Tfa: fix
This commit is contained in:
parent
055c200b60
commit
031af716e6
@ -166,7 +166,9 @@ namespace ASC.Api.Settings
|
||||
private ILog Log { get; set; }
|
||||
private TelegramHelper TelegramHelper { get; }
|
||||
private PaymentManager PaymentManager { get; }
|
||||
public Constants Constants { get; }
|
||||
private Constants Constants { get; }
|
||||
private InstanceCrypto InstanceCrypto { get; }
|
||||
private Signature Signature { get; }
|
||||
|
||||
public SettingsController(
|
||||
IOptionsMonitor<ILog> option,
|
||||
@ -228,7 +230,9 @@ namespace ASC.Api.Settings
|
||||
EncryptionWorker encryptionWorker,
|
||||
PasswordHasher passwordHasher,
|
||||
PaymentManager paymentManager,
|
||||
Constants constants)
|
||||
Constants constants,
|
||||
InstanceCrypto instanceCrypto,
|
||||
Signature signature)
|
||||
{
|
||||
Log = option.Get("ASC.Api");
|
||||
WebHostEnvironment = webHostEnvironment;
|
||||
@ -290,6 +294,8 @@ namespace ASC.Api.Settings
|
||||
TelegramHelper = telegramHelper;
|
||||
PaymentManager = paymentManager;
|
||||
Constants = constants;
|
||||
InstanceCrypto = instanceCrypto;
|
||||
Signature = signature;
|
||||
}
|
||||
|
||||
[Read("", Check = false)]
|
||||
@ -1598,7 +1604,7 @@ namespace ASC.Api.Settings
|
||||
if (currentUser.IsVisitor(UserManager) || currentUser.IsOutsider(UserManager))
|
||||
throw new NotSupportedException("Not available.");
|
||||
|
||||
return SettingsManager.LoadForCurrentUser<TfaAppUserSettings>().CodesSetting.Select(r => new { r.IsUsed, r.Code }).ToList();
|
||||
return SettingsManager.LoadForCurrentUser<TfaAppUserSettings>().CodesSetting.Select(r => new { r.IsUsed, Code = r.GetEncryptedCode(InstanceCrypto, Signature) }).ToList();
|
||||
}
|
||||
|
||||
[Update("tfaappnewcodes")]
|
||||
@ -1612,7 +1618,7 @@ namespace ASC.Api.Settings
|
||||
if (currentUser.IsVisitor(UserManager) || currentUser.IsOutsider(UserManager))
|
||||
throw new NotSupportedException("Not available.");
|
||||
|
||||
var codes = TfaManager.GenerateBackupCodes().Select(r => new { r.IsUsed, r.Code }).ToList();
|
||||
var codes = TfaManager.GenerateBackupCodes().Select(r => new { r.IsUsed, Code = r.GetEncryptedCode(InstanceCrypto, Signature) }).ToList();
|
||||
MessageService.Send(MessageAction.UserConnectedTfaApp, MessageTarget.Create(currentUser.ID), currentUser.DisplayUserName(false, DisplayUserSettingsHelper));
|
||||
return codes;
|
||||
}
|
||||
|
@ -29,7 +29,9 @@ using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
using ASC.Common.Utils;
|
||||
using ASC.Core.Common.Settings;
|
||||
using ASC.Security.Cryptography;
|
||||
|
||||
namespace ASC.Web.Studio.Core.TFA
|
||||
{
|
||||
@ -65,7 +67,7 @@ namespace ASC.Web.Studio.Core.TFA
|
||||
var from = new DateTime(2018, 07, 07, 0, 0, 0, DateTimeKind.Utc);
|
||||
settings.SaltSetting = salt = (long)(DateTime.UtcNow - from).TotalMilliseconds;
|
||||
|
||||
settingsManager.SaveForUser<TfaAppUserSettings>(settings, userId);
|
||||
settingsManager.SaveForUser(settings, userId);
|
||||
}
|
||||
return salt;
|
||||
}
|
||||
@ -75,10 +77,10 @@ namespace ASC.Web.Studio.Core.TFA
|
||||
return settingsManager.LoadForUser<TfaAppUserSettings>(userId).CodesSetting;
|
||||
}
|
||||
|
||||
public static void DisableCodeForUser(SettingsManager settingsManager, Guid userId, string code)
|
||||
public static void DisableCodeForUser(SettingsManager settingsManager, InstanceCrypto instanceCrypto, Signature signature, Guid userId, string code)
|
||||
{
|
||||
var settings = settingsManager.LoadForUser<TfaAppUserSettings>(userId);
|
||||
var query = settings.CodesSetting.Where(x => x.Code == code).ToList();
|
||||
var query = settings.CodesSetting.Where(x => x.GetEncryptedCode(instanceCrypto, signature) == code).ToList();
|
||||
|
||||
if (query.Any())
|
||||
query.First().IsUsed = true;
|
||||
|
@ -51,35 +51,26 @@ namespace ASC.Web.Studio.Core.TFA
|
||||
[Serializable]
|
||||
public class BackupCode
|
||||
{
|
||||
private string code;
|
||||
private InstanceCrypto InstanceCrypto { get; }
|
||||
private Signature Signature { get; }
|
||||
|
||||
public string Code
|
||||
{
|
||||
get
|
||||
{
|
||||
try
|
||||
{
|
||||
return InstanceCrypto.Decrypt(code);
|
||||
}
|
||||
catch
|
||||
{
|
||||
//support old scheme stored in the DB
|
||||
return Signature.Read<string>(code);
|
||||
}
|
||||
}
|
||||
set { code = InstanceCrypto.Encrypt(value); }
|
||||
}
|
||||
|
||||
public bool IsUsed { get; set; }
|
||||
|
||||
public BackupCode(InstanceCrypto instanceCrypto, Signature signature, string code)
|
||||
public string Code { get; set; }
|
||||
|
||||
public string GetEncryptedCode(InstanceCrypto InstanceCrypto, Signature Signature)
|
||||
{
|
||||
InstanceCrypto = instanceCrypto;
|
||||
Signature = signature;
|
||||
Code = code;
|
||||
IsUsed = false;
|
||||
try
|
||||
{
|
||||
return InstanceCrypto.Decrypt(Code);
|
||||
}
|
||||
catch
|
||||
{
|
||||
//support old scheme stored in the DB
|
||||
return Signature.Read<string>(Code);
|
||||
}
|
||||
}
|
||||
|
||||
public void SetEncryptedCode(InstanceCrypto InstanceCrypto, string code)
|
||||
{
|
||||
Code = InstanceCrypto.Encrypt(code);
|
||||
}
|
||||
}
|
||||
|
||||
@ -145,9 +136,9 @@ namespace ASC.Web.Studio.Core.TFA
|
||||
|
||||
if (!Tfa.ValidateTwoFactorPIN(GenerateAccessToken(user), code))
|
||||
{
|
||||
if (checkBackup && TfaAppUserSettings.BackupCodesForUser(SettingsManager, user.ID).Any(x => x.Code == code && !x.IsUsed))
|
||||
if (checkBackup && TfaAppUserSettings.BackupCodesForUser(SettingsManager, user.ID).Any(x => x.GetEncryptedCode(InstanceCrypto, Signature) == code && !x.IsUsed))
|
||||
{
|
||||
TfaAppUserSettings.DisableCodeForUser(SettingsManager, user.ID, code);
|
||||
TfaAppUserSettings.DisableCodeForUser(SettingsManager, InstanceCrypto, Signature, user.ID, code);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -195,7 +186,9 @@ namespace ASC.Web.Studio.Core.TFA
|
||||
result.Append(alphabet[b % (alphabet.Length)]);
|
||||
}
|
||||
|
||||
list.Add(new BackupCode(InstanceCrypto, Signature, result.ToString()));
|
||||
var code = new BackupCode();
|
||||
code.SetEncryptedCode(InstanceCrypto, result.ToString());
|
||||
list.Add(code);
|
||||
}
|
||||
}
|
||||
var settings = SettingsManager.LoadForCurrentUser<TfaAppUserSettings>();
|
||||
|
Loading…
Reference in New Issue
Block a user