From 6ab2f4ff872b8ab75fe63cab96788058c5439175 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Tue, 11 Jun 2019 16:44:59 -0400 Subject: [PATCH] org invite exp hours configurable --- src/Core/GlobalSettings.cs | 1 + .../Implementations/OrganizationService.cs | 28 ++++++++++++++++++- src/Core/Utilities/CoreHelpers.cs | 24 ---------------- 3 files changed, 28 insertions(+), 25 deletions(-) diff --git a/src/Core/GlobalSettings.cs b/src/Core/GlobalSettings.cs index 709b9cca1..fc73a73dd 100644 --- a/src/Core/GlobalSettings.cs +++ b/src/Core/GlobalSettings.cs @@ -16,6 +16,7 @@ namespace Bit.Core public virtual string HibpBreachApiKey { get; set; } public virtual bool DisableUserRegistration { get; set; } public virtual bool DisableEmailNewDevice { get; set; } + public virtual int OrganizationInviteExpirationHours { get; set; } = 120; // 5 days public virtual InstallationSettings Installation { get; set; } = new InstallationSettings(); public virtual BaseServiceUriSettings BaseServiceUri { get; set; } = new BaseServiceUriSettings(); public virtual SqlSettings SqlServer { get; set; } = new SqlSettings(); diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs index 3af1be314..d2e048284 100644 --- a/src/Core/Services/Implementations/OrganizationService.cs +++ b/src/Core/Services/Implementations/OrganizationService.cs @@ -954,7 +954,7 @@ namespace Bit.Core.Services throw new BadRequestException("You are already part of this organization."); } - if(!CoreHelpers.UserInviteTokenIsValid(_dataProtector, token, user.Email, orgUser.Id)) + if(!UserInviteTokenIsValid(_dataProtector, token, user.Email, orgUser.Id)) { throw new BadRequestException("Invalid token."); } @@ -1411,5 +1411,31 @@ namespace Bit.Core.Services $"{plan.MaxAdditionalSeats.GetValueOrDefault(0)} additional users."); } } + + + + public bool UserInviteTokenIsValid(IDataProtector protector, string token, string userEmail, Guid orgUserId) + { + var invalid = true; + try + { + var unprotectedData = protector.Unprotect(token); + var dataParts = unprotectedData.Split(' '); + if(dataParts.Length == 4 && dataParts[0] == "OrganizationUserInvite" && + new Guid(dataParts[1]) == orgUserId && + dataParts[2].Equals(userEmail, StringComparison.InvariantCultureIgnoreCase)) + { + var creationTime = CoreHelpers.FromEpocMilliseconds(Convert.ToInt64(dataParts[3])); + var expTime = creationTime.AddHours(_globalSettings.OrganizationInviteExpirationHours); + invalid = expTime < DateTime.UtcNow; + } + } + catch + { + invalid = true; + } + + return !invalid; + } } } diff --git a/src/Core/Utilities/CoreHelpers.cs b/src/Core/Utilities/CoreHelpers.cs index a1a59a6d2..dcf53029b 100644 --- a/src/Core/Utilities/CoreHelpers.cs +++ b/src/Core/Utilities/CoreHelpers.cs @@ -472,30 +472,6 @@ namespace Bit.Core.Utilities return new Uri(string.Format("{0}?{1}", baseUri, queryCollection), uriKind); } - public static bool UserInviteTokenIsValid(IDataProtector protector, string token, - string userEmail, Guid orgUserId) - { - var invalid = true; - try - { - var unprotectedData = protector.Unprotect(token); - var dataParts = unprotectedData.Split(' '); - if(dataParts.Length == 4 && dataParts[0] == "OrganizationUserInvite" && - new Guid(dataParts[1]) == orgUserId && - dataParts[2].Equals(userEmail, StringComparison.InvariantCultureIgnoreCase)) - { - var creationTime = FromEpocMilliseconds(Convert.ToInt64(dataParts[3])); - invalid = creationTime.AddDays(5) < DateTime.UtcNow; - } - } - catch - { - invalid = true; - } - - return !invalid; - } - public static string CustomProviderName(TwoFactorProviderType type) { return string.Concat("Custom_", type.ToString());