public IActionResult Index() { if (!HttpContext.Session.IsAvailable) { return(View("Index")); } var loggedInUser = GetLoggedInUser(); if (loggedInUser != null) { var authenticated = IsAuthenticated(); if (authenticated) { return(RedirectToAction("Index", "Home")); } var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(loggedInUser.Id) && DateTime.UtcNow < x.ExpiryUtc); if (firstToken == null) { var token = SmsAuthHelper.RequestToken(loggedInUser.PhoneNumber).GetAwaiter().GetResult(); var smsToken = new Token { TokenString = token, ExpiryUtc = DateTime.UtcNow.AddMinutes(5), UserId = loggedInUser.Id, User = loggedInUser }; _db.Tokens.Add(smsToken); _db.SaveChanges(); } return(View("Auth")); } return(View()); }
public async Task <IActionResult> Auth() { if (!HttpContext.Session.IsAvailable) { return(View("Index")); } var loggedInUser = GetLoggedInUser(); var authenticated = IsAuthenticated(); if (loggedInUser == null) { return(View("Index")); } if (loggedInUser.AccessBlocked) { if (DateTime.UtcNow < loggedInUser.AccessBlockedUntilUtc) { return(View("Blocked", loggedInUser.AccessBlockedUntilUtc.Value)); } loggedInUser.AccessBlocked = false; loggedInUser.AccessBlockedUntilUtc = null; _db.Users.Update(loggedInUser).State = EntityState.Modified; _db.SaveChanges(); } if (authenticated) { return(RedirectToAction("Index", "Dashboard")); } var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(loggedInUser.Id) && DateTime.UtcNow < x.ExpiryUtc); if (firstToken == null) { var token = await SmsAuthHelper.RequestToken(loggedInUser.PhoneNumber); var smsToken = new Token { TokenString = token, ExpiryUtc = DateTime.UtcNow.AddMinutes(5), UserId = loggedInUser.Id, User = loggedInUser }; _db.Tokens.Add(smsToken); _db.SaveChanges(); } return(View()); }
public IActionResult Index(string username, string password) { if (!HttpContext.Session.IsAvailable) { return(View("Index")); } var loggedInUser = GetLoggedInUser(); if (loggedInUser != null) { if (loggedInUser.AccessBlocked) { if (DateTime.UtcNow < loggedInUser.AccessBlockedUntilUtc) { return(View("Blocked", loggedInUser.AccessBlockedUntilUtc.Value)); } loggedInUser.AccessBlocked = false; loggedInUser.AccessBlockedUntilUtc = null; _db.Users.Update(loggedInUser).State = EntityState.Modified; _db.SaveChanges(); } var authenticated = IsAuthenticated(); if (authenticated) { return(RedirectToAction("Index", "Home")); } var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(loggedInUser.Id) && DateTime.UtcNow < x.ExpiryUtc); if (firstToken == null) { var token = SmsAuthHelper.RequestToken(loggedInUser.PhoneNumber).GetAwaiter().GetResult(); var smsToken = new Token { TokenString = token, ExpiryUtc = DateTime.UtcNow.AddMinutes(5), UserId = loggedInUser.Id, User = loggedInUser }; _db.Tokens.Add(smsToken); _db.SaveChanges(); } return(View("Auth")); } else { var user = _db.Users.SingleOrDefault(x => x.Username.Equals(username)); if (user == null) { return(View()); } if (user.AccessBlocked) { if (DateTime.UtcNow < user.AccessBlockedUntilUtc) { return(View("Blocked", user.AccessBlockedUntilUtc.Value)); } user.AccessBlocked = false; user.AccessBlockedUntilUtc = null; _db.Users.Update(user).State = EntityState.Modified; _db.SaveChanges(); } var validPass = CryptoHelper.VerifyHash(password, user.Password); if (!validPass) { var tries = HttpContext.Session.GetInt32("LoginFails") ?? 0; tries++; if (tries >= 3) { user.AccessBlocked = true; user.AccessBlockedUntilUtc = DateTime.UtcNow.AddMinutes(5); _db.Users.Update(user).State = EntityState.Modified; _db.SaveChanges(); HttpContext.Session.SetInt32("LoginFails", 0); HttpContext.Session.CommitAsync(); return(View("Blocked", user.AccessBlockedUntilUtc.Value)); } HttpContext.Session.SetInt32("LoginFails", tries); HttpContext.Session.CommitAsync(); return(View()); } HttpContext.Session.SetString("LoggedInUser", user.Id.ToString()); HttpContext.Session.CommitAsync(); var firstToken = _db.Tokens.FirstOrDefault(x => x.UserId.Equals(user.Id)); if (firstToken == null) { var token = SmsAuthHelper.RequestToken(user.PhoneNumber).GetAwaiter().GetResult(); var smsToken = new Token { TokenString = token, ExpiryUtc = DateTime.UtcNow.AddMinutes(5), UserId = user.Id, User = user }; _db.Tokens.Add(smsToken); _db.SaveChanges(); } return(View("Auth")); } }