public async Task <ResourceOwner?> AuthenticateResourceOwner(
string login,
string password,
CancellationToken cancellationToken)
{
var confirmationCode =
await _confirmationCodeStore.Get(password, login, cancellationToken).ConfigureAwait(false);
if (confirmationCode == null || confirmationCode.Subject != login)
{
return(null);
}
if (confirmationCode.IssueAt.AddSeconds(confirmationCode.ExpiresIn) <= DateTimeOffset.UtcNow)
{
return(null);
}
var resourceOwner = await _resourceOwnerRepository.GetResourceOwnerByClaim(
OpenIdClaimTypes.PhoneNumber,
login,
cancellationToken)
.ConfigureAwait(false);
if (resourceOwner != null)
{
await _confirmationCodeStore.Remove(password, resourceOwner.Subject !, cancellationToken)
.ConfigureAwait(false);
}
return(resourceOwner);
}
public async Task <bool> Execute(string code, string subject, CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(code))
{
return(false);
}
var confirmationCode = await _confirmationCodeStore.Get(code, subject, cancellationToken).ConfigureAwait(false);
if (confirmationCode == null)
{
return(false);
}
var expirationDateTime = confirmationCode.IssueAt.AddSeconds(confirmationCode.ExpiresIn);
if (DateTimeOffset.UtcNow < expirationDateTime)
{
return(true);
}
await _confirmationCodeStore.Remove(code, subject, cancellationToken).ConfigureAwait(false);
return(false);
}
public async Task <ResourceOwner> AuthenticateResourceOwnerAsync(string login, string password)
{
if (string.IsNullOrWhiteSpace(login))
{
throw new ArgumentNullException(nameof(login));
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException(nameof(password));
}
var resourceOwner = await _resourceOwnerRepository.GetResourceOwnerByClaim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, login).ConfigureAwait(false);
if (resourceOwner == null)
{
return(null);
}
var confirmationCode = await _confirmationCodeStore.Get(password).ConfigureAwait(false);
if (confirmationCode == null || confirmationCode.Subject != resourceOwner.Claims.First(c => c.Type == Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber).Value)
{
return(null);
}
if (confirmationCode.IssueAt.AddSeconds(confirmationCode.ExpiresIn) <= DateTime.UtcNow)
{
return(null);
}
await _confirmationCodeStore.Remove(password).ConfigureAwait(false);
return(resourceOwner);
}
public Task <bool> Remove(string confirmationCode)
{
if (string.IsNullOrWhiteSpace(confirmationCode))
{
throw new ArgumentNullException(nameof(confirmationCode));
}
return(_confirmationCodeStore.Remove(confirmationCode));
}
public async Task <IActionResult> ConfirmCode(
ConfirmCodeViewModel confirmCodeViewModel,
CancellationToken cancellationToken)
{
if (confirmCodeViewModel == null)
{
throw new ArgumentNullException(nameof(confirmCodeViewModel));
}
var user = await SetUser().ConfigureAwait(false);
if (user?.Identity != null && user.Identity.IsAuthenticated)
{
return(RedirectToAction("Index", "User", new { Area = "pwd" }));
}
var authenticatedUser = await _authenticationService
.GetAuthenticatedUser(this, CookieNames.PasswordLessCookieName)
.ConfigureAwait(false);
if (authenticatedUser?.Identity == null || !authenticatedUser.Identity.IsAuthenticated)
{
var message = "SMS authentication cannot be performed";
_logger.LogError(message);
return(SetRedirection(message, Strings.InternalServerError, ErrorCodes.UnhandledExceptionCode));
}
var authenticatedUserClaims = authenticatedUser.Claims.ToArray();
var subject = authenticatedUserClaims.First(c => c.Type == OpenIdClaimTypes.Subject).Value;
var phoneNumber = authenticatedUserClaims.First(c => c.Type == OpenIdClaimTypes.PhoneNumber);
if (confirmCodeViewModel.Action == "resend") // Resend the confirmation code.
{
_ = await _generateAndSendSmsCodeOperation.Execute(phoneNumber.Value, cancellationToken)
.ConfigureAwait(false);
return(Ok(confirmCodeViewModel));
}
// Check the confirmation code.
if (confirmCodeViewModel.ConfirmationCode == null ||
!await _validateConfirmationCode
.Execute(confirmCodeViewModel.ConfirmationCode, subject, cancellationToken)
.ConfigureAwait(false))
{
ModelState.AddModelError("message_error", "Confirmation code is not valid");
return(Ok(confirmCodeViewModel));
}
await _authenticationService.SignOutAsync(
HttpContext,
CookieNames.PasswordLessCookieName,
new AuthenticationProperties())
.ConfigureAwait(false);
var resourceOwnerOption =
await _getUserOperation.Execute(authenticatedUser, cancellationToken).ConfigureAwait(false);
if (resourceOwnerOption is Option <ResourceOwner> .Error e)
{
return(SetRedirection(e.Details.Detail, e.Details.Status.ToString(), e.Details.Title));
}
var resourceOwner = (resourceOwnerOption as Option <ResourceOwner> .Result) !.Item;
if (!string.IsNullOrWhiteSpace(resourceOwner.TwoFactorAuthentication)) // Execute TWO Factor authentication
{
try
{
await SetTwoFactorCookie(authenticatedUserClaims).ConfigureAwait(false);
await _generateAndSendSmsCodeOperation.Execute(phoneNumber.Value, cancellationToken)
.ConfigureAwait(false);
return(RedirectToAction("SendCode", new { code = confirmCodeViewModel.Code }));
}
catch (ClaimRequiredException)
{
return(RedirectToAction("SendCode", new { code = confirmCodeViewModel.Code }));
}
catch (Exception)
{
ModelState.AddModelError("message_error", "Two factor authenticator is not properly configured");
return(Ok(confirmCodeViewModel));
}
}
if (!string.IsNullOrWhiteSpace(confirmCodeViewModel.Code)) // Execute OPENID workflow
{
var request = DataProtector.Unprotect <AuthorizationRequest>(confirmCodeViewModel.Code);
await SetLocalCookie(authenticatedUserClaims, request.session_id !).ConfigureAwait(false);
var issuerName = Request.GetAbsoluteUriWithVirtualPath();
var actionResult = await _authenticateHelper.ProcessRedirection(
request.ToParameter(),
confirmCodeViewModel.Code,
subject,
authenticatedUserClaims,
issuerName,
cancellationToken)
.ConfigureAwait(false);
var result = actionResult.CreateRedirectionFromActionResult(request, _logger);
if (result != null)
{
await LogAuthenticateUser(resourceOwner !.Subject !, actionResult.Amr !).ConfigureAwait(false);
return(result);
}
}
await SetLocalCookie(authenticatedUserClaims, Id.Create())
.ConfigureAwait(false); // Authenticate the resource owner
var modelCode = string.IsNullOrWhiteSpace(confirmCodeViewModel.Code)
? confirmCodeViewModel.ConfirmationCode
: confirmCodeViewModel.Code;
if (!string.IsNullOrWhiteSpace(modelCode))
{
await _confirmationCodeStore.Remove(modelCode, subject, cancellationToken).ConfigureAwait(false);
}
return(RedirectToAction("Index", "User", new { Area = "pwd" }));
}