private string Signe(Application app, User user, string data)
{
byte[] otp = OtpTools.GenerateOtp(app.AppKey, user.UserKey, data, (OtpAlgorithmEnum)app.OtpSigneAlgorithm);
string ret = "";
switch ((OtpValueTypeEnum)app.OtpSigneValueType)
{
case OtpValueTypeEnum.Raw:
ret = Encoding.ASCII.GetString(otp);
break;
case OtpValueTypeEnum.HexaDecimal:
ret = OtpTools.ByteArrayToHexString(otp);
break;
case OtpValueTypeEnum.Numerical:
ret = OtpTools.ByteArrayToDecimalString(otp);
break;
}
if (app.OtpSigneValueLength > 0 && app.OtpSigneValueLength < ret.Length)
{
ret = ret.Substring(0, app.OtpSigneValueLength);
}
return(ret);
}
public static string HMACSHA1(string value, string salt)
{
byte[] inBuf = Encoding.UTF8.GetBytes(value);
System.Security.Cryptography.HMACSHA1 sha1 = new System.Security.Cryptography.HMACSHA1(Encoding.UTF8.GetBytes(salt));
var hash = sha1.ComputeHash(inBuf);
return(OtpTools.ByteArrayToHexString(hash));
}
public static string SHA1(string value)
{
byte[] inBuf = Encoding.UTF8.GetBytes(value);
System.Security.Cryptography.SHA1 sha1 = System.Security.Cryptography.SHA1.Create();
var hash = sha1.ComputeHash(inBuf);
return(OtpTools.ByteArrayToHexString(hash));
}
//public async Task<AuthCode> SendCode(string phone, AuthCodeMessageType messageType)
//{
// if (string.IsNullOrEmpty(phone))
// throw new ApplicationException(Resx.AppResources.InvalidPhoneException);
// var code = OtpTools.GenRandomNumber(6);
// var authCode = new AuthCode()
// {
// Phone = phone,
// IsRegistered = false,
// MessageType = AuthCodeMessageType.SmsMessageWithCode,
// IsPassword = false,
// CodeHash = CryptoProvider.SHA1(CryptoProvider.SHA1(code)).ToLower(),
// //Token = CryptoProvider.HMACSHA1(phone, OtpTools.GetOtpTime()).ToLower(),
// };
// return await Task.Run<AuthCode>(async () =>
// {
// var user = _dataManager.Get<User>(new { Phone = phone });
// if (user != null)
// {
// authCode.IsRegistered = true;
// }
// authCode.CreateTime = DateTimeOffset.UtcNow;
// authCode.ExpieryTime = DateTimeOffset.UtcNow.AddSeconds(180);
// authCode.Id = _dataManager.Insert<AuthCode, long>(authCode);
// // Send Message
// _notificationProvider?.SendPhoneVerificationMessage(phone, code, user?.AppName, messageType);
// return authCode;
// });
//}
public async Task <AuthCode> SendCode(string recipient, AuthCodeMessageType messageType, string appName)
{
if (string.IsNullOrEmpty(recipient))
{
throw new ApplicationException("Invalid recipient.");
}
User user = null;
if (messageType == AuthCodeMessageType.Email)
{
user = _dataManager.Get <User>(new { Email = recipient });
}
else
{
user = _dataManager.Get <User>(new { Phone = recipient });
}
var code = OtpTools.GenRandomNumber(6);
var authCode = new AuthCode()
{
Recipient = recipient,
IsRegistered = user != null,
MessageType = messageType,
IsPassword = false,
CodeHash = CryptoProvider.SHA1(CryptoProvider.SHA1(code)).ToLower(),
//Token = CryptoProvider.HMACSHA1(phone, OtpTools.GetOtpTime()).ToLower(),
CreateTime = DateTimeOffset.UtcNow,
ExpieryTime = messageType == AuthCodeMessageType.Email ? DateTimeOffset.UtcNow.AddDays(30) : DateTimeOffset.UtcNow.AddSeconds(180)
};
authCode.Id = _dataManager.Insert <AuthCode, long>(authCode);
// Send Message
switch (messageType)
{
case AuthCodeMessageType.SmsMessageWithCode:
case AuthCodeMessageType.SmsMessageWithAppLink:
case AuthCodeMessageType.ChatMessage:
case AuthCodeMessageType.PhoneCall:
case AuthCodeMessageType.PushMessage:
await _notificationProvider?.SendPhoneVerificationMessage(recipient, user?.DisplayName, code, appName);
break;
case AuthCodeMessageType.Email:
var token = Convert.ToBase64String(Encoding.Unicode.GetBytes($"{recipient}&{code}&{authCode.ExpieryTime}"));
var link = $"{EmailVerificationUrl}?token={HttpUtility.UrlEncode(token)}";
await _notificationProvider?.SendEmailVerificationMessage(recipient, user?.DisplayName, link, appName);
break;
default:
break;
}
return(authCode);
}
private bool ValidatePassword(User user, string password)
{
if (user.PasswordFormat == PasswordFormatType.Otp)
{
var app = _dataManager.Get <Application>(new { Name = user.AppName });
if (app == null)
{
throw new ApplicationNotFoundException();
}
return(GenerateOtp(app, user, OtpTools.GetOtpTime()) == password);
}
else if (user.PasswordFormat == PasswordFormatType.OtpMessage)
{
CheckCode(user.Phone, password, true).GetAwaiter().GetResult();
return(true);
}
else
{
return(EncodePassword(password, user.PasswordFormat, user.Name) == user.Password);
}
}
public bool ValidateOtpByTime(string username, string otp)
{
return(ValidateOtp(username, OtpTools.GetOtpTime(), otp));
}
