From 2c1dc6f95ef7bdbad9df9d4a0fd70edc3879c026 Mon Sep 17 00:00:00 2001 From: Abdullah Atta Date: Sat, 9 Sep 2023 20:31:21 +0500 Subject: [PATCH] identity: minor refactors --- .../Services/TokenGenerationService.cs | 12 +++++++----- .../Validation/MFAGrantValidator.cs | 18 +++++------------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/Streetwriters.Identity/Services/TokenGenerationService.cs b/Streetwriters.Identity/Services/TokenGenerationService.cs index ddd1732..4395d43 100644 --- a/Streetwriters.Identity/Services/TokenGenerationService.cs +++ b/Streetwriters.Identity/Services/TokenGenerationService.cs @@ -84,11 +84,13 @@ namespace Streetwriters.Identity.Helpers public async Task TransformTokenRequestAsync(ValidatedTokenRequest request, User user, string grantType, string[] scopes, int lifetime = 20 * 60) { var principal = await PrincipalFactory.CreateAsync(user); - var identityUser = new IdentityServerUser(user.Id.ToString()); - identityUser.DisplayName = user.UserName; - identityUser.AuthenticationTime = System.DateTime.UtcNow; - identityUser.IdentityProvider = IdentityServerConstants.LocalIdentityProvider; - identityUser.AdditionalClaims = principal.Claims.ToArray(); + var identityUser = new IdentityServerUser(user.Id.ToString()) + { + DisplayName = user.UserName, + AuthenticationTime = System.DateTime.UtcNow, + IdentityProvider = IdentityServerConstants.LocalIdentityProvider, + AdditionalClaims = principal.Claims.ToArray() + }; request.AccessTokenType = AccessTokenType.Jwt; request.AccessTokenLifetime = lifetime; diff --git a/Streetwriters.Identity/Validation/MFAGrantValidator.cs b/Streetwriters.Identity/Validation/MFAGrantValidator.cs index 25f4dd0..9984096 100644 --- a/Streetwriters.Identity/Validation/MFAGrantValidator.cs +++ b/Streetwriters.Identity/Validation/MFAGrantValidator.cs @@ -92,8 +92,11 @@ namespace Streetwriters.Identity.Validation context.Result.Error = "invalid_mfa"; context.Result.ErrorDescription = "Please provide a valid multi-factor authentication code."; + if (!await UserManager.GetTwoFactorEnabledAsync(user)) + await MFAService.EnableMFAAsync(user, MFAMethods.Email); + if (string.IsNullOrEmpty(mfaCode)) return; - if (string.IsNullOrEmpty(mfaMethod)) + if (string.IsNullOrEmpty(mfaMethod) || !MFAService.IsValidMFAMethod(mfaMethod)) { context.Result.ErrorDescription = "Please provide a valid multi-factor authentication method."; return; @@ -111,15 +114,6 @@ namespace Streetwriters.Identity.Validation { context.Result.ErrorDescription = "Please provide a valid multi-factor authentication recovery code."; - // This happens for new users who haven't set up 2FA yet; in which case - // we default to email. However, there are no recovery codes for that user - // yet. - // Without this, RedeemTwoFactorRecoveryCodeAsync succeeds with any recovery - // code (valid or invalid). - var isTwoFactorEnabled = await UserManager.GetTwoFactorEnabledAsync(user); - if (!isTwoFactorEnabled) - return; - var result = await UserManager.RedeemTwoFactorRecoveryCodeAsync(user, mfaCode); if (!result.Succeeded) { @@ -130,9 +124,7 @@ namespace Streetwriters.Identity.Validation } else { - var provider = mfaMethod == MFAMethods.Email || mfaMethod == MFAMethods.SMS ? TokenOptions.DefaultPhoneProvider : UserManager.Options.Tokens.AuthenticatorTokenProvider; - var isMFACodeValid = await MFAService.VerifyOTPAsync(user, mfaCode, mfaMethod); - if (!isMFACodeValid) + if (!await MFAService.VerifyOTPAsync(user, mfaCode, mfaMethod)) { await UserManager.AccessFailedAsync(user); await EmailSender.SendFailedLoginAlertAsync(user.Email, httpContext.GetClientInfo(), client).ConfigureAwait(false);