Adding 2FA Authenticator Support (#66)

* Adding support for 2fa, more auth options * WIP getting auth stuff working * Added Manage views. 2FA working now for MVC app. * Switching to using a controller for no-UI logout scenario * Adding Razor Pages impl of 2FA auth stuff. Works.
2017-10-23 21:58:21 -04:00
parent 101b7bab9b
commit 3d46c80cff
75 changed files with 2702 additions and 58 deletions
--- a/src/Web/Views/Account/Lockout.cshtml
+++ b/src/Web/Views/Account/Lockout.cshtml
@@ -0,0 +1,8 @@
+@{
+    ViewData["Title"] = "Locked out";
+}
+
+<header>
+    <h2 class="text-danger">@ViewData["Title"]</h2>
+    <p class="text-danger">This account has been locked out, please try again later.</p>
+</header>
--- a/src/Web/Views/Account/LoginWith2fa.cshtml
+++ b/src/Web/Views/Account/LoginWith2fa.cshtml
@@ -0,0 +1,40 @@
+@model LoginWith2faViewModel
+@{
+    ViewData["Title"] = "Two-factor authentication";
+}
+
+<h2>@ViewData["Title"]</h2>
+<hr />
+<p>Your login is protected with an authenticator app. Enter your authenticator code below.</p>
+<div class="row">
+    <div class="col-md-4">
+        <form method="post" asp-route-returnUrl="@ViewData["ReturnUrl"]">
+            <input asp-for="RememberMe" type="hidden" />
+            <div asp-validation-summary="All" class="text-danger"></div>
+            <div class="form-group">
+                <label asp-for="TwoFactorCode"></label>
+                <input asp-for="TwoFactorCode" class="form-control" autocomplete="off" />
+                <span asp-validation-for="TwoFactorCode" class="text-danger"></span>
+            </div>
+            <div class="form-group">
+                <div class="checkbox">
+                    <label asp-for="RememberMachine">
+                        <input asp-for="RememberMachine" />
+                        @Html.DisplayNameFor(m => m.RememberMachine)
+                    </label>
+                </div>
+            </div>
+            <div class="form-group">
+                <button type="submit" class="btn btn-default">Log in</button>
+            </div>
+        </form>
+    </div>
+</div>
+<p>
+    Don't have access to your authenticator device? You can
+    <a asp-action="LoginWithRecoveryCode" asp-route-returnUrl="@ViewData["ReturnUrl"]">log in with a recovery code</a>.
+</p>
+
+@section Scripts {
+    @await Html.PartialAsync("_ValidationScriptsPartial")
+}
--- a/src/Web/Views/Account/Signin.cshtml
+++ b/src/Web/Views/Account/Signin.cshtml
@@ -1,6 +1,4 @@
-@using System.Collections.Generic
-@using Microsoft.AspNetCore.Http
-@using Microsoft.AspNetCore.Http.Authentication
+@using Microsoft.eShopWeb.ViewModels.Account
@model LoginViewModel
@{
    ViewData["Title"] = "Log in";
@@ -15,7 +13,7 @@
        <div class="row">
            <div class="col-md-12">
                <section>
-                    <form asp-controller="Account" asp-route-returnurl="@ViewData["ReturnUrl"]" method="post" class="form-horizontal">
+                    <form asp-controller="Account" asp-action="SignIn" asp-route-returnurl="@ViewData["ReturnUrl"]" method="post" class="form-horizontal">
                        <h4>ARE YOU REGISTERED?</h4>
                        <div asp-validation-summary="All" class="text-danger"></div>
                        <div class="form-group">