public void ValidateSmsCode(UserInfo user, string code) { if (!StudioSmsNotificationSettingsHelper.IsVisibleSettings() || !StudioSmsNotificationSettingsHelper.Enable) { return; } if (user == null || Equals(user, Constants.LostUser)) { throw new Exception(Resource.ErrorUserNotFound); } var valid = SmsKeyStorage.ValidateKey(user.MobilePhone, code); switch (valid) { case SmsKeyStorage.Result.Empty: throw new Exception(Resource.ActivateMobilePhoneEmptyCode); case SmsKeyStorage.Result.TooMuch: throw new BruteForceCredentialException(Resource.SmsTooMuchError); case SmsKeyStorage.Result.Timeout: throw new TimeoutException(Resource.SmsAuthenticationTimeout); case SmsKeyStorage.Result.Invalide: throw new ArgumentException(Resource.SmsAuthenticationMessageError); } if (valid != SmsKeyStorage.Result.Ok) { throw new Exception("Error: " + valid); } if (!SecurityContext.IsAuthenticated) { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); //CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated) { user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated; UserManager.SaveUserInfo(user); } }
public static void ValidateSmsCode(UserInfo user, string code) { if (!StudioSmsNotificationSettings.IsVisibleSettings || !StudioSmsNotificationSettings.Enable) { return; } if (user == null || Equals(user, Constants.LostUser)) { throw new Exception(Resource.ErrorUserNotFound); } code = (code ?? "").Trim(); if (string.IsNullOrEmpty(code)) { throw new Exception(Resource.ActivateMobilePhoneEmptyCode); } // защита от перебора: на 5-ый неправильный ввод делать Sleep var counter = (int)(CodeCache.Get("loginsec/" + user.ID) ?? 0); if (++counter % 5 == 0) { Thread.Sleep(TimeSpan.FromSeconds(10)); } CodeCache.Insert("loginsec/" + user.ID, counter, DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); if (!SmsKeyStorage.ValidateKey(user.MobilePhone, code)) { throw new ArgumentException(Resource.SmsAuthenticationMessageError); } if (!SecurityContext.IsAuthenticated) { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated) { user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated; CoreContext.UserManager.SaveUserInfo(user); } }