Auth: added confirm data

web/ASC.Web.Api/Api/AuthenticationController.cs

@@ -42,7 +42,8 @@ public class AuthenticationController : ControllerBase
     private readonly CookiesManager _cookiesManager;
     private readonly PasswordHasher _passwordHasher;
     private readonly EmailValidationKeyModelHelper _emailValidationKeyModelHelper;
-    private readonly ICache _cache;
+    private readonly ICache _cache;
+    private readonly SetupInfo _setupInfo;
     private readonly MessageService _messageService;
     private readonly ProviderManager _providerManager;
     private readonly AccountLinker _accountLinker;
@@ -66,7 +67,8 @@ public class AuthenticationController : ControllerBase
     private readonly CookieStorage _cookieStorage;
     private readonly DbLoginEventsManager _dbLoginEventsManager;
     private readonly UserManagerWrapper _userManagerWrapper;
-    private readonly TfaAppAuthSettingsHelper _tfaAppAuthSettingsHelper;
+    private readonly TfaAppAuthSettingsHelper _tfaAppAuthSettingsHelper;
+    private readonly EmailValidationKeyProvider _emailValidationKeyProvider;
     private readonly BruteForceLoginManager _bruteForceLoginManager;
 
     public AuthenticationController(
@@ -103,7 +105,8 @@ public class AuthenticationController : ControllerBase
         CookieStorage cookieStorage,
         DbLoginEventsManager dbLoginEventsManager,
         BruteForceLoginManager bruteForceLoginManager,
-        TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper)
+        TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper,
+        EmailValidationKeyProvider emailValidationKeyProvider)
     {
         _userManager = userManager;
         _tenantManager = tenantManager;
@@ -112,7 +115,8 @@ public class AuthenticationController : ControllerBase
         _cookiesManager = cookiesManager;
         _passwordHasher = passwordHasher;
         _emailValidationKeyModelHelper = emailValidationKeyModelHelper;
-        _cache = cache;
+        _cache = cache;
+        _setupInfo = setupInfo;
         _messageService = messageService;
         _providerManager = providerManager;
         _accountLinker = accountLinker;
@@ -137,7 +141,8 @@ public class AuthenticationController : ControllerBase
         _dbLoginEventsManager = dbLoginEventsManager;
         _userManagerWrapper = userManagerWrapper;
         _bruteForceLoginManager = bruteForceLoginManager;
-        _tfaAppAuthSettingsHelper = tfaAppAuthSettingsHelper;
+        _tfaAppAuthSettingsHelper = tfaAppAuthSettingsHelper;
+        _emailValidationKeyProvider = emailValidationKeyProvider;
     }
 
     [AllowNotPayment]
@@ -215,7 +220,12 @@ public class AuthenticationController : ControllerBase
     {
         var wrapper = await GetUser(inDto);
         var viaEmail = wrapper.ViaEmail;
-        var user = wrapper.UserInfo;
+        var user = wrapper.UserInfo;
+
+        if (user == null || Equals(user, Constants.LostUser))
+        {
+            throw new Exception(Resource.ErrorUserNotFound);
+        }
 
         if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
         {
@@ -347,12 +357,34 @@ public class AuthenticationController : ControllerBase
         var wrapper = new UserInfoWrapper
         {
             ViaEmail = true
-        };
+        };
+
         var action = MessageAction.LoginFailViaApi;
-        UserInfo user;
+        UserInfo user = null;
+
         try
-        {
-            if ((string.IsNullOrEmpty(inDto.Provider) && string.IsNullOrEmpty(inDto.SerializedProfile)) || inDto.Provider == "email")
+        {
+            if (inDto.ConfirmData != null)
+            {
+                var email = inDto.ConfirmData.Email;
+
+                var checkKeyResult = _emailValidationKeyProvider.ValidateEmailKey(email + ConfirmType.Auth + inDto.ConfirmData.First + inDto.ConfirmData.Module + inDto.ConfirmData.Sms, inDto.ConfirmData.Key, _setupInfo.ValidAuthKeyInterval);
+
+                if (checkKeyResult == ValidationResult.Ok)
+                {
+                    user = email.Contains("@")
+                                   ? _userManager.GetUserByEmail(email)
+                                   : _userManager.GetUsers(new Guid(email));
+
+                    if (_securityContext.IsAuthenticated && _securityContext.CurrentAccount.ID != user.Id)
+                    {
+                        _securityContext.Logout();
+                        _cookiesManager.ClearCookies(CookiesType.AuthKey);
+                        _cookiesManager.ClearCookies(CookiesType.SocketIO);
+                    }
+                }
+            }
+            else if ((string.IsNullOrEmpty(inDto.Provider) && string.IsNullOrEmpty(inDto.SerializedProfile)) || inDto.Provider == "email")
             {
                 inDto.UserName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
                 if (!string.IsNullOrEmpty(inDto.Password))

web/ASC.Web.Api/ApiModels/RequestsDto/AuthRequestsDto.cs

@@ -36,10 +36,21 @@ public class AuthRequestsDto
     public string SerializedProfile { get; set; }
     public string Code { get; set; }
     public string CodeOAuth { get; set; }
-    public bool Session { get; set; }
+    public bool Session { get; set; }
+
+    public ConfirmData ConfirmData { get; set; }
 }
 
 public class MobileRequestsDto
 {
     public string MobilePhone { get; set; }
+}
+
+public class ConfirmData
+{
+    public string Email { get; set; }
+    public string Module { get; set; }
+    public bool? First { get; set; }
+    public bool? Sms { get; set; }
+    public string Key { get; set; }
 }