mirror of
https://github.com/bitwarden/server.git
synced 2025-02-17 02:01:53 +01:00
refactor to a new two-factor controller
This commit is contained in:
Kyle Spearrin
parent
5a67df60de
commit
3b5b24531b
@ -248,68 +248,6 @@ namespace Bit.Api.Controllers
|
||||
return revisionDate;
|
||||
}
|
||||
|
||||
[HttpGet("two-factor")]
|
||||
public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider)
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
}
|
||||
|
||||
await _userService.SetupTwoFactorAsync(user, provider);
|
||||
|
||||
var response = new TwoFactorResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[Obsolete]
|
||||
[HttpPut("two-factor")]
|
||||
[HttpPost("two-factor")]
|
||||
public async Task<TwoFactorResponseModel> PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model)
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
}
|
||||
|
||||
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("Token", "Invalid token.");
|
||||
}
|
||||
|
||||
user.TwoFactorEnabled = model.Enabled.Value;
|
||||
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Authenticator);
|
||||
|
||||
var response = new TwoFactorResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[HttpPost("two-factor-recover")]
|
||||
[AllowAnonymous]
|
||||
public async Task PostTwoFactorRecover([FromBody]RecoverTwoFactorRequestModel model)
|
||||
{
|
||||
if(!await _userService.RecoverTwoFactorAsync(model.Email, model.MasterPasswordHash, model.RecoveryCode))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException(string.Empty, "Invalid information. Try again.");
|
||||
}
|
||||
}
|
||||
|
||||
[HttpPut("keys")]
|
||||
[HttpPost("keys")]
|
||||
public async Task<KeysResponseModel> PutKeys([FromBody]KeysRequestModel model)
|
||||
|
||||
166
src/Api/Controllers/TwoFactorController.cs
Normal file
166
src/Api/Controllers/TwoFactorController.cs
Normal file
@ -0,0 +1,166 @@
|
||||
using System;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Bit.Core.Models.Api;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Services;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Bit.Core.Models.Table;
|
||||
using Bit.Core.Enums;
|
||||
using System.Linq;
|
||||
|
||||
namespace Bit.Api.Controllers
|
||||
{
|
||||
[Route("two-factor")]
|
||||
[Authorize("Application")]
|
||||
public class TwoFactorController : Controller
|
||||
{
|
||||
private readonly IUserService _userService;
|
||||
private readonly UserManager<User> _userManager;
|
||||
|
||||
public TwoFactorController(
|
||||
IUserService userService,
|
||||
UserManager<User> userManager)
|
||||
{
|
||||
_userService = userService;
|
||||
_userManager = userManager;
|
||||
}
|
||||
|
||||
[HttpGet("")]
|
||||
public async Task<ListResponseModel<TwoFactorProviderResponseModel>> Get()
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
var providers = user.GetTwoFactorProviders().Select(p => new TwoFactorProviderResponseModel(p.Key, p.Value));
|
||||
return new ListResponseModel<TwoFactorProviderResponseModel>(providers);
|
||||
}
|
||||
|
||||
[HttpPost("get-authenticator")]
|
||||
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator([FromBody]TwoFactorRequestModel model)
|
||||
{
|
||||
var user = await GetProviderAsync(model, TwoFactorProviderType.Authenticator);
|
||||
var response = new TwoFactorAuthenticatorResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[HttpPut("authenticator")]
|
||||
[HttpPost("authenticator")]
|
||||
public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
|
||||
[FromBody]UpdateTwoFactorAuthenticatorRequestModel model)
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
}
|
||||
|
||||
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("Token", "Invalid token.");
|
||||
}
|
||||
|
||||
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Authenticator);
|
||||
var response = new TwoFactorAuthenticatorResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[HttpPost("get-email")]
|
||||
public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody]TwoFactorRequestModel model)
|
||||
{
|
||||
var user = await GetProviderAsync(model, TwoFactorProviderType.Email);
|
||||
var response = new TwoFactorEmailResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[HttpPut("email")]
|
||||
[HttpPost("email")]
|
||||
public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
}
|
||||
|
||||
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Email.ToString(), model.Token))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("Token", "Invalid token.");
|
||||
}
|
||||
|
||||
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
|
||||
|
||||
var response = new TwoFactorEmailResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[HttpPut("disable")]
|
||||
[HttpPost("disable")]
|
||||
public async Task<TwoFactorEmailResponseModel> PutDisable([FromBody]TwoFactorProviderRequestModel model)
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
}
|
||||
|
||||
await _userService.DisableTwoFactorProviderAsync(user, model.Type.Value);
|
||||
|
||||
var response = new TwoFactorEmailResponseModel(user);
|
||||
return response;
|
||||
}
|
||||
|
||||
[HttpPost("recover")]
|
||||
[AllowAnonymous]
|
||||
public async Task PostTwoFactorRecover([FromBody]TwoFactorRecoveryRequestModel model)
|
||||
{
|
||||
if(!await _userService.RecoverTwoFactorAsync(model.Email, model.MasterPasswordHash, model.RecoveryCode))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException(string.Empty, "Invalid information. Try again.");
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<User> GetProviderAsync(TwoFactorRequestModel model, TwoFactorProviderType type)
|
||||
{
|
||||
var user = await _userService.GetUserByPrincipalAsync(User);
|
||||
if(user == null)
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
}
|
||||
|
||||
await _userService.SetupTwoFactorAsync(user, type);
|
||||
return user;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,18 +0,0 @@
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class RecoverTwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
[EmailAddress]
|
||||
[StringLength(50)]
|
||||
public string Email { get; set; }
|
||||
[Required]
|
||||
public string MasterPasswordHash { get; set; }
|
||||
[Required]
|
||||
[StringLength(32)]
|
||||
public string RecoveryCode { get; set; }
|
||||
}
|
||||
}
|
||||
@ -1,16 +0,0 @@
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class UpdateTwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
public string MasterPasswordHash { get; set; }
|
||||
[Required]
|
||||
public bool? Enabled { get; set; }
|
||||
[Required]
|
||||
[StringLength(50)]
|
||||
public string Token { get; set; }
|
||||
}
|
||||
}
|
||||
80
src/Core/Models/Api/Request/TwoFactorRequestModels.cs
Normal file
80
src/Core/Models/Api/Request/TwoFactorRequestModels.cs
Normal file
@ -0,0 +1,80 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class UpdateTwoFactorAuthenticatorRequestModel : TwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
[StringLength(50)]
|
||||
public string Token { get; set; }
|
||||
}
|
||||
|
||||
public class UpdateTwoFactorDuoRequestModel : TwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
[StringLength(50)]
|
||||
public string IntegrationKey { get; set; }
|
||||
[Required]
|
||||
[StringLength(50)]
|
||||
public string SecretKey { get; set; }
|
||||
[Required]
|
||||
[StringLength(50)]
|
||||
public string Host { get; set; }
|
||||
}
|
||||
|
||||
public class UpdateTwoFactorYubicoOtpRequestModel : TwoFactorRequestModel, IValidatableObject
|
||||
{
|
||||
public string Key1 { get; set; }
|
||||
public string Key2 { get; set; }
|
||||
public string Key3 { get; set; }
|
||||
public string Key4 { get; set; }
|
||||
public string Key5 { get; set; }
|
||||
|
||||
public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
|
||||
{
|
||||
if(string.IsNullOrWhiteSpace(Key1) && string.IsNullOrWhiteSpace(Key2) && string.IsNullOrWhiteSpace(Key3) &&
|
||||
string.IsNullOrWhiteSpace(Key4) && string.IsNullOrWhiteSpace(Key5))
|
||||
{
|
||||
yield return new ValidationResult("A Key is required.", new string[] { nameof(Key1) });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public class UpdateTwoFactorEmailRequestModel : TwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
[EmailAddress]
|
||||
[StringLength(50)]
|
||||
public string Email { get; set; }
|
||||
[Required]
|
||||
[StringLength(50)]
|
||||
public string Token { get; set; }
|
||||
}
|
||||
|
||||
public class TwoFactorProviderRequestModel : TwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
public Enums.TwoFactorProviderType? Type { get; set; }
|
||||
}
|
||||
|
||||
public class TwoFactorRequestModel
|
||||
{
|
||||
[Required]
|
||||
public string MasterPasswordHash { get; set; }
|
||||
}
|
||||
|
||||
public class TwoFactorRecoveryRequestModel
|
||||
{
|
||||
[Required]
|
||||
[EmailAddress]
|
||||
[StringLength(50)]
|
||||
public string Email { get; set; }
|
||||
[Required]
|
||||
public string MasterPasswordHash { get; set; }
|
||||
[Required]
|
||||
[StringLength(32)]
|
||||
public string RecoveryCode { get; set; }
|
||||
}
|
||||
}
|
||||
@ -3,7 +3,6 @@ using Bit.Core.Models.Table;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Enums;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
|
||||
@ -0,0 +1,32 @@
|
||||
using System;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class TwoFactorAuthenticatorResponseModel : ResponseModel
|
||||
{
|
||||
public TwoFactorAuthenticatorResponseModel(User user)
|
||||
: base("twoFactorAuthenticator")
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Authenticator);
|
||||
if(provider?.MetaData?.ContainsKey("Key") ?? false)
|
||||
{
|
||||
Key = provider.MetaData["Key"];
|
||||
Enabled = provider.Enabled;
|
||||
}
|
||||
else
|
||||
{
|
||||
Enabled = false;
|
||||
}
|
||||
}
|
||||
|
||||
public bool Enabled { get; set; }
|
||||
public string Key { get; set; }
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,32 @@
|
||||
using System;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class TwoFactorEmailResponseModel : ResponseModel
|
||||
{
|
||||
public TwoFactorEmailResponseModel(User user)
|
||||
: base("twoFactorEmail")
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
|
||||
if(provider?.MetaData?.ContainsKey("Email") ?? false)
|
||||
{
|
||||
Email = provider.MetaData["Email"];
|
||||
Enabled = provider.Enabled;
|
||||
}
|
||||
else
|
||||
{
|
||||
Enabled = false;
|
||||
}
|
||||
}
|
||||
|
||||
public bool Enabled { get; set; }
|
||||
public string Email { get; set; }
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,23 @@
|
||||
using System;
|
||||
using Bit.Core.Enums;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class TwoFactorProviderResponseModel : ResponseModel
|
||||
{
|
||||
public TwoFactorProviderResponseModel(TwoFactorProviderType type, TwoFactorProvider provider)
|
||||
: base("twoFactorProvider")
|
||||
{
|
||||
if(provider == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(provider));
|
||||
}
|
||||
|
||||
Enabled = provider.Enabled;
|
||||
Type = type;
|
||||
}
|
||||
|
||||
public bool Enabled { get; set; }
|
||||
public TwoFactorProviderType Type { get; set; }
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,56 @@
|
||||
using System;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class TwoFactorYubiKeyResponseModel : ResponseModel
|
||||
{
|
||||
public TwoFactorYubiKeyResponseModel(User user)
|
||||
: base("twoFactorYubiKey")
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
|
||||
if(provider?.MetaData != null && provider.MetaData.Count > 0)
|
||||
{
|
||||
Enabled = provider.Enabled;
|
||||
|
||||
if(provider.MetaData.ContainsKey("Key1"))
|
||||
{
|
||||
Key1 = provider.MetaData["Key1"];
|
||||
}
|
||||
if(provider.MetaData.ContainsKey("Key2"))
|
||||
{
|
||||
Key2 = provider.MetaData["Key2"];
|
||||
}
|
||||
if(provider.MetaData.ContainsKey("Key3"))
|
||||
{
|
||||
Key1 = provider.MetaData["Key3"];
|
||||
}
|
||||
if(provider.MetaData.ContainsKey("Key4"))
|
||||
{
|
||||
Key4 = provider.MetaData["Key4"];
|
||||
}
|
||||
if(provider.MetaData.ContainsKey("Key5"))
|
||||
{
|
||||
Key5 = provider.MetaData["Key5"];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Enabled = false;
|
||||
}
|
||||
}
|
||||
|
||||
public bool Enabled { get; set; }
|
||||
public string Key1 { get; set; }
|
||||
public string Key2 { get; set; }
|
||||
public string Key3 { get; set; }
|
||||
public string Key4 { get; set; }
|
||||
public string Key5 { get; set; }
|
||||
}
|
||||
}
|
||||
@ -1,45 +0,0 @@
|
||||
using System;
|
||||
using Bit.Core.Models.Table;
|
||||
using Bit.Core.Enums;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class TwoFactorResponseModel : ResponseModel
|
||||
{
|
||||
public TwoFactorResponseModel(User user)
|
||||
: base("twoFactor")
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(user.TwoFactorProvider.HasValue && providers.ContainsKey(user.TwoFactorProvider.Value))
|
||||
{
|
||||
var provider = providers[user.TwoFactorProvider.Value];
|
||||
switch(user.TwoFactorProvider.Value)
|
||||
{
|
||||
case TwoFactorProviderType.Authenticator:
|
||||
AuthenticatorKey = provider.MetaData["Key"];
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
TwoFactorEnabled = false;
|
||||
}
|
||||
|
||||
TwoFactorEnabled = user.TwoFactorIsEnabled();
|
||||
TwoFactorProvider = user.TwoFactorProvider;
|
||||
TwoFactorRecoveryCode = user.TwoFactorRecoveryCode;
|
||||
}
|
||||
|
||||
public bool TwoFactorEnabled { get; set; }
|
||||
public TwoFactorProviderType? TwoFactorProvider { get; set; }
|
||||
public string AuthenticatorKey { get; set; }
|
||||
public string TwoFactorRecoveryCode { get; set; }
|
||||
}
|
||||
}
|
||||
@ -1,12 +1,10 @@
|
||||
using Bit.Core.Enums;
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace Bit.Core.Models
|
||||
{
|
||||
public class TwoFactorProvider
|
||||
{
|
||||
public bool Enabled { get; set; }
|
||||
public bool Remember { get; set; }
|
||||
public Dictionary<string, string> MetaData { get; set; } = new Dictionary<string, string>();
|
||||
}
|
||||
}
|
||||
|
||||
@ -28,6 +28,7 @@ namespace Bit.Core.Services
|
||||
Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
|
||||
Task SetupTwoFactorAsync(User user, TwoFactorProviderType provider);
|
||||
Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type);
|
||||
Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type);
|
||||
Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);
|
||||
Task<string> GenerateUserTokenAsync(User user, string tokenProvider, string purpose);
|
||||
Task<IdentityResult> DeleteAsync(User user);
|
||||
|
||||
@ -319,8 +319,7 @@ namespace Bit.Core.Services
|
||||
public async Task SetupTwoFactorAsync(User user, TwoFactorProviderType provider)
|
||||
{
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(providers != null && providers.ContainsKey(provider) && providers[provider].Enabled &&
|
||||
user.TwoFactorProvider.HasValue && user.TwoFactorProvider.Value == provider)
|
||||
if(providers != null && providers.ContainsKey(provider) && providers[provider].MetaData != null)
|
||||
{
|
||||
switch(provider)
|
||||
{
|
||||
@ -355,8 +354,7 @@ namespace Bit.Core.Services
|
||||
{
|
||||
case TwoFactorProviderType.Authenticator:
|
||||
var key = KeyGeneration.GenerateRandomKey(20);
|
||||
providerInfo.MetaData["Key"] = Base32Encoding.ToString(key);
|
||||
providerInfo.Remember = true;
|
||||
providerInfo.MetaData = new Dictionary<string, string> { ["Key"] = Base32Encoding.ToString(key) };
|
||||
break;
|
||||
default:
|
||||
throw new ArgumentException(nameof(provider));
|
||||
@ -375,11 +373,26 @@ namespace Bit.Core.Services
|
||||
return;
|
||||
}
|
||||
|
||||
providers[type].Enabled = user.TwoFactorEnabled;
|
||||
providers[type].Enabled = true;
|
||||
user.SetTwoFactorProviders(providers);
|
||||
|
||||
user.TwoFactorProvider = type;
|
||||
user.TwoFactorRecoveryCode = user.TwoFactorIsEnabled() ? Guid.NewGuid().ToString("N") : null;
|
||||
if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
|
||||
{
|
||||
user.TwoFactorRecoveryCode = Guid.NewGuid().ToString("N");
|
||||
}
|
||||
await SaveUserAsync(user);
|
||||
}
|
||||
|
||||
public async Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type)
|
||||
{
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(!providers?.ContainsKey(type) ?? true)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
providers.Remove(type);
|
||||
user.SetTwoFactorProviders(providers);
|
||||
await SaveUserAsync(user);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user