Exemplo n.º 1
0
        public void ValidateSmsCode(UserInfo user, string code)
        {
            if (!StudioSmsNotificationSettingsHelper.IsVisibleSettings() ||
                !StudioSmsNotificationSettingsHelper.Enable)
            {
                return;
            }

            if (user == null || Equals(user, Constants.LostUser))
            {
                throw new Exception(Resource.ErrorUserNotFound);
            }

            var valid = SmsKeyStorage.ValidateKey(user.MobilePhone, code);

            switch (valid)
            {
            case SmsKeyStorage.Result.Empty:
                throw new Exception(Resource.ActivateMobilePhoneEmptyCode);

            case SmsKeyStorage.Result.TooMuch:
                throw new BruteForceCredentialException(Resource.SmsTooMuchError);

            case SmsKeyStorage.Result.Timeout:
                throw new TimeoutException(Resource.SmsAuthenticationTimeout);

            case SmsKeyStorage.Result.Invalide:
                throw new ArgumentException(Resource.SmsAuthenticationMessageError);
            }
            if (valid != SmsKeyStorage.Result.Ok)
            {
                throw new Exception("Error: " + valid);
            }

            if (!SecurityContext.IsAuthenticated)
            {
                var cookiesKey = SecurityContext.AuthenticateMe(user.ID);
                //CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
            }

            if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
            {
                user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated;
                UserManager.SaveUserInfo(user);
            }
        }
Exemplo n.º 2
0
        public static void ValidateSmsCode(UserInfo user, string code)
        {
            if (!StudioSmsNotificationSettings.IsVisibleSettings ||
                !StudioSmsNotificationSettings.Enable)
            {
                return;
            }

            if (user == null || Equals(user, Constants.LostUser))
            {
                throw new Exception(Resource.ErrorUserNotFound);
            }

            code = (code ?? "").Trim();

            if (string.IsNullOrEmpty(code))
            {
                throw new Exception(Resource.ActivateMobilePhoneEmptyCode);
            }

            // защита от перебора: на 5-ый неправильный ввод делать Sleep
            var counter = (int)(CodeCache.Get("loginsec/" + user.ID) ?? 0);

            if (++counter % 5 == 0)
            {
                Thread.Sleep(TimeSpan.FromSeconds(10));
            }
            CodeCache.Insert("loginsec/" + user.ID, counter, DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));

            if (!SmsKeyStorage.ValidateKey(user.MobilePhone, code))
            {
                throw new ArgumentException(Resource.SmsAuthenticationMessageError);
            }

            if (!SecurityContext.IsAuthenticated)
            {
                var cookiesKey = SecurityContext.AuthenticateMe(user.ID);
                CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
            }

            if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
            {
                user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated;
                CoreContext.UserManager.SaveUserInfo(user);
            }
        }