From 2f0ca6f7c06b22faa1842b4f36e13f93e8f21f9c Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Tue, 27 Jun 2017 16:45:12 -0400
Subject: [PATCH] user specific remember two factor

---
 .../Abstractions/Services/ITokenService.cs    |  3 +-
 src/App/Repositories/ConnectApiRepository.cs  |  2 +-
 src/App/Services/AuthService.cs               | 12 +++---
 src/App/Services/TokenService.cs              | 39 +++++++++----------
 4 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/src/App/Abstractions/Services/ITokenService.cs b/src/App/Abstractions/Services/ITokenService.cs
index ecc5b14cd..30fcacc7b 100644
--- a/src/App/Abstractions/Services/ITokenService.cs
+++ b/src/App/Abstractions/Services/ITokenService.cs
@@ -8,7 +8,8 @@ namespace Bit.App.Abstractions
         string RefreshToken { get; set; }
         [Obsolete("Old auth scheme")]
         string AuthBearer { get; set; }
-        string TwoFactorToken { get; set; }
+        string GetTwoFactorToken(string email);
+        void SetTwoFactorToken(string email, string token);
         DateTime TokenExpiration { get; }
         string TokenIssuer { get; }
         bool TokenExpired { get; }
diff --git a/src/App/Repositories/ConnectApiRepository.cs b/src/App/Repositories/ConnectApiRepository.cs
index 822a10335..0a17f6008 100644
--- a/src/App/Repositories/ConnectApiRepository.cs
+++ b/src/App/Repositories/ConnectApiRepository.cs
@@ -48,7 +48,7 @@ namespace Bit.App.Repositories
                         var errorResponse = JObject.Parse(responseContent);
                         if(errorResponse["TwoFactorProviders2"] != null)
                         {
-                            TokenService.TwoFactorToken = null;
+                            TokenService.SetTwoFactorToken(requestObj.Email, null);
 
                             return ApiResult<TokenResponse>.Success(new TokenResponse
                             {
diff --git a/src/App/Services/AuthService.cs b/src/App/Services/AuthService.cs
index dec07eb11..c7573813d 100644
--- a/src/App/Services/AuthService.cs
+++ b/src/App/Services/AuthService.cs
@@ -222,7 +222,7 @@ namespace Bit.App.Services
                 Device = new DeviceRequest(_appIdService, _deviceInfoService)
             };
 
-            var twoFactorToken = _tokenService.TwoFactorToken;
+            var twoFactorToken = _tokenService.GetTwoFactorToken(normalizedEmail);
             if(!string.IsNullOrWhiteSpace(twoFactorToken))
             {
                 request.Token = twoFactorToken;
@@ -281,11 +281,6 @@ namespace Bit.App.Services
 
         private async Task ProcessLoginSuccessAsync(SymmetricCryptoKey key, TokenResponse response)
         {
-            if(!string.IsNullOrWhiteSpace(response.TwoFactorToken))
-            {
-                _tokenService.TwoFactorToken = response.TwoFactorToken;
-            }
-
             if(response.Key != null)
             {
                 _cryptoService.SetEncKey(new CipherString(response.Key));
@@ -311,6 +306,11 @@ namespace Bit.App.Services
                     _cryptoService.SetOrgKeys(profile.Result);
                 }
             }
+
+            if(!string.IsNullOrWhiteSpace(response.TwoFactorToken))
+            {
+                _tokenService.SetTwoFactorToken(_tokenService.TokenEmail, response.TwoFactorToken);
+            }
         }
     }
 }
diff --git a/src/App/Services/TokenService.cs b/src/App/Services/TokenService.cs
index d115b6880..7e76346b6 100644
--- a/src/App/Services/TokenService.cs
+++ b/src/App/Services/TokenService.cs
@@ -9,7 +9,7 @@ namespace Bit.App.Services
     {
         private const string TokenKey = "accessToken";
         private const string RefreshTokenKey = "refreshToken";
-        private const string TwoFactorTokenKey = "twoFactorToken";
+        private const string TwoFactorTokenKeyFormat = "twoFactorToken_{0}";
         private const string AuthBearerKey = "token";
 
         private readonly ISecureStorageService _secureStorage;
@@ -166,29 +166,28 @@ namespace Bit.App.Services
             }
         }
 
-        public string TwoFactorToken
+        public string GetTwoFactorToken(string email)
         {
-            get
+            var tokenBytes = _secureStorage.Retrieve(string.Format(TwoFactorTokenKeyFormat, email));
+            if(tokenBytes == null)
             {
-                var tokenBytes = _secureStorage.Retrieve(TwoFactorTokenKey);
-                if(tokenBytes == null)
-                {
-                    return null;
-                }
-
-                return Encoding.UTF8.GetString(tokenBytes, 0, tokenBytes.Length);
+                return null;
             }
-            set
+
+            return Encoding.UTF8.GetString(tokenBytes, 0, tokenBytes.Length);
+        }
+
+        public void SetTwoFactorToken(string email, string token)
+        {
+            var key = string.Format(TwoFactorTokenKeyFormat, email);
+            if(token != null)
             {
-                if(value != null)
-                {
-                    var tokenBytes = Encoding.UTF8.GetBytes(value);
-                    _secureStorage.Store(TwoFactorTokenKey, tokenBytes);
-                }
-                else
-                {
-                    _secureStorage.Delete(TwoFactorTokenKey);
-                }
+                var tokenBytes = Encoding.UTF8.GetBytes(token);
+                _secureStorage.Store(key, tokenBytes);
+            }
+            else
+            {
+                _secureStorage.Delete(key);
             }
         }