From eedc4bd54f7fbb68e9a4816047889eb1abe82b8f Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Fri, 12 Mar 2021 18:50:20 +0000 Subject: [PATCH] --- .vscode/launch.json | 2 +- server/AyaNova/Controllers/AuthController.cs | 127 ++++--------------- server/AyaNova/util/AySchema.cs | 2 +- 3 files changed, 26 insertions(+), 105 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 8fd97968..0e2049e9 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -53,7 +53,7 @@ "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles", "AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles", "AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles", - "AYANOVA_SERVER_TEST_MODE": "true", + "AYANOVA_SERVER_TEST_MODE": "false", "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small", "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7", "AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\" diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index 7df8ab0c..568be3ed 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -168,111 +168,32 @@ namespace AyaNova.Api.Controllers string hashed = Hasher.hash(u.Salt, creds.Password); if (hashed == u.Password) { - //Valid password, user is effectively authorized at this point + //TWO FACTOR ENABLED?? + //if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt + if (u.TwoFactorEnabled) + { + //Generate a temporary token to identify and verify this is the same user + u.TempToken = Hasher.GenerateSalt().Replace("=", "").Replace("+", ""); + await ct.SaveChangesAsync(); + + List TranslationKeysToFetch = new List { "AuthTwoFactor", "AuthEnterPin", "AuthVerifyCode", "Cancel" }; + var LT = await TranslationBiz.GetSubsetStaticAsync(TranslationKeysToFetch, u.UserOptions.TranslationId); + + return Ok(ApiOkResponse.Response(new + { + AuthTwoFactor = LT["AuthTwoFactor"], + AuthEnterPin = LT["AuthEnterPin"], + AuthVerifyCode = LT["AuthVerifyCode"], + Cancel = LT["Cancel"], + tfa = true, + tt = u.TempToken + })); + } + + //Not 2fa, Valid password, user is authorized return await ReturnUserCredsOnSuccessfulAuthentication(u); - // //check if server available to SuperUser account only (closed or migrate mode) - // //if it is it means we got here either because there is no license - // //and only *the* SuperUser account can login now or we're in migrate mode - // if (serverState.IsClosed || serverState.IsMigrateMode) - // { - // //if not SuperUser account then boot closed - // //SuperUser account is always ID 1 - // if (u.Id != 1) - // { - // return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); - // } - // } - // //Restrict auth due to server state? - // //If we're here the server state is not closed, but it might be ops only - - // //If the server is ops only then this user needs to be ops or else they are not allowed in - // if (serverState.IsOpsOnly && - // !u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminFull) && - // !u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminLimited)) - // { - // return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); - // } - - - // //TWO FACTOR ENABLED?? - // //if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt - // if (u.TwoFactorEnabled) - // { - // //Generate a temporary token to identify and verify this is the same user - // u.TempToken = Hasher.GenerateSalt().Replace("=", "").Replace("+", ""); - // await ct.SaveChangesAsync(); - - // List TranslationKeysToFetch = new List { "AuthTwoFactor", "AuthEnterPin", "AuthVerifyCode", "Cancel" }; - // var LT = await TranslationBiz.GetSubsetStaticAsync(TranslationKeysToFetch, u.UserOptions.TranslationId); - - // return Ok(ApiOkResponse.Response(new - // { - // AuthTwoFactor = LT["AuthTwoFactor"], - // AuthEnterPin = LT["AuthEnterPin"], - // AuthVerifyCode = LT["AuthVerifyCode"], - // Cancel = LT["Cancel"], - // tfa = true, - // tt = u.TempToken - // })); - // } - - - // //build the key (JWT set in startup.cs) - // byte[] secretKey = System.Text.Encoding.ASCII.GetBytes(ServerBootConfig.AYANOVA_JWT_SECRET); - - // //create a new datetime offset of now in utc time - // var iat = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);//timespan zero means zero time off utc / specifying this is a UTC datetime - // var exp = new DateTimeOffset(DateTime.Now.AddDays(JWT_LIFETIME_DAYS).ToUniversalTime(), TimeSpan.Zero); - - - // //=============== download token =================== - // //Generate a download token and store it with the user account - // //string DownloadToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray()); - // string DownloadToken = Hasher.GenerateSalt(); - // DownloadToken = DownloadToken.Replace("=", ""); - // DownloadToken = DownloadToken.Replace("+", ""); - // u.DlKey = DownloadToken; - // u.DlKeyExpire = exp.DateTime; - - // //======================================================= - - // var payload = new Dictionary() - // { - // // { "iat", iat.ToUnixTimeSeconds().ToString() }, - // { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard - // { "iss", "ayanova.com" }, - // { "id", u.Id.ToString() } - // }; - - - // //NOTE: probably don't need Jose.JWT as am using Microsoft jwt stuff to validate routes so it should also be able to - // //issue tokens as well, but it looked cmplex and this works so unless need to remove in future keeping it. - // string token = Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256); - - // //save auth token to ensure single sign on only - // u.CurrentAuthToken = token; - - // u.LastLogin = DateTime.UtcNow; - - // await ct.SaveChangesAsync(); - - // //KEEP this, masked version of IP address - // //Not sure if this is necessary or not but if it turns out to be then make it a boot option - // // log.LogInformation($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok"); - - // log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok"); - - - // return Ok(ApiOkResponse.Response(new - // { - // token = token, - // name = u.Name, - // usertype = u.UserType, - // roles = ((int)u.Roles).ToString(), - // dlt = DownloadToken, - // tfa = u.TwoFactorEnabled - // })); + } } diff --git a/server/AyaNova/util/AySchema.cs b/server/AyaNova/util/AySchema.cs index c3597366..bf98edd4 100644 --- a/server/AyaNova/util/AySchema.cs +++ b/server/AyaNova/util/AySchema.cs @@ -22,7 +22,7 @@ namespace AyaNova.Util //!!!!WARNING: BE SURE TO UPDATE THE DbUtil::EmptyBizDataFromDatabaseForSeedingOrImporting WHEN NEW TABLES ADDED!!!! private const int DESIRED_SCHEMA_LEVEL = 15; - internal const long EXPECTED_COLUMN_COUNT = 790; + internal const long EXPECTED_COLUMN_COUNT = 791; internal const long EXPECTED_INDEX_COUNT = 130; internal const long EXPECTED_CHECK_CONSTRAINTS = 359; internal const long EXPECTED_FOREIGN_KEY_CONSTRAINTS = 78;