identity: make 2fa truly mandatory

Streetwriters.Identity/Controllers/AccountController.cs

@@ -29,6 +29,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Streetwriters.Common;
+using Streetwriters.Common.Enums;
 using Streetwriters.Common.Messages;
 using Streetwriters.Common.Models;
 using Streetwriters.Identity.Enums;
@@ -172,6 +173,12 @@ namespace Streetwriters.Identity.Controllers
             var claims = await UserManager.GetClaimsAsync(user);
             var marketingConsentClaim = claims.FirstOrDefault((claim) => claim.Type == $"{client.Id}:marketing_consent");
 
+            if (!await UserManager.GetTwoFactorEnabledAsync(user))
+            {
+                await MFAService.EnableMFAAsync(user, MFAMethods.Email);
+                user = await UserManager.GetUserAsync(User);
+            }
+
             return Ok(new UserModel
             {
                 UserId = user.Id.ToString(),

Streetwriters.Identity/Controllers/MFAController.cs

@@ -74,21 +74,9 @@ namespace Streetwriters.Identity.Controllers
         }
 
         [HttpDelete]
-        public async Task<IActionResult> Disable2FA()
+        public IActionResult Disable2FA()
         {
-            var user = await UserManager.GetUserAsync(User);
-
-            if (!await UserManager.GetTwoFactorEnabledAsync(user))
-            {
-                return BadRequest("Cannot disable 2FA as it's not currently enabled");
-            }
-
-            if (await MFAService.DisableMFAAsync(user))
-            {
-                return Ok();
-            }
-
-            return BadRequest("Failed to disable 2FA.");
+            return BadRequest("2FA is mandatory and cannot be disabled.");
         }
 
         [HttpGet("codes")]

Streetwriters.Identity/Controllers/SignupController.cs

@@ -27,6 +27,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Streetwriters.Common;
+using Streetwriters.Common.Enums;
 using Streetwriters.Common.Models;
 using Streetwriters.Identity.Enums;
 using Streetwriters.Identity.Interfaces;
@@ -109,6 +110,8 @@ namespace Streetwriters.Identity.Controllers
                 var callbackUrl = Url.TokenLink(user.Id.ToString(), code, client.Id, TokenType.CONFRIM_EMAIL, Request.Scheme);
                 await EmailSender.SendConfirmationEmailAsync(user.Email, callbackUrl, client);
 
+                await MFAService.EnableMFAAsync(user, MFAMethods.Email);
+
                 return Ok(new
                 {
                     userId = user.Id.ToString()

Streetwriters.Identity/Services/MFAService.cs

@@ -82,7 +82,7 @@ namespace Streetwriters.Identity.Services
 
         public string GetPrimaryMethod(User user)
         {
-            return this.GetClaimValue(user, MFAService.PRIMARY_METHOD_CLAIM);
+            return this.GetClaimValue(user, MFAService.PRIMARY_METHOD_CLAIM, MFAMethods.Email);
         }
 
         public string GetSecondaryMethod(User user)
@@ -90,10 +90,10 @@ namespace Streetwriters.Identity.Services
             return this.GetClaimValue(user, MFAService.SECONDARY_METHOD_CLAIM);
         }
 
-        public string GetClaimValue(User user, string claimType)
+        public string GetClaimValue(User user, string claimType, string defaultValue = null)
         {
             var claim = user.Claims.FirstOrDefault((c) => c.ClaimType == claimType);
-            return claim != null ? claim.ClaimValue : null;
+            return claim != null ? claim.ClaimValue : defaultValue;
         }
 
         public Task<int> GetRemainingValidCodesAsync(User user)