IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tfa: fix

Browse Source
This commit is contained in:
pavelbannov 2021-12-10 21:25:03 +03:00
parent 055c200b60
commit 031af716e6
3 changed files with 37 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
web/ASC.Web.Api/Controllers/SettingsController.cs
View File

@ -166,7 +166,9 @@ namespace ASC.Api.Settings
private ILog Log { get; set; }
private TelegramHelper TelegramHelper { get; }
private PaymentManager PaymentManager { get; }
public Constants Constants { get; }
private Constants Constants { get; }
private InstanceCrypto InstanceCrypto { get; }
private Signature Signature { get; }
public SettingsController(
IOptionsMonitor<ILog> option,
@ -228,7 +230,9 @@ namespace ASC.Api.Settings
EncryptionWorker encryptionWorker,
PasswordHasher passwordHasher,
PaymentManager paymentManager,
Constants constants)
Constants constants,
InstanceCrypto instanceCrypto,
Signature signature)
{
Log = option.Get("ASC.Api");
WebHostEnvironment = webHostEnvironment;
@ -290,6 +294,8 @@ namespace ASC.Api.Settings
TelegramHelper = telegramHelper;
PaymentManager = paymentManager;
Constants = constants;
InstanceCrypto = instanceCrypto;
Signature = signature;
}
[Read("", Check = false)]
@ -1598,7 +1604,7 @@ namespace ASC.Api.Settings
if (currentUser.IsVisitor(UserManager) || currentUser.IsOutsider(UserManager))
throw new NotSupportedException("Not available.");
return SettingsManager.LoadForCurrentUser<TfaAppUserSettings>().CodesSetting.Select(r => new { r.IsUsed, r.Code }).ToList();
return SettingsManager.LoadForCurrentUser<TfaAppUserSettings>().CodesSetting.Select(r => new { r.IsUsed, Code = r.GetEncryptedCode(InstanceCrypto, Signature) }).ToList();
}
[Update("tfaappnewcodes")]
@ -1612,7 +1618,7 @@ namespace ASC.Api.Settings
if (currentUser.IsVisitor(UserManager) || currentUser.IsOutsider(UserManager))
throw new NotSupportedException("Not available.");
var codes = TfaManager.GenerateBackupCodes().Select(r => new { r.IsUsed, r.Code }).ToList();
var codes = TfaManager.GenerateBackupCodes().Select(r => new { r.IsUsed, Code = r.GetEncryptedCode(InstanceCrypto, Signature) }).ToList();
MessageService.Send(MessageAction.UserConnectedTfaApp, MessageTarget.Create(currentUser.ID), currentUser.DisplayUserName(false, DisplayUserSettingsHelper));
return codes;
}

8
web/ASC.Web.Core/Tfa/TfaAppUserSettings.cs
View File

@ -29,7 +29,9 @@ using System.Collections.Generic;
using System.Linq;
using System.Text.Json.Serialization;
using ASC.Common.Utils;
using ASC.Core.Common.Settings;
using ASC.Security.Cryptography;
namespace ASC.Web.Studio.Core.TFA
{
@ -65,7 +67,7 @@ namespace ASC.Web.Studio.Core.TFA
var from = new DateTime(2018, 07, 07, 0, 0, 0, DateTimeKind.Utc);
settings.SaltSetting = salt = (long)(DateTime.UtcNow - from).TotalMilliseconds;
settingsManager.SaveForUser<TfaAppUserSettings>(settings, userId);
settingsManager.SaveForUser(settings, userId);
}
return salt;
}
@ -75,10 +77,10 @@ namespace ASC.Web.Studio.Core.TFA
return settingsManager.LoadForUser<TfaAppUserSettings>(userId).CodesSetting;
}
public static void DisableCodeForUser(SettingsManager settingsManager, Guid userId, string code)
public static void DisableCodeForUser(SettingsManager settingsManager, InstanceCrypto instanceCrypto, Signature signature, Guid userId, string code)
{
var settings = settingsManager.LoadForUser<TfaAppUserSettings>(userId);
var query = settings.CodesSetting.Where(x => x.Code == code).ToList();
var query = settings.CodesSetting.Where(x => x.GetEncryptedCode(instanceCrypto, signature) == code).ToList();
if (query.Any())
query.First().IsUsed = true;

51
web/ASC.Web.Core/Tfa/TfaManager.cs
View File

@ -51,35 +51,26 @@ namespace ASC.Web.Studio.Core.TFA
[Serializable]
public class BackupCode
{
private string code;
private InstanceCrypto InstanceCrypto { get; }
private Signature Signature { get; }
public string Code
{
get
{
try
{
return InstanceCrypto.Decrypt(code);
}
catch
{
//support old scheme stored in the DB
return Signature.Read<string>(code);
}
}
set { code = InstanceCrypto.Encrypt(value); }
}
public bool IsUsed { get; set; }
public BackupCode(InstanceCrypto instanceCrypto, Signature signature, string code)
public string Code { get; set; }
public string GetEncryptedCode(InstanceCrypto InstanceCrypto, Signature Signature)
{
InstanceCrypto = instanceCrypto;
Signature = signature;
Code = code;
IsUsed = false;
try
{
return InstanceCrypto.Decrypt(Code);
}
catch
{
//support old scheme stored in the DB
return Signature.Read<string>(Code);
}
}
public void SetEncryptedCode(InstanceCrypto InstanceCrypto, string code)
{
Code = InstanceCrypto.Encrypt(code);
}
}
@ -145,9 +136,9 @@ namespace ASC.Web.Studio.Core.TFA
if (!Tfa.ValidateTwoFactorPIN(GenerateAccessToken(user), code))
{
if (checkBackup && TfaAppUserSettings.BackupCodesForUser(SettingsManager, user.ID).Any(x => x.Code == code && !x.IsUsed))
if (checkBackup && TfaAppUserSettings.BackupCodesForUser(SettingsManager, user.ID).Any(x => x.GetEncryptedCode(InstanceCrypto, Signature) == code && !x.IsUsed))
{
TfaAppUserSettings.DisableCodeForUser(SettingsManager, user.ID, code);
TfaAppUserSettings.DisableCodeForUser(SettingsManager, InstanceCrypto, Signature, user.ID, code);
}
else
{
@ -195,7 +186,9 @@ namespace ASC.Web.Studio.Core.TFA
result.Append(alphabet[b % (alphabet.Length)]);
}
list.Add(new BackupCode(InstanceCrypto, Signature, result.ToString()));
var code = new BackupCode();
code.SetEncryptedCode(InstanceCrypto, result.ToString());
list.Add(code);
}
}
var settings = SettingsManager.LoadForCurrentUser<TfaAppUserSettings>();