Fix regression with ChangePhoneNumber tokens (#1392)

This commit is contained in:
Hao Kung 2017-08-24 14:20:32 -07:00 committed by GitHub
parent 0f5bc9dac8
commit e36e681d54
2 changed files with 36 additions and 11 deletions

View File

@ -1532,6 +1532,24 @@ namespace Microsoft.AspNetCore.Identity.Test
Assert.NotEqual(stamp, await manager.GetSecurityStampAsync(user)); Assert.NotEqual(stamp, await manager.GetSecurityStampAsync(user));
} }
/// <summary>
/// Test.
/// </summary>
/// <returns>Task</returns>
[Fact]
public async Task ChangePhoneNumberTokenIsInt()
{
if (ShouldSkipDbTests())
{
return;
}
var manager = CreateManager();
var user = CreateTestUser(phoneNumber: "123-456-7890");
IdentityResultAssert.IsSuccess(await manager.CreateAsync(user));
var token1 = await manager.GenerateChangePhoneNumberTokenAsync(user, "111-111-1111");
Assert.True(int.TryParse(token1, out var ignored));
}
/// <summary> /// <summary>
/// Test. /// Test.
/// </summary> /// </summary>
@ -1550,7 +1568,7 @@ namespace Microsoft.AspNetCore.Identity.Test
var stamp = await manager.GetSecurityStampAsync(user); var stamp = await manager.GetSecurityStampAsync(user);
IdentityResultAssert.IsFailure(await manager.ChangePhoneNumberAsync(user, "111-111-1111", "bogus"), IdentityResultAssert.IsFailure(await manager.ChangePhoneNumberAsync(user, "111-111-1111", "bogus"),
"Invalid token."); "Invalid token.");
IdentityResultAssert.VerifyLogMessage(manager.Logger, $"VerifyUserTokenAsync() failed with purpose: ChangePhoneNumber:111-111-1111 for user { await manager.GetUserIdAsync(user)}."); IdentityResultAssert.VerifyLogMessage(manager.Logger, $"VerifyChangePhoneNumberTokenAsync() failed for user { await manager.GetUserIdAsync(user)}.");
Assert.False(await manager.IsPhoneNumberConfirmedAsync(user)); Assert.False(await manager.IsPhoneNumberConfirmedAsync(user));
Assert.Equal("123-456-7890", await manager.GetPhoneNumberAsync(user)); Assert.Equal("123-456-7890", await manager.GetPhoneNumberAsync(user));
Assert.Equal(stamp, await manager.GetSecurityStampAsync(user)); Assert.Equal(stamp, await manager.GetSecurityStampAsync(user));
@ -1605,7 +1623,7 @@ namespace Microsoft.AspNetCore.Identity.Test
Assert.True(await manager.VerifyChangePhoneNumberTokenAsync(user, token2, num2)); Assert.True(await manager.VerifyChangePhoneNumberTokenAsync(user, token2, num2));
Assert.False(await manager.VerifyChangePhoneNumberTokenAsync(user, token2, num1)); Assert.False(await manager.VerifyChangePhoneNumberTokenAsync(user, token2, num1));
Assert.False(await manager.VerifyChangePhoneNumberTokenAsync(user, token1, num2)); Assert.False(await manager.VerifyChangePhoneNumberTokenAsync(user, token1, num2));
IdentityResultAssert.VerifyLogMessage(manager.Logger, $"VerifyUserTokenAsync() failed with purpose: ChangePhoneNumber:111-123-4567 for user {await manager.GetUserIdAsync(user)}."); IdentityResultAssert.VerifyLogMessage(manager.Logger, $"VerifyChangePhoneNumberTokenAsync() failed for user {await manager.GetUserIdAsync(user)}.");
} }
/// <summary> /// <summary>

View File

@ -1579,10 +1579,12 @@ namespace Microsoft.AspNetCore.Identity
/// <returns> /// <returns>
/// The <see cref="Task"/> that represents the asynchronous operation, containing the telephone change number token. /// The <see cref="Task"/> that represents the asynchronous operation, containing the telephone change number token.
/// </returns> /// </returns>
public virtual Task<string> GenerateChangePhoneNumberTokenAsync(TUser user, string phoneNumber) public virtual async Task<string> GenerateChangePhoneNumberTokenAsync(TUser user, string phoneNumber)
{ {
ThrowIfDisposed(); ThrowIfDisposed();
return GenerateUserTokenAsync(user, Options.Tokens.ChangePhoneNumberTokenProvider, ChangePhoneNumberTokenPurpose + ":" + phoneNumber); return Rfc6238AuthenticationService.GenerateCode(
await CreateSecurityTokenAsync(user), phoneNumber)
.ToString(CultureInfo.InvariantCulture);
} }
/// <summary> /// <summary>
@ -1596,16 +1598,21 @@ namespace Microsoft.AspNetCore.Identity
/// The <see cref="Task"/> that represents the asynchronous operation, returning true if the <paramref name="token"/> /// The <see cref="Task"/> that represents the asynchronous operation, returning true if the <paramref name="token"/>
/// is valid, otherwise false. /// is valid, otherwise false.
/// </returns> /// </returns>
public virtual Task<bool> VerifyChangePhoneNumberTokenAsync(TUser user, string token, string phoneNumber) public virtual async Task<bool> VerifyChangePhoneNumberTokenAsync(TUser user, string token, string phoneNumber)
{ {
ThrowIfDisposed(); ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
// Make sure the token is valid and the stamp matches var securityToken = await CreateSecurityTokenAsync(user);
return VerifyUserTokenAsync(user, Options.Tokens.ChangePhoneNumberTokenProvider, ChangePhoneNumberTokenPurpose+":"+ phoneNumber, token); int code;
if (securityToken != null && Int32.TryParse(token, out code))
{
if (Rfc6238AuthenticationService.ValidateCode(securityToken, code, phoneNumber))
{
return true;
}
}
Logger.LogWarning(8, "VerifyChangePhoneNumberTokenAsync() failed for user {userId}.", await GetUserIdAsync(user));
return false;
} }
/// <summary> /// <summary>