Пример #1
0
        public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            string clientId;

            using (var repository = new AuthRepository(Logger))
            {
                AppUser user;
                var     grantType = context.Parameters.Get("grant_type");
                switch (grantType)
                {
                case "password":
                    user = await repository.FindUser(context.Parameters.Get("UserName"), context.Parameters.Get("Password"));

                    if (user == null)
                    {
                        context.SetError("invalid_grant", "The user name or password is incorrect.");
                        return;
                    }

                    clientId = user.Id;

                    if (user.IsGoogleAuthenticatorEnabled)
                    {
                        var totp = context.Parameters.Get("totp");
                        if (totp == null)
                        {
                            context.SetError("invalid_grant", "Set TOTP code");
                            return;
                        }

                        var validated = await repository.ValidateGoogleAuth(totp, user.Id);

                        if (!validated)
                        {
                            context.SetError("invalid_grant", "TOTP code is incorrect");
                            return;
                        }
                    }

                    if (Settings.Default.RequiredEmailConfirmation || !user.EmailConfirmed)
                    {
                        context.SetError("invalid_grant", "Email confirmation is required");
                        return;
                    }

                    break;

                case "esp":
                    var espIdentifier = context.Parameters.Get("espid");
                    if (espIdentifier != null)
                    {
                        user = await repository.FindEsp(espIdentifier);

                        if (user == null)
                        {
                            context.SetError("invalid_grant", "The esp identifier is incorrect.");
                            return;
                        }

                        clientId = user.Id;
                    }
                    else
                    {
                        context.SetError("invalid_grant");
                        return;
                    }

                    break;

                default:
                    context.SetError("Bad grant_type");
                    return;
                }
            }

            context.Validated(clientId);
        }