1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-03 14:03:33 +01:00

Duo WebSDK Token Provider

This commit is contained in:
Kyle Spearrin 2017-06-21 00:04:25 -04:00
parent 4d6d3c97a3
commit 7095ae0ea1
5 changed files with 83 additions and 1 deletions

View File

@ -42,6 +42,9 @@
"yubico": {
"clientid": "SECRET",
"key": "SECRET"
},
"duo": {
"aKey": "SECRET"
}
},
"IpRateLimitOptions": {

View File

@ -16,6 +16,7 @@
public virtual DocumentDbSettings DocumentDb { get; set; } = new DocumentDbSettings();
public virtual NotificationHubSettings NotificationHub { get; set; } = new NotificationHubSettings();
public virtual YubicoSettings Yubico { get; set; } = new YubicoSettings();
public virtual DuoSettings Duo { get; set; } = new DuoSettings();
public class SqlServerSettings
{
@ -85,5 +86,10 @@
public string ClientId { get; set; }
public string Key { get; set; }
}
public class DuoSettings
{
public string AKey { get; set; }
}
}
}

View File

@ -0,0 +1,66 @@
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Bit.Core.Models.Table;
using Bit.Core.Enums;
using Bit.Core.Utilities.Duo;
using System;
using Bit.Core.Models;
namespace Bit.Core.Identity
{
public class DuoWebTokenProvider : IUserTwoFactorTokenProvider<User>
{
private readonly GlobalSettings _globalSettings;
public DuoWebTokenProvider(GlobalSettings globalSettings)
{
_globalSettings = globalSettings;
}
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo) && HasProperMetaData(provider);
return Task.FromResult(canGenerate);
}
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
if(!HasProperMetaData(provider))
{
return Task.FromResult<string>(null);
}
var signatureRequest = DuoWeb.SignRequest(provider.MetaData["IKey"], provider.MetaData["SKey"],
_globalSettings.Duo.AKey, user.Id.ToString());
return Task.FromResult(signatureRequest);
}
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
if(!HasProperMetaData(provider))
{
return Task.FromResult(false);
}
var response = DuoWeb.VerifyResponse(provider.MetaData["IKey"], provider.MetaData["SKey"],
_globalSettings.Duo.AKey, token);
Guid userId;
if(!Guid.TryParse(response, out userId))
{
return Task.FromResult(false);
}
return Task.FromResult(userId == user.Id);
}
private bool HasProperMetaData(TwoFactorProvider provider)
{
return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
}
}
}

View File

@ -99,7 +99,7 @@ namespace Bit.Core.Utilities
.AddRoleStore<RoleStore>()
.AddTokenProvider<AuthenticatorTokenProvider>(TwoFactorProviderType.Authenticator.ToString())
.AddTokenProvider<YubicoOtpTokenProvider>(TwoFactorProviderType.YubiKey.ToString())
.AddTokenProvider<DuoTokenProvider>(TwoFactorProviderType.Duo.ToString())
.AddTokenProvider<DuoWebTokenProvider>(TwoFactorProviderType.Duo.ToString())
.AddTokenProvider<EmailTokenProvider<User>>(TokenOptions.DefaultEmailProvider);
return identityBuilder;

View File

@ -34,6 +34,13 @@
"notificationHub": {
"connectionString": "SECRET",
"hubName": "SECRET"
},
"yubico": {
"clientid": "SECRET",
"key": "SECRET"
},
"duo": {
"aKey": "SECRET"
}
}
}