//根据密钥获取验证码
public static string getCodeFromSecret(string secret)
{
secretKey = secret;
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
return(authenticator.GetCode(secretKey));
}
internal void GetCode()
{
var auth = new TwoStepsAuthenticator.TimeAuthenticator();
Code = auth.GetCode(this.Key);
auth.CheckCode(key, Code, "user");
}
public static string SendCodeSms(string secret, int time = 30)
{
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator(null, null, time);
var code = authenticator.GetCode(secret);
Console.WriteLine(code);
Console.WriteLine(secret);
return(code);
}
private static string secretKey;//模拟客户端保存的密钥//应加密后存储在客户端中
//获取验证码
public static string getCodeFromSecret()
{
if (secretKey == null)
{
throw new NullReferenceException("当前密钥为空!");
}
else
{
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
return(authenticator.GetCode(secretKey));
}
}
internal void GetCode()
{
var auth = new TwoStepsAuthenticator.TimeAuthenticator();
Code = auth.GetCode(this.Key);
auth.CheckCode(key, Code);
}
public static async Task <string> GenerateCode(UserManager <ApplicationUser> userManager, ApplicationUser user,
string typeGenerate)
{
try
{
var secret = TwoStepsAuthenticator.Authenticator.GenerateKey();
Console.WriteLine(secret);
var oldJsonSecretKey = user.ListSecretKeySms;
var secretSmsKey = new SecretSmsKey();
if (!string.IsNullOrEmpty(oldJsonSecretKey))
{
secretSmsKey = SecretSmsKey.FromJson(user.ListSecretKeySms);
}
switch (typeGenerate)
{
case Const.TypeGenerateChangePassword:
secretSmsKey.ChangePassword = secret;
break;
case Const.TypeGenerateChangeOldPhoneNumber:
secretSmsKey.ChangePhoneOldPhone = secret;
break;
case Const.TypeGenerateChangeNewPhoneNumber:
secretSmsKey.ChangePhoneNewPhone = secret;
break;
case Const.TypeGenerateChangeConfirmPhoneNumber:
secretSmsKey.ChangePhoneConfirmPhone = secret;
break;
case Const.TypeGenerateChangeTwoFactor:
secretSmsKey.ChangeTwoFactor = secret;
break;
case Const.TypeGenerateLockAccount:
secretSmsKey.LockAccount = secret;
break;
case Const.TypeGenerateUnlockAccount:
secretSmsKey.UnlockAccount = secret;
break;
case Const.TypeGenerateAddPhoneNumber:
secretSmsKey.AddPhoneNumber = secret;
break;
case Const.TypeGenerateAddLockScreen:
secretSmsKey.AddLockScreen = secret;
break;
case Const.TypeGenerateLogin:
secretSmsKey.Login = secret;
break;
default:
return(null);
}
var newJsonListSecretSms = SecretSmsKey.ToJson(secretSmsKey);
user.ListSecretKeySms = newJsonListSecretSms;
await userManager.UpdateAsync(user);
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
var code = authenticator.GetCode(secret);
var message = "Vakaxa security code is: " + code;
Console.WriteLine(message);
return(message);
}
catch (Exception e)
{
Logger.LogError("SecurityController ==>> GenerateCode: " + e.Message);
return(null);
}
}
public async Task <IActionResult> Login(LoginInputModel model, string button)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
return(Redirect(model.ReturnUrl));
}
else
{
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
// validate username/password against in-memory store
if (await _localUserService.ValidateCredentialsAsync(
model.Username, model.Password))
{
var user = await _localUserService.GetUserByUserNameAsync(model.Username);
// issue temporary authentication ticket
var temporaryIdentity = new ClaimsIdentity();
temporaryIdentity.AddClaim(new Claim(JwtClaimTypes.Subject, user.Subject));
await HttpContext.SignInAsync("idsrv.mfa", new ClaimsPrincipal(temporaryIdentity));
// if there's no TOTP secret registered for this user, send an OTP via
// mail as backup
if (!(await _localUserService.UserHasRegisteredTotpSecret(user.Subject)))
{
// generate OTP
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
var totp = authenticator.GetCode(_totpSecret);
// send OTP by mail (fake this by writing it to the debug output window)
Debug.WriteLine($"OTP: {totp}");
}
var redirectToAdditionalFactorUrl =
Url.Action("AdditionalAuthenticationFactor",
new
{
returnUrl = model.ReturnUrl,
rememberLogin = model.RememberLogin
});
return(Redirect(redirectToAdditionalFactorUrl));
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials", clientId : context?.ClientId));
ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
