mirror of
https://github.com/bitwarden/server.git
synced 2024-12-24 17:17:40 +01:00
Added device identifier, APIs for updating token by identifier, Device creation/update upon signin.
This commit is contained in:
parent
8a34692e7c
commit
37ec1de7a3
@ -27,7 +27,7 @@ namespace Bit.Api.Controllers
|
|||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
|
public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
|
||||||
{
|
{
|
||||||
var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash);
|
var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash, model.Device?.ToDevice());
|
||||||
if(result == JwtBearerSignInResult.Success)
|
if(result == JwtBearerSignInResult.Success)
|
||||||
{
|
{
|
||||||
return new AuthTokenResponseModel(result.Token, result.User);
|
return new AuthTokenResponseModel(result.Token, result.User);
|
||||||
|
@ -40,6 +40,19 @@ namespace Bit.Api.Controllers
|
|||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[HttpGet("identifier/{identifier}")]
|
||||||
|
public async Task<DeviceResponseModel> GetByIdentifier(string identifier)
|
||||||
|
{
|
||||||
|
var device = await _deviceRepository.GetByIdentifierAsync(identifier, new Guid(_userManager.GetUserId(User)));
|
||||||
|
if(device == null)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
var response = new DeviceResponseModel(device);
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
[HttpGet("")]
|
[HttpGet("")]
|
||||||
public async Task<ListResponseModel<DeviceResponseModel>> Get()
|
public async Task<ListResponseModel<DeviceResponseModel>> Get()
|
||||||
{
|
{
|
||||||
@ -73,6 +86,21 @@ namespace Bit.Api.Controllers
|
|||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[HttpPut("identifier/{identifier}/token")]
|
||||||
|
public async Task<DeviceResponseModel> PutToken(string identifier, [FromBody]DeviceTokenRequestModel model)
|
||||||
|
{
|
||||||
|
var device = await _deviceRepository.GetByIdentifierAsync(identifier, new Guid(_userManager.GetUserId(User)));
|
||||||
|
if(device == null)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
await _deviceRepository.ReplaceAsync(model.ToDevice(device));
|
||||||
|
|
||||||
|
var response = new DeviceResponseModel(device);
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
[HttpDelete("{id}")]
|
[HttpDelete("{id}")]
|
||||||
public async Task Delete(string id)
|
public async Task Delete(string id)
|
||||||
{
|
{
|
||||||
|
@ -10,5 +10,6 @@ namespace Bit.Api.Models
|
|||||||
public string Email { get; set; }
|
public string Email { get; set; }
|
||||||
[Required]
|
[Required]
|
||||||
public string MasterPasswordHash { get; set; }
|
public string MasterPasswordHash { get; set; }
|
||||||
|
public DeviceRequestModel Device { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -13,6 +13,9 @@ namespace Bit.Api.Models
|
|||||||
[Required]
|
[Required]
|
||||||
[StringLength(50)]
|
[StringLength(50)]
|
||||||
public string Name { get; set; }
|
public string Name { get; set; }
|
||||||
|
[Required]
|
||||||
|
[StringLength(50)]
|
||||||
|
public string Identifier { get; set; }
|
||||||
[StringLength(255)]
|
[StringLength(255)]
|
||||||
public string PushToken { get; set; }
|
public string PushToken { get; set; }
|
||||||
|
|
||||||
@ -27,10 +30,23 @@ namespace Bit.Api.Models
|
|||||||
public Device ToDevice(Device existingDevice)
|
public Device ToDevice(Device existingDevice)
|
||||||
{
|
{
|
||||||
existingDevice.Name = Name;
|
existingDevice.Name = Name;
|
||||||
|
existingDevice.Identifier = Identifier;
|
||||||
existingDevice.PushToken = PushToken;
|
existingDevice.PushToken = PushToken;
|
||||||
existingDevice.Type = Type.Value;
|
existingDevice.Type = Type.Value;
|
||||||
|
|
||||||
return existingDevice;
|
return existingDevice;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public class DeviceTokenRequestModel
|
||||||
|
{
|
||||||
|
[StringLength(255)]
|
||||||
|
public string PushToken { get; set; }
|
||||||
|
|
||||||
|
public Device ToDevice(Device existingDevice)
|
||||||
|
{
|
||||||
|
existingDevice.PushToken = PushToken;
|
||||||
|
return existingDevice;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
@ -17,12 +17,14 @@ namespace Bit.Api.Models
|
|||||||
Id = device.Id.ToString();
|
Id = device.Id.ToString();
|
||||||
Name = device.Name;
|
Name = device.Name;
|
||||||
Type = device.Type;
|
Type = device.Type;
|
||||||
|
Identifier = device.Identifier;
|
||||||
CreationDate = device.CreationDate;
|
CreationDate = device.CreationDate;
|
||||||
}
|
}
|
||||||
|
|
||||||
public string Id { get; set; }
|
public string Id { get; set; }
|
||||||
public string Name { get; set; }
|
public string Name { get; set; }
|
||||||
public DeviceType Type { get; set; }
|
public DeviceType Type { get; set; }
|
||||||
|
public string Identifier { get; set; }
|
||||||
public DateTime CreationDate { get; set; }
|
public DateTime CreationDate { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -9,6 +9,7 @@ namespace Bit.Core.Domains
|
|||||||
public Guid UserId { get; set; }
|
public Guid UserId { get; set; }
|
||||||
public string Name { get; set; }
|
public string Name { get; set; }
|
||||||
public Enums.DeviceType Type { get; set; }
|
public Enums.DeviceType Type { get; set; }
|
||||||
|
public string Identifier { get; set; }
|
||||||
public string PushToken { get; set; }
|
public string PushToken { get; set; }
|
||||||
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
|
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
|
||||||
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
|
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
|
||||||
|
@ -9,11 +9,14 @@ using Microsoft.Extensions.Options;
|
|||||||
using Bit.Core.Domains;
|
using Bit.Core.Domains;
|
||||||
using Microsoft.AspNetCore.Builder;
|
using Microsoft.AspNetCore.Builder;
|
||||||
using Microsoft.IdentityModel.Tokens;
|
using Microsoft.IdentityModel.Tokens;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
|
||||||
namespace Bit.Core.Identity
|
namespace Bit.Core.Identity
|
||||||
{
|
{
|
||||||
public class JwtBearerSignInManager
|
public class JwtBearerSignInManager
|
||||||
{
|
{
|
||||||
|
private readonly IDeviceRepository _deviceRepository;
|
||||||
|
|
||||||
public JwtBearerSignInManager(
|
public JwtBearerSignInManager(
|
||||||
UserManager<User> userManager,
|
UserManager<User> userManager,
|
||||||
IHttpContextAccessor contextAccessor,
|
IHttpContextAccessor contextAccessor,
|
||||||
@ -21,7 +24,8 @@ namespace Bit.Core.Identity
|
|||||||
IOptions<IdentityOptions> optionsAccessor,
|
IOptions<IdentityOptions> optionsAccessor,
|
||||||
IOptions<JwtBearerIdentityOptions> jwtIdentityOptionsAccessor,
|
IOptions<JwtBearerIdentityOptions> jwtIdentityOptionsAccessor,
|
||||||
IOptions<JwtBearerOptions> jwtOptionsAccessor,
|
IOptions<JwtBearerOptions> jwtOptionsAccessor,
|
||||||
ILogger<JwtBearerSignInManager> logger)
|
ILogger<JwtBearerSignInManager> logger,
|
||||||
|
IDeviceRepository deviceRepository)
|
||||||
{
|
{
|
||||||
UserManager = userManager;
|
UserManager = userManager;
|
||||||
Context = contextAccessor.HttpContext;
|
Context = contextAccessor.HttpContext;
|
||||||
@ -29,6 +33,7 @@ namespace Bit.Core.Identity
|
|||||||
IdentityOptions = optionsAccessor?.Value ?? new IdentityOptions();
|
IdentityOptions = optionsAccessor?.Value ?? new IdentityOptions();
|
||||||
JwtIdentityOptions = jwtIdentityOptionsAccessor?.Value ?? new JwtBearerIdentityOptions();
|
JwtIdentityOptions = jwtIdentityOptionsAccessor?.Value ?? new JwtBearerIdentityOptions();
|
||||||
JwtBearerOptions = jwtOptionsAccessor?.Value ?? new JwtBearerOptions();
|
JwtBearerOptions = jwtOptionsAccessor?.Value ?? new JwtBearerOptions();
|
||||||
|
_deviceRepository = deviceRepository;
|
||||||
}
|
}
|
||||||
|
|
||||||
internal UserManager<User> UserManager { get; set; }
|
internal UserManager<User> UserManager { get; set; }
|
||||||
@ -54,7 +59,7 @@ namespace Bit.Core.Identity
|
|||||||
return Task.FromResult(false);
|
return Task.FromResult(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<JwtBearerSignInResult> PasswordSignInAsync(User user, string password)
|
public async Task<JwtBearerSignInResult> PasswordSignInAsync(User user, string password, Device device = null)
|
||||||
{
|
{
|
||||||
if(user == null)
|
if(user == null)
|
||||||
{
|
{
|
||||||
@ -63,13 +68,23 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
if(await UserManager.CheckPasswordAsync(user, password))
|
if(await UserManager.CheckPasswordAsync(user, password))
|
||||||
{
|
{
|
||||||
return await SignInOrTwoFactorAsync(user);
|
var result = await SignInOrTwoFactorAsync(user);
|
||||||
|
if(result.Succeeded && device != null)
|
||||||
|
{
|
||||||
|
var existingDevice = await _deviceRepository.GetByIdentifierAsync(device.Identifier, user.Id);
|
||||||
|
if(existingDevice == null)
|
||||||
|
{
|
||||||
|
await _deviceRepository.CreateAsync(device);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
return JwtBearerSignInResult.Failed;
|
return JwtBearerSignInResult.Failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<JwtBearerSignInResult> PasswordSignInAsync(string userName, string password)
|
public async Task<JwtBearerSignInResult> PasswordSignInAsync(string userName, string password, Device device = null)
|
||||||
{
|
{
|
||||||
var user = await UserManager.FindByNameAsync(userName);
|
var user = await UserManager.FindByNameAsync(userName);
|
||||||
if(user == null)
|
if(user == null)
|
||||||
@ -77,7 +92,7 @@ namespace Bit.Core.Identity
|
|||||||
return JwtBearerSignInResult.Failed;
|
return JwtBearerSignInResult.Failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
return await PasswordSignInAsync(user, password);
|
return await PasswordSignInAsync(user, password, device);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<JwtBearerSignInResult> TwoFactorSignInAsync(User user, string provider, string code)
|
public async Task<JwtBearerSignInResult> TwoFactorSignInAsync(User user, string provider, string code)
|
||||||
|
@ -8,6 +8,7 @@ namespace Bit.Core.Repositories
|
|||||||
public interface IDeviceRepository : IRepository<Device, Guid>
|
public interface IDeviceRepository : IRepository<Device, Guid>
|
||||||
{
|
{
|
||||||
Task<Device> GetByIdAsync(Guid id, Guid userId);
|
Task<Device> GetByIdAsync(Guid id, Guid userId);
|
||||||
|
Task<Device> GetByIdentifierAsync(string identifier, Guid userId);
|
||||||
Task<ICollection<Device>> GetManyByUserIdAsync(Guid userId);
|
Task<ICollection<Device>> GetManyByUserIdAsync(Guid userId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -30,6 +30,23 @@ namespace Bit.Core.Repositories.SqlServer
|
|||||||
return device;
|
return device;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<Device> GetByIdentifierAsync(string identifier, Guid userId)
|
||||||
|
{
|
||||||
|
using(var connection = new SqlConnection(ConnectionString))
|
||||||
|
{
|
||||||
|
var results = await connection.QueryAsync<Device>(
|
||||||
|
$"[{Schema}].[{Table}_ReadByIdentifierUserId]",
|
||||||
|
new
|
||||||
|
{
|
||||||
|
UserId = userId,
|
||||||
|
Identifier = identifier
|
||||||
|
},
|
||||||
|
commandType: CommandType.StoredProcedure);
|
||||||
|
|
||||||
|
return results.FirstOrDefault();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public async Task<ICollection<Device>> GetManyByUserIdAsync(Guid userId)
|
public async Task<ICollection<Device>> GetManyByUserIdAsync(Guid userId)
|
||||||
{
|
{
|
||||||
using(var connection = new SqlConnection(ConnectionString))
|
using(var connection = new SqlConnection(ConnectionString))
|
||||||
|
@ -90,6 +90,7 @@
|
|||||||
<Build Include="dbo\Stored Procedures\Device_ReadById.sql" />
|
<Build Include="dbo\Stored Procedures\Device_ReadById.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\Device_ReadByUserId.sql" />
|
<Build Include="dbo\Stored Procedures\Device_ReadByUserId.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\Device_DeleteById.sql" />
|
<Build Include="dbo\Stored Procedures\Device_DeleteById.sql" />
|
||||||
|
<Build Include="dbo\Stored Procedures\Device_ReadByIdentifierUserId.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\Cipher_ReadByUserId.sql" />
|
<Build Include="dbo\Stored Procedures\Cipher_ReadByUserId.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" />
|
<Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
@ -0,0 +1,15 @@
|
|||||||
|
CREATE PROCEDURE [dbo].[Device_ReadByIdentifierUserId]
|
||||||
|
@UserId UNIQUEIDENTIFIER,
|
||||||
|
@Identifier NVARCHAR(50)
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
SELECT
|
||||||
|
*
|
||||||
|
FROM
|
||||||
|
[dbo].[DeviceView]
|
||||||
|
WHERE
|
||||||
|
[UserId] = @UserId
|
||||||
|
AND [Identifier] = @Identifier
|
||||||
|
END
|
@ -3,6 +3,7 @@
|
|||||||
[UserId] UNIQUEIDENTIFIER NOT NULL,
|
[UserId] UNIQUEIDENTIFIER NOT NULL,
|
||||||
[Name] NVARCHAR (50) NOT NULL,
|
[Name] NVARCHAR (50) NOT NULL,
|
||||||
[Type] SMALLINT NOT NULL,
|
[Type] SMALLINT NOT NULL,
|
||||||
|
[Identifier] NVARCHAR (50) NOT NULL,
|
||||||
[PushToken] NVARCHAR (255) NULL,
|
[PushToken] NVARCHAR (255) NULL,
|
||||||
[CreationDate] DATETIME2 (7) NOT NULL,
|
[CreationDate] DATETIME2 (7) NOT NULL,
|
||||||
[RevisionDate] DATETIME2 (7) NOT NULL,
|
[RevisionDate] DATETIME2 (7) NOT NULL,
|
||||||
@ -15,3 +16,8 @@ GO
|
|||||||
CREATE NONCLUSTERED INDEX [IX_Device_UserId]
|
CREATE NONCLUSTERED INDEX [IX_Device_UserId]
|
||||||
ON [dbo].[Device]([UserId] ASC);
|
ON [dbo].[Device]([UserId] ASC);
|
||||||
|
|
||||||
|
|
||||||
|
GO
|
||||||
|
CREATE UNIQUE NONCLUSTERED INDEX [UX_Device_UserId_Identifier]
|
||||||
|
ON [dbo].[Device]([UserId] ASC, [Identifier] ASC);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user