Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity

Make WebAuthn a Free Method (#3217)

Browse Source 
* make webauthn method free

* flip premium params

* remove premium checks
This commit is contained in:
rr-bw 2023-08-31 11:25:23 -07:00 committed by GitHub
parent ba53208c93
commit 6db02e2e5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Api/Auth/Controllers/TwoFactorController.cs
View File

@ -236,7 +236,7 @@ public class TwoFactorController : Controller
[HttpPost("get-webauthn")] [HttpPost("get-webauthn")]
public async Task<TwoFactorWebAuthnResponseModel> GetWebAuthn([FromBody] SecretVerificationRequestModel model) public async Task<TwoFactorWebAuthnResponseModel> GetWebAuthn([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, true); var user = await CheckAsync(model, false);
var response = new TwoFactorWebAuthnResponseModel(user); var response = new TwoFactorWebAuthnResponseModel(user);
return response; return response;
} }
@ -245,7 +245,7 @@ public class TwoFactorController : Controller
[ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly [ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly
public async Task<CredentialCreateOptions> GetWebAuthnChallenge([FromBody] SecretVerificationRequestModel model) public async Task<CredentialCreateOptions> GetWebAuthnChallenge([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, true); var user = await CheckAsync(model, false);
var reg = await _userService.StartWebAuthnRegistrationAsync(user); var reg = await _userService.StartWebAuthnRegistrationAsync(user);
return reg; return reg;
} }
@ -254,7 +254,7 @@ public class TwoFactorController : Controller
[HttpPost("webauthn")] [HttpPost("webauthn")]
public async Task<TwoFactorWebAuthnResponseModel> PutWebAuthn([FromBody] TwoFactorWebAuthnRequestModel model) public async Task<TwoFactorWebAuthnResponseModel> PutWebAuthn([FromBody] TwoFactorWebAuthnRequestModel model)
{ {
var user = await CheckAsync(model, true); var user = await CheckAsync(model, false);
var success = await _userService.CompleteWebAuthRegistrationAsync( var success = await _userService.CompleteWebAuthRegistrationAsync(
user, model.Id.Value, model.Name, model.DeviceResponse); user, model.Id.Value, model.Name, model.DeviceResponse);
@ -271,7 +271,7 @@ public class TwoFactorController : Controller
public async Task<TwoFactorWebAuthnResponseModel> DeleteWebAuthn( public async Task<TwoFactorWebAuthnResponseModel> DeleteWebAuthn(
[FromBody] TwoFactorWebAuthnDeleteRequestModel model) [FromBody] TwoFactorWebAuthnDeleteRequestModel model)
{ {
var user = await CheckAsync(model, true); var user = await CheckAsync(model, false);
await _userService.DeleteWebAuthnKeyAsync(user, model.Id.Value); await _userService.DeleteWebAuthnKeyAsync(user, model.Id.Value);
var response = new TwoFactorWebAuthnResponseModel(user); var response = new TwoFactorWebAuthnResponseModel(user);
return response; return response;

10
src/Core/Auth/Identity/WebAuthnTokenProvider.cs
View File

@ -28,10 +28,6 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user) public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
{ {
var userService = _serviceProvider.GetRequiredService<IUserService>(); var userService = _serviceProvider.GetRequiredService<IUserService>();
if (!(await userService.CanAccessPremium(user)))
{
return false;
}
var webAuthnProvider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn); var webAuthnProvider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
if (!HasProperMetaData(webAuthnProvider)) if (!HasProperMetaData(webAuthnProvider))
@ -45,10 +41,6 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user) public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
{ {
var userService = _serviceProvider.GetRequiredService<IUserService>(); var userService = _serviceProvider.GetRequiredService<IUserService>();
if (!(await userService.CanAccessPremium(user)))
{
return null;
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn); var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
var keys = LoadKeys(provider); var keys = LoadKeys(provider);
@ -81,7 +73,7 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user) public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
{ {
var userService = _serviceProvider.GetRequiredService<IUserService>(); var userService = _serviceProvider.GetRequiredService<IUserService>();
if (!(await userService.CanAccessPremium(user)) || string.IsNullOrWhiteSpace(token)) if (string.IsNullOrWhiteSpace(token))
{ {
return false; return false;
} }

1
src/Core/Auth/Models/TwoFactorProvider.cs
View File

@ -57,7 +57,6 @@ public class TwoFactorProvider
case TwoFactorProviderType.Duo: case TwoFactorProviderType.Duo:
case TwoFactorProviderType.YubiKey: case TwoFactorProviderType.YubiKey:
case TwoFactorProviderType.U2f: // Keep to ensure old U2f keys are considered premium case TwoFactorProviderType.U2f: // Keep to ensure old U2f keys are considered premium
case TwoFactorProviderType.WebAuthn:
return true; return true;
default: default:
return false; return false;