mirror of
https://github.com/bitwarden/server.git
synced 2025-01-15 20:41:35 +01:00
[Captcha] BUG Add null checks | Make ceiling default to zero (#1903)
* [Captcha] BUG Add null checks | Make ceiling default to zero * Formatting
This commit is contained in:
parent
7620433d7e
commit
7046aecfd5
@ -515,7 +515,7 @@ namespace Bit.Core.IdentityServer
|
|||||||
private async Task ResetFailedAuthDetailsAsync(User user)
|
private async Task ResetFailedAuthDetailsAsync(User user)
|
||||||
{
|
{
|
||||||
// Early escape if db hit not necessary
|
// Early escape if db hit not necessary
|
||||||
if (user.FailedLoginCount == 0)
|
if (user == null || user.FailedLoginCount == 0)
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -527,6 +527,11 @@ namespace Bit.Core.IdentityServer
|
|||||||
|
|
||||||
private async Task UpdateFailedAuthDetailsAsync(User user, bool twoFactorInvalid, bool unknownDevice)
|
private async Task UpdateFailedAuthDetailsAsync(User user, bool twoFactorInvalid, bool unknownDevice)
|
||||||
{
|
{
|
||||||
|
if (user == null)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
var utcNow = DateTime.UtcNow;
|
var utcNow = DateTime.UtcNow;
|
||||||
user.FailedLoginCount = ++user.FailedLoginCount;
|
user.FailedLoginCount = ++user.FailedLoginCount;
|
||||||
user.LastFailedLoginDate = user.RevisionDate = utcNow;
|
user.LastFailedLoginDate = user.RevisionDate = utcNow;
|
||||||
|
@ -62,7 +62,7 @@ namespace Bit.Core.IdentityServer
|
|||||||
string bypassToken = null;
|
string bypassToken = null;
|
||||||
var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
|
var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
|
||||||
var unknownDevice = !await KnownDeviceAsync(user, context.Request);
|
var unknownDevice = !await KnownDeviceAsync(user, context.Request);
|
||||||
if (unknownDevice && _captchaValidationService.RequireCaptchaValidation(_currentContext, user.FailedLoginCount))
|
if (unknownDevice && _captchaValidationService.RequireCaptchaValidation(_currentContext, user?.FailedLoginCount ?? 0))
|
||||||
{
|
{
|
||||||
var captchaResponse = context.Request.Raw["captchaResponse"]?.ToString();
|
var captchaResponse = context.Request.Raw["captchaResponse"]?.ToString();
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ namespace Bit.Core.Services
|
|||||||
{
|
{
|
||||||
string SiteKey { get; }
|
string SiteKey { get; }
|
||||||
string SiteKeyResponseKeyName { get; }
|
string SiteKeyResponseKeyName { get; }
|
||||||
bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount = null);
|
bool RequireCaptchaValidation(ICurrentContext currentContext, int failedLoginCount = 0);
|
||||||
Task<bool> ValidateCaptchaResponseAsync(string captchResponse, string clientIpAddress);
|
Task<bool> ValidateCaptchaResponseAsync(string captchResponse, string clientIpAddress);
|
||||||
string GenerateCaptchaBypassToken(User user);
|
string GenerateCaptchaBypassToken(User user);
|
||||||
bool ValidateCaptchaBypassToken(string encryptedToken, User user);
|
bool ValidateCaptchaBypassToken(string encryptedToken, User user);
|
||||||
|
@ -83,17 +83,17 @@ namespace Bit.Core.Services
|
|||||||
return root.GetProperty("success").GetBoolean();
|
return root.GetProperty("success").GetBoolean();
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount = null)
|
public bool RequireCaptchaValidation(ICurrentContext currentContext, int failedLoginCount = 0)
|
||||||
{
|
{
|
||||||
var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts.GetValueOrDefault();
|
var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts;
|
||||||
return currentContext.IsBot ||
|
return currentContext.IsBot ||
|
||||||
_globalSettings.Captcha.ForceCaptchaRequired ||
|
_globalSettings.Captcha.ForceCaptchaRequired ||
|
||||||
failedLoginCeiling > 0 && failedLoginCount.GetValueOrDefault() >= failedLoginCeiling;
|
failedLoginCeiling > 0 && failedLoginCount >= failedLoginCeiling;
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount)
|
public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount)
|
||||||
{
|
{
|
||||||
var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts.GetValueOrDefault();
|
var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts;
|
||||||
return unknownDevice && failedLoginCeiling > 0 && failedLoginCount == failedLoginCeiling;
|
return unknownDevice && failedLoginCeiling > 0 && failedLoginCount == failedLoginCeiling;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ namespace Bit.Core.Services
|
|||||||
{
|
{
|
||||||
public string SiteKeyResponseKeyName => null;
|
public string SiteKeyResponseKeyName => null;
|
||||||
public string SiteKey => null;
|
public string SiteKey => null;
|
||||||
public bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount) => false;
|
public bool RequireCaptchaValidation(ICurrentContext currentContext, int failedLoginCount = 0) => false;
|
||||||
public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount) => false;
|
public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount) => false;
|
||||||
public string GenerateCaptchaBypassToken(User user) => "";
|
public string GenerateCaptchaBypassToken(User user) => "";
|
||||||
public bool ValidateCaptchaBypassToken(string encryptedToken, User user) => false;
|
public bool ValidateCaptchaBypassToken(string encryptedToken, User user) => false;
|
||||||
|
@ -463,7 +463,7 @@ namespace Bit.Core.Settings
|
|||||||
public bool ForceCaptchaRequired { get; set; } = false;
|
public bool ForceCaptchaRequired { get; set; } = false;
|
||||||
public string HCaptchaSecretKey { get; set; }
|
public string HCaptchaSecretKey { get; set; }
|
||||||
public string HCaptchaSiteKey { get; set; }
|
public string HCaptchaSiteKey { get; set; }
|
||||||
public int? MaximumFailedLoginAttempts { get; set; }
|
public int MaximumFailedLoginAttempts { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public class StripeSettings
|
public class StripeSettings
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
"internalSso": null
|
"internalSso": null
|
||||||
},
|
},
|
||||||
"captcha": {
|
"captcha": {
|
||||||
"maximumFailedLoginAttempts": null
|
"maximumFailedLoginAttempts": 0
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user