Пример #1
0
        public async Task When_Passing_Null_Parameter_Then_Returns_False()
        {
            var result = await _validateConfirmationCodeAction.Execute(null, null, CancellationToken.None)
                         .ConfigureAwait(false);

            Assert.False(result);
        }
Пример #2
0
        public async Task <IActionResult> ConfirmCode(
            ConfirmCodeViewModel confirmCodeViewModel,
            CancellationToken cancellationToken)
        {
            if (confirmCodeViewModel == null)
            {
                throw new ArgumentNullException(nameof(confirmCodeViewModel));
            }

            var user = await SetUser().ConfigureAwait(false);

            if (user?.Identity != null && user.Identity.IsAuthenticated)
            {
                return(RedirectToAction("Index", "User", new { Area = "pwd" }));
            }

            var authenticatedUser = await _authenticationService
                                    .GetAuthenticatedUser(this, CookieNames.PasswordLessCookieName)
                                    .ConfigureAwait(false);

            if (authenticatedUser?.Identity == null || !authenticatedUser.Identity.IsAuthenticated)
            {
                var message = "SMS authentication cannot be performed";
                _logger.LogError(message);
                return(SetRedirection(message, Strings.InternalServerError, ErrorCodes.UnhandledExceptionCode));
            }

            var authenticatedUserClaims = authenticatedUser.Claims.ToArray();
            var subject     = authenticatedUserClaims.First(c => c.Type == OpenIdClaimTypes.Subject).Value;
            var phoneNumber = authenticatedUserClaims.First(c => c.Type == OpenIdClaimTypes.PhoneNumber);

            if (confirmCodeViewModel.Action == "resend") // Resend the confirmation code.
            {
                _ = await _generateAndSendSmsCodeOperation.Execute(phoneNumber.Value, cancellationToken)
                    .ConfigureAwait(false);

                return(Ok(confirmCodeViewModel));
            }

            // Check the confirmation code.
            if (confirmCodeViewModel.ConfirmationCode == null ||
                !await _validateConfirmationCode
                .Execute(confirmCodeViewModel.ConfirmationCode, subject, cancellationToken)
                .ConfigureAwait(false))
            {
                ModelState.AddModelError("message_error", "Confirmation code is not valid");
                return(Ok(confirmCodeViewModel));
            }

            await _authenticationService.SignOutAsync(
                HttpContext,
                CookieNames.PasswordLessCookieName,
                new AuthenticationProperties())
            .ConfigureAwait(false);

            var resourceOwnerOption =
                await _getUserOperation.Execute(authenticatedUser, cancellationToken).ConfigureAwait(false);

            if (resourceOwnerOption is Option <ResourceOwner> .Error e)
            {
                return(SetRedirection(e.Details.Detail, e.Details.Status.ToString(), e.Details.Title));
            }

            var resourceOwner = (resourceOwnerOption as Option <ResourceOwner> .Result) !.Item;

            if (!string.IsNullOrWhiteSpace(resourceOwner.TwoFactorAuthentication)) // Execute TWO Factor authentication
            {
                try
                {
                    await SetTwoFactorCookie(authenticatedUserClaims).ConfigureAwait(false);

                    await _generateAndSendSmsCodeOperation.Execute(phoneNumber.Value, cancellationToken)
                    .ConfigureAwait(false);

                    return(RedirectToAction("SendCode", new { code = confirmCodeViewModel.Code }));
                }
                catch (ClaimRequiredException)
                {
                    return(RedirectToAction("SendCode", new { code = confirmCodeViewModel.Code }));
                }
                catch (Exception)
                {
                    ModelState.AddModelError("message_error", "Two factor authenticator is not properly configured");
                    return(Ok(confirmCodeViewModel));
                }
            }

            if (!string.IsNullOrWhiteSpace(confirmCodeViewModel.Code)) // Execute OPENID workflow
            {
                var request = DataProtector.Unprotect <AuthorizationRequest>(confirmCodeViewModel.Code);
                await SetLocalCookie(authenticatedUserClaims, request.session_id !).ConfigureAwait(false);

                var issuerName   = Request.GetAbsoluteUriWithVirtualPath();
                var actionResult = await _authenticateHelper.ProcessRedirection(
                    request.ToParameter(),
                    confirmCodeViewModel.Code,
                    subject,
                    authenticatedUserClaims,
                    issuerName,
                    cancellationToken)
                                   .ConfigureAwait(false);

                var result = actionResult.CreateRedirectionFromActionResult(request, _logger);
                if (result != null)
                {
                    await LogAuthenticateUser(resourceOwner !.Subject !, actionResult.Amr !).ConfigureAwait(false);

                    return(result);
                }
            }

            await SetLocalCookie(authenticatedUserClaims, Id.Create())
            .ConfigureAwait(false);     // Authenticate the resource owner

            var modelCode = string.IsNullOrWhiteSpace(confirmCodeViewModel.Code)
                ? confirmCodeViewModel.ConfirmationCode
                : confirmCodeViewModel.Code;

            if (!string.IsNullOrWhiteSpace(modelCode))
            {
                await _confirmationCodeStore.Remove(modelCode, subject, cancellationToken).ConfigureAwait(false);
            }

            return(RedirectToAction("Index", "User", new { Area = "pwd" }));
        }