admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-03-11 19:33:41 +00:00
parent f777e70e33
commit be14484ba6
3 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
server/AyaNova/Controllers/AuthController.cs
View File

@@ -428,13 +428,13 @@ namespace AyaNova.Api.Controllers
}
/// <summary>
/// Generate HOTP secret and return for use in auth app
/// Generate TOTP secret and return for use in auth app
///
/// </summary>
/// <param name="apiVersion">From route path</param>
/// <returns>New HOTP secret</returns>
[HttpGet("hotp")]
public async Task<IActionResult> GenerateAndSendHOTP(ApiVersion apiVersion)
/// <returns>New TOTP secret</returns>
[HttpGet("totp")]
public async Task<IActionResult> GenerateAndSendTOTP(ApiVersion apiVersion)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
@@ -451,18 +451,33 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse());
var tfa = new TwoFactorAuth("AyaNova");
u.HotpSecret = tfa.CreateSecret(160);
u.TotpSecret = tfa.CreateSecret(160);
await ct.SaveChangesAsync();
//https://github.com/google/google-authenticator/wiki/Key-Uri-Format
QRCoder.PayloadGenerator.OneTimePassword generator = new QRCoder.PayloadGenerator.OneTimePassword()
{
Secret = u.TotpSecret,
Issuer = "AyaNova",
//Label = $"AyaNova.{u.Id}",
Type = QRCoder.PayloadGenerator.OneTimePassword.OneTimePasswordAuthType.TOTP
};
string payload = generator.ToString();
// QRCodeGenerator qrGenerator = new QRCodeGenerator();
// QRCodeData qrCodeData = qrGenerator.CreateQrCode(payload, QRCodeGenerator.ECCLevel.Q);
// QRCode qrCode = new QRCode(qrCodeData);
// var qrCodeAsBitmap = qrCode.GetGraphic(20);
QRCodeGenerator qrGenerator = new QRCodeGenerator();
QRCodeData qrCodeData = qrGenerator.CreateQrCode(u.HotpSecret, QRCodeGenerator.ECCLevel.Q);
QRCodeData qrCodeData = qrGenerator.CreateQrCode(payload, QRCodeGenerator.ECCLevel.Q);
Base64QRCode qrCode = new Base64QRCode(qrCodeData);
string qrCodeImageAsBase64 = qrCode.GetGraphic(20);
string qrCodeImageAsBase64 = qrCode.GetGraphic(4);
return Ok(ApiOkResponse.Response(new
{
s = u.HotpSecret,
s = u.TotpSecret,
qr = qrCodeImageAsBase64
}));
}

2
server/AyaNova/models/User.cs
View File

@@ -97,7 +97,7 @@ namespace AyaNova.Models
[JsonIgnore]
public DateTime? PasswordResetCodeExpire { get; set; }//---
[JsonIgnore]
public string HotpSecret { get; set; }//---
public string TotpSecret { get; set; }//---
//==========================
//relations

2
server/AyaNova/util/AySchema.cs
View File

@@ -441,7 +441,7 @@ $BODY$ LANGUAGE PLPGSQL STABLE");
//Add user table
await ExecQueryAsync("CREATE TABLE auser (id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY, active BOOL NOT NULL, name TEXT NOT NULL UNIQUE, "
+ "lastlogin TIMESTAMP, login TEXT NOT NULL UNIQUE, password TEXT NOT NULL, salt TEXT NOT NULL, roles INTEGER NOT NULL, currentauthtoken TEXT, "
+ "dlkey TEXT, dlkeyexpire TIMESTAMP, hotpsecret TEXT, twofactorenabled BOOL, passwordresetcode TEXT, passwordresetcodeexpire TIMESTAMP, usertype INTEGER NOT NULL, "
+ "dlkey TEXT, dlkeyexpire TIMESTAMP, totpsecret TEXT, twofactorenabled BOOL, passwordresetcode TEXT, passwordresetcodeexpire TIMESTAMP, usertype INTEGER NOT NULL, "
+ "employeenumber TEXT, notes TEXT, customerid BIGINT, "
+ "headofficeid BIGINT, vendorid BIGINT, wiki TEXT, customfields TEXT, tags VARCHAR(255) ARRAY)");