); return(Ok(new { token = handler.WriteToken(securityToken), platformGameAccountId })); }
public void EnsureCorrectTimeThrowsOnInCorrectTime1() { var testdate = new DateTime(2017, 2, 18, 17, 15, 46); var tp1 = new TestTimeProvider(testdate); var tp2 = new TestTimeProvider(testdate.AddSeconds(6)); //Positive var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA1, new TestQrProvider(), new TestRNGProvider(), tp1); target.EnsureCorrectTime(new[] { tp2 }, 5); }
public void EnsureCorrectTimeDoesNotThrowOnCorrectTimeWithinLeniency() { var testdate = new DateTime(2017, 2, 18, 17, 15, 46); var tp1 = new TestTimeProvider(testdate); var tp2 = new TestTimeProvider(testdate.AddSeconds(5)); var target = new TwoFactorAuth(timeprovider: tp1); target.EnsureCorrectTime(new[] { tp2 }, 5); }
public void EnsureCorrectTimeDoesNotThrowOnCorrectTime() { var testdate = new DateTime(2017, 2, 18, 17, 15, 46); var tp1 = new TestTimeProvider(testdate); var tp2 = new TestTimeProvider(testdate); var target = new TwoFactorAuth(timeprovider: tp1); target.EnsureCorrectTime(new[] { tp2 }, 0); }
public void EnsureCorrectTimeThrowsOnInCorrectTime2() { var testdate = new DateTime(2017, 2, 18, 17, 15, 46); var tp1 = new TestTimeProvider(testdate); var tp2 = new TestTimeProvider(testdate.AddSeconds(-6)); //Negative var target = new TwoFactorAuth(timeprovider: tp1); target.EnsureCorrectTime(new[] { tp2 }, 5); }
public async Task <IActionResult> EnableAuthenticator([FromBody] EnableAuthenticatorCodeViewModel model) { try { // var user = await _userManager.FindByNameAsync(model.UserName); var user = await GetCurrentUserAsync(); if (user != null) { TwoFactorAuth TFAuth = new TwoFactorAuth(); //sKey = key; //TFAuth.CreateSecret(160); string code = TFAuth.GetCode(user.PhoneNumber); if (model.Code == code) // bool st = TFAuth.VerifyCode(user.PhoneNumber, model.Code, 5); //if (st) { user.TwoFactorEnabled = true; await _userManager.UpdateAsync(user); return(Ok(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Success, ReturnMsg = EnResponseMessage.EnableTwoFactor })); } else { return(BadRequest(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Fail, ReturnMsg = EnResponseMessage.TwoFactorVerification, ErrorCode = enErrorCode.Status4079TwoFAcodeInvalide })); } } return(BadRequest(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Fail, ReturnMsg = EnResponseMessage.TwoFactorVerification, ErrorCode = enErrorCode.Status4079TwoFAcodeInvalide })); //var user = await GetCurrentUserAsync(); //// Strip spaces and hypens //var verificationCode = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty); //var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync( // user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode); //if (!is2faTokenValid) //{ // return BadRequest(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Fail, ReturnMsg = EnResponseMessage.TwoFactorVerification, ErrorCode = enErrorCode.Status4079TwoFAcodeInvalide }); //} //await _userManager.SetTwoFactorEnabledAsync(user, true); //return Ok(new EnableAuthenticationResponse { ReturnCode = enResponseCode.Success, ReturnMsg = EnResponseMessage.EnableTwoFactor }); } catch (Exception ex) { return(BadRequest(new TwoFactorAuthResponse { ReturnCode = enResponseCode.InternalError, ReturnMsg = ex.ToString(), ErrorCode = enErrorCode.Status500InternalServerError })); } }
public ReexController(IWalletManagementService walletManagementService, IMemoryCache memoryCache, IConfiguration configuration, IFirebaseDbService firebaseDbService) { this.walletManagementService = walletManagementService; this.memoryCache = memoryCache; this.cacheEntryOptions = new MemoryCacheEntryOptions() .SetAbsoluteExpiration(TimeSpan.FromMinutes(int.Parse(configuration["CacheExpiryInMinutes"] ?? "60"))); this.firebaseDbService = firebaseDbService; this.issuer = configuration["MyCompany"]; this.twoFactorAuth = new TwoFactorAuth(issuer); }
public void VerifyCodeReturnsFalseOnIncorrectCodes() { var target = new TwoFactorAuth(); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190)); Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543161", 0, 1426847190)); //Incorrect code Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543159", 0, 1426847190)); //Incorrect code Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "54316", 0, 1426847190)); //Incorrect length Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "5431600", 0, 1426847190)); //Incorrect length }
public async Task<ActionResult> Validate([FromBody] JObject validation) { var group = (await this.groupRepository.GetById(this.GroupId().Value)); var tfa = new TwoFactorAuth(group.Name); if (tfa.VerifyCode(group.Secret, validation.Property("token").Value.ToString())) { return Ok("Correct, klaar om te gebruiken"); } return Ok("Validatie is incorrect"); }
public void VerifyTotpUriIsCorrect() { var qr = new TestQrProvider(); var target = new TwoFactorAuth(issuer: "Test&Issuer", qrcodeprovider: qr); var data = DecodeDataUri(target.GetQrCodeImageAsDataUri("Test&Label", "VMR466AB62ZBOKHE")); Assert.AreEqual("test/test", data["mimetype"]); Assert.AreEqual("base64", data["encoding"]); Assert.AreEqual("otpauth://totp/Test%26Label?secret=VMR466AB62ZBOKHE&issuer=Test%26Issuer&period=30&algorithm=SHA1&digits=6@200", data["data"]); }
public void CreateSecretGeneratesDesiredAmountOfEntropy() { var rng = new TestRNGProvider(true); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng); Assert.AreEqual("A", target.CreateSecret(5)); Assert.AreEqual("AB", target.CreateSecret(6)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ", target.CreateSecret(128)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(160)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(320)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567A", target.CreateSecret(321)); }
public void CreateSecretGeneratesDesiredAmountOfEntropy() { var rng = new TestRNGProvider(true); var target = new TwoFactorAuth(rngprovider: rng); Assert.AreEqual("A", target.CreateSecret(5)); Assert.AreEqual("AB", target.CreateSecret(6)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ", target.CreateSecret(128)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(160)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", target.CreateSecret(320)); Assert.AreEqual("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUVWXYZ234567A", target.CreateSecret(321)); }
private void wizardPage2_Initialize(object sender, AeroWizard.WizardPageInitEventArgs e) { if (!wizardPage2.AllowNext) { tfa = new TwoFactorAuth("Vending control system"); if (otpsecret == "") { otpsecret = tfa.CreateSecret(160); } var pic = Convert.FromBase64String(tfa.GetQrCodeImageAsDataUri(adminemailtextbox.Text, otpsecret, 150).Substring(22)); Image image = Image.FromStream(new MemoryStream(pic)); otpsecretpicture.Image = image; } }
public void GetCodeThrowsOnInvalidBase32String2() { var target = new TwoFactorAuth(); target.GetCode("mzxw6==="); // Lowercase }
public void CreateSecretThrowsOnInsecureRNGProvider() { var rng = new TestRNGProvider(); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, new TestQrProvider(), rng); target.CreateSecret(); }
public void GetCodeReturnsCorrectResults() { var target = new TwoFactorAuth(); Assert.AreEqual("543160", target.GetCode("VMR466AB62ZBOKHE", 1426847216)); Assert.AreEqual("538532", target.GetCode("VMR466AB62ZBOKHE", 0)); }
public void ConstructorThrowsOnInvalidAlgorithm() { var target = new TwoFactorAuth(null, 6, 30, (Algorithm)999); }
public void ConstructorThrowsOnInvalidPeriod() { var target = new TwoFactorAuth(null, 6, 0); }
public void KnownTestVectors_SHA512() { //Known test vectors for SHA512: https://tools.ietf.org/html/rfc6238#page-15 var secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNA"; //== base32encode('1234567890123456789012345678901234567890123456789012345678901234') var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA512); // Test specific timestamps Assert.AreEqual("90693936", target.GetCode(secret, 59)); Assert.AreEqual("25091201", target.GetCode(secret, 1111111109)); Assert.AreEqual("99943326", target.GetCode(secret, 1111111111)); Assert.AreEqual("93441116", target.GetCode(secret, 1234567890)); Assert.AreEqual("38618901", target.GetCode(secret, 2000000000)); Assert.AreEqual("47863826", target.GetCode(secret, 20000000000)); // Same values, this time as DateTime instead of timestamp Assert.AreEqual("90693936", target.GetCode(secret, new DateTime(1970, 1, 1, 0, 0, 59, DateTimeKind.Utc))); Assert.AreEqual("25091201", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 29, DateTimeKind.Utc))); Assert.AreEqual("99943326", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 31, DateTimeKind.Utc))); Assert.AreEqual("93441116", target.GetCode(secret, new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc))); Assert.AreEqual("38618901", target.GetCode(secret, new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc))); Assert.AreEqual("47863826", target.GetCode(secret, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc))); }
public void KnownTestVectors_SHA256() { //Known test vectors for SHA256: https://tools.ietf.org/html/rfc6238#page-15 var secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQGEZA"; //== base32encode('12345678901234567890123456789012') var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA256); // Test specific timestamps Assert.AreEqual("46119246", target.GetCode(secret, 59)); Assert.AreEqual("68084774", target.GetCode(secret, 1111111109)); Assert.AreEqual("67062674", target.GetCode(secret, 1111111111)); Assert.AreEqual("91819424", target.GetCode(secret, 1234567890)); Assert.AreEqual("90698825", target.GetCode(secret, 2000000000)); Assert.AreEqual("77737706", target.GetCode(secret, 20000000000)); // Same values, this time as DateTime instead of timestamp Assert.AreEqual("46119246", target.GetCode(secret, new DateTime(1970, 1, 1, 0, 0, 59, DateTimeKind.Utc))); Assert.AreEqual("68084774", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 29, DateTimeKind.Utc))); Assert.AreEqual("67062674", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 31, DateTimeKind.Utc))); Assert.AreEqual("91819424", target.GetCode(secret, new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc))); Assert.AreEqual("90698825", target.GetCode(secret, new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc))); Assert.AreEqual("77737706", target.GetCode(secret, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc))); }
public void ConstructorThrowsOnInvalidDigits() { var target = new TwoFactorAuth(null, 0); }
public void GetCodeThrowsOnInvalidBase32String1() { var target = new TwoFactorAuth(); target.GetCode("FOO1BAR8BAZ9"); // 1, 8 & 9 are invalid chars }
public void GetQrCodeImageAsDataUriThrowsOnInvalidSize() { var qr = new TestQrProvider(); var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1, qr); target.GetQrCodeImageAsDataUri("Test", "VMR466AB62ZBOKHE", 0); }
public void VerifyTotpUriIsCorrect() { var qr = new TestQrProvider(); var target = new TwoFactorAuth("Test&Issuer", 6, 30, Algorithm.SHA1, qr); var data = DecodeDataUri(target.GetQrCodeImageAsDataUri("Test&Label", "VMR466AB62ZBOKHE")); Assert.AreEqual("test/test", data["mimetype"]); Assert.AreEqual("base64", data["encoding"]); Assert.AreEqual("otpauth://totp/Test%26Label?secret=VMR466AB62ZBOKHE&issuer=Test%26Issuer&period=30&algorithm=SHA1&digits=6@200", data["data"]); }
public void VerifyCodeAllowsNegativeDiscrepancy() { var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", -2, 1426847205 - 65)); // Test negative discrepancy }
public void VerifyCodeWorksCorrectly() { var target = new TwoFactorAuth(null, 6, 30, Algorithm.SHA1); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847190)); Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190 + 29)); // Test discrepancy Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190 + 30)); // Test discrepancy Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 0, 1426847190 - 1)); // Test discrepancy Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 + 0)); // Test discrepancy Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 + 35)); // Test discrepancy Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 - 35)); // Test discrepancy Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 + 65)); // Test discrepancy Assert.IsFalse(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 1, 1426847205 - 65)); // Test discrepancy Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 2, 1426847205 + 65)); // Test discrepancy Assert.IsTrue(target.VerifyCode("VMR466AB62ZBOKHE", "543160", 2, 1426847205 - 65)); // Test discrepancy }
public void KnownTestVectors_SHA1() { //Known test vectors for SHA1: https://tools.ietf.org/html/rfc6238#page-15 var secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ"; //== base32encode('12345678901234567890') var target = new TwoFactorAuth(null, 8, 30, Algorithm.SHA1); // Test specific timestamps Assert.AreEqual("94287082", target.GetCode(secret, 59)); Assert.AreEqual("07081804", target.GetCode(secret, 1111111109)); Assert.AreEqual("14050471", target.GetCode(secret, 1111111111)); Assert.AreEqual("89005924", target.GetCode(secret, 1234567890)); Assert.AreEqual("69279037", target.GetCode(secret, 2000000000)); Assert.AreEqual("65353130", target.GetCode(secret, 20000000000)); // Same values, this time as DateTime instead of timestamp Assert.AreEqual("94287082", target.GetCode(secret, new DateTime(1970, 1, 1, 0, 0, 59, DateTimeKind.Utc))); Assert.AreEqual("07081804", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 29, DateTimeKind.Utc))); Assert.AreEqual("14050471", target.GetCode(secret, new DateTime(2005, 3, 18, 1, 58, 31, DateTimeKind.Utc))); Assert.AreEqual("89005924", target.GetCode(secret, new DateTime(2009, 2, 13, 23, 31, 30, DateTimeKind.Utc))); Assert.AreEqual("69279037", target.GetCode(secret, new DateTime(2033, 5, 18, 3, 33, 20, DateTimeKind.Utc))); Assert.AreEqual("65353130", target.GetCode(secret, new DateTime(2603, 10, 11, 11, 33, 20, DateTimeKind.Utc))); }