Compare commits

..

4 Commits

Author SHA1 Message Date
decf288a83 Merge pull request 'dev' (#14) from dev into registration
Reviewed-on: #14
2024-06-22 18:49:29 +04:00
1c229ab714 add two factor auth (Web) 2024-06-22 18:43:07 +04:00
f122886b7e fix role storage 2024-06-22 18:42:35 +04:00
513f57ec72 add two factor auth (API) 2024-06-22 18:42:11 +04:00
12 changed files with 300 additions and 25 deletions

View File

@ -25,11 +25,14 @@ namespace BusinessLogic.BusinessLogic
{
private readonly ILogger _logger;
private readonly IUserStorage _userStorage;
private readonly ITwoFactorAuthService _twoFactorAuthService;
public UserLogic(ILogger<UserLogic> logger, IUserStorage userStorage)
public UserLogic(ILogger<UserLogic> logger, IUserStorage userStorage,
ITwoFactorAuthService twoFactorAuthService)
{
_logger = logger;
_userStorage = userStorage;
_twoFactorAuthService = twoFactorAuthService;
}
public string Create(UserBindingModel model)
@ -53,6 +56,9 @@ namespace BusinessLogic.BusinessLogic
MailSender.Send(new MailRegistration(user));
string code = _twoFactorAuthService.GenerateCode();
MailSender.Send(new MailTwoFactorCode(user, code));
return JwtProvider.Generate(user);
}
@ -132,6 +138,10 @@ namespace BusinessLogic.BusinessLogic
{
throw new AccountException("The passwords don't match.");
}
string code = _twoFactorAuthService.GenerateCode();
MailSender.Send(new MailTwoFactorCode(user, code));
return JwtProvider.Generate(user);
}
@ -166,5 +176,10 @@ namespace BusinessLogic.BusinessLogic
throw new AccountException("The email is not valid.");
}
}
public bool VerifyCode(string code)
{
return _twoFactorAuthService.Verify(code);
}
}
}

View File

@ -0,0 +1,21 @@
using Contracts.BindingModels;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace BusinessLogic.Tools.Mail.MailTemplates
{
public class MailTwoFactorCode : Mail
{
public MailTwoFactorCode(UserBindingModel user, string code)
{
To = [user.Email];
Title = "Ваш код для подтверждения";
Body = $"Здравствуйте, {user.SecondName} {user.FirstName}! Вот Ваш код для подтверждения:\n" +
$"{code}\n" +
$"Если это не Вы, игноритруйте это сообщение.";
}
}
}

View File

@ -0,0 +1,42 @@
using Contracts.BusinessLogicContracts;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace BusinessLogic.Tools
{
public class TwoFactorAuthService : ITwoFactorAuthService
{
private string _code = string.Empty;
private const int LENGTH_CODE = 5;
public string GenerateCode()
{
_code = _getCode(LENGTH_CODE);
return _code;
}
private string _getCode(int length)
{
string res = "";
var rand = new Random();
for (int i = 0; i < length; i++)
{
res += rand.Next(0, 9).ToString();
}
return res;
}
public bool Verify(string code)
{
if (_code == string.Empty)
{
throw new Exception("Source code is not generated.");
}
return _code == code;
}
}
}

View File

@ -0,0 +1,15 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Contracts.BusinessLogicContracts
{
public interface ITwoFactorAuthService
{
string GenerateCode();
bool Verify(string code);
}
}

View File

@ -10,18 +10,20 @@ using System.Threading.Tasks;
namespace Contracts.BusinessLogicContracts
{
public interface IUserLogic
{
string Login(string email, string password);
public interface IUserLogic
{
string Login(string email, string password);
string Create(UserBindingModel model);
bool VerifyCode(string code);
UserViewModel Update(UserBindingModel model);
string Create(UserBindingModel model);
UserViewModel ReadElement(UserSearchModel model);
UserViewModel Update(UserBindingModel model);
IEnumerable<UserViewModel> ReadElements(UserSearchModel? model);
UserViewModel ReadElement(UserSearchModel model);
UserViewModel Delete(UserSearchModel model);
}
IEnumerable<UserViewModel> ReadElements(UserSearchModel? model);
UserViewModel Delete(UserSearchModel model);
}
}

View File

@ -32,7 +32,7 @@ namespace DatabaseImplement.Implements
public RoleBindingModel? GetElement(RoleSearchModel model)
{
if (model.Id is null && string.IsNullOrWhiteSpace(model.Name))
if (model.Id is null && string.IsNullOrWhiteSpace(model?.Name))
{
return null;
}
@ -46,7 +46,7 @@ namespace DatabaseImplement.Implements
public IEnumerable<RoleBindingModel> GetList(RoleSearchModel? model)
{
var context = new Database();
if (model is null && string.IsNullOrWhiteSpace(model.Name))
if (model is null && string.IsNullOrWhiteSpace(model?.Name))
{
return context.Roles.Select(r => r.GetBindingModel());
}

View File

@ -46,6 +46,21 @@ namespace RestAPI.Controllers
}
}
[HttpPost]
public IResult VerifyCode([FromBody] VerifyCodeData data)
{
try
{
var res = _userLogic.VerifyCode(data.code);
return Results.Ok(res);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error verify code");
return Results.Problem(ex.Message);
}
}
[HttpPost]
public IResult Registration([FromBody] UserBindingModel model)
{
@ -128,4 +143,5 @@ namespace RestAPI.Controllers
}
public record class UserData(string email, string password);
public record class VerifyCodeData(string code);
}

View File

@ -20,6 +20,7 @@ builder.Logging.AddLog4Net("log4net.config");
builder.Services.AddTransient<IRoleLogic, RoleLogic>();
builder.Services.AddTransient<IUserLogic, UserLogic>();
builder.Services.AddSingleton<ITwoFactorAuthService, TwoFactorAuthService>();
builder.Services.AddTransient<IRoleStorage, RoleStorage>();
builder.Services.AddTransient<IUserStorage, UserStorage>();
@ -34,7 +35,7 @@ builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(c =>
{
c.SwaggerDoc(VERSION, new OpenApiInfo { Title = TITLE, Version = VERSION });
c.SwaggerDoc(VERSION, new OpenApiInfo { Title = TITLE, Version = VERSION });
});
var app = builder.Build();
@ -46,15 +47,15 @@ var mailSender = app.Services.GetService<MailSender>();
string? getSection(string section) => builder.Configuration?.GetSection(section)?.Value?.ToString();
jwtProvider?.SetupJwtOptions(new()
{
SecretKey = getSection("JwtOptions:SecretKey") ?? string.Empty,
ExpiresHours = Convert.ToInt16(getSection("JwtOptions:ExpiresHours"))
SecretKey = getSection("JwtOptions:SecretKey") ?? string.Empty,
ExpiresHours = Convert.ToInt16(getSection("JwtOptions:ExpiresHours"))
});
mailSender?.SetupMailOptions(new()
{
Email = getSection("MailOptions:Email") ?? string.Empty,
Password = getSection("MailOptions:Password") ?? string.Empty,
SmtpClientHost = getSection("MailOptions:SmtpClientHost") ?? string.Empty,
SmtpClientPort = Convert.ToInt16(getSection("MailOptions:SmtpClientPort"))
Email = getSection("MailOptions:Email") ?? string.Empty,
Password = getSection("MailOptions:Password") ?? string.Empty,
SmtpClientHost = getSection("MailOptions:SmtpClientHost") ?? string.Empty,
SmtpClientPort = Convert.ToInt16(getSection("MailOptions:SmtpClientPort"))
});
#endregion Setup config
@ -62,8 +63,8 @@ mailSender?.SetupMailOptions(new()
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint($"/swagger/{VERSION}/swagger.json", $"{TITLE} {VERSION}"));
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint($"/swagger/{VERSION}/swagger.json", $"{TITLE} {VERSION}"));
}
app.UseHttpsRedirection();

View File

@ -20,9 +20,9 @@ namespace WebApp.Pages
throw new Exception("Something wrong LOL!");
}
this.SetJWT((string)response);
TempData["jwt"] = (string)response;
return RedirectToPage("Index");
return RedirectToPage("TwoFactor");
}
}
}

View File

@ -30,9 +30,9 @@ namespace WebApp.Pages
throw new Exception("Something wrong LOL!");
}
this.SetJWT((string)response);
TempData["jwt"] = (string)response;
return RedirectToPage("Index");
return RedirectToPage("TwoFactor");
}
}
}

View File

@ -0,0 +1,128 @@
@page
@model WebApp.Pages.TwoFactorModel
<div class="row justify-content-center mt-7">
<style>
.icon-circle[class*=text-] [fill]:not([fill=none]), .icon-circle[class*=text-] svg:not([fill=none]), .svg-icon[class*=text-] [fill]:not([fill=none]), .svg-icon[class*=text-] svg:not([fill=none]) {
fill: currentColor !important;
}
.svg-icon-xl > svg {
width: 3.25rem;
height: 3.25rem;
}
.hover-lift-light {
transition: box-shadow .25s ease,transform .25s ease,color .25s ease,background-color .15s ease-in;
}
.mt-4 {
margin-top: 1.5rem !important;
}
.w-100 {
width: 100% !important;
}
.btn-group-lg > .btn, .btn-lg {
padding: 0.8rem 1.85rem;
font-size: 1.1rem;
border-radius: 0.3rem;
}
.btn-purple {
color: #fff;
background-color: #6672e8;
border-color: #6672e8;
}
.text-center {
text-align: center !important;
}
.py-4 {
padding-top: 1.5rem !important;
padding-bottom: 1.5rem !important;
}
.form-control-lg {
min-height: calc(1.5em + 1rem + 2px);
padding: 0.5rem 1rem;
font-size: 1.25rem;
border-radius: 0.3rem;
}
.form-control {
display: block;
width: 100%;
padding: 0.375rem 0.75rem;
font-size: 1rem;
font-weight: 400;
line-height: 1.5;
color: #1e2e50;
background-color: #f6f9fc;
background-clip: padding-box;
border: 1px solid #dee2e6;
-webkit-appearance: none;
-moz-appearance: none;
appearance: none;
border-radius: 0.25rem;
transition: border-color .15s ease-in-out,box-shadow .15s ease-in-out;
}
</style>
<div class="col-lg-5 text-center">
<a href="index.html">
<img src="assets/img/svg/logo.svg" alt="">
</a>
<div class="card mt-5">
<div class="card-body py-5 px-lg-5">
<div class="svg-icon svg-icon-xl text-purple">
<svg xmlns="http://www.w3.org/2000/svg" width="512" height="512" viewBox="0 0 512 512"><title>ionicons-v5-g</title><path d="M336,208V113a80,80,0,0,0-160,0v95" style="fill:none;stroke:#000;stroke-linecap:round;stroke-linejoin:round;stroke-width:32px"></path><rect x="96" y="208" width="320" height="272" rx="48" ry="48" style="fill:none;stroke:#000;stroke-linecap:round;stroke-linejoin:round;stroke-width:32px"></rect></svg>
</div>
<h3 class="fw-normal text-dark mt-4">
2-step verification
</h3>
<p class="mt-4 mb-1">
We sent a verification code to your email.
</p>
<p>
Please enter the code in the field below.
</p>
<form method="post">
<div class="row mt-4 pt-2">
<div class="col">
<input type="text" maxlength="1" class="form-control form-control-lg text-center py-4"
name="code" required autofocus>
</div>
<div class="col">
<input type="text" maxlength="1" class="form-control form-control-lg text-center py-4"
name="code" required>
</div>
<div class="col">
<input type="text" maxlength="1" class="form-control form-control-lg text-center py-4"
name="code" required>
</div>
<div class="col">
<input type="text" maxlength="1" class="form-control form-control-lg text-center py-4"
name="code" required>
</div>
<div class="col">
<input type="text" maxlength="1" class="form-control form-control-lg text-center py-4"
name="code" required>
</div>
</div>
<button type="submit" class="btn btn-purple btn-lg w-100 hover-lift-light mt-4">
Verify my account
</button>
</form>
</div>
</div>
<p class="text-center text-muted mt-4">
Didn't receive it?
<a href="#!" class="text-decoration-none ms-2">
Resend code
</a>
</p>
</div>
</div>

View File

@ -0,0 +1,35 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
namespace WebApp.Pages
{
public class TwoFactorModel : PageModel
{
[BindProperty]
public int[] Code { get; set; } = [];
public void OnGet()
{
}
public IActionResult OnPost(string[] code)
{
var stringCode = string.Join(string.Empty, Code);
if (string.IsNullOrEmpty(stringCode))
{
throw new Exception("Looo");
}
var response = (string)APIClient.PostRequest("user/verifycode", new { code = stringCode });
var isCorrect = Convert.ToBoolean(response);
if (isCorrect)
{
this.SetJWT((string)TempData["jwt"]);
return RedirectToPage("Index");
}
else
{
throw new Exception("Wrong code! Please retry");
}
}
}
}