From 707a39972b83a0c7958c5f9fb07d69415918b280 Mon Sep 17 00:00:00 2001 From: Addison Beck Date: Mon, 3 Oct 2022 11:37:37 -0400 Subject: [PATCH] [SG-617] [SG-697] [SG-686] Fix various minor passwordless bugs (#2320) * Only push auth request responses if the request is approved * Add error message when an unknown device tries to send an auth request * Send the vault URL for self hosted auth requests --- src/Api/Controllers/AuthRequestsController.cs | 15 ++++++++------- .../Models/Response/AuthRequestResponseModel.cs | 5 +++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/Api/Controllers/AuthRequestsController.cs b/src/Api/Controllers/AuthRequestsController.cs index 7cb491104..a155d3f31 100644 --- a/src/Api/Controllers/AuthRequestsController.cs +++ b/src/Api/Controllers/AuthRequestsController.cs @@ -46,7 +46,7 @@ public class AuthRequestsController : Controller { var userId = _userService.GetProperUserId(User).Value; var authRequests = await _authRequestRepository.GetManyByUserIdAsync(userId); - var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.SelfHosted)).ToList(); + var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings)).ToList(); return new ListResponseModel(responses); } @@ -60,7 +60,7 @@ public class AuthRequestsController : Controller throw new NotFoundException(); } - return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted); + return new AuthRequestResponseModel(authRequest, _globalSettings); } [HttpGet("{id}/response")] @@ -73,7 +73,7 @@ public class AuthRequestsController : Controller throw new NotFoundException(); } - return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted); + return new AuthRequestResponseModel(authRequest, _globalSettings); } [HttpPost("")] @@ -94,7 +94,7 @@ public class AuthRequestsController : Controller var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id); if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier)) { - throw new NotFoundException(); + throw new BadRequestException("Login with device is only available on devices that have been previously logged in."); } } @@ -111,7 +111,8 @@ public class AuthRequestsController : Controller }; authRequest = await _authRequestRepository.CreateAsync(authRequest); await _pushNotificationService.PushAuthRequestAsync(authRequest); - return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted); + var r = new AuthRequestResponseModel(authRequest, _globalSettings); + return r; } [HttpPut("{id}")] @@ -137,9 +138,9 @@ public class AuthRequestsController : Controller authRequest.ResponseDeviceId = device.Id; authRequest.ResponseDate = DateTime.UtcNow; await _authRequestRepository.ReplaceAsync(authRequest); + await _pushNotificationService.PushAuthRequestResponseAsync(authRequest); } - await _pushNotificationService.PushAuthRequestResponseAsync(authRequest); - return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted); + return new AuthRequestResponseModel(authRequest, _globalSettings); } } diff --git a/src/Api/Models/Response/AuthRequestResponseModel.cs b/src/Api/Models/Response/AuthRequestResponseModel.cs index 488dd7848..153140328 100644 --- a/src/Api/Models/Response/AuthRequestResponseModel.cs +++ b/src/Api/Models/Response/AuthRequestResponseModel.cs @@ -3,12 +3,13 @@ using System.Reflection; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Models.Api; +using Bit.Core.Settings; namespace Bit.Api.Models.Response; public class AuthRequestResponseModel : ResponseModel { - public AuthRequestResponseModel(AuthRequest authRequest, bool isSelfHosted, string obj = "auth-request") + public AuthRequestResponseModel(AuthRequest authRequest, IGlobalSettings globalSettings, string obj = "auth-request") : base(obj) { if (authRequest == null) @@ -27,7 +28,7 @@ public class AuthRequestResponseModel : ResponseModel CreationDate = authRequest.CreationDate; RequestApproved = !string.IsNullOrWhiteSpace(Key) && (authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash)); - Origin = Origin = isSelfHosted ? "SelfHosted" : "bitwarden.com"; + Origin = globalSettings.SelfHosted ? globalSettings.BaseServiceUri.Vault : "bitwarden.com"; } public string Id { get; set; }