From ce4a33ce3c6858850bed2da59e617e3864209b0a Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Fri, 12 Mar 2021 01:12:03 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/AuthController.cs | 42 ++++++++++++++++++-- server/AyaNova/resource/de.json | 4 +- server/AyaNova/resource/en.json | 4 +- server/AyaNova/resource/es.json | 4 +- server/AyaNova/resource/fr.json | 4 +- 5 files changed, 50 insertions(+), 8 deletions(-) diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index 1efce9ac..aa51d4f2 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -452,9 +452,9 @@ namespace AyaNova.Api.Controllers //if user already has a secret set then this is not valid, must be re-requested first //this is to stop someone from messing up someone's login accidentally or maliciously by simply hitting the route logged in as them - if(!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled) - return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled")); - + if (!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled) + return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled")); + var tfa = new TwoFactorAuth("AyaNova"); u.TotpSecret = tfa.CreateSecret(160); @@ -509,7 +509,13 @@ namespace AyaNova.Api.Controllers //ok, something to validate, let's validate it var tfa = new TwoFactorAuth("AyaNova"); - var ret = tfa.VerifyCode(u.TotpSecret, pin.Pin, 8); + var ret = tfa.VerifyCode(u.TotpSecret, pin.Pin.Replace(" ", "").Trim()); + if (ret == true) + { + //enable 2fa on user account + u.TwoFactorEnabled = true; + await ct.SaveChangesAsync(); + } return Ok(ApiOkResponse.Response(new { @@ -517,6 +523,34 @@ namespace AyaNova.Api.Controllers })); } + + /// + /// Disable (turn off) 2fa for current user account + /// + /// + /// From route path + /// OK on success + [HttpPost("totp-disable")] + public async Task DisableTOTP(ApiVersion apiVersion) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + + //get user + var UserId = UserIdFromContext.Id(HttpContext.Items); + + var u = await ct.User.FirstOrDefaultAsync(z => z.Id == UserId); + if (u == null)//should never happen but ? + return StatusCode(403, new ApiNotAuthorizedResponse()); + + u.TotpSecret = null; + u.TwoFactorEnabled = false; + await ct.SaveChangesAsync(); + return NoContent(); + } //------------------------------------------------------ public class CredentialsParam diff --git a/server/AyaNova/resource/de.json b/server/AyaNova/resource/de.json index 15877d13..14520b40 100644 --- a/server/AyaNova/resource/de.json +++ b/server/AyaNova/resource/de.json @@ -2171,5 +2171,7 @@ "AuthConnectAppManualEntry":"Haben Sie Probleme beim Scannen des Codes? Geben Sie Folgendes manuell in Ihre Authentifizierungs-App ein:", "AuthEnterPin":"Geben Sie den 6-stelligen Passcode ein", "AuthPinInvalid":"Passcode ungültig", - "AuthConnectCompleted":"Die Zwei-Faktor-Authentifizierung ist jetzt aktiviert" + "AuthConnectCompleted":"Die Zwei-Faktor-Authentifizierung ist jetzt aktiviert", + "AuthDisableTwoFactor":"Deaktivieren Sie die Zwei-Faktor-Authentifizierung", + "AuthTwoFactorDisabled":"Die Zwei-Faktor-Authentifizierung ist jetzt deaktiviert" } \ No newline at end of file diff --git a/server/AyaNova/resource/en.json b/server/AyaNova/resource/en.json index 63de2ecb..1b77cf87 100644 --- a/server/AyaNova/resource/en.json +++ b/server/AyaNova/resource/en.json @@ -2171,5 +2171,7 @@ "AuthConnectAppManualEntry":"Having trouble scanning the code? Enter the following manually into your authenticator app:", "AuthEnterPin":"Enter 6 digit pass code", "AuthPinInvalid":"Pass code not valid", - "AuthConnectCompleted":"Two factor authentication is now enabled" + "AuthConnectCompleted":"Two-Factor authentication is now enabled", + "AuthDisableTwoFactor":"Disable Two-Factor authentication", + "AuthTwoFactorDisabled":"Two-Factor authentication is now disabled" } \ No newline at end of file diff --git a/server/AyaNova/resource/es.json b/server/AyaNova/resource/es.json index 88822132..3cf6df83 100644 --- a/server/AyaNova/resource/es.json +++ b/server/AyaNova/resource/es.json @@ -2171,5 +2171,7 @@ "AuthConnectAppManualEntry":"¿Tiene problemas para escanear el código? Ingrese lo siguiente manualmente en su aplicación de autenticación:", "AuthEnterPin":"Ingrese un código de acceso de 6 dígitos", "AuthPinInvalid":"Código de acceso no válido", - "AuthConnectCompleted":"La autenticación de dos factores ahora está habilitada" + "AuthConnectCompleted":"La autenticación de dos factores ahora está habilitada", + "AuthDisableTwoFactor":"Deshabilitar la autenticación de dos factores", + "AuthTwoFactorDisabled":"La autenticación de dos factores ahora está deshabilitada" } \ No newline at end of file diff --git a/server/AyaNova/resource/fr.json b/server/AyaNova/resource/fr.json index 5b0ee950..d6e66029 100644 --- a/server/AyaNova/resource/fr.json +++ b/server/AyaNova/resource/fr.json @@ -2171,5 +2171,7 @@ "AuthConnectAppManualEntry":"Vous rencontrez des difficultés pour scanner le code? Saisissez les informations suivantes manuellement dans votre application d'authentification:", "AuthEnterPin":"Entrez le code d'accès à 6 chiffres", "AuthPinInvalid":"Code d'accès non valide", - "AuthConnectCompleted":"L'authentification à deux facteurs est maintenant activée" + "AuthConnectCompleted":"L'authentification à deux facteurs est maintenant activée", + "AuthDisableTwoFactor":"Désactiver l'authentification à deux facteurs", + "AuthTwoFactorDisabled":"L'authentification à deux facteurs est maintenant désactivée" } \ No newline at end of file