mirror of
https://github.com/bitwarden/server.git
synced 2025-04-16 10:38:17 -05:00
refactorings around two-factor controller
This commit is contained in:
Kyle Spearrin
parent
475160cfe1
commit
612697e815
@ -43,7 +43,7 @@ namespace Bit.Api.Controllers
|
|||||||
[HttpPost("get-authenticator")]
|
[HttpPost("get-authenticator")]
|
||||||
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator([FromBody]TwoFactorRequestModel model)
|
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator([FromBody]TwoFactorRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await GetProviderAsync(model, TwoFactorProviderType.Authenticator);
|
var user = await CheckPasswordAsync(model.MasterPasswordHash);
|
||||||
var response = new TwoFactorAuthenticatorResponseModel(user);
|
var response = new TwoFactorAuthenticatorResponseModel(user);
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
@ -53,17 +53,8 @@ namespace Bit.Api.Controllers
|
|||||||
public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
|
public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
|
||||||
[FromBody]UpdateTwoFactorAuthenticatorRequestModel model)
|
[FromBody]UpdateTwoFactorAuthenticatorRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
var user = await CheckPasswordAsync(model.MasterPasswordHash);
|
||||||
if(user == null)
|
model.ToUser(user);
|
||||||
{
|
|
||||||
throw new UnauthorizedAccessException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
||||||
{
|
|
||||||
await Task.Delay(2000);
|
|
||||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
|
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
|
||||||
{
|
{
|
||||||
@ -79,7 +70,7 @@ namespace Bit.Api.Controllers
|
|||||||
[HttpPost("get-email")]
|
[HttpPost("get-email")]
|
||||||
public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody]TwoFactorRequestModel model)
|
public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody]TwoFactorRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await GetProviderAsync(model, TwoFactorProviderType.Email);
|
var user = await CheckPasswordAsync(model.MasterPasswordHash);
|
||||||
var response = new TwoFactorEmailResponseModel(user);
|
var response = new TwoFactorEmailResponseModel(user);
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
@ -87,51 +78,25 @@ namespace Bit.Api.Controllers
|
|||||||
[HttpPost("send-email")]
|
[HttpPost("send-email")]
|
||||||
public async Task SendEmail([FromBody]TwoFactorEmailRequestModel model)
|
public async Task SendEmail([FromBody]TwoFactorEmailRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
var user = await CheckPasswordAsync(model.MasterPasswordHash);
|
||||||
if(user == null)
|
model.ToUser(user);
|
||||||
{
|
await _userService.SendTwoFactorEmailAsync(user);
|
||||||
throw new UnauthorizedAccessException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
||||||
{
|
|
||||||
await Task.Delay(2000);
|
|
||||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
||||||
}
|
|
||||||
|
|
||||||
await _userService.SendTwoFactorEmailAsync(user, model.Email);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPut("email")]
|
[HttpPut("email")]
|
||||||
[HttpPost("email")]
|
[HttpPost("email")]
|
||||||
public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
|
public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
var user = await CheckPasswordAsync(model.MasterPasswordHash);
|
||||||
if(user == null)
|
model.ToUser(user);
|
||||||
{
|
|
||||||
throw new UnauthorizedAccessException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
if(!await _userService.VerifyTwoFactorEmailAsync(user, model.Token))
|
||||||
{
|
|
||||||
await Task.Delay(2000);
|
|
||||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!await _userService.VerifyTwoFactorEmailAsync(user, model.Token, model.Email))
|
|
||||||
{
|
{
|
||||||
await Task.Delay(2000);
|
await Task.Delay(2000);
|
||||||
throw new BadRequestException("Token", "Invalid token.");
|
throw new BadRequestException("Token", "Invalid token.");
|
||||||
}
|
}
|
||||||
|
|
||||||
var providers = user.GetTwoFactorProviders();
|
|
||||||
providers[TwoFactorProviderType.Email] = new Core.Models.TwoFactorProvider
|
|
||||||
{
|
|
||||||
MetaData = new System.Collections.Generic.Dictionary<string, string> { ["Email"] = model.Email }
|
|
||||||
};
|
|
||||||
user.SetTwoFactorProviders(providers);
|
|
||||||
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
|
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
|
||||||
|
|
||||||
var response = new TwoFactorEmailResponseModel(user);
|
var response = new TwoFactorEmailResponseModel(user);
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
@ -140,18 +105,7 @@ namespace Bit.Api.Controllers
|
|||||||
[HttpPost("disable")]
|
[HttpPost("disable")]
|
||||||
public async Task<TwoFactorEmailResponseModel> PutDisable([FromBody]TwoFactorProviderRequestModel model)
|
public async Task<TwoFactorEmailResponseModel> PutDisable([FromBody]TwoFactorProviderRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
var user = await CheckPasswordAsync(model.MasterPasswordHash);
|
||||||
if(user == null)
|
|
||||||
{
|
|
||||||
throw new UnauthorizedAccessException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
||||||
{
|
|
||||||
await Task.Delay(2000);
|
|
||||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
||||||
}
|
|
||||||
|
|
||||||
await _userService.DisableTwoFactorProviderAsync(user, model.Type.Value);
|
await _userService.DisableTwoFactorProviderAsync(user, model.Type.Value);
|
||||||
|
|
||||||
var response = new TwoFactorEmailResponseModel(user);
|
var response = new TwoFactorEmailResponseModel(user);
|
||||||
@ -169,7 +123,7 @@ namespace Bit.Api.Controllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private async Task<User> GetProviderAsync(TwoFactorRequestModel model, TwoFactorProviderType type)
|
private async Task<User> CheckPasswordAsync(string masterPasswordHash)
|
||||||
{
|
{
|
||||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||||
if(user == null)
|
if(user == null)
|
||||||
@ -177,13 +131,12 @@ namespace Bit.Api.Controllers
|
|||||||
throw new UnauthorizedAccessException();
|
throw new UnauthorizedAccessException();
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
|
||||||
{
|
{
|
||||||
await Task.Delay(2000);
|
await Task.Delay(2000);
|
||||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||||
}
|
}
|
||||||
|
|
||||||
await _userService.SetupTwoFactorAsync(user, type);
|
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -14,8 +14,6 @@ namespace Bit.Core.Identity
|
|||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Authenticator);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Authenticator);
|
||||||
|
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Authenticator)
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Authenticator)
|
||||||
&& user.TwoFactorProvider.HasValue
|
|
||||||
&& user.TwoFactorProvider.Value == TwoFactorProviderType.Authenticator
|
|
||||||
&& !string.IsNullOrWhiteSpace(provider.MetaData["Key"]);
|
&& !string.IsNullOrWhiteSpace(provider.MetaData["Key"]);
|
||||||
|
|
||||||
return Task.FromResult(canGenerate);
|
return Task.FromResult(canGenerate);
|
||||||
|
|||||||
@ -13,10 +13,7 @@ namespace Bit.Core.Identity
|
|||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
|
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo)
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo)
|
||||||
&& user.TwoFactorProvider.HasValue
|
|
||||||
&& user.TwoFactorProvider.Value == TwoFactorProviderType.Duo
|
|
||||||
&& !string.IsNullOrWhiteSpace(provider?.MetaData["UserId"]);
|
&& !string.IsNullOrWhiteSpace(provider?.MetaData["UserId"]);
|
||||||
|
|
||||||
return Task.FromResult(canGenerate);
|
return Task.FromResult(canGenerate);
|
||||||
|
|||||||
@ -19,10 +19,7 @@ namespace Bit.Core.Identity
|
|||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.YubiKey);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.YubiKey);
|
||||||
|
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.YubiKey)
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.YubiKey)
|
||||||
&& user.TwoFactorProvider.HasValue
|
|
||||||
&& user.TwoFactorProvider.Value == TwoFactorProviderType.YubiKey
|
|
||||||
&& (provider?.MetaData.Values.Any(v => !string.IsNullOrWhiteSpace(v)) ?? false);
|
&& (provider?.MetaData.Values.Any(v => !string.IsNullOrWhiteSpace(v)) ?? false);
|
||||||
|
|
||||||
return Task.FromResult(canGenerate);
|
return Task.FromResult(canGenerate);
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using System;
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Models.Table;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations;
|
using System.ComponentModel.DataAnnotations;
|
||||||
|
|
||||||
@ -9,6 +10,30 @@ namespace Bit.Core.Models.Api
|
|||||||
[Required]
|
[Required]
|
||||||
[StringLength(50)]
|
[StringLength(50)]
|
||||||
public string Token { get; set; }
|
public string Token { get; set; }
|
||||||
|
[Required]
|
||||||
|
[StringLength(50)]
|
||||||
|
public string Key { get; set; }
|
||||||
|
|
||||||
|
public User ToUser(User extistingUser)
|
||||||
|
{
|
||||||
|
var providers = extistingUser.GetTwoFactorProviders();
|
||||||
|
if(providers == null)
|
||||||
|
{
|
||||||
|
providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
|
||||||
|
}
|
||||||
|
else if(providers.ContainsKey(TwoFactorProviderType.Authenticator))
|
||||||
|
{
|
||||||
|
providers.Remove(TwoFactorProviderType.Authenticator);
|
||||||
|
}
|
||||||
|
|
||||||
|
providers.Add(TwoFactorProviderType.Authenticator, new TwoFactorProvider
|
||||||
|
{
|
||||||
|
MetaData = new Dictionary<string, string> { ["Key"] = Key },
|
||||||
|
Enabled = true
|
||||||
|
});
|
||||||
|
extistingUser.SetTwoFactorProviders(providers);
|
||||||
|
return extistingUser;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public class UpdateTwoFactorDuoRequestModel : TwoFactorRequestModel
|
public class UpdateTwoFactorDuoRequestModel : TwoFactorRequestModel
|
||||||
@ -48,6 +73,27 @@ namespace Bit.Core.Models.Api
|
|||||||
[EmailAddress]
|
[EmailAddress]
|
||||||
[StringLength(50)]
|
[StringLength(50)]
|
||||||
public string Email { get; set; }
|
public string Email { get; set; }
|
||||||
|
|
||||||
|
public User ToUser(User extistingUser)
|
||||||
|
{
|
||||||
|
var providers = extistingUser.GetTwoFactorProviders();
|
||||||
|
if(providers == null)
|
||||||
|
{
|
||||||
|
providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
|
||||||
|
}
|
||||||
|
else if(providers.ContainsKey(TwoFactorProviderType.Email))
|
||||||
|
{
|
||||||
|
providers.Remove(TwoFactorProviderType.Email);
|
||||||
|
}
|
||||||
|
|
||||||
|
providers.Add(TwoFactorProviderType.Email, new TwoFactorProvider
|
||||||
|
{
|
||||||
|
MetaData = new Dictionary<string, string> { ["Email"] = Email },
|
||||||
|
Enabled = true
|
||||||
|
});
|
||||||
|
extistingUser.SetTwoFactorProviders(providers);
|
||||||
|
return extistingUser;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public class UpdateTwoFactorEmailRequestModel : TwoFactorEmailRequestModel
|
public class UpdateTwoFactorEmailRequestModel : TwoFactorEmailRequestModel
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
using System;
|
using System;
|
||||||
using Bit.Core.Enums;
|
using Bit.Core.Enums;
|
||||||
using Bit.Core.Models.Table;
|
using Bit.Core.Models.Table;
|
||||||
|
using OtpNet;
|
||||||
|
|
||||||
namespace Bit.Core.Models.Api
|
namespace Bit.Core.Models.Api
|
||||||
{
|
{
|
||||||
@ -22,6 +23,8 @@ namespace Bit.Core.Models.Api
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
var key = KeyGeneration.GenerateRandomKey(20);
|
||||||
|
Key = Base32Encoding.ToString(key);
|
||||||
Enabled = false;
|
Enabled = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -19,8 +19,8 @@ namespace Bit.Core.Services
|
|||||||
Task SaveUserAsync(User user);
|
Task SaveUserAsync(User user);
|
||||||
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
|
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
|
||||||
Task SendMasterPasswordHintAsync(string email);
|
Task SendMasterPasswordHintAsync(string email);
|
||||||
Task SendTwoFactorEmailAsync(User user, string email = null);
|
Task SendTwoFactorEmailAsync(User user);
|
||||||
Task<bool> VerifyTwoFactorEmailAsync(User user, string token, string email = null);
|
Task<bool> VerifyTwoFactorEmailAsync(User user, string token);
|
||||||
Task InitiateEmailChangeAsync(User user, string newEmail);
|
Task InitiateEmailChangeAsync(User user, string newEmail);
|
||||||
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
|
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
|
||||||
string token, string key);
|
string token, string key);
|
||||||
@ -28,7 +28,6 @@ namespace Bit.Core.Services
|
|||||||
Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,
|
Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,
|
||||||
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
|
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
|
||||||
Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
|
Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
|
||||||
Task SetupTwoFactorAsync(User user, TwoFactorProviderType provider);
|
|
||||||
Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type);
|
Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type);
|
||||||
Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type);
|
Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type);
|
||||||
Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);
|
Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);
|
||||||
|
|||||||
@ -182,43 +182,29 @@ namespace Bit.Core.Services
|
|||||||
await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
|
await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task SendTwoFactorEmailAsync(User user, string email = null)
|
public async Task SendTwoFactorEmailAsync(User user)
|
||||||
{
|
{
|
||||||
if(string.IsNullOrWhiteSpace(email))
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
|
||||||
|
if(provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
|
||||||
{
|
{
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
|
throw new ArgumentNullException("No email.");
|
||||||
if(provider != null && provider.MetaData != null && provider.MetaData.ContainsKey("Email"))
|
|
||||||
{
|
|
||||||
email = provider.MetaData["Email"];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(string.IsNullOrWhiteSpace(email))
|
var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
|
||||||
{
|
"2faEmail:" + provider.MetaData["Email"]);
|
||||||
throw new ArgumentNullException(nameof(email));
|
await _mailService.SendChangeEmailEmailAsync(provider.MetaData["Email"], token);
|
||||||
}
|
|
||||||
|
|
||||||
var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider, "2faEmail:" + email);
|
|
||||||
await _mailService.SendChangeEmailEmailAsync(email, token);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token, string email = null)
|
public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)
|
||||||
{
|
{
|
||||||
if(string.IsNullOrWhiteSpace(email))
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
|
||||||
|
if(provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
|
||||||
{
|
{
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
|
throw new ArgumentNullException("No email.");
|
||||||
if(provider != null && provider.MetaData != null && provider.MetaData.ContainsKey("Email"))
|
|
||||||
{
|
|
||||||
email = provider.MetaData["Email"];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(string.IsNullOrWhiteSpace(email))
|
return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
|
||||||
{
|
"2faEmail:" + provider.MetaData["Email"], token);
|
||||||
throw new ArgumentNullException(nameof(email));
|
|
||||||
}
|
|
||||||
|
|
||||||
return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider, "2faEmail:" + email, token);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task InitiateEmailChangeAsync(User user, string newEmail)
|
public async Task InitiateEmailChangeAsync(User user, string newEmail)
|
||||||
@ -355,65 +341,6 @@ namespace Bit.Core.Services
|
|||||||
return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
|
return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task SetupTwoFactorAsync(User user, TwoFactorProviderType provider)
|
|
||||||
{
|
|
||||||
var providers = user.GetTwoFactorProviders();
|
|
||||||
if(providers != null && providers.ContainsKey(provider) && providers[provider].MetaData != null)
|
|
||||||
{
|
|
||||||
switch(provider)
|
|
||||||
{
|
|
||||||
case TwoFactorProviderType.Authenticator:
|
|
||||||
if(!string.IsNullOrWhiteSpace(providers[provider].MetaData["Key"]))
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case TwoFactorProviderType.Email:
|
|
||||||
case TwoFactorProviderType.U2F:
|
|
||||||
case TwoFactorProviderType.YubiKey:
|
|
||||||
case TwoFactorProviderType.Duo:
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
throw new ArgumentException(nameof(provider));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(providers == null)
|
|
||||||
{
|
|
||||||
providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
|
|
||||||
}
|
|
||||||
|
|
||||||
TwoFactorProvider providerInfo = null;
|
|
||||||
if(!providers.ContainsKey(provider))
|
|
||||||
{
|
|
||||||
providerInfo = new TwoFactorProvider();
|
|
||||||
providers.Add(provider, providerInfo);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
providerInfo = providers[provider];
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(provider)
|
|
||||||
{
|
|
||||||
case TwoFactorProviderType.Authenticator:
|
|
||||||
var key = KeyGeneration.GenerateRandomKey(20);
|
|
||||||
providerInfo.MetaData = new Dictionary<string, string> { ["Key"] = Base32Encoding.ToString(key) };
|
|
||||||
break;
|
|
||||||
case TwoFactorProviderType.Email:
|
|
||||||
case TwoFactorProviderType.U2F:
|
|
||||||
case TwoFactorProviderType.YubiKey:
|
|
||||||
case TwoFactorProviderType.Duo:
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
throw new ArgumentException(nameof(provider));
|
|
||||||
}
|
|
||||||
|
|
||||||
user.TwoFactorProvider = provider;
|
|
||||||
user.SetTwoFactorProviders(providers);
|
|
||||||
await SaveUserAsync(user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type)
|
public async Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type)
|
||||||
{
|
{
|
||||||
var providers = user.GetTwoFactorProviders();
|
var providers = user.GetTwoFactorProviders();
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user