private string Signe(Application app, User user, string data) { byte[] otp = OtpTools.GenerateOtp(app.AppKey, user.UserKey, data, (OtpAlgorithmEnum)app.OtpSigneAlgorithm); string ret = ""; switch ((OtpValueTypeEnum)app.OtpSigneValueType) { case OtpValueTypeEnum.Raw: ret = Encoding.ASCII.GetString(otp); break; case OtpValueTypeEnum.HexaDecimal: ret = OtpTools.ByteArrayToHexString(otp); break; case OtpValueTypeEnum.Numerical: ret = OtpTools.ByteArrayToDecimalString(otp); break; } if (app.OtpSigneValueLength > 0 && app.OtpSigneValueLength < ret.Length) { ret = ret.Substring(0, app.OtpSigneValueLength); } return(ret); }
public static string HMACSHA1(string value, string salt) { byte[] inBuf = Encoding.UTF8.GetBytes(value); System.Security.Cryptography.HMACSHA1 sha1 = new System.Security.Cryptography.HMACSHA1(Encoding.UTF8.GetBytes(salt)); var hash = sha1.ComputeHash(inBuf); return(OtpTools.ByteArrayToHexString(hash)); }
public static string SHA1(string value) { byte[] inBuf = Encoding.UTF8.GetBytes(value); System.Security.Cryptography.SHA1 sha1 = System.Security.Cryptography.SHA1.Create(); var hash = sha1.ComputeHash(inBuf); return(OtpTools.ByteArrayToHexString(hash)); }
//public async Task<AuthCode> SendCode(string phone, AuthCodeMessageType messageType) //{ // if (string.IsNullOrEmpty(phone)) // throw new ApplicationException(Resx.AppResources.InvalidPhoneException); // var code = OtpTools.GenRandomNumber(6); // var authCode = new AuthCode() // { // Phone = phone, // IsRegistered = false, // MessageType = AuthCodeMessageType.SmsMessageWithCode, // IsPassword = false, // CodeHash = CryptoProvider.SHA1(CryptoProvider.SHA1(code)).ToLower(), // //Token = CryptoProvider.HMACSHA1(phone, OtpTools.GetOtpTime()).ToLower(), // }; // return await Task.Run<AuthCode>(async () => // { // var user = _dataManager.Get<User>(new { Phone = phone }); // if (user != null) // { // authCode.IsRegistered = true; // } // authCode.CreateTime = DateTimeOffset.UtcNow; // authCode.ExpieryTime = DateTimeOffset.UtcNow.AddSeconds(180); // authCode.Id = _dataManager.Insert<AuthCode, long>(authCode); // // Send Message // _notificationProvider?.SendPhoneVerificationMessage(phone, code, user?.AppName, messageType); // return authCode; // }); //} public async Task <AuthCode> SendCode(string recipient, AuthCodeMessageType messageType, string appName) { if (string.IsNullOrEmpty(recipient)) { throw new ApplicationException("Invalid recipient."); } User user = null; if (messageType == AuthCodeMessageType.Email) { user = _dataManager.Get <User>(new { Email = recipient }); } else { user = _dataManager.Get <User>(new { Phone = recipient }); } var code = OtpTools.GenRandomNumber(6); var authCode = new AuthCode() { Recipient = recipient, IsRegistered = user != null, MessageType = messageType, IsPassword = false, CodeHash = CryptoProvider.SHA1(CryptoProvider.SHA1(code)).ToLower(), //Token = CryptoProvider.HMACSHA1(phone, OtpTools.GetOtpTime()).ToLower(), CreateTime = DateTimeOffset.UtcNow, ExpieryTime = messageType == AuthCodeMessageType.Email ? DateTimeOffset.UtcNow.AddDays(30) : DateTimeOffset.UtcNow.AddSeconds(180) }; authCode.Id = _dataManager.Insert <AuthCode, long>(authCode); // Send Message switch (messageType) { case AuthCodeMessageType.SmsMessageWithCode: case AuthCodeMessageType.SmsMessageWithAppLink: case AuthCodeMessageType.ChatMessage: case AuthCodeMessageType.PhoneCall: case AuthCodeMessageType.PushMessage: await _notificationProvider?.SendPhoneVerificationMessage(recipient, user?.DisplayName, code, appName); break; case AuthCodeMessageType.Email: var token = Convert.ToBase64String(Encoding.Unicode.GetBytes($"{recipient}&{code}&{authCode.ExpieryTime}")); var link = $"{EmailVerificationUrl}?token={HttpUtility.UrlEncode(token)}"; await _notificationProvider?.SendEmailVerificationMessage(recipient, user?.DisplayName, link, appName); break; default: break; } return(authCode); }
private bool ValidatePassword(User user, string password) { if (user.PasswordFormat == PasswordFormatType.Otp) { var app = _dataManager.Get <Application>(new { Name = user.AppName }); if (app == null) { throw new ApplicationNotFoundException(); } return(GenerateOtp(app, user, OtpTools.GetOtpTime()) == password); } else if (user.PasswordFormat == PasswordFormatType.OtpMessage) { CheckCode(user.Phone, password, true).GetAwaiter().GetResult(); return(true); } else { return(EncodePassword(password, user.PasswordFormat, user.Name) == user.Password); } }
public bool ValidateOtpByTime(string username, string otp) { return(ValidateOtp(username, OtpTools.GetOtpTime(), otp)); }