Пример #1
0
        protected async Task ValidateSecret(TClient client, TokenRequest tokenRequest, ClientCredentials clientCredentials)
        {
            if (tokenRequest.ClientId.IsNullOrEmpty())
            {
                throw new ArgumentNullException(nameof(tokenRequest.ClientId), tokenRequest.GetTypeName());
            }
            clientCredentials.Validate();

            if (client?.Secrets.Count() <= 0)
            {
                throw new OAuthRequestException($"Invalid client secret. Secret not configured for client id '{tokenRequest.ClientId}'.")
                      {
                          RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidGrant
                      };
            }

            foreach (var secret in client.Secrets)
            {
                if (await secretHashLogic.ValidateSecretAsync(secret, clientCredentials.ClientSecret))
                {
                    logger.ScopeTrace($"Down, OAuth Client id '{tokenRequest.ClientId}. Client secret valid.", triggerEvent: true);
                    return;
                }
            }

            throw new OAuthRequestException($"Invalid client secret for client id '{tokenRequest.ClientId}'.")
                  {
                      RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidGrant
                  };
        }
Пример #2
0
        public async Task <User> ValidateUser(string email, string password)
        {
            logger.ScopeTrace($"Validating user '{email}', Route '{RouteBinding.Route}'.");

            ValidateEmail(email);

            var id = await User.IdFormat(new User.IdKey {
                TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName, Email = email
            });

            var user = await tenantRepository.GetAsync <User>(id, false);

            if (user == null)
            {
                await secretHashLogic.ValidateSecretDefaultTimeUsageAsync(password);

                throw new UserNotExistsException($"User '{email}' do not exist."); // UI message: Wrong email or password / Your email was not found
            }

            logger.ScopeTrace($"User '{email}' exists, with user id '{user.UserId}'.");
            if (await secretHashLogic.ValidateSecretAsync(user, password))
            {
                logger.ScopeTrace($"User '{email}', password valid.", triggerEvent: true);
                return(user);
            }
            else
            {
                throw new InvalidPasswordException($"Password invalid, user '{email}'."); // UI message: Wrong email or password / Wrong password
            }
        }
Пример #3
0
        public async Task <User> ValidateTwoFactorAppRecoveryCodeUser(string email, string twoFactorAppRecoveryCode)
        {
            logger.ScopeTrace(() => $"Validating two-factor app recovery code user '{email}', Route '{RouteBinding?.Route}'.");

            var id = await User.IdFormat(new User.IdKey {
                TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName, Email = email
            });

            var user = await tenantRepository.GetAsync <User>(id, required : false);

            if (user == null || user.DisableAccount)
            {
                throw new UserNotExistsException($"User '{user.Email}' do not exist or is disabled, trying to validate two-factor app recovery code.");
            }

            if (user.TwoFactorAppRecoveryCode == null)
            {
                throw new UserNotExistsException($"User '{user.Email}' do not have a two-factor app recovery code, trying to validate two-factor app recovery code.");
            }

            if (await secretHashLogic.ValidateSecretAsync(user.TwoFactorAppRecoveryCode, twoFactorAppRecoveryCode))
            {
                logger.ScopeTrace(() => $"User '{email}' two-factor app recovery code is valid.", triggerEvent: true);
                return(user);
            }
            else
            {
                throw new InvalidRecoveryCodeException($"Two-factor app recovery code invalid, user '{email}'.");
            }
        }