added two factor auth functionality for users

Leonid · Leonid · commit f85a0ccf6155 · 2018-03-15T21:09:09.000+02:00
diff --git a/eFormAPI/eFormAPI/Controllers/AdminController.cs b/eFormAPI/eFormAPI/Controllers/AdminController.cs
@@ -9,6 +9,7 @@
 using eFormAPI.Web.Infrastructure.Consts;
 using eFormAPI.Web.Infrastructure.Data;
 using eFormAPI.Web.Infrastructure.Data.Entities;
+using eFormAPI.Web.Infrastructure.Helpers;
 using eFormAPI.Web.Infrastructure.Identity;
 using eFormAPI.Web.Infrastructure.Models.API;
 using eFormAPI.Web.Infrastructure.Models.Common;
@@ -177,18 +178,13 @@ public OperationResult CreateUser(UserRegisterModel userRegisterModel)
                 {
                     return new OperationResult(false, "Role is required");
                 }
-                var twoFactorEnabled = UserManager.Users.FirstOrDefault()?.TwoFactorEnabled;
-                if (twoFactorEnabled == null)
-                {
-                    twoFactorEnabled = false;
-                }
                 var user = new EformUser
                 {
                     Email = userRegisterModel.Email,
                     UserName = userRegisterModel.UserName,
                     FirstName = userRegisterModel.FirstName,
                     LastName = userRegisterModel.LastName,
-                    TwoFactorEnabled = (bool) twoFactorEnabled,
+                    TwoFactorEnabled = false,
                     IsGoogleAuthenticatorEnabled = false
                 };
 
@@ -242,18 +238,9 @@ public OperationResult DeleteUser(int userId)
         [Authorize(Roles = EformRoles.Admin)]
         public OperationResult EnableTwoFactorAuthForce()
         {
-            var queryString = @"
-                UPDATE Users
-                SET TwoFactorEnabled = 1";
             try
             {
-                using (var connection =
-                    new SqlConnection(_connectionString))
-                {
-                    connection.Open();
-                    var command = new SqlCommand(queryString, connection);
-                    command.ExecuteNonQuery();
-                }
+                SettingsHelper.UpdateTwoFactorAuthForceInfo(true);
             }
             catch (Exception)
             {
@@ -267,18 +254,9 @@ UPDATE Users
         [Authorize(Roles = EformRoles.Admin)]
         public OperationResult DisableTwoFactorAuthForce()
         {
-            var queryString = @"
-                UPDATE Users
-                SET TwoFactorEnabled = 0";
             try
             {
-                using (var connection =
-                    new SqlConnection(_connectionString))
-                {
-                    connection.Open();
-                    var command = new SqlCommand(queryString, connection);
-                    command.ExecuteNonQuery();
-                }
+                SettingsHelper.UpdateTwoFactorAuthForceInfo(false);
             }
             catch (Exception)
             {
diff --git a/eFormAPI/eFormAPI/Controllers/AuthController.cs b/eFormAPI/eFormAPI/Controllers/AuthController.cs
@@ -1,9 +1,9 @@
 ﻿using System;
-using System.Linq;
 using System.Net.Http;
 using System.Web;
 using System.Web.Http;
 using Base32;
+using eFormAPI.Web.Infrastructure.Helpers;
 using eFormAPI.Web.Infrastructure.Identity;
 using eFormAPI.Web.Infrastructure.Models.API;
 using eFormAPI.Web.Infrastructure.Models.Auth;
@@ -57,18 +57,12 @@ public OperationDataResult<bool> TwoFactorAuthForceInfo()
         {
             try
             {
-                var user = UserManager.Users.FirstOrDefault();
-                if (user != null)
-                {
-                    var twoFactorEnabled = user.TwoFactorEnabled;
-                    return new OperationDataResult<bool>(true, twoFactorEnabled);
-                }
+                return new OperationDataResult<bool>(true, SettingsHelper.GetTwoFactorAuthForceInfo());
             }
             catch (Exception)
             {
                 return new OperationDataResult<bool>(false);
             }
-            return new OperationDataResult<bool>(false);
         }
 
         [HttpGet]
@@ -82,7 +76,9 @@ public OperationDataResult<GoogleAuthInfoModel> GetGoogleAuthenticatorInfo()
                 {
                     var model = new GoogleAuthInfoModel()
                     {
-                        PSK = user.GoogleAuthenticatorSecretKey
+                        PSK = user.GoogleAuthenticatorSecretKey,
+                        IsTwoFactorEnabled = user.TwoFactorEnabled,
+                        IsTwoFactorForced = SettingsHelper.GetTwoFactorAuthForceInfo()
                     };
                     return new OperationDataResult<GoogleAuthInfoModel>(true, model);
                 }
@@ -94,6 +90,30 @@ public OperationDataResult<GoogleAuthInfoModel> GetGoogleAuthenticatorInfo()
             return new OperationDataResult<GoogleAuthInfoModel>(false);
         }
 
+        [HttpPost]
+        [Route("api/auth/google-auth-info")]
+        public OperationResult UpdateGoogleAuthenticatorInfo(GoogleAuthInfoModel requestModel)
+        {
+            try
+            {
+                var user = UserManager.FindById(User.Identity.GetUserId<int>());
+                if (user != null)
+                {
+                    user.TwoFactorEnabled = requestModel.IsTwoFactorEnabled;
+                    var updateResult = UserManager.UpdateAsync(user).Result;
+                    if (updateResult.Succeeded)
+                    {
+                        return new OperationResult(true);
+                    }
+                }
+            }
+            catch (Exception)
+            {
+                return new OperationResult(false);
+            }
+            return new OperationResult(false);
+        }
+
         [HttpDelete]
         [Route("api/auth/google-auth-info")]
         public OperationResult DeleteGoogleAuthenticatorInfo()
@@ -140,6 +160,12 @@ public OperationDataResult<GoogleAuthenticatorModel> GetGoogleAuthenticator(Logi
                 return new OperationDataResult<GoogleAuthenticatorModel>(false,
                     "The user name or password is incorrect.");
             }
+            // check if two factor is enabled
+            var isTwoFactorAuthForced = SettingsHelper.GetTwoFactorAuthForceInfo();
+            if (!user.TwoFactorEnabled && !isTwoFactorAuthForced)
+            {
+                return new OperationDataResult<GoogleAuthenticatorModel>(true);
+            }
             // generate PSK and barcode
             if (!string.IsNullOrEmpty(user.GoogleAuthenticatorSecretKey) && user.IsGoogleAuthenticatorEnabled)
             {
diff --git a/eFormAPI/eFormAPI/Infrastructure/Helpers/SettingsHelper.cs b/eFormAPI/eFormAPI/Infrastructure/Helpers/SettingsHelper.cs
@@ -1,16 +1,20 @@
-﻿using System.Configuration;
+﻿using System;
+using System.Configuration;
 using System.Linq;
+using System.Web.Configuration;
 using eFormAPI.Web.Infrastructure.Data;
 using eFormAPI.Web.Infrastructure.Data.Entities;
 using eFormAPI.Web.Infrastructure.Identity;
 using eFormAPI.Web.Infrastructure.Models.Settings.Initial;
 using Microsoft.AspNet.Identity;
+using NLog;
 
 namespace eFormAPI.Web.Infrastructure.Helpers
 {
     public class SettingsHelper
     {
         private string _connectionString;
+        private static readonly Logger Logger = LogManager.GetCurrentClassLogger();
 
         public SettingsHelper(string connectionString)
         {
@@ -41,5 +45,37 @@ public void CreateAdminUser(AdminSetupModel adminSetupModel)
                 manager.AddToRole(adminUser.Id, "admin");
             }
         }
+
+        public static bool GetTwoFactorAuthForceInfo()
+        {
+            try
+            {
+
+                var configuration = WebConfigurationManager.OpenWebConfiguration("~");
+                var section = (AppSettingsSection)configuration.GetSection("appSettings");
+                return section.Settings["auth:isTwoFactorForced"].Value.Equals("True");
+            }
+            catch (Exception e)
+            {
+                Logger.Error(e.Message);
+            }
+            return false;
+        }
+
+        public static void UpdateTwoFactorAuthForceInfo(bool isTwoFactorEnabled)
+        {
+            try
+            {
+                var configuration = WebConfigurationManager.OpenWebConfiguration("~");
+                var section = (AppSettingsSection)configuration.GetSection("appSettings");
+                section.Settings["auth:isTwoFactorForced"].Value = isTwoFactorEnabled.ToString();
+                configuration.Save();
+                ConfigurationManager.RefreshSection("appSettings");
+            }
+            catch (Exception e)
+            {
+                Logger.Error(e.Message);
+            }
+        }
     }
 }
diff --git a/eFormAPI/eFormAPI/Infrastructure/Identity/Providers/ApplicationOAuthProvider.cs b/eFormAPI/eFormAPI/Infrastructure/Identity/Providers/ApplicationOAuthProvider.cs
@@ -4,6 +4,7 @@
 using System.Threading.Tasks;
 using Base32;
 using eFormAPI.Web.Infrastructure.Data.Entities;
+using eFormAPI.Web.Infrastructure.Helpers;
 using Microsoft.AspNet.Identity.Owin;
 using Microsoft.Owin.Security;
 using Microsoft.Owin.Security.Cookies;
@@ -36,7 +37,8 @@ public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwner
             var requestData = await context.Request.ReadFormAsync();
             var psk = user.GoogleAuthenticatorSecretKey;
             var code = requestData.Get("code");
-            if (user.TwoFactorEnabled)
+            var isTwoFactorAuthForced = SettingsHelper.GetTwoFactorAuthForceInfo();
+            if (user.TwoFactorEnabled || isTwoFactorAuthForced)
             {
                 // check input params
                 if (string.IsNullOrEmpty(psk) || string.IsNullOrEmpty(code))
diff --git a/eFormAPI/eFormAPI/Infrastructure/Models/Auth/GoogleAuthInfoModel.cs b/eFormAPI/eFormAPI/Infrastructure/Models/Auth/GoogleAuthInfoModel.cs
@@ -3,5 +3,7 @@
     public class GoogleAuthInfoModel
     {
         public string PSK { get; set; }
+        public bool IsTwoFactorEnabled { get; set; }
+        public bool IsTwoFactorForced { get; set; }
     }
 }
diff --git a/eFormAPI/eFormAPI/Web.config b/eFormAPI/eFormAPI/Web.config
@@ -34,6 +34,7 @@
     <add key="header:imageLinkVisible" value="True" />
     <add key="restore:securityCode" value="code" />
     <add key="restore:defaultPassword" value="Qq1234567$" />
+    <add key="auth:isTwoFactorForced" value="False" />
   </appSettings>
   <!--
     For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.
diff --git a/eform-client/src/app/components/auth/auth.component.ts b/eform-client/src/app/components/auth/auth.component.ts
@@ -27,7 +27,7 @@ export class AuthComponent implements OnInit {
   loginImage: any;
 
   // Two factor
-  twoFactorEnabled = false;
+  twoFactorForced = false;
   showTwoFactorForm = false;
   googleAuthenticatorModel: GoogleAuthenticatorModel = new GoogleAuthenticatorModel;
 
@@ -42,29 +42,34 @@ export class AuthComponent implements OnInit {
               private notifyService: NotifyService) {
   }
 
+  login() {
+    this.authService.login(new LoginRequestModel(this.formLogin.getRawValue()))
+      .subscribe((result: AuthResponseModel) => {
+          localStorage.setItem('currentAuth', JSON.stringify(result));
+          this.router.navigate(['/']).then();
+        },
+        (error) => {
+          this.error = error;
+        },
+      );
+  }
+
   submitLoginForm(): void {
-    if (this.twoFactorEnabled) {
       // send pre-request
       this.authService.loginAndGetGoogleAuthKey(new LoginRequestModel(this.formLogin.getRawValue()))
         .subscribe((result) => {
+          if (result.success) {
+            // check if two factor is enabled
             if (result.model) {
               this.googleAuthenticatorModel = result.model;
               this.showTwoFactorForm = true;
             } else {
-              this.notifyService.error({text: '400 - Bad Request The user name or password is incorrect'});
+              this.login();
             }
-          });
-    } else {
-      this.authService.login(new LoginRequestModel(this.formLogin.getRawValue()))
-        .subscribe((result: AuthResponseModel) => {
-            localStorage.setItem('currentAuth', JSON.stringify(result));
-            this.router.navigate(['/']).then();
-          },
-          (error) => {
-            this.error = error;
-          },
-        );
-    }
+          } else {
+            this.notifyService.error({text: '400 - Bad Request The user name or password is incorrect'});
+          }
+        });
   }
 
   submitRestoreForm(): void {
@@ -166,7 +171,7 @@ export class AuthComponent implements OnInit {
 
   getTwoFactorInfo() {
     this.authService.twoFactorAuthInfo().subscribe((data) => {
-      this.twoFactorEnabled = data.model;
+      this.twoFactorForced = data.model;
     });
   }
 
diff --git a/eform-client/src/app/models/auth/google-auth-info-model.ts b/eform-client/src/app/models/auth/google-auth-info-model.ts
@@ -1,3 +1,9 @@
 export class GoogleAuthInfoModel {
   psk: string;
+  isTwoFactorEnabled: boolean;
+  isTwoFactorForced: boolean;
+
+  constructor() {
+    this.isTwoFactorForced = true;
+  }
 }
diff --git a/eform-client/src/app/modules/advanced/components/edit-entity-searchable-group/edit-entity-searchable-group.component.ts b/eform-client/src/app/modules/advanced/components/edit-entity-searchable-group/edit-entity-searchable-group.component.ts
@@ -109,7 +109,6 @@ export class EditEntitySearchableGroupComponent implements OnChanges {
 
   addNewAdvEntitySearchableItem() {
     const item = new AdvEntitySearchableItemModel();
-    debugger;
     item.entityItemUId = this.advEntitySearchableGroupEditModel.advEntitySearchableItemModels.length.toString();
     this.advEntitySearchableGroupEditModel.advEntitySearchableItemModels.push(item);
   }
diff --git a/eform-client/src/app/modules/settings/components/admin-settings/admin-settings.component.css b/eform-client/src/app/modules/settings/components/admin-settings/admin-settings.component.css
@@ -46,4 +46,3 @@
   max-width: 225px;
   margin-bottom: 10px;
 }
-
diff --git a/eform-client/src/app/modules/settings/components/admin-settings/admin-settings.component.html b/eform-client/src/app/modules/settings/components/admin-settings/admin-settings.component.html
@@ -274,23 +274,30 @@ <h5 style="display: inline" *ngIf="currentRole === 'admin'">
             </div>
             <table class="table">
               <tbody>
-              <tr *ngIf="!googlePsk">
+              <tr>
                 <td class="col-md-12">
-                  <p>Status: <strong>Disabled</strong></p>
-                </td>
-              </tr>
-              <tr *ngIf="googlePsk">
-                <td class="col-md-12">
-                  <p>Status: <strong>Enabled</strong></p>
-                  <p>Secret key between <strong>Eform</strong> application and <strong>Google Authenticator</strong>.
-                    Keep it safe and do not tell anyone.
-                  </p>
-                  <p>You should remove this key, if <strong>Google Authenticator</strong>
-                    is reinstalled or key was removed</p>
-                  <p><strong>{{googlePsk}}</strong></p>
+                  <div class="checkbox checkbox-wrapper">
+                    <input  name="isTwoFactorEnabled"
+                            id="isTwoFactorEnabled"
+                            value="{{googleAuthInfoModel.isTwoFactorEnabled}}"
+                            [checked]="googleAuthInfoModel.isTwoFactorEnabled"
+                            [disabled]="googleAuthInfoModel.isTwoFactorForced"
+                            (change)="isTwoFactorEnabledCheckBoxChanged($event)"
+                            type="checkbox">
+                    <label for="isTwoFactorEnabled"><strong>Status</strong> (change will logout you from the application)</label>
+                    <br>
+                  </div>
+                  <ng-container *ngIf="googleAuthInfoModel.psk">
+                    <p>Secret key between <strong>Eform</strong> application and <strong>Google Authenticator</strong>.
+                      Keep it safe and do not tell anyone.
+                    </p>
+                    <p>You should remove this key, if <strong>Google Authenticator</strong>
+                      is reinstalled or key was removed</p>
+                    <p><strong>{{googleAuthInfoModel.psk}}</strong></p>
+                  </ng-container>
                 </td>
               </tr>
-              <tr *ngIf="googlePsk">
+              <tr *ngIf="googleAuthInfoModel.psk">
                 <td class="col-md-12">
                   <button class="btn btn-ar btn-warning" id="deleteGoogleAuthenticatorInfo"
                           tooltip="Remove google authenticator secret key" (click)="deleteGoogleAuthenticatorInfo()">
diff --git a/eform-client/src/app/modules/settings/components/admin-settings/admin-settings.component.ts b/eform-client/src/app/modules/settings/components/admin-settings/admin-settings.component.ts
diff --git a/eform-client/src/app/services/accounts/auth.service.ts b/eform-client/src/app/services/accounts/auth.service.ts

Original file line number	Diff line number	Diff line change
`@@ -3,5 +3,7 @@`
`3`	`3`	`public class GoogleAuthInfoModel`
`4`	`4`	`{`
`5`	`5`	`public string PSK { get; set; }`
	`6`	`+ public bool IsTwoFactorEnabled { get; set; }`
	`7`	`+ public bool IsTwoFactorForced { get; set; }`
`6`	`8`	`}`
`7`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,6 @@ export class EditEntitySearchableGroupComponent implements OnChanges {`
`109`	`109`
`110`	`110`	`addNewAdvEntitySearchableItem() {`
`111`	`111`	`const item = new AdvEntitySearchableItemModel();`
`112`		`- debugger;`
`113`	`112`	`item.entityItemUId = this.advEntitySearchableGroupEditModel.advEntitySearchableItemModels.length.toString();`
`114`	`113`	`this.advEntitySearchableGroupEditModel.advEntitySearchableItemModels.push(item);`
`115`	`114`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,4 +46,3 @@`
`46`	`46`	`max-width: 225px;`
`47`	`47`	`margin-bottom: 10px;`
`48`	`48`	`}`
`49`		`-`