mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
[SG-617] [SG-697] [SG-686] Fix various minor passwordless bugs (#2320)
* Only push auth request responses if the request is approved * Add error message when an unknown device tries to send an auth request * Send the vault URL for self hosted auth requests
This commit is contained in:
parent
c8783ced6d
commit
707a39972b
@ -46,7 +46,7 @@ public class AuthRequestsController : Controller
|
||||
{
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
var authRequests = await _authRequestRepository.GetManyByUserIdAsync(userId);
|
||||
var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.SelfHosted)).ToList();
|
||||
var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings)).ToList();
|
||||
return new ListResponseModel<AuthRequestResponseModel>(responses);
|
||||
}
|
||||
|
||||
@ -60,7 +60,7 @@ public class AuthRequestsController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings);
|
||||
}
|
||||
|
||||
[HttpGet("{id}/response")]
|
||||
@ -73,7 +73,7 @@ public class AuthRequestsController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings);
|
||||
}
|
||||
|
||||
[HttpPost("")]
|
||||
@ -94,7 +94,7 @@ public class AuthRequestsController : Controller
|
||||
var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
|
||||
if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier))
|
||||
{
|
||||
throw new NotFoundException();
|
||||
throw new BadRequestException("Login with device is only available on devices that have been previously logged in.");
|
||||
}
|
||||
}
|
||||
|
||||
@ -111,7 +111,8 @@ public class AuthRequestsController : Controller
|
||||
};
|
||||
authRequest = await _authRequestRepository.CreateAsync(authRequest);
|
||||
await _pushNotificationService.PushAuthRequestAsync(authRequest);
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
|
||||
var r = new AuthRequestResponseModel(authRequest, _globalSettings);
|
||||
return r;
|
||||
}
|
||||
|
||||
[HttpPut("{id}")]
|
||||
@ -137,9 +138,9 @@ public class AuthRequestsController : Controller
|
||||
authRequest.ResponseDeviceId = device.Id;
|
||||
authRequest.ResponseDate = DateTime.UtcNow;
|
||||
await _authRequestRepository.ReplaceAsync(authRequest);
|
||||
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
|
||||
}
|
||||
|
||||
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
|
||||
return new AuthRequestResponseModel(authRequest, _globalSettings);
|
||||
}
|
||||
}
|
||||
|
@ -3,12 +3,13 @@ using System.Reflection;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Api;
|
||||
using Bit.Core.Settings;
|
||||
|
||||
namespace Bit.Api.Models.Response;
|
||||
|
||||
public class AuthRequestResponseModel : ResponseModel
|
||||
{
|
||||
public AuthRequestResponseModel(AuthRequest authRequest, bool isSelfHosted, string obj = "auth-request")
|
||||
public AuthRequestResponseModel(AuthRequest authRequest, IGlobalSettings globalSettings, string obj = "auth-request")
|
||||
: base(obj)
|
||||
{
|
||||
if (authRequest == null)
|
||||
@ -27,7 +28,7 @@ public class AuthRequestResponseModel : ResponseModel
|
||||
CreationDate = authRequest.CreationDate;
|
||||
RequestApproved = !string.IsNullOrWhiteSpace(Key) &&
|
||||
(authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash));
|
||||
Origin = Origin = isSelfHosted ? "SelfHosted" : "bitwarden.com";
|
||||
Origin = globalSettings.SelfHosted ? globalSettings.BaseServiceUri.Vault : "bitwarden.com";
|
||||
}
|
||||
|
||||
public string Id { get; set; }
|
||||
|
Loading…
Reference in New Issue
Block a user