1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00

two factor email setup

This commit is contained in:
Kyle Spearrin 2017-06-20 09:21:35 -04:00
parent 2eaaecd95c
commit 475160cfe1
4 changed files with 81 additions and 2 deletions

View File

@ -84,6 +84,24 @@ namespace Bit.Api.Controllers
return response;
}
[HttpPost("send-email")]
public async Task SendEmail([FromBody]TwoFactorEmailRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
if(user == null)
{
throw new UnauthorizedAccessException();
}
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
await _userService.SendTwoFactorEmailAsync(user, model.Email);
}
[HttpPut("email")]
[HttpPost("email")]
public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
@ -100,12 +118,18 @@ namespace Bit.Api.Controllers
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Email.ToString(), model.Token))
if(!await _userService.VerifyTwoFactorEmailAsync(user, model.Token, model.Email))
{
await Task.Delay(2000);
throw new BadRequestException("Token", "Invalid token.");
}
var providers = user.GetTwoFactorProviders();
providers[TwoFactorProviderType.Email] = new Core.Models.TwoFactorProvider
{
MetaData = new System.Collections.Generic.Dictionary<string, string> { ["Email"] = model.Email }
};
user.SetTwoFactorProviders(providers);
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
var response = new TwoFactorEmailResponseModel(user);

View File

@ -42,12 +42,16 @@ namespace Bit.Core.Models.Api
}
}
public class UpdateTwoFactorEmailRequestModel : TwoFactorRequestModel
public class TwoFactorEmailRequestModel : TwoFactorRequestModel
{
[Required]
[EmailAddress]
[StringLength(50)]
public string Email { get; set; }
}
public class UpdateTwoFactorEmailRequestModel : TwoFactorEmailRequestModel
{
[Required]
[StringLength(50)]
public string Token { get; set; }

View File

@ -19,6 +19,8 @@ namespace Bit.Core.Services
Task SaveUserAsync(User user);
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
Task SendMasterPasswordHintAsync(string email);
Task SendTwoFactorEmailAsync(User user, string email = null);
Task<bool> VerifyTwoFactorEmailAsync(User user, string token, string email = null);
Task InitiateEmailChangeAsync(User user, string newEmail);
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
string token, string key);

View File

@ -182,6 +182,45 @@ namespace Bit.Core.Services
await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
}
public async Task SendTwoFactorEmailAsync(User user, string email = null)
{
if(string.IsNullOrWhiteSpace(email))
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
if(provider != null && provider.MetaData != null && provider.MetaData.ContainsKey("Email"))
{
email = provider.MetaData["Email"];
}
}
if(string.IsNullOrWhiteSpace(email))
{
throw new ArgumentNullException(nameof(email));
}
var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider, "2faEmail:" + email);
await _mailService.SendChangeEmailEmailAsync(email, token);
}
public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token, string email = null)
{
if(string.IsNullOrWhiteSpace(email))
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
if(provider != null && provider.MetaData != null && provider.MetaData.ContainsKey("Email"))
{
email = provider.MetaData["Email"];
}
}
if(string.IsNullOrWhiteSpace(email))
{
throw new ArgumentNullException(nameof(email));
}
return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider, "2faEmail:" + email, token);
}
public async Task InitiateEmailChangeAsync(User user, string newEmail)
{
var existingUser = await _userRepository.GetByEmailAsync(newEmail);
@ -329,6 +368,11 @@ namespace Bit.Core.Services
return;
}
break;
case TwoFactorProviderType.Email:
case TwoFactorProviderType.U2F:
case TwoFactorProviderType.YubiKey:
case TwoFactorProviderType.Duo:
break;
default:
throw new ArgumentException(nameof(provider));
}
@ -356,6 +400,11 @@ namespace Bit.Core.Services
var key = KeyGeneration.GenerateRandomKey(20);
providerInfo.MetaData = new Dictionary<string, string> { ["Key"] = Base32Encoding.ToString(key) };
break;
case TwoFactorProviderType.Email:
case TwoFactorProviderType.U2F:
case TwoFactorProviderType.YubiKey:
case TwoFactorProviderType.Duo:
break;
default:
throw new ArgumentException(nameof(provider));
}