public string TfaAppNewApp(TfaModel model) { var isMe = model.Id.Equals(Guid.Empty); var user = CoreContext.UserManager.GetUsers(isMe ? SecurityContext.CurrentAccount.ID : model.Id); if (!isMe && !SecurityContext.CheckPermissions(Tenant, new UserSecurityProvider(user.ID), Constants.Action_EditUser)) { throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied); } if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(user.ID)) { throw new Exception(Resource.TfaAppNotAvailable); } if (user.IsVisitor(Tenant) || user.IsOutsider(Tenant)) { throw new NotSupportedException("Not available."); } TfaAppUserSettings.DisableForUser(user.ID); MessageService.Send(MessageAction.UserDisconnectedTfaApp, MessageTarget.Create(user.ID), user.DisplayUserName(false)); if (isMe) { return(CommonLinkUtility.GetConfirmationUrl(Tenant.TenantId, user.Email, ConfirmType.TfaActivation)); } StudioNotifyService.SendMsgTfaReset(Tenant.TenantId, user); return(string.Empty); }
public async Task <APIResponse> Tfa([FromBody] TfaModel model) { // validate if (BaseValidableModel.IsInvalid(model, out var errFields)) { return(APIResponse.BadRequest(errFields)); } var audience = GetCurrentAudience(); if (audience == null) { return(APIResponse.BadRequest(APIErrorCode.Unauthorized)); } var user = await GetUserFromDb(); if (user != null && user.TwoFactorEnabled) { // locked out if (await UserManager.IsLockedOutAsync(user)) { return(APIResponse.BadRequest(APIErrorCode.AccountLocked, "Too many unsuccessful attempts. Account is locked, try to sign in later")); } // by code if (GoogleAuthenticator.Validate(model.Code, user.TfaSecret)) { return(OnSignInResultCheck( services: HttpContext.RequestServices, result: Microsoft.AspNetCore.Identity.SignInResult.Success, user: user, audience: audience.Value, tfaRequired: false )); } // +1 failed login DbContext.Attach <DAL.Models.Identity.User>(user); await UserManager.AccessFailedAsync(user); } return(APIResponse.BadRequest(nameof(model.Code), "Invalid code")); }
public bool TfaSettings(TfaModel model) { SecurityContext.DemandPermissions(Tenant, SecutiryConstants.EditPortalSettings); var result = false; MessageAction action; switch (model.Type) { case "sms": if (!StudioSmsNotificationSettings.IsVisibleSettings) { throw new Exception(Resource.SmsNotAvailable); } if (!SmsProviderManager.Enabled()) { throw new MethodAccessException(); } StudioSmsNotificationSettings.Enable = true; action = MessageAction.TwoFactorAuthenticationEnabledBySms; if (TfaAppAuthSettings.Enable) { TfaAppAuthSettings.Enable = false; } result = true; break; case "app": if (!TfaAppAuthSettings.IsVisibleSettings) { throw new Exception(Resource.TfaAppNotAvailable); } TfaAppAuthSettings.Enable = true; action = MessageAction.TwoFactorAuthenticationEnabledByTfaApp; if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { StudioSmsNotificationSettings.Enable = false; } result = true; break; default: if (TfaAppAuthSettings.Enable) { TfaAppAuthSettings.Enable = false; } if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { StudioSmsNotificationSettings.Enable = false; } action = MessageAction.TwoFactorAuthenticationDisabled; break; } if (result) { CookiesManager.ResetTenantCookie(HttpContext); } MessageService.Send(action); return(result); }