mirror of
https://github.com/LBPUnion/ProjectLighthouse.git
synced 2025-05-28 11:42:28 +00:00
14d2f0305e
* Initial work for TOTP 2FA * Fix bug in 2FA code script * Add translations for two factor and /disable2fa * Fix compilation error * Add TwoFactorLoginPage * Add two factor login process * Little bit of backup code work * Finish two factor * Fix unit tests * ??? goofy ahh code * Use SHA-256 instead of SHA-512 * I guess SHA-256 doesn't work either * Fix comments in Base32 helper * Move QRCoder package to website * Add name to endregion comment in css * Fix bug with redirects
88 lines
No EOL
3.1 KiB
C#
88 lines
No EOL
3.1 KiB
C#
using LBPUnion.ProjectLighthouse.Configuration;
|
|
using LBPUnion.ProjectLighthouse.Helpers;
|
|
using LBPUnion.ProjectLighthouse.Localization.StringLists;
|
|
using LBPUnion.ProjectLighthouse.PlayerData;
|
|
using LBPUnion.ProjectLighthouse.PlayerData.Profiles;
|
|
using LBPUnion.ProjectLighthouse.Servers.Website.Pages.Layouts;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages.TwoFactor;
|
|
|
|
public class TwoFactorLoginPage : BaseLayout
|
|
{
|
|
public TwoFactorLoginPage(Database database) : base(database)
|
|
{ }
|
|
|
|
public string Error { get; set; } = "";
|
|
public string RedirectUrl { get; set; } = "";
|
|
|
|
public async Task<IActionResult> OnGet([FromQuery] string? redirect)
|
|
{
|
|
if (!ServerConfiguration.Instance.TwoFactorConfiguration.TwoFactorEnabled) return this.Redirect("~/login");
|
|
|
|
WebToken? token = this.Database.WebTokenFromRequest(this.Request);
|
|
if (token == null) return this.Redirect("~/login");
|
|
|
|
this.RedirectUrl = redirect ?? "~/";
|
|
|
|
if (token.Verified) return this.Redirect(this.RedirectUrl);
|
|
|
|
User? user = await this.Database.Users.Where(u => u.UserId == token.UserId).FirstOrDefaultAsync();
|
|
if (user == null) return this.Redirect("~/login");
|
|
|
|
if (!user.IsTwoFactorSetup) return this.Redirect(this.RedirectUrl);
|
|
|
|
return this.Page();
|
|
}
|
|
|
|
public async Task<IActionResult> OnPost([FromForm] string? code, [FromForm] string? redirect, [FromForm] string? backup)
|
|
{
|
|
if (!ServerConfiguration.Instance.TwoFactorConfiguration.TwoFactorEnabled) return this.Redirect("~/login");
|
|
|
|
WebToken? token = this.Database.WebTokenFromRequest(this.Request);
|
|
if (token == null) return this.Redirect("~/login");
|
|
|
|
this.RedirectUrl = redirect ?? "~/";
|
|
|
|
if (token.Verified) return this.Redirect(this.RedirectUrl);
|
|
|
|
User? user = await this.Database.Users.Where(u => u.UserId == token.UserId).FirstOrDefaultAsync();
|
|
if (user == null) return this.Redirect("~/login");
|
|
|
|
if (!user.IsTwoFactorSetup)
|
|
{
|
|
token.Verified = true;
|
|
await this.Database.SaveChangesAsync();
|
|
}
|
|
|
|
// if both are null or neither are null, there should only be one at at time
|
|
if (string.IsNullOrWhiteSpace(code) == string.IsNullOrWhiteSpace(backup))
|
|
{
|
|
this.Error = this.Translate(TwoFactorStrings.InvalidCode);
|
|
return this.Page();
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(backup))
|
|
{
|
|
if (!CryptoHelper.VerifyCode(code, user.TwoFactorSecret))
|
|
{
|
|
this.Error = this.Translate(TwoFactorStrings.InvalidCode);
|
|
return this.Page();
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (!CryptoHelper.VerifyBackup(backup, user.TwoFactorBackup))
|
|
{
|
|
this.Error = this.Translate(TwoFactorStrings.InvalidBackupCode);
|
|
return this.Page();
|
|
}
|
|
}
|
|
|
|
token.Verified = true;
|
|
await this.Database.SaveChangesAsync();
|
|
|
|
return this.Redirect(this.RedirectUrl);
|
|
}
|
|
} |