diff --git a/src/App/Abstractions/Services/ITokenService.cs b/src/App/Abstractions/Services/ITokenService.cs index ecc5b14cd..30fcacc7b 100644 --- a/src/App/Abstractions/Services/ITokenService.cs +++ b/src/App/Abstractions/Services/ITokenService.cs @@ -8,7 +8,8 @@ namespace Bit.App.Abstractions string RefreshToken { get; set; } [Obsolete("Old auth scheme")] string AuthBearer { get; set; } - string TwoFactorToken { get; set; } + string GetTwoFactorToken(string email); + void SetTwoFactorToken(string email, string token); DateTime TokenExpiration { get; } string TokenIssuer { get; } bool TokenExpired { get; } diff --git a/src/App/Repositories/ConnectApiRepository.cs b/src/App/Repositories/ConnectApiRepository.cs index 822a10335..0a17f6008 100644 --- a/src/App/Repositories/ConnectApiRepository.cs +++ b/src/App/Repositories/ConnectApiRepository.cs @@ -48,7 +48,7 @@ namespace Bit.App.Repositories var errorResponse = JObject.Parse(responseContent); if(errorResponse["TwoFactorProviders2"] != null) { - TokenService.TwoFactorToken = null; + TokenService.SetTwoFactorToken(requestObj.Email, null); return ApiResult.Success(new TokenResponse { diff --git a/src/App/Services/AuthService.cs b/src/App/Services/AuthService.cs index dec07eb11..c7573813d 100644 --- a/src/App/Services/AuthService.cs +++ b/src/App/Services/AuthService.cs @@ -222,7 +222,7 @@ namespace Bit.App.Services Device = new DeviceRequest(_appIdService, _deviceInfoService) }; - var twoFactorToken = _tokenService.TwoFactorToken; + var twoFactorToken = _tokenService.GetTwoFactorToken(normalizedEmail); if(!string.IsNullOrWhiteSpace(twoFactorToken)) { request.Token = twoFactorToken; @@ -281,11 +281,6 @@ namespace Bit.App.Services private async Task ProcessLoginSuccessAsync(SymmetricCryptoKey key, TokenResponse response) { - if(!string.IsNullOrWhiteSpace(response.TwoFactorToken)) - { - _tokenService.TwoFactorToken = response.TwoFactorToken; - } - if(response.Key != null) { _cryptoService.SetEncKey(new CipherString(response.Key)); @@ -311,6 +306,11 @@ namespace Bit.App.Services _cryptoService.SetOrgKeys(profile.Result); } } + + if(!string.IsNullOrWhiteSpace(response.TwoFactorToken)) + { + _tokenService.SetTwoFactorToken(_tokenService.TokenEmail, response.TwoFactorToken); + } } } } diff --git a/src/App/Services/TokenService.cs b/src/App/Services/TokenService.cs index d115b6880..7e76346b6 100644 --- a/src/App/Services/TokenService.cs +++ b/src/App/Services/TokenService.cs @@ -9,7 +9,7 @@ namespace Bit.App.Services { private const string TokenKey = "accessToken"; private const string RefreshTokenKey = "refreshToken"; - private const string TwoFactorTokenKey = "twoFactorToken"; + private const string TwoFactorTokenKeyFormat = "twoFactorToken_{0}"; private const string AuthBearerKey = "token"; private readonly ISecureStorageService _secureStorage; @@ -166,29 +166,28 @@ namespace Bit.App.Services } } - public string TwoFactorToken + public string GetTwoFactorToken(string email) { - get + var tokenBytes = _secureStorage.Retrieve(string.Format(TwoFactorTokenKeyFormat, email)); + if(tokenBytes == null) { - var tokenBytes = _secureStorage.Retrieve(TwoFactorTokenKey); - if(tokenBytes == null) - { - return null; - } - - return Encoding.UTF8.GetString(tokenBytes, 0, tokenBytes.Length); + return null; } - set + + return Encoding.UTF8.GetString(tokenBytes, 0, tokenBytes.Length); + } + + public void SetTwoFactorToken(string email, string token) + { + var key = string.Format(TwoFactorTokenKeyFormat, email); + if(token != null) { - if(value != null) - { - var tokenBytes = Encoding.UTF8.GetBytes(value); - _secureStorage.Store(TwoFactorTokenKey, tokenBytes); - } - else - { - _secureStorage.Delete(TwoFactorTokenKey); - } + var tokenBytes = Encoding.UTF8.GetBytes(token); + _secureStorage.Store(key, tokenBytes); + } + else + { + _secureStorage.Delete(key); } }