/* * Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ using Amazon.AspNetCore.Identity.Cognito.Exceptions; using Amazon.CognitoIdentityProvider; using Amazon.CognitoIdentityProvider.Model; using Amazon.Extensions.CognitoAuthentication; using Microsoft.AspNetCore.Identity; using System; using System.Collections.Generic; using System.Threading; using System.Threading.Tasks; namespace Amazon.AspNetCore.Identity.Cognito { public partial class CognitoUserStore : IUserTwoFactorStore where TUser : CognitoUser { /// /// Returns a flag indicating whether the specified has two factor authentication enabled or not, /// as an asynchronous operation. /// /// The user whose two factor authentication enabled status should be retrieved. /// /// The that represents the asynchronous operation, containing a flag indicating whether the specified /// has two factor authentication enabled or not. /// public virtual async Task GetTwoFactorEnabledAsync(TUser user, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); if (user == null) { throw new ArgumentNullException(nameof(user)); } var request = new AdminGetUserRequest { Username = user.Username, UserPoolId = _pool.PoolID }; try { var userSettings = await _cognitoClient.AdminGetUserAsync(request, cancellationToken).ConfigureAwait(false); return userSettings.MFAOptions.Count > 0; } catch (AmazonCognitoIdentityProviderException e) { throw new CognitoServiceException("Failed to retrieve 2FA settings for the Cognito User", e); } } /// /// Sets a flag indicating whether the specified has two factor authentication enabled or not, /// as an asynchronous operation. /// /// The user whose two factor authentication enabled status should be set. /// A flag indicating whether the specified has two factor authentication enabled. /// The that represents the asynchronous operation. public virtual async Task SetTwoFactorEnabledAsync(TUser user, bool enabled, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); if (user == null) { throw new ArgumentNullException(nameof(user)); } var request = new AdminSetUserSettingsRequest { Username = user.Username, UserPoolId = _pool.PoolID, MFAOptions = new List() { new MFAOptionType() { AttributeName = CognitoAttribute.PhoneNumber.AttributeName, DeliveryMedium = enabled ? DeliveryMediumType.SMS : null // Undocumented SDK behavior: sending null disables SMS 2FA } } }; try { await _cognitoClient.AdminSetUserSettingsAsync(request, cancellationToken).ConfigureAwait(false); } catch (AmazonCognitoIdentityProviderException e) { throw new CognitoServiceException("Failed to set 2FA settings for the Cognito User", e); } } } }