public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { if (!ModelState.IsValid) { return(View(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Không thể tải người dùng xác thực hai yếu tố."); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { _logger.LogInformation("Người dùng có ID {UserId} đã đăng nhập bằng mã khôi phục.", user.Id); return(RedirectToLocal(returnUrl)); } if (result.IsLockedOut) { _logger.LogWarning("Người dùng có tài khoản ID {UserId} bị khóa.", user.Id); return(RedirectToAction(nameof(Lockout))); } else { _logger.LogWarning("Mã khôi phục không hợp lệ được nhập cho người dùng có ID {UserId}", user.Id); ModelState.AddModelError(string.Empty, "Mã khôi phục không hợp lệ được nhập."); return(View()); } }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { if (!ModelState.IsValid) { return(View(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Unable to load two-factor authentication user."); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { _logger.LogInformation("User with ID {UserId} logged in with a recovery code.", user.Id); return(RedirectToLocal(returnUrl)); } if (result.IsLockedOut) { _logger.LogWarning("User with ID {UserId} account locked out.", user.Id); return(RedirectToAction(nameof(Lockout))); } else { _logger.LogWarning("Invalid recovery code entered for user with ID {UserId}", user.Id); ModelState.AddModelError(string.Empty, "Invalid recovery code entered."); return(View()); } }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new InvalidOperationException(_localizer["Unable2FA"]); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { return(LocalRedirect(string.IsNullOrEmpty(model.ReturnUrl) ? "~/" : model.ReturnUrl)); } if (result.IsLockedOut) { return(View("Lockout")); } ModelState.AddModelError(string.Empty, _localizer["InvalidRecoveryCode"]); return(View(model)); }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { if (!ModelState.IsValid) { return(View(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Não é possível carregar o usuário de autenticação de dois fatores."); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { _logger.LogInformation("Usuário com ID {UserId} logado com um código de recuperação.", user.Id); return(RedirectToLocal(returnUrl)); } if (result.IsLockedOut) { _logger.LogWarning("Usuário com ID {UserId} conta bloqueada.", user.Id); return(RedirectToAction(nameof(Lockout))); } else { _logger.LogWarning("Código de recuperação inválido digitado para o usuário com o ID {UserId}", user.Id); ModelState.AddModelError(string.Empty, "Código de recuperação inválido digitado."); return(View()); } }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { if (!ModelState.IsValid) { return(View(model)); } return(View()); }
public virtual async Task <UserLoginResult> TryLoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model) { var template = new LoginResultTemplate(); IUserContext userContext = null; template.User = await SignInManager.GetTwoFactorAuthenticationUserAsync(); if (template.User != null) { await LoginRulesProcessor.ProcessAccountLoginRules(template); } if (template.User != null) { //this will get persisted if login succeeds template.User.BrowserKey = Guid.NewGuid().ToString(); userContext = new UserContext(template.User); } if (userContext != null && template.SignInResult == SignInResult.Failed && //initial state template.RejectReasons.Count == 0 ) { var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); template.SignInResult = await SignInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); } if (template.SignInResult.Succeeded) { //update last login time and browser key template.User.LastLoginUtc = DateTime.UtcNow; await UserManager.UpdateAsync(template.User); if (UserManager.Site.SingleBrowserSessions) { //the sign in we just did won't have the new browserkey claim so sign out and sign in again to ensure it gets the claim await SignInManager.SignOutAsync(); await SignInManager.SignInAsync(template.User, isPersistent : false); } } return(new UserLoginResult( template.SignInResult, template.RejectReasons, userContext, template.IsNewUserRegistration, template.MustAcceptTerms, template.NeedsAccountApproval, template.NeedsEmailConfirmation, template.EmailConfirmationToken, template.NeedsPhoneConfirmation )); }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { LoggerController.AddBeginMethodLog(this.GetType().Name, MethodBase.GetCurrentMethod().Name); s.Restart(); if (!ModelState.IsValid) { s.Stop(); LoggerController.AddEndMethodLog(this.GetType().Name, MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds); return(View(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Nie udało się odnaleźć użytkownika."); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { _logger.LogInformation("User with ID {UserId} logged in with a " + "recovery code.", user.Id); s.Stop(); LoggerController.AddEndMethodLog(this.GetType().Name, MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds); return(RedirectToLocal(returnUrl)); } if (result.IsLockedOut) { _logger.LogWarning("User with ID {UserId} account locked out.", user.Id); s.Stop(); LoggerController.AddEndMethodLog(this.GetType().Name, MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds); return(RedirectToAction(nameof(Lockout))); } else { _logger.LogWarning("Invalid recovery code entered for user with" + " ID {UserId}", user.Id); ModelState.AddModelError(string.Empty, "Niepoprawny kod bezpieczeństwa."); s.Stop(); LoggerController.AddEndMethodLog(this.GetType().Name, MethodBase.GetCurrentMethod().Name, s.ElapsedMilliseconds); return(View()); } }
public async Task <IActionResult> LoginCode(string returnUrl = null) { // Ensure the user has gone through the username & password screen first var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Unable to load two-factor authentication user."); } var model = new LoginWithRecoveryCodeViewModel { ReturnUrl = returnUrl }; return(View(model)); }
public async Task <IActionResult> LoginWithRecoveryCode([FromBody] LoginWithRecoveryCodeViewModel model) { var userId = await RetrieveBearerTwoFactorUserIdAsync(); if (string.IsNullOrEmpty(userId)) { return(BadRequest(new ApiBadRequestResponse(ModelState, "Unable to login with 2FA recovery code."))); } var user = await _userManager.FindByIdAsync(userId); if (user is null) { _logger.LogWarning("Unable to load user with ID {UserId}.", userId); return(BadRequest(new ApiBadRequestResponse(ModelState, "Unable to login with 2FA recovery code."))); } if (!await _signInManager.CanSignInAsync(user) || (_userManager.SupportsUserLockout && await _userManager.IsLockedOutAsync(user))) { _logger.LogWarning("Unable to sign in user with ID {UserId}.", userId); return(BadRequest(new ApiBadRequestResponse(ModelState, "The specified user cannot sign in."))); } // Strip spaces and hypens var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty).Replace("-", string.Empty); var result = await _userManager.RedeemTwoFactorRecoveryCodeAsync(user, recoveryCode); if (result.Succeeded) { // When token is verified correctly, clear the access failed count used for lockout if (_userManager.SupportsUserLockout) { await _userManager.ResetAccessFailedCountAsync(user); } _logger.LogInformation("User with ID {UserId} logged in with 2FA recovery code.", user.Id); var jwt = await GetUserTokenAsync(user); return(Ok(new ApiOkResponse(jwt).Result)); } // We don't protect against brute force attacks since codes are expected to be random _logger.LogWarning("Invalid recovery code entered for user with ID {UserId}.", user.Id); return(Unauthorized(new ApiUnauthorizedResponse("Invalid recovery code or already used."))); }
public async Task <IActionResult> LoginWithRecoveryCode(string returnUrl = null) { // Ensure the user has gone through the username & password screen first var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new InvalidOperationException(_localizer["Unable2FA"]); } var model = new LoginWithRecoveryCodeViewModel() { ReturnUrl = returnUrl }; return(View(model)); }
public virtual async Task <UserLoginResult> TryLoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model) { var template = new LoginResultTemplate(); IUserContext userContext = null; template.User = await SignInManager.GetTwoFactorAuthenticationUserAsync(); if (template.User != null) { await LoginRulesProcessor.ProcessAccountLoginRules(template); } if (template.User != null) { userContext = new UserContext(template.User); } if (userContext != null && template.SignInResult == SignInResult.Failed && //initial state template.RejectReasons.Count == 0 ) { var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); template.SignInResult = await SignInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); } if (template.SignInResult.Succeeded) { //update last login time template.User.LastLoginUtc = DateTime.UtcNow; await UserManager.UpdateAsync(template.User); } return(new UserLoginResult( template.SignInResult, template.RejectReasons, userContext, template.IsNewUserRegistration, template.MustAcceptTerms, template.NeedsAccountApproval, template.NeedsEmailConfirmation, template.EmailConfirmationToken, template.NeedsPhoneConfirmation )); }
public async Task <IActionResult> LoginWithRecoveryCode(string returnUrl = null) { var user = await _identityService.GetTwoFactorAuthenticationUser(); if (user == null) { return(RedirectToAction(nameof(Login))); } var model = new LoginWithRecoveryCodeViewModel() { ReturnUrl = returnUrl }; ViewData["ReturnUrl"] = returnUrl; return(View(model)); }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { if (!ModelState.IsValid) { return(View(model)); } var user = await signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { logger.LogWarning($"Не удается установить двухфакторную аутентификацию пользователя"); throw new ApplicationException($"Не удается установить двухфакторную аутентификацию пользователя"); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { await db.AddLogAccess(user.Email, "Пользователь вошел с кодом восстановления", Request.Headers["User-Agent"].ToString()); return(RedirectToLocal(returnUrl)); } if (result.IsLockedOut) { await db.AddLogAccess(user.Email, "Пользователь заблокирован", Request.Headers["User-Agent"].ToString()); return(RedirectToAction(nameof(Lockout))); } else { await db.AddLogAccess(user.Email, "Пользователь неверно ввел код восстановления", Request.Headers["User-Agent"].ToString()); ModelState.AddModelError(string.Empty, "Неверно введен код восстановления"); return(View()); } }
public virtual async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { ViewData["Title"] = StringLocalizer["Recovery code verification"]; if (!ModelState.IsValid) { return(View(model)); } var result = await AccountService.TryLoginWithRecoveryCode(model); if (result.SignInResult.Succeeded) { return(await HandleLoginSuccess(result, returnUrl)); } foreach (var reason in result.RejectReasons) { //these reasons are not meant to be shown in the ui // but we can log them so admin will see failed attempts in the log along with reasons Log.LogWarning(reason); } if (result.SignInResult.IsNotAllowed) { return(await HandleLoginNotAllowed(result, returnUrl)); } if (result.SignInResult.IsLockedOut) { return(await HandleLockout(result)); } else { Analytics.HandleLoginFail("Onsite", StringLocalizer["Invalid recovery code entered."]).Forget(); ModelState.AddModelError(string.Empty, StringLocalizer["Invalid recovery code entered."]); return(View(model)); } }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { if (!ModelState.IsValid) { return(View(model)); } try { var loginResponse = await _mediator.Send(new LoginRecoveryCommand() { RecoveryCode = model.RecoveryCode.Replace(" ", string.Empty), }); if (loginResponse.LoginResult.SignInResult.Succeeded) { if (_interaction.IsValidReturnUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect(Url.HomeLink())); } else if (loginResponse.LoginResult.SignInResult.IsLockedOut) { return(RedirectToAction(nameof(Lockout))); } else { ModelState.AddModelError("", "Invalid recovery code entered."); } } catch (ValidationException ex) { AddErrors(ex); } ViewData["ReturnUrl"] = model.ReturnUrl; return(View(model)); }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, Uri returnUrl = null) { if (model == null) { return(NotFound()); } if (!ModelState.IsValid) { return(View(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync().ConfigureAwait(false); if (user == null) { throw new ApplicationException(_localizer[$"Unable to load two-factor authentication user."]); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty, StringComparison.InvariantCultureIgnoreCase); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode).ConfigureAwait(false); if (result.Succeeded) { _logger.LogInformation(_localizer["User with ID {UserId} logged in with a recovery code."], user.Id); return(RedirectToLocal(returnUrl?.AbsoluteUri)); } if (result.IsLockedOut) { _logger.LogWarning(_localizer["User with ID {UserId} account locked out."], user.Id); return(RedirectToAction(nameof(Lockout))); } else { _logger.LogWarning(_localizer["Invalid recovery code entered for user with ID {UserId}"], user.Id); ModelState.AddModelError(string.Empty, "Invalid recovery code entered."); return(View()); } }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { ViewData["Page"] = "loginwithrecoverycode"; if (!ModelState.IsValid) { return(View("~/Views/Home/index.cshtml", model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Unabletoloadtwo-factorauthenticationuser."); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.Succeeded) { if (returnUrl == null) { returnUrl = "/account/"; } return(LocalRedirect(returnUrl)); } if (result.IsLockedOut) { ViewData["Page"] = "lockout"; return(RedirectToAction(nameof(HomeController.Index), "Home")); } else { ModelState.AddModelError(string.Empty, SiteConfig.generalLocalizer["_invalid_recovery_code_entered"].Value); return(View("~/Views/Home/index.cshtml")); } }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model) { if (!ModelState.IsValid) { return(BadRequest(model)); } var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); if (user == null) { throw new ApplicationException($"Unable to load two-factor authentication user."); } var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); if (result.IsLockedOut) { Ok(new ApiResultOutput { Success = false, Message = "User account is locked out." }); } if (!result.Succeeded) { return(BadRequest(new ApiResultOutput { Success = false, Message = "Invalid recovery code entered." })); } return(Ok(new ApiResultOutput { Success = true })); }
public async Task <IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) { ViewData["Title"] = sr["Recovery code verification"]; if (!ModelState.IsValid) { return(View(model)); } //var user = await accountService.GetTwoFactorAuthenticationUserAsync(); //if (user == null) //{ // throw new ApplicationException($"Unable to load two-factor authentication user."); //} //var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty); //var result = await accountService.TwoFactorRecoveryCodeSignInAsync(recoveryCode); //if (result.Succeeded) //{ // //_logger.LogInformation("User with ID {UserId} logged in with a recovery code.", user.Id); // return LocalRedirect(returnUrl); //} //if (result.IsLockedOut) //{ // //_logger.LogWarning("User with ID {UserId} account locked out.", user.Id); // return HandleLockout(); //} //else //{ // //_logger.LogWarning("Invalid recovery code entered for user with ID {UserId}", user.Id); // ModelState.AddModelError(string.Empty, "Invalid recovery code entered."); // return View(); //} var result = await accountService.TryLoginWithRecoveryCode(model); if (result.SignInResult.Succeeded) { return(await HandleLoginSuccess(result, returnUrl)); } foreach (var reason in result.RejectReasons) { //these reasons are not meant to be shown in the ui // but we can log them so admin will see failed attempts in the log along with reasons log.LogWarning(reason); } if (result.SignInResult.IsNotAllowed) { return(HandleLoginNotAllowed(result)); } if (result.SignInResult.IsLockedOut) { return(HandleLockout(result)); } else { analytics.HandleLoginFail("Onsite", sr["Invalid recovery code entered."]).Forget(); ModelState.AddModelError(string.Empty, sr["Invalid recovery code entered."]); return(View(model)); } }