public async Task <IActionResult> TwoFactorAuth(AuthenticatorViewModel authenticatorViewModel)
{
switch (authenticatorViewModel.TwoFactorType)
{
case TwoFactor.None:
CurrentUser.TwoFactorEnabled = false;
CurrentUser.TwoFactor = (sbyte)TwoFactor.None;
TempData["message"] = "iki adımlı kimlik doğrulama tipiniz hiç biri olarak belirlenmiştir";
break;
case TwoFactor.MicrosoftGoogle:
return(RedirectToAction("TwoFactorWithAuthenticator"));
case TwoFactor.Email:
CurrentUser.TwoFactorEnabled = true;
CurrentUser.TwoFactor = (sbyte)TwoFactor.Email;
TempData["message"] = "iki adımlı kimlik doğrulama tipiniz email olarak belirlenmiştir";
break;
default:
break;
}
await _userManager.UpdateAsync(CurrentUser);
return(View(authenticatorViewModel));
}
public async Task <IActionResult> TwoFactorWithAuthenticator(AuthenticatorViewModel authenticatorViewModel)
{
var verificationCode = authenticatorViewModel.VerificationCode.Replace(" ", string.Empty).Replace("-", string.Empty);
var is2FATokenValid = await _userManager.VerifyTwoFactorTokenAsync(CurrentUser, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
if (is2FATokenValid)
{
CurrentUser.TwoFactorEnabled = true;
CurrentUser.TwoFactor = (sbyte)TwoFactor.MicrosoftGoogle;
var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(CurrentUser, 5);
TempData["recoveryCodes"] = recoveryCodes;
TempData["message"] = "iki adımlı kimlik doğrulama tipiniz Microsoft/Google olarak belirlenmiştir";
return(RedirectToAction("TwoFactorAuth"));
}
else
{
ModelState.AddModelError("", "Girdiğiniz Doğrulama Kodu Yanlıştır");
return(View(authenticatorViewModel));
}
}
public async Task <AuthenticatorViewModel> GetAuthenticatorForUser(string userId)
{
var user = await _applicationUserManager.FindByIdAsync(userId);
if (user == null)
{
return(new AuthenticatorViewModel());
}
var model = new AuthenticatorViewModel();
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(model);
}
private async Task LoadSharedKeyAndQrCodeUriAsync(AppUser user, AuthenticatorViewModel model)
{
var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
await _userManager.ResetAuthenticatorKeyAsync(user);
unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}
model.SharedKey = FormatKey(unformattedKey);
model.AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
}
public async Task <IActionResult> TwoFactorWithAuthenticator()
{
string unFormattedKey = await UserManager.GetAuthenticatorKeyAsync(CurrentUser);
if (string.IsNullOrEmpty(unFormattedKey))
{
await UserManager.ResetAuthenticatorKeyAsync(CurrentUser);
unFormattedKey = await UserManager.GetAuthenticatorKeyAsync(CurrentUser);
}
AuthenticatorViewModel authenticatorViewModel = new AuthenticatorViewModel()
{
SharedKey = unFormattedKey,
AuthenticatorUri = _twoFactorService.GenerateQRCodeUri(CurrentUser.Email, unFormattedKey)
};
return(View(authenticatorViewModel));
}
public async Task <IActionResult> TwoFactorAuthentication(AuthenticatorViewModel authenticatorViewModel)
{
switch (authenticatorViewModel.TwoFactorTypes)
{
case TwoFactorAuthTypes.None:
CurrentUser.TwoFactorEnabled = false;
TempData["TwoFactorTypeMessage"] = "İki adımlı kimlik doğrulama aktif değildir.";
break;
case TwoFactorAuthTypes.SMS:
if (string.IsNullOrEmpty(CurrentUser.PhoneNumber))
{
CurrentUser.TwoFactorEnabled = false;
ViewBag.Message = "Telefon numaranız sistemde kayıtlı olmadığı için SMS ile doğrulama yapamazsınız.";
}
else
{
CurrentUser.TwoFactorEnabled = true;
TempData["TwoFactorTypeMessage"] = "İki adımlı kimlik doğrulama SMS olarak aktif hale getirilmiştir.";
}
break;
case TwoFactorAuthTypes.Email:
CurrentUser.TwoFactorEnabled = true;
TempData["TwoFactorTypeMessage"] = "İki adımlı kimlik doğrulama email olarak aktif hale getirilmiştir.";
break;
case TwoFactorAuthTypes.MicrosoftGoogle:
return(RedirectToAction("TwoFactorWithAuthenticator"));
default:
break;
}
CurrentUser.TwoFactorAuthType = (sbyte)authenticatorViewModel.TwoFactorTypes;
IdentityResult result = await UserManager.UpdateAsync(CurrentUser);
if (!result.Succeeded)
{
AddModelError(result);
}
return(View(authenticatorViewModel));
}
public async Task <IActionResult> Authenticator()
{
// Retrieve the user info
var user = await _userManager.GetUserAsync(User);
if (user is null)
{
//var userId = _userManager.GetUserId(User);
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
_logger.LogWarning("Unable to load user with ID {UserId}.", userId);
return(BadRequest(new ApiBadRequestResponse(ModelState, "Unable to load user profile for authenticator.")));
}
// Generate SharedKey and QR Code
var model = new AuthenticatorViewModel();
await LoadSharedKeyAndQrCodeUriAsync(user, model);
return(Ok(new ApiOkResponse(model).Result));
}
public async Task <IActionResult> TwoFactorWithAuthenticator(AuthenticatorViewModel authenticatorViewModel)
{
var verificationCode = authenticatorViewModel.VerificationCode.Replace(" ", string.Empty).Replace("-", string.Empty).Replace("_", string.Empty);
bool is2FATokenValid = await UserManager.VerifyTwoFactorTokenAsync(CurrentUser, UserManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
if (is2FATokenValid)
{
CurrentUser.TwoFactorEnabled = true;
CurrentUser.TwoFactorAuthType = (sbyte)TwoFactorAuthTypes.MicrosoftGoogle;
var recoveryCodes = await UserManager.GenerateNewTwoFactorRecoveryCodesAsync(CurrentUser, 5);
TempData["TwoFactorRecoveryCodes"] = recoveryCodes;
TempData["TwoFactorTypeMessage"] = "İki adımlı doğrulama başarı ile sağlanmıştır.";
return(RedirectToAction("TwoFactorAuthentication"));
}
else
{
ModelState.AddModelError(string.Empty, "Girilen doğrulama kodu yanlıştır.");
}
return(View());
}
public async Task <IActionResult> Authenticator([FromBody] AuthenticatorViewModel model)
{
// Retrieve the user info
var user = await _userManager.GetUserAsync(User);
if (user is null)
{
//var userId = _userManager.GetUserId(User);
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
_logger.LogWarning("Unable to load user with ID {UserId}.", userId);
return(BadRequest(new ApiBadRequestResponse(ModelState, "Unable to load user profile for authenticator.")));
}
// Strip spaces and hypens
var pin = model.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
var valid = await _userManager.VerifyTwoFactorTokenAsync(user, _userManager.Options.Tokens.AuthenticatorTokenProvider, pin);
if (!valid)
{
_logger.LogInformation("User with ID {UserId} used an invalid verification code.", user.Id);
// TODO: Return the AuthenticatorViewModel with the error
return(BadRequest(new ApiBadRequestResponse(Errors.AddErrorToModelState("verification_failure", "Verification code is invalid.", ModelState))));
}
await _userManager.SetTwoFactorEnabledAsync(user, true); // Does it stores any info regarding when it was activated? And if so, can we retrieve it?
_logger.LogInformation("User with ID {UserId} has enabled 2FA with an authenticator app.", user.Id);
// Below could be skipped and instead retrieve the code when GET api/profile/authenticator/codes
var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
TempData[RecoveryCodesKey] = recoveryCodes.ToArray();
return(Ok());
}
public async Task <ActionResult> Authenticator(AuthenticatorViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var loginViewModel = TempData.Peek("LoginAuthenticatorViewModel") as LoginAuthenticatorViewModel;
if (loginViewModel == null)
{
return(RedirectToAction("Login"));
}
//var secretKey = Base32Encoder.FromBase32String(SecretKey);
var secretKey = Base32Encoder.FromBase32String(loginViewModel.AuthenticatorSecrete);
var currentInterval = GoogleAuthenticator.CurrentInterval;
if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval) == model.Factor)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(loginViewModel.Email, loginViewModel.Password, loginViewModel.RememberMe, false);
switch (result)
{
case SignInStatus.Success:
{
TempData.Remove("LoginViewModel");
return(RedirectToLocal(returnUrl));
}
case SignInStatus.LockedOut:
{
TempData.Remove("LoginViewModel");
return(View("Lockout"));
}
case SignInStatus.RequiresVerification:
{
TempData.Remove("LoginViewModel");
return(RedirectToAction("SendCode", new
{
ReturnUrl = returnUrl,
loginViewModel.RememberMe
}));
}
case SignInStatus.Failure:
default:
{
ModelState.AddModelError("", "Invalid authenticator attempt.");
return(View(model));
}
}
}
ModelState.AddModelError("", "Invalid authenticator attempt.");
return(View(model));
}
public async Task<ActionResult> Authenticator(AuthenticatorViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var loginViewModel = TempData.Peek("LoginAuthenticatorViewModel") as LoginAuthenticatorViewModel;
if (loginViewModel == null)
{
return RedirectToAction("Login");
}
//var secretKey = Base32Encoder.FromBase32String(SecretKey);
var secretKey = Base32Encoder.FromBase32String(loginViewModel.AuthenticatorSecrete);
var currentInterval = GoogleAuthenticator.CurrentInterval;
if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval) == model.Factor)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(loginViewModel.Email, loginViewModel.Password, loginViewModel.RememberMe, false);
switch (result)
{
case SignInStatus.Success:
{
TempData.Remove("LoginViewModel");
return RedirectToLocal(returnUrl);
}
case SignInStatus.LockedOut:
{
TempData.Remove("LoginViewModel");
return View("Lockout");
}
case SignInStatus.RequiresVerification:
{
TempData.Remove("LoginViewModel");
return RedirectToAction("SendCode", new
{
ReturnUrl = returnUrl,
loginViewModel.RememberMe
});
}
case SignInStatus.Failure:
default:
{
ModelState.AddModelError("", "Invalid authenticator attempt.");
return View(model);
}
}
}
ModelState.AddModelError("", "Invalid authenticator attempt.");
return View(model);
}
public AuthenticatorView()
{
InitializeComponent();
BindingContext = new AuthenticatorViewModel(Navigation);
}
