diff --git a/Security/Services/AuthService.cs b/Security/Services/AuthService.cs index 93bd37a..47f3a46 100644 --- a/Security/Services/AuthService.cs +++ b/Security/Services/AuthService.cs @@ -22,7 +22,7 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I accessTokenService.GenerateToken(userId); private static string GetAuthCacheKey(string fingerprint) => $"{fingerprint}_auth_token"; - private static string GetFirstAuthCacheKey(string fingerprint) => $"{fingerprint}_auth_token_first"; + internal static string GetFirstAuthCacheKey(string fingerprint) => $"{fingerprint}_auth_token_first"; private Task SetAuthTokenDataToCache(AuthToken data, CancellationToken cancellation) => cache.SetAsync( @@ -49,23 +49,23 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I if (countFailedLogin > 5) { logger.LogWarning( - "Multiple failed login attempts detected for user ID {UserId} from IP {UserIp}. Attempt: #{AttemptNumber}. Possible account compromise.", + "Multiple unsuccessful login attempts for user ID {UserId} from IP {UserIp}. Attempt count: {AttemptNumber}.", user.Id, requestContext.Ip, countFailedLogin); - throw new SecurityException($"There are many incorrect attempts to access the account. Try again after {(int)cacheSaveTime.TotalMinutes} minutes."); + throw new SecurityException("Too many unsuccessful login attempts. Please try again later."); } logger.LogInformation( - "Failed login attempt for user ID {UserId} from IP {UserIp} with User-Agent {UserAgent} and Fingerprint {Fingerprint} Attempt: #{AttemptNumber}.", + "Login attempt failed for user ID {UserId}. IP: {UserIp}, User-Agent: {UserAgent}, Fingerprint: {Fingerprint}. Attempt count: {AttemptNumber}.", user.Id, requestContext.Ip, requestContext.UserAgent, requestContext.Fingerprint, countFailedLogin); - throw new SecurityException("Invalid username/email or password"); + throw new SecurityException("Authentication failed. Please check your credentials."); } private async Task GenerateAuthTokensAsync(CookieOptionsParameters cookieOptions, HttpContext context, RequestContextInfo requestContext, string userId, CancellationToken cancellation = default) @@ -86,7 +86,7 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I cookieOptions.SetCookie(context, CookieNames.RefreshToken, authToken.RefreshToken, DateTime.UtcNow.Add(Lifetime)); logger.LogInformation( - "Successful login attempt for user ID {UserId} from IP {UserIp} with User-Agent {UserAgent} and Fingerprint {Fingerprint}.", + "Login successful for user ID {UserId}. IP: {UserIp}, User-Agent: {UserAgent}, Fingerprint: {Fingerprint}.", authToken.UserId, authToken.Ip, authToken.UserAgent, @@ -100,23 +100,25 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I var firstTokenAuth = await cache.GetAsync(GetFirstAuthCacheKey(requestContext.Fingerprint), cancellationToken: cancellation); if (firstTokenAuth == null || authenticator != firstTokenAuth.TwoFactorAuthenticator) - throw new SecurityException("The session time has expired"); + throw new SecurityException("Session expired. Please log in again."); switch (firstTokenAuth.TwoFactorAuthenticator) { case TwoFactorAuthenticator.Totp: { if (string.IsNullOrEmpty(firstTokenAuth.Secret)) - throw new InvalidOperationException("The user's secrets for data processing were not transferred."); + throw new InvalidOperationException("Required authentication data is missing."); var totp = new TotpService(firstTokenAuth.Secret); if (!totp.VerifyToken(code)) - throw new SecurityException("The entered code is incorrect."); + throw new SecurityException("Invalid verification code. Please try again."); } break; + case TwoFactorAuthenticator.None: + break; default: - throw new InvalidOperationException("The system failed to understand the authorization method."); + throw new InvalidOperationException("Unsupported authorization method."); } await GenerateAuthTokensAsync(cookieOptions, context, requestContext, firstTokenAuth.UserId, cancellation); @@ -162,7 +164,7 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I cookieOptions.DropCookie(context, CookieNames.AccessToken); cookieOptions.DropCookie(context, CookieNames.RefreshToken); - logger.LogWarning("Token validation failed for user ID {UserId}. Invalid token used from IP {UserIp} with User-Agent {UserAgent} and Fingerprint {Fingerprint}. Possible account compromise. Reason: {Reason}.", + logger.LogWarning("Token validation failed for user ID {UserId}. IP: {UserIp}, User-Agent: {UserAgent}, Fingerprint: {Fingerprint}. Reason: {Reason}.", authToken.UserId, authToken.Ip, authToken.UserAgent,