[Captcha] BUG Add null checks | Make ceiling default to zero (#1903)

* [Captcha] BUG Add null checks | Make ceiling default to zero * Formatting
2024-12-26 17:37:36 +01:00 · 2022-03-09 12:07:06 -06:00 · 2022-03-09 12:07:06 -06:00 · 7046aecfd5
commit 7046aecfd5
parent 7620433d7e
7 changed files with 15 additions and 10 deletions
--- a/src/Core/IdentityServer/BaseRequestValidator.cs
+++ b/src/Core/IdentityServer/BaseRequestValidator.cs
@ -515,7 +515,7 @@ namespace Bit.Core.IdentityServer
        private async Task ResetFailedAuthDetailsAsync(User user)
        {
            // Early escape if db hit not necessary
-            if (user.FailedLoginCount == 0)
+            if (user == null || user.FailedLoginCount == 0)
            {
                return;
            }
@ -527,6 +527,11 @@ namespace Bit.Core.IdentityServer

        private async Task UpdateFailedAuthDetailsAsync(User user, bool twoFactorInvalid, bool unknownDevice)
        {
+            if (user == null)
+            {
+                return;
+            }
+
            var utcNow = DateTime.UtcNow;
            user.FailedLoginCount = ++user.FailedLoginCount;
            user.LastFailedLoginDate = user.RevisionDate = utcNow;
--- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
@ -62,7 +62,7 @@ namespace Bit.Core.IdentityServer
            string bypassToken = null;
            var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
            var unknownDevice = !await KnownDeviceAsync(user, context.Request);
-            if (unknownDevice && _captchaValidationService.RequireCaptchaValidation(_currentContext, user.FailedLoginCount))
+            if (unknownDevice && _captchaValidationService.RequireCaptchaValidation(_currentContext, user?.FailedLoginCount ?? 0))
            {
                var captchaResponse = context.Request.Raw["captchaResponse"]?.ToString();

--- a/src/Core/Services/ICaptchaValidationService.cs
+++ b/src/Core/Services/ICaptchaValidationService.cs
@ -8,7 +8,7 @@ namespace Bit.Core.Services
    {
        string SiteKey { get; }
        string SiteKeyResponseKeyName { get; }
-        bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount = null);
+        bool RequireCaptchaValidation(ICurrentContext currentContext, int failedLoginCount = 0);
        Task<bool> ValidateCaptchaResponseAsync(string captchResponse, string clientIpAddress);
        string GenerateCaptchaBypassToken(User user);
        bool ValidateCaptchaBypassToken(string encryptedToken, User user);
--- a/src/Core/Services/Implementations/HCaptchaValidationService.cs
+++ b/src/Core/Services/Implementations/HCaptchaValidationService.cs
@ -83,17 +83,17 @@ namespace Bit.Core.Services
            return root.GetProperty("success").GetBoolean();
        }

-        public bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount = null)
+        public bool RequireCaptchaValidation(ICurrentContext currentContext, int failedLoginCount = 0)
        {
-            var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts.GetValueOrDefault();
+            var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts;
            return currentContext.IsBot ||
                   _globalSettings.Captcha.ForceCaptchaRequired ||
-                   failedLoginCeiling > 0 && failedLoginCount.GetValueOrDefault() >= failedLoginCeiling;
+                   failedLoginCeiling > 0 && failedLoginCount >= failedLoginCeiling;
        }

        public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount)
        {
-            var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts.GetValueOrDefault();
+            var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts;
            return unknownDevice && failedLoginCeiling > 0 && failedLoginCount == failedLoginCeiling;
        }

--- a/src/Core/Services/NoopImplementations/NoopCaptchaValidationService.cs
+++ b/src/Core/Services/NoopImplementations/NoopCaptchaValidationService.cs
@ -8,7 +8,7 @@ namespace Bit.Core.Services
    {
        public string SiteKeyResponseKeyName => null;
        public string SiteKey => null;
-        public bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount) => false;
+        public bool RequireCaptchaValidation(ICurrentContext currentContext, int failedLoginCount = 0) => false;
        public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount) => false;
        public string GenerateCaptchaBypassToken(User user) => "";
        public bool ValidateCaptchaBypassToken(string encryptedToken, User user) => false;
--- a/src/Core/Settings/GlobalSettings.cs
+++ b/src/Core/Settings/GlobalSettings.cs
@ -463,7 +463,7 @@ namespace Bit.Core.Settings
            public bool ForceCaptchaRequired { get; set; } = false;
            public string HCaptchaSecretKey { get; set; }
            public string HCaptchaSiteKey { get; set; }
-            public int? MaximumFailedLoginAttempts { get; set; }
+            public int MaximumFailedLoginAttempts { get; set; }
        }

        public class StripeSettings
--- a/src/Identity/appsettings.SelfHosted.json
+++ b/src/Identity/appsettings.SelfHosted.json
@ -15,7 +15,7 @@
      "internalSso": null
    },
    "captcha": {
-      "maximumFailedLoginAttempts": null
+      "maximumFailedLoginAttempts": 0
    }
  }
 }