public string TfaAppNewApp(TfaModel model)
{
var isMe = model.Id.Equals(Guid.Empty);
var user = CoreContext.UserManager.GetUsers(isMe ? SecurityContext.CurrentAccount.ID : model.Id);
if (!isMe && !SecurityContext.CheckPermissions(Tenant, new UserSecurityProvider(user.ID), Constants.Action_EditUser))
{
throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied);
}
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(user.ID))
{
throw new Exception(Resource.TfaAppNotAvailable);
}
if (user.IsVisitor(Tenant) || user.IsOutsider(Tenant))
{
throw new NotSupportedException("Not available.");
}
TfaAppUserSettings.DisableForUser(user.ID);
MessageService.Send(MessageAction.UserDisconnectedTfaApp, MessageTarget.Create(user.ID), user.DisplayUserName(false));
if (isMe)
{
return(CommonLinkUtility.GetConfirmationUrl(Tenant.TenantId, user.Email, ConfirmType.TfaActivation));
}
StudioNotifyService.SendMsgTfaReset(Tenant.TenantId, user);
return(string.Empty);
}
public async Task <APIResponse> Tfa([FromBody] TfaModel model)
{
// validate
if (BaseValidableModel.IsInvalid(model, out var errFields))
{
return(APIResponse.BadRequest(errFields));
}
var audience = GetCurrentAudience();
if (audience == null)
{
return(APIResponse.BadRequest(APIErrorCode.Unauthorized));
}
var user = await GetUserFromDb();
if (user != null && user.TwoFactorEnabled)
{
// locked out
if (await UserManager.IsLockedOutAsync(user))
{
return(APIResponse.BadRequest(APIErrorCode.AccountLocked, "Too many unsuccessful attempts. Account is locked, try to sign in later"));
}
// by code
if (GoogleAuthenticator.Validate(model.Code, user.TfaSecret))
{
return(OnSignInResultCheck(
services: HttpContext.RequestServices,
result: Microsoft.AspNetCore.Identity.SignInResult.Success,
user: user,
audience: audience.Value,
tfaRequired: false
));
}
// +1 failed login
DbContext.Attach <DAL.Models.Identity.User>(user);
await UserManager.AccessFailedAsync(user);
}
return(APIResponse.BadRequest(nameof(model.Code), "Invalid code"));
}
public bool TfaSettings(TfaModel model)
{
SecurityContext.DemandPermissions(Tenant, SecutiryConstants.EditPortalSettings);
var result = false;
MessageAction action;
switch (model.Type)
{
case "sms":
if (!StudioSmsNotificationSettings.IsVisibleSettings)
{
throw new Exception(Resource.SmsNotAvailable);
}
if (!SmsProviderManager.Enabled())
{
throw new MethodAccessException();
}
StudioSmsNotificationSettings.Enable = true;
action = MessageAction.TwoFactorAuthenticationEnabledBySms;
if (TfaAppAuthSettings.Enable)
{
TfaAppAuthSettings.Enable = false;
}
result = true;
break;
case "app":
if (!TfaAppAuthSettings.IsVisibleSettings)
{
throw new Exception(Resource.TfaAppNotAvailable);
}
TfaAppAuthSettings.Enable = true;
action = MessageAction.TwoFactorAuthenticationEnabledByTfaApp;
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable)
{
StudioSmsNotificationSettings.Enable = false;
}
result = true;
break;
default:
if (TfaAppAuthSettings.Enable)
{
TfaAppAuthSettings.Enable = false;
}
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable)
{
StudioSmsNotificationSettings.Enable = false;
}
action = MessageAction.TwoFactorAuthenticationDisabled;
break;
}
if (result)
{
CookiesManager.ResetTenantCookie(HttpContext);
}
MessageService.Send(action);
return(result);
}
