This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using TwoFactorAuthNet;
|
||||
using QRCoder;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using AyaNova.Models;
|
||||
@@ -424,6 +426,46 @@ namespace AyaNova.Api.Controllers
|
||||
}));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Generate HOTP secret and return for use in auth app
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="apiVersion">From route path</param>
|
||||
/// <returns>New HOTP secret</returns>
|
||||
[HttpGet("hotp")]
|
||||
public async Task<IActionResult> GenerateAndSendHOTP(ApiVersion apiVersion)
|
||||
{
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
|
||||
//get user and save the secret
|
||||
var UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||
|
||||
var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId);
|
||||
if (u == null)//should never happen but ?
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
var tfa = new TwoFactorAuth("AyaNova");
|
||||
u.HotpSecret = tfa.CreateSecret(160);
|
||||
await ct.SaveChangesAsync();
|
||||
|
||||
|
||||
QRCodeGenerator qrGenerator = new QRCodeGenerator();
|
||||
QRCodeData qrCodeData = qrGenerator.CreateQrCode(u.HotpSecret, QRCodeGenerator.ECCLevel.Q);
|
||||
Base64QRCode qrCode = new Base64QRCode(qrCodeData);
|
||||
string qrCodeImageAsBase64 = qrCode.GetGraphic(20);
|
||||
|
||||
return Ok(ApiOkResponse.Response(new
|
||||
{
|
||||
s = u.HotpSecret,
|
||||
qrCode = qrCodeImageAsBase64
|
||||
}));
|
||||
}
|
||||
|
||||
//------------------------------------------------------
|
||||
|
||||
public class CredentialsParam
|
||||
|
||||
Reference in New Issue
Block a user