identity: minor refactors

Streetwriters.Identity/Services/TokenGenerationService.cs

@@ -84,11 +84,13 @@ namespace Streetwriters.Identity.Helpers
         public async Task<ClaimsPrincipal> TransformTokenRequestAsync(ValidatedTokenRequest request, User user, string grantType, string[] scopes, int lifetime = 20 * 60)
         {
             var principal = await PrincipalFactory.CreateAsync(user);
-            var identityUser = new IdentityServerUser(user.Id.ToString());
-            identityUser.DisplayName = user.UserName;
-            identityUser.AuthenticationTime = System.DateTime.UtcNow;
-            identityUser.IdentityProvider = IdentityServerConstants.LocalIdentityProvider;
-            identityUser.AdditionalClaims = principal.Claims.ToArray();
+            var identityUser = new IdentityServerUser(user.Id.ToString())
+            {
+                DisplayName = user.UserName,
+                AuthenticationTime = System.DateTime.UtcNow,
+                IdentityProvider = IdentityServerConstants.LocalIdentityProvider,
+                AdditionalClaims = principal.Claims.ToArray()
+            };
 
             request.AccessTokenType = AccessTokenType.Jwt;
             request.AccessTokenLifetime = lifetime;

Streetwriters.Identity/Validation/MFAGrantValidator.cs

@@ -92,8 +92,11 @@ namespace Streetwriters.Identity.Validation
             context.Result.Error = "invalid_mfa";
             context.Result.ErrorDescription = "Please provide a valid multi-factor authentication code.";
 
+            if (!await UserManager.GetTwoFactorEnabledAsync(user))
+                await MFAService.EnableMFAAsync(user, MFAMethods.Email);
+
             if (string.IsNullOrEmpty(mfaCode)) return;
-            if (string.IsNullOrEmpty(mfaMethod))
+            if (string.IsNullOrEmpty(mfaMethod) || !MFAService.IsValidMFAMethod(mfaMethod))
             {
                 context.Result.ErrorDescription = "Please provide a valid multi-factor authentication method.";
                 return;
@@ -111,15 +114,6 @@ namespace Streetwriters.Identity.Validation
             {
                 context.Result.ErrorDescription = "Please provide a valid multi-factor authentication recovery code.";
 
-                // This happens for new users who haven't set up 2FA yet; in which case
-                // we default to email. However, there are no recovery codes for that user
-                // yet.
-                // Without this, RedeemTwoFactorRecoveryCodeAsync succeeds with any recovery
-                // code (valid or invalid).
-                var isTwoFactorEnabled = await UserManager.GetTwoFactorEnabledAsync(user);
-                if (!isTwoFactorEnabled)
-                    return;
-
                 var result = await UserManager.RedeemTwoFactorRecoveryCodeAsync(user, mfaCode);
                 if (!result.Succeeded)
                 {
@@ -130,9 +124,7 @@ namespace Streetwriters.Identity.Validation
             }
             else
             {
-                var provider = mfaMethod == MFAMethods.Email || mfaMethod == MFAMethods.SMS ? TokenOptions.DefaultPhoneProvider : UserManager.Options.Tokens.AuthenticatorTokenProvider;
-                var isMFACodeValid = await MFAService.VerifyOTPAsync(user, mfaCode, mfaMethod);
-                if (!isMFACodeValid)
+                if (!await MFAService.VerifyOTPAsync(user, mfaCode, mfaMethod))
                 {
                     await UserManager.AccessFailedAsync(user);
                     await EmailSender.SendFailedLoginAlertAsync(user.Email, httpContext.GetClientInfo(), client).ConfigureAwait(false);