passwordless signin email

src/Admin/Controllers/LoginController.cs

@@ -27,7 +27,8 @@ namespace Bit.Admin.Controllers
         {
             if(ModelState.IsValid)
             {
-                await _signInManager.PasswordlessSignInAsync(model.Email);
+                await _signInManager.PasswordlessSignInAsync(model.Email,
+                    Url.Action("Confirm", "Login", null, Request.Scheme));
                 return RedirectToAction("Index", "Home");
             }
 

src/Admin/Views/Login/Index.cshtml

@@ -3,8 +3,8 @@
     ViewData["Title"] = "Login";
 }
 
-<div class="row justify-content-md-center">
-    <div class="col-4">
+<div class="card w-50 m-auto">
+    <div class="card-body">
         <p>Please enter your email address below to log in.</p>
         <form asp-action="" method="post">
             <div asp-validation-summary="ModelOnly" class="text-danger"></div>
@@ -15,7 +15,8 @@
                 <span asp-validation-for="Email" class="invalid-feedback"></span>
                 <small class="form-text text-muted">We'll email you a secure login link.</small>
             </div>
-            <button class="btn btn-primary btn-block" type="submit">Continue</button>
+            <button class="btn btn-primary" type="submit">Continue</button>
         </form>
     </div>
 </div>
+

src/Billing/Controllers/LoginController.cs

@@ -27,7 +27,8 @@ namespace Billing.Controllers
         {
             if(ModelState.IsValid)
             {
-                var result = await _signInManager.PasswordlessSignInAsync(model.Email);
+                var result = await _signInManager.PasswordlessSignInAsync(model.Email,
+                    Url.Action("Confirm", "Login", null, Request.Scheme));
                 if(result.Succeeded)
                 {
                     return RedirectToAction("Index", "Home");

src/Core/Core.csproj

@@ -6,6 +6,12 @@
     <GenerateUserSecretsAttribute>false</GenerateUserSecretsAttribute>
   </PropertyGroup>
 
+  <ItemGroup>
+    <None Remove="MailTemplates\Markdown\PasswordlessSignIn.md" />
+    <None Remove="MailTemplates\Razor\PasswordlessSignIn.cshtml" />
+    <None Remove="MailTemplates\Razor\PasswordlessSignIn.text.cshtml" />
+  </ItemGroup>
+
   <ItemGroup>
     <EmbeddedResource Include="licensing.cer" />
     <EmbeddedResource Include="MailTemplates\Markdown\ChangeEmail.md" />
@@ -14,11 +20,14 @@
     <EmbeddedResource Include="MailTemplates\Markdown\NoMasterPasswordHint.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\OrganizationUserAccepted.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\OrganizationUserConfirmed.md" />
+    <EmbeddedResource Include="MailTemplates\Markdown\PasswordlessSignIn.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\OrganizationUserInvited.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\TwoFactorEmail.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\VerifyDelete.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\VerifyEmail.md" />
     <EmbeddedResource Include="MailTemplates\Markdown\Welcome.md" />
+    <EmbeddedResource Include="MailTemplates\Razor\PasswordlessSignIn.text.cshtml" />
+    <EmbeddedResource Include="MailTemplates\Razor\PasswordlessSignIn.cshtml" />
     <EmbeddedResource Include="MailTemplates\Razor\VerifyDelete.cshtml" />
     <EmbeddedResource Include="MailTemplates\Razor\VerifyDelete.text.cshtml" />
     <EmbeddedResource Include="MailTemplates\Razor\VerifyEmail.cshtml" />

src/Core/Identity/PasswordlessSignInManager.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Net;
 using System.Threading.Tasks;
+using Bit.Core.Services;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
@@ -13,17 +14,21 @@ namespace Bit.Core.Identity
     {
         public const string PasswordlessSignInPurpose = "PasswordlessSignIn";
 
+        private readonly IMailService _mailService;
+
         public PasswordlessSignInManager(UserManager<TUser> userManager,
             IHttpContextAccessor contextAccessor,
             IUserClaimsPrincipalFactory<TUser> claimsFactory,
             IOptions<IdentityOptions> optionsAccessor,
             ILogger<SignInManager<TUser>> logger,
-            IAuthenticationSchemeProvider schemes)
+            IAuthenticationSchemeProvider schemes,
+            IMailService mailService)
             : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
         {
+            _mailService = mailService;
         }
 
-        public async Task<SignInResult> PasswordlessSignInAsync(string email)
+        public async Task<SignInResult> PasswordlessSignInAsync(string email, string loginConfirmUrl)
         {
             var user = await UserManager.FindByEmailAsync(email);
             if(user == null)
@@ -33,10 +38,7 @@ namespace Bit.Core.Identity
 
             var token = await UserManager.GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider,
                 PasswordlessSignInPurpose);
-
-            // TODO: send email
-            var encodedToken = WebUtility.UrlEncode(token);
-
+            await _mailService.SendPasswordlessSignInAsync(loginConfirmUrl, token, email);
             return SignInResult.Success;
         }
 

src/Core/MailTemplates/Markdown/PasswordlessSignIn.md

@@ -0,0 +1,5 @@
+Click the following link to log in:
+
+<{{url}}>
+
+If you did not request to log in, you can safely ignore this email.

src/Core/MailTemplates/Razor/PasswordlessSignIn.cshtml

@@ -0,0 +1,11 @@
+@model Bit.Core.Models.Mail.PasswordlessSignInModel
+@{
+    Layout = "_BasicMailLayout";
+}
+<p>
+    Click the following link to log in:
+</p>
+<p><a href="@Raw(Model.Url)" target="_blank" clicktracking=off>@Model.Url</a></p>
+<p>
+    If you did not request to log in, you can safely ignore this email.
+</p>

src/Core/MailTemplates/Razor/PasswordlessSignIn.text.cshtml

@@ -0,0 +1,9 @@
+@model Bit.Core.Models.Mail.PasswordlessSignInModel
+@{
+    Layout = "_BasicMailLayout.text";
+}
+Click the following link to log in:
+
+@Raw(Model.Url)
+
+If you did not request to log in, you can safely ignore this email.

src/Core/Models/Mail/PasswordlessSignInModel.cs

@@ -0,0 +1,7 @@
+namespace Bit.Core.Models.Mail
+{
+    public class PasswordlessSignInModel
+    {
+        public string Url { get; set; }
+    }
+}

src/Core/Services/IMailService.cs

@@ -18,5 +18,6 @@ namespace Bit.Core.Services
         Task SendOrganizationInviteEmailAsync(string organizationName, OrganizationUser orgUser, string token);
         Task SendOrganizationAcceptedEmailAsync(string organizationName, string userEmail, IEnumerable<string> adminEmails);
         Task SendOrganizationConfirmedEmailAsync(string organizationName, string email);
+        Task SendPasswordlessSignInAsync(string baseUrl, string token, string email);
     }
-}
+}

src/Core/Services/Implementations/BackupMailService.cs

@@ -153,6 +153,19 @@ namespace Bit.Core.Services
             }
         }
 
+        public async Task SendPasswordlessSignInAsync(string baseUrl, string token, string email)
+        {
+            try
+            {
+                await _primaryMailService.SendPasswordlessSignInAsync(baseUrl, token, email);
+            }
+            catch(Exception e)
+            {
+                LogError(e);
+                await _backupMailService.SendPasswordlessSignInAsync(baseUrl, token, email);
+            }
+        }
+
         public async Task SendWelcomeEmailAsync(User user)
         {
             try

src/Core/Services/Implementations/MarkdownMailService.cs

@@ -170,6 +170,19 @@ namespace Bit.Core.Services
             await _mailDeliveryService.SendEmailAsync(message);
         }
 
+        public async Task SendPasswordlessSignInAsync(string baseUrl, string token, string email)
+        {
+            var model = new Dictionary<string, string>
+            {
+                ["url"] = string.Format("{0}?email={1}&token={2}", baseUrl, WebUtility.UrlEncode(email),
+                    WebUtility.UrlEncode(token))
+            };
+
+            var message = await CreateMessageAsync("Continue Logging In", email, "PasswordlessSignIn", model);
+            message.MetaData.Add("SendGridBypassListManagement", true);
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
+
         private async Task<MailMessage> CreateMessageAsync(string subject, string toEmail, string fileName,
             Dictionary<string, string> model)
         {

src/Core/Services/Implementations/RazorMailService.cs

@@ -203,6 +203,19 @@ namespace Bit.Core.Services
             await _mailDeliveryService.SendEmailAsync(message);
         }
 
+        public async Task SendPasswordlessSignInAsync(string baseUrl, string token, string email)
+        {
+            var message = CreateDefaultMessage("Continue Logging In", email);
+            var model = new PasswordlessSignInModel
+            {
+                Url = string.Format("{0}?email={1}&token={2}", baseUrl, WebUtility.UrlEncode(email),
+                    WebUtility.UrlEncode(token))
+            };
+            message.HtmlContent = await _engine.CompileRenderAsync("PasswordlessSignIn", model);
+            message.TextContent = await _engine.CompileRenderAsync("PasswordlessSignIn.text", model);
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
+
         private MailMessage CreateDefaultMessage(string subject, string toEmail)
         {
             return CreateDefaultMessage(subject, new List<string> { toEmail });

src/Core/Services/NoopImplementations/NoopMailService.cs

@@ -61,5 +61,10 @@ namespace Bit.Core.Services
         {
             return Task.FromResult(0);
         }
+
+        public Task SendPasswordlessSignInAsync(string baseUrl, string token, string email)
+        {
+            return Task.FromResult(0);
+        }
     }
 }