[Create(@"{code}", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken, string code)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail);
try
{
SmsManager.ValidateSmsCode(user, code);
var token = SecurityContext.AuthenticateMe(user.ID);
MessageService.Send(Request, MessageAction.LoginSuccessViaApiSms);
var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId;
var expires = TenantCookieSettings.GetExpiresTime(tenant);
return(new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(expires),
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone)
});
}
catch
{
MessageService.Send(Request, user.DisplayUserName(false), MessageAction.LoginFailViaApiSms, MessageTarget.Create(user.ID));
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
public object SendSmsCodeAgain(string query)
{
var user = GetUser(query);
SmsManager.PutAuthCode(user, true);
return
(new
{
phoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone),
confirm = true,
});
}
private AuthenticationTokenData SendSmsCode(AuthModel model)
{
var user = GetUser(model, out _);
SmsManager.PutAuthCode(user, true);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone),
Expires = new ApiDateTime(TenantManager, TimeZoneConverter, DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval))
});
}
[Create(@"", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail);
if (!StudioSmsNotificationSettings.IsVisibleSettings || !StudioSmsNotificationSettings.Enable)
{
try
{
var token = SecurityContext.AuthenticateMe(user.ID);
MessageService.Send(Request, viaEmail ? MessageAction.LoginSuccessViaApi : MessageAction.LoginSuccessViaApiSocialAccount);
var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId;
var expires = TenantCookieSettings.GetExpiresTime(tenant);
return(new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(expires)
});
}
catch
{
MessageService.Send(Request, user.DisplayUserName(false), viaEmail ? MessageAction.LoginFailViaApi : MessageAction.LoginFailViaApiSocialAccount);
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
{
return new AuthenticationTokenData
{
Sms = true
}
}
;
SmsManager.PutAuthCode(user, false);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone),
Expires = new ApiDateTime(DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval))
});
}
[Create(@"sendsms", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public AuthenticationTokenData SendSmsCode(string userName, string password, string provider, string accessToken)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail);
SmsManager.PutAuthCode(user, true);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone),
Expires = new ApiDateTime(DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval))
});
}
[Create(@"setphone", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public AuthenticationTokenData SaveMobilePhone(string userName, string password, string provider, string accessToken, string mobilePhone)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail);
mobilePhone = SmsManager.SaveMobilePhone(user, mobilePhone);
MessageService.Send(HttpContext.Current.Request, MessageAction.UserUpdatedMobileNumber, MessageTarget.Create(user.ID), user.DisplayUserName(false), mobilePhone);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(mobilePhone),
Expires = new ApiDateTime(DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval))
});
}
private AuthenticationTokenData SaveMobilePhone(MobileModel model)
{
ApiContext.AuthByClaim();
var user = UserManager.GetUsers(AuthContext.CurrentAccount.ID);
model.MobilePhone = SmsManager.SaveMobilePhone(user, model.MobilePhone);
MessageService.Send(MessageAction.UserUpdatedMobileNumber, MessageTarget.Create(user.ID), user.DisplayUserName(false, DisplayUserSettingsHelper), model.MobilePhone);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(model.MobilePhone),
Expires = new ApiDateTime(TenantManager, TimeZoneConverter, DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval))
});
}
public object SaveMobilePhone(string query, string mobilePhone)
{
var user = GetUser(query);
mobilePhone = SmsManager.SaveMobilePhone(user, mobilePhone);
MessageService.Send(HttpContext.Current.Request, MessageAction.UserUpdatedMobileNumber, MessageTarget.Create(user.ID), user.DisplayUserName(false), mobilePhone);
var mustConfirm = StudioSmsNotificationSettings.Enable;
return
(new
{
phoneNoise = SmsSender.BuildPhoneNoise(mobilePhone),
confirm = mustConfirm,
RefererURL = mustConfirm ? string.Empty : Context.GetRefererURL()
});
}
[Create(@"{code}", false, false)] //NOTE: This method doesn't require auth!!! //NOTE: This method doesn't check payment!!!
public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken, string code, string codeOAuth)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail, codeOAuth);
var sms = false;
try
{
if (StudioSmsNotificationSettings.IsVisibleAndAvailableSettings && StudioSmsNotificationSettings.Enable)
{
sms = true;
SmsManager.ValidateSmsCode(user, code, true);
}
else if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable)
{
if (user.ValidateAuthCode(code, true, true))
{
MessageService.Send(Request, MessageAction.UserConnectedTfaApp, MessageTarget.Create(user.ID));
}
}
else
{
throw new SecurityException("Auth code is not available");
}
var token = CookiesManager.AuthenticateMeAndSetCookies(user.Tenant, user.ID, MessageAction.LoginSuccess);
var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId;
var expires = TenantCookieSettings.GetExpiresTime(tenant);
var result = new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(expires)
};
if (sms)
{
result.Sms = true;
result.PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone);
}
else
{
result.Tfa = true;
}
return(result);
}
catch
{
MessageService.Send(Request, user.DisplayUserName(false), sms
? MessageAction.LoginFailViaApiSms
: MessageAction.LoginFailViaApiTfa,
MessageTarget.Create(user.ID));
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
private AuthenticationTokenData AuthenticateMeWithCode(AuthModel auth)
{
var tenant = TenantManager.GetCurrentTenant().TenantId;
var user = GetUser(auth, out _);
var sms = false;
try
{
if (StudioSmsNotificationSettingsHelper.IsVisibleSettings() && StudioSmsNotificationSettingsHelper.Enable)
{
sms = true;
SmsManager.ValidateSmsCode(user, auth.Code);
}
else if (TfaAppAuthSettings.IsVisibleSettings && SettingsManager.Load <TfaAppAuthSettings>().EnableSetting)
{
if (TfaManager.ValidateAuthCode(user, auth.Code))
{
MessageService.Send(MessageAction.UserConnectedTfaApp, MessageTarget.Create(user.ID));
}
}
else
{
throw new System.Security.SecurityException("Auth code is not available");
}
var token = SecurityContext.AuthenticateMe(user.ID);
MessageService.Send(sms ? MessageAction.LoginSuccessViaApiSms : MessageAction.LoginSuccessViaApiTfa);
;
var expires = TenantCookieSettingsHelper.GetExpiresTime(tenant);
var result = new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(TenantManager, TimeZoneConverter, expires)
};
if (sms)
{
result.Sms = true;
result.PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone);
}
else
{
result.Tfa = true;
}
return(result);
}
catch
{
MessageService.Send(user.DisplayUserName(false, DisplayUserSettingsHelper), sms
? MessageAction.LoginFailViaApiSms
: MessageAction.LoginFailViaApiTfa,
MessageTarget.Create(user.ID));
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
private AuthenticationTokenData AuthenticateMe(AuthModel auth)
{
bool viaEmail;
var user = GetUser(auth, out viaEmail);
if (StudioSmsNotificationSettingsHelper.IsVisibleSettings() && StudioSmsNotificationSettingsHelper.Enable)
{
if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
{
return new AuthenticationTokenData
{
Sms = true,
ConfirmUrl = CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.PhoneActivation)
}
}
;
SmsManager.PutAuthCode(user, false);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone),
Expires = new ApiDateTime(TenantManager, TimeZoneConverter, DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval)),
ConfirmUrl = CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.PhoneAuth)
});
}
if (TfaAppAuthSettings.IsVisibleSettings && SettingsManager.Load <TfaAppAuthSettings>().EnableSetting)
{
if (!TfaAppUserSettings.EnableForUser(SettingsManager, user.ID))
{
return new AuthenticationTokenData
{
Tfa = true,
TfaKey = TfaManager.GenerateSetupCode(user).ManualEntryKey,
ConfirmUrl = CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.TfaActivation)
}
}
;
return(new AuthenticationTokenData
{
Tfa = true,
ConfirmUrl = CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.TfaAuth)
});
}
try
{
var token = SecurityContext.AuthenticateMe(user.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, token, auth.Session);
MessageService.Send(viaEmail ? MessageAction.LoginSuccessViaApi : MessageAction.LoginSuccessViaApiSocialAccount);
var tenant = TenantManager.GetCurrentTenant().TenantId;
var expires = TenantCookieSettingsHelper.GetExpiresTime(tenant);
return(new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(TenantManager, TimeZoneConverter, expires)
});
}
catch
{
MessageService.Send(user.DisplayUserName(false, DisplayUserSettingsHelper), viaEmail ? MessageAction.LoginFailViaApi : MessageAction.LoginFailViaApiSocialAccount);
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
