Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00
Code Issues Projects Releases Wiki Activity

update u2f lib. send 2fa login email

Browse Source
This commit is contained in:
Kyle Spearrin 2017-06-24 09:20:12 -04:00
parent 64189067cd
commit 59b8438a0f
6 changed files with 46 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Api/Controllers/TwoFactorController.cs
View File

@ -207,6 +207,24 @@ namespace Bit.Api.Controllers
await _userService.SendTwoFactorEmailAsync(user);
}
[AllowAnonymous]
[HttpPost("send-email-login")]
public async Task SendEmailLogin([FromBody]TwoFactorEmailRequestModel model)
{
var user = await _userManager.FindByEmailAsync(model.Email.ToLowerInvariant());
if(user != null)
{
if(await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await _userService.SendTwoFactorEmailAsync(user);
return;
}
}
await Task.Delay(2000);
throw new BadRequestException("Cannot send two-factor email.");
}
[HttpPut("email")]
[HttpPost("email")]
public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)

2
src/Core/Core.csproj
View File

@ -56,7 +56,7 @@
<PackageReference Include="Serilog.Extensions.Logging" Version="1.4.0" />
<PackageReference Include="Serilog.Sinks.AzureDocumentDB" Version="3.6.1" />
<PackageReference Include="Stripe.net" Version="7.8.0" />
<PackageReference Include="u2flib" Version="1.0.5" />
<PackageReference Include="U2F.Core" Version="1.0.3" />
<PackageReference Include="WindowsAzure.Storage" Version="8.1.1" />
<PackageReference Include="Otp.NET" Version="1.0.1" />
<PackageReference Include="YubicoDotNetClient" Version="1.0.0" />

13
src/Core/Identity/U2fTokenProvider.cs
View File

@ -7,10 +7,9 @@ using Bit.Core.Repositories;
using Newtonsoft.Json;
using System.Collections.Generic;
using System.Linq;
using u2flib.Data;
using u2flib;
using u2flib.Data.Messages;
using u2flib.Exceptions;
using U2fLib = U2F.Core.Crypto.U2F;
using U2F.Core.Models;
using U2F.Core.Exceptions;
namespace Bit.Core.Identity
{
@ -62,7 +61,7 @@ namespace Bit.Core.Identity
{
var registration = new DeviceRegistration(key.KeyHandleBytes, key.PublicKeyBytes,
key.CertificateBytes, key.Counter);
var auth = U2F.StartAuthentication(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings), registration);
var auth = U2fLib.StartAuthentication(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings), registration);
// Maybe move this to a bulk create when we support more than 1 key?
await _u2fRepository.CreateAsync(new U2f
@ -113,7 +112,7 @@ namespace Bit.Core.Identity
return false;
}
var authenticateResponse = DataObject.FromJson<AuthenticateResponse>(token);
var authenticateResponse = BaseModel.FromJson<AuthenticateResponse>(token);
var key = keys.FirstOrDefault(f => f.KeyHandle == authenticateResponse.KeyHandle);
if(key == null)
@ -141,7 +140,7 @@ namespace Bit.Core.Identity
try
{
var auth = new StartedAuthentication(challenge.Challenge, challenge.AppId, challenge.KeyHandle);
U2F.FinishAuthentication(auth, authenticateResponse, registration);
U2fLib.FinishAuthentication(auth, authenticateResponse, registration);
}
catch(U2fException)
{

15
src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -120,7 +120,14 @@ namespace Bit.Core.IdentityServer
{
var providerKeys = new List<byte>();
var providers = new Dictionary<byte, Dictionary<string, object>>();
foreach(var provider in user.GetTwoFactorProviders().Where(p => p.Value.Enabled))
var enabledProviders = user.GetTwoFactorProviders()?.Where(p => p.Value.Enabled);
if(enabledProviders == null)
{
BuildErrorResult(false, context);
return;
}
foreach(var provider in enabledProviders)
{
providerKeys.Add((byte)provider.Key);
var infoDict = await BuildTwoFactorParams(user, provider.Key, provider.Value);
@ -133,6 +140,12 @@ namespace Bit.Core.IdentityServer
{ "TwoFactorProviders", providers.Keys },
{ "TwoFactorProviders2", providers }
});
if(enabledProviders.Count() == 1 && enabledProviders.First().Key == TwoFactorProviderType.Email)
{
// Send email now if this is their only 2FA method
await _userService.SendTwoFactorEmailAsync(user);
}
}
private void BuildErrorResult(bool twoFactorRequest, ResourceOwnerPasswordValidationContext context)

2
src/Core/Models/TwoFactorProvider.cs
View File

@ -1,7 +1,7 @@
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using u2flib.Util;
using U2F.Core.Utils;
namespace Bit.Core.Models
{

13
src/Core/Services/Implementations/UserService.cs
View File

@ -12,10 +12,9 @@ using Bit.Core.Enums;
using System.Security.Claims;
using Bit.Core.Models;
using Bit.Core.Models.Business;
using u2flib.Data.Messages;
using u2flib.Util;
using u2flib;
using u2flib.Data;
using U2fLib = U2F.Core.Crypto.U2F;
using U2F.Core.Models;
using U2F.Core.Utils;
namespace Bit.Core.Services
{
@ -220,7 +219,7 @@ namespace Bit.Core.Services
public async Task<U2fRegistration> StartU2fRegistrationAsync(User user)
{
await _u2fRepository.DeleteManyByUserIdAsync(user.Id);
var reg = U2F.StartRegistration(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings));
var reg = U2fLib.StartRegistration(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings));
await _u2fRepository.CreateAsync(new U2f
{
AppId = reg.AppId,
@ -250,11 +249,11 @@ namespace Bit.Core.Services
return false;
}
var registerResponse = DataObject.FromJson<RegisterResponse>(deviceResponse);
var registerResponse = BaseModel.FromJson<RegisterResponse>(deviceResponse);
var challenge = challenges.OrderBy(i => i.Id).Last(i => i.KeyHandle == null);
var statedReg = new StartedRegistration(challenge.Challenge, challenge.AppId);
var reg = U2F.FinishRegistration(statedReg, registerResponse);
var reg = U2fLib.FinishRegistration(statedReg, registerResponse);
await _u2fRepository.DeleteManyByUserIdAsync(user.Id);