Implement 2FA (#577)

* Initial work for TOTP 2FA * Fix bug in 2FA code script * Add translations for two factor and /disable2fa * Fix compilation error * Add TwoFactorLoginPage * Add two factor login process * Little bit of backup code work * Finish two factor * Fix unit tests * ??? goofy ahh code * Use SHA-256 instead of SHA-512 * I guess SHA-256 doesn't work either * Fix comments in Base32 helper * Move QRCoder package to website * Add name to endregion comment in css * Fix bug with redirects
2025-07-24 14:11:29 +00:00 · 2022-12-12 21:11:39 -06:00 · 2022-12-12 21:11:39 -06:00 · 14d2f0305e
commit 14d2f0305e
parent 4fd1063502
28 changed files with 1077 additions and 20 deletions
--- a/ProjectLighthouse.Servers.Website/Pages/TwoFactor/DisableTwoFactorPage.cshtml.cs
+++ b/ProjectLighthouse.Servers.Website/Pages/TwoFactor/DisableTwoFactorPage.cshtml.cs
@ -0,0 +1,67 @@
+using LBPUnion.ProjectLighthouse.Configuration;
+using LBPUnion.ProjectLighthouse.Helpers;
+using LBPUnion.ProjectLighthouse.Localization.StringLists;
+using LBPUnion.ProjectLighthouse.PlayerData.Profiles;
+using LBPUnion.ProjectLighthouse.Servers.Website.Pages.Layouts;
+using Microsoft.AspNetCore.Mvc;
+
+namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages.TwoFactor;
+
+public class DisableTwoFactorPage : BaseLayout
+{
+    public DisableTwoFactorPage(Database database) : base(database) { }
+
+    public string Error { get; set; } = "";
+
+    public IActionResult OnGet()
+    {
+        if (!ServerConfiguration.Instance.TwoFactorConfiguration.TwoFactorEnabled) return this.Redirect("~/login");
+
+        User? user = this.Database.UserFromWebRequest(this.Request);
+        if (user == null) return this.Redirect("~/login");
+
+        if (!user.IsTwoFactorSetup) return this.Redirect("~/user/" + user.UserId + "/settings");
+
+        return this.Page();
+    }
+
+    public async Task<IActionResult> OnPost([FromForm] string? code, [FromForm] string? backup)
+    {
+        if (!ServerConfiguration.Instance.TwoFactorConfiguration.TwoFactorEnabled) return this.Redirect("~/login");
+
+        User? user = this.Database.UserFromWebRequest(this.Request);
+        if (user == null) return this.Redirect("~/login");
+
+        if (!user.IsTwoFactorSetup) return this.Redirect("~/user/" + user.UserId + "/settings");
+
+        // if both are null or neither are null, there should only be one at at time
+        if (string.IsNullOrWhiteSpace(code) == string.IsNullOrWhiteSpace(backup))
+        {
+            this.Error = this.Translate(TwoFactorStrings.InvalidCode);
+            return this.Page();
+        }
+
+        if (string.IsNullOrWhiteSpace(backup))
+        {
+            if (!CryptoHelper.VerifyCode(code, user.TwoFactorSecret))
+            {
+                this.Error = this.Translate(TwoFactorStrings.InvalidCode);
+                return this.Page();
+            }
+        }
+        else
+        {
+            if(!CryptoHelper.VerifyBackup(backup, user.TwoFactorBackup))
+            {
+                this.Error = this.Translate(TwoFactorStrings.InvalidBackupCode);
+                return this.Page();
+            }
+        }
+
+        user.TwoFactorBackup = null;
+        user.TwoFactorSecret = null;
+        await this.Database.SaveChangesAsync();
+
+        return this.Redirect("~/user/" + user.UserId + "/settings");
+    }
+}