From c5ba1cfcca0ee343b00a52aec717f77aa239034f Mon Sep 17 00:00:00 2001
From: Polianin Nikita <nikitkapolyanin@yandex.ru>
Date: Sat, 2 Nov 2024 01:09:15 +0300
Subject: [PATCH] refactor: transfer two factor method to security

---
 ApiDto/Requests/TwoFactorAuthRequest.cs   | 19 +++++++++++++++++++
 Endpoint/Controllers/V1/AuthController.cs |  6 +++---
 Security/Services/AuthService.cs          |  8 +++++---
 3 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 ApiDto/Requests/TwoFactorAuthRequest.cs

diff --git a/ApiDto/Requests/TwoFactorAuthRequest.cs b/ApiDto/Requests/TwoFactorAuthRequest.cs
new file mode 100644
index 0000000..29811f1
--- /dev/null
+++ b/ApiDto/Requests/TwoFactorAuthRequest.cs
@@ -0,0 +1,19 @@
+using Mirea.Api.Dto.Common;
+
+namespace Mirea.Api.Dto.Requests;
+
+/// <summary>
+/// Represents a request for verifying two-factor authentication.
+/// </summary>
+public class TwoFactorAuthRequest
+{
+    /// <summary>
+    /// Gets or sets the two-factor authentication code provided by the user.
+    /// </summary>
+    public required string Code { get; set; }
+
+    /// <summary>
+    /// Gets or sets the type of the two-factor authentication method used (e.g., TOTP, Email).
+    /// </summary>
+    public TwoFactorAuthentication Method { get; set; }
+}
\ No newline at end of file
diff --git a/Endpoint/Controllers/V1/AuthController.cs b/Endpoint/Controllers/V1/AuthController.cs
index 2639165..b1abe5a 100644
--- a/Endpoint/Controllers/V1/AuthController.cs
+++ b/Endpoint/Controllers/V1/AuthController.cs
@@ -54,11 +54,11 @@ public class AuthController(IOptionsSnapshot<Admin> user, AuthService auth, Pass
         return Ok(tokenResult.ConvertToDto());
     }
 
-    [HttpGet("Login")]
+    [HttpPost("2FA")]
     [BadRequestResponse]
-    public async Task<ActionResult<TwoFactorAuthentication>> Login([FromQuery] string code)
+    public async Task<ActionResult<TwoFactorAuthentication>> TwoFactorAuth([FromBody] TwoFactorAuthRequest request)
     {
-        var tokenResult = await auth.LoginAsync(GetCookieParams(), HttpContext, code);
+        var tokenResult = await auth.LoginAsync(GetCookieParams(), HttpContext, request.Method.ConvertFromDto(), request.Code);
         return Ok(tokenResult ? TwoFactorAuthentication.None : TwoFactorAuthentication.TotpRequired);
     }
 
diff --git a/Security/Services/AuthService.cs b/Security/Services/AuthService.cs
index 6ace1c8..8b542d6 100644
--- a/Security/Services/AuthService.cs
+++ b/Security/Services/AuthService.cs
@@ -93,12 +93,14 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
             authToken.Fingerprint);
     }
 
-    public async Task<bool> LoginAsync(CookieOptionsParameters cookieOptions, HttpContext context, string code, CancellationToken cancellation = default)
+    public async Task<bool> LoginAsync(CookieOptionsParameters cookieOptions, HttpContext context, TwoFactorAuthenticator authenticator, string code, CancellationToken cancellation = default)
     {
         var requestContext = new RequestContextInfo(context, cookieOptions);
 
-        var firstTokenAuth = await cache.GetAsync<FirstAuthToken?>(GetFirstAuthCacheKey(requestContext.Fingerprint), cancellationToken: cancellation)
-                             ?? throw new SecurityException("The session time has expired");
+        var firstTokenAuth = await cache.GetAsync<FirstAuthToken?>(GetFirstAuthCacheKey(requestContext.Fingerprint), cancellationToken: cancellation);
+
+        if (firstTokenAuth == null || authenticator != firstTokenAuth.TwoFactorAuthenticator)
+            throw new SecurityException("The session time has expired");
 
         switch (firstTokenAuth.TwoFactorAuthenticator)
         {