1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

[SG-617] [SG-697] [SG-686] Fix various minor passwordless bugs (#2320)

* Only push auth request responses if the request is approved

* Add error message when an unknown device tries to send an auth request

* Send the vault URL for self hosted auth requests
This commit is contained in:
Addison Beck 2022-10-03 11:37:37 -04:00 committed by GitHub
parent c8783ced6d
commit 707a39972b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 9 deletions

View File

@ -46,7 +46,7 @@ public class AuthRequestsController : Controller
{
var userId = _userService.GetProperUserId(User).Value;
var authRequests = await _authRequestRepository.GetManyByUserIdAsync(userId);
var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.SelfHosted)).ToList();
var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings)).ToList();
return new ListResponseModel<AuthRequestResponseModel>(responses);
}
@ -60,7 +60,7 @@ public class AuthRequestsController : Controller
throw new NotFoundException();
}
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
return new AuthRequestResponseModel(authRequest, _globalSettings);
}
[HttpGet("{id}/response")]
@ -73,7 +73,7 @@ public class AuthRequestsController : Controller
throw new NotFoundException();
}
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
return new AuthRequestResponseModel(authRequest, _globalSettings);
}
[HttpPost("")]
@ -94,7 +94,7 @@ public class AuthRequestsController : Controller
var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier))
{
throw new NotFoundException();
throw new BadRequestException("Login with device is only available on devices that have been previously logged in.");
}
}
@ -111,7 +111,8 @@ public class AuthRequestsController : Controller
};
authRequest = await _authRequestRepository.CreateAsync(authRequest);
await _pushNotificationService.PushAuthRequestAsync(authRequest);
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
var r = new AuthRequestResponseModel(authRequest, _globalSettings);
return r;
}
[HttpPut("{id}")]
@ -137,9 +138,9 @@ public class AuthRequestsController : Controller
authRequest.ResponseDeviceId = device.Id;
authRequest.ResponseDate = DateTime.UtcNow;
await _authRequestRepository.ReplaceAsync(authRequest);
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
}
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
return new AuthRequestResponseModel(authRequest, _globalSettings);
}
}

View File

@ -3,12 +3,13 @@ using System.Reflection;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Api;
using Bit.Core.Settings;
namespace Bit.Api.Models.Response;
public class AuthRequestResponseModel : ResponseModel
{
public AuthRequestResponseModel(AuthRequest authRequest, bool isSelfHosted, string obj = "auth-request")
public AuthRequestResponseModel(AuthRequest authRequest, IGlobalSettings globalSettings, string obj = "auth-request")
: base(obj)
{
if (authRequest == null)
@ -27,7 +28,7 @@ public class AuthRequestResponseModel : ResponseModel
CreationDate = authRequest.CreationDate;
RequestApproved = !string.IsNullOrWhiteSpace(Key) &&
(authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash));
Origin = Origin = isSelfHosted ? "SelfHosted" : "bitwarden.com";
Origin = globalSettings.SelfHosted ? globalSettings.BaseServiceUri.Vault : "bitwarden.com";
}
public string Id { get; set; }