diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs index 2f8a308ba..eeb44830d 100644 --- a/src/Api/Controllers/AccountsController.cs +++ b/src/Api/Controllers/AccountsController.cs @@ -210,7 +210,7 @@ namespace Bit.Api.Controllers throw new BadRequestException("MasterPasswordHash", "Invalid password."); } - if(!await _userManager.VerifyTwoFactorTokenAsync(user, "Authenticator", model.Token)) + if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token)) { await Task.Delay(2000); throw new BadRequestException("Token", "Invalid token."); @@ -247,7 +247,7 @@ namespace Bit.Api.Controllers throw new BadRequestException("MasterPasswordHash", "Invalid password."); } - if(!await _userManager.VerifyTwoFactorTokenAsync(user, "Authenticator", model.Token)) + if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token)) { await Task.Delay(2000); throw new BadRequestException("Token", "Invalid token."); diff --git a/src/Api/IdentityServer/ResourceOwnerPasswordValidator.cs b/src/Api/IdentityServer/ResourceOwnerPasswordValidator.cs index 53e414776..cd439e9b3 100644 --- a/src/Api/IdentityServer/ResourceOwnerPasswordValidator.cs +++ b/src/Api/IdentityServer/ResourceOwnerPasswordValidator.cs @@ -76,14 +76,21 @@ namespace Bit.Api.IdentityServer { if(await _userManager.CheckPasswordAsync(user, context.Password)) { + TwoFactorProviderType twoFactorProviderType = TwoFactorProviderType.Authenticator; // Just defaulting it if(!twoFactorRequest && await TwoFactorRequiredAsync(user)) { BuildTwoFactorResult(user, context); return; } + if(twoFactorRequest && !Enum.TryParse(twoFactorProvider, out twoFactorProviderType)) + { + BuildTwoFactorResult(user, context); + return; + } + if(!twoFactorRequest || - await _userManager.VerifyTwoFactorTokenAsync(user, twoFactorProvider, twoFactorToken)) + await _userManager.VerifyTwoFactorTokenAsync(user, twoFactorProviderType.ToString(), twoFactorToken)) { var device = await SaveDeviceAsync(user, context); BuildSuccessResult(user, context, device); diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index 381a40be0..64345bb9f 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -30,6 +30,7 @@ using Bit.Core.Utilities; using Serilog; using Serilog.Events; using Bit.Api.IdentityServer; +using Bit.Core.Enums; namespace Bit.Api { @@ -150,7 +151,7 @@ namespace Bit.Api }) .AddUserStore() .AddRoleStore() - .AddTokenProvider("Authenticator") + .AddTokenProvider(TwoFactorProviderType.Authenticator.ToString()) .AddTokenProvider>(TokenOptions.DefaultEmailProvider); var jwtIdentityOptions = provider.GetRequiredService>().Value; diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs index 2d1ea56cf..343712ad8 100644 --- a/src/Core/Services/Implementations/UserService.cs +++ b/src/Core/Services/Implementations/UserService.cs @@ -273,13 +273,13 @@ namespace Bit.Core.Services return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch()); } - public async Task GetTwoFactorAsync(User user, Enums.TwoFactorProviderType provider) + public async Task GetTwoFactorAsync(User user, TwoFactorProviderType provider) { if(user.TwoFactorEnabled && user.TwoFactorProvider.HasValue && user.TwoFactorProvider.Value == provider) { switch(provider) { - case Enums.TwoFactorProviderType.Authenticator: + case TwoFactorProviderType.Authenticator: if(!string.IsNullOrWhiteSpace(user.AuthenticatorKey)) { return; @@ -296,7 +296,7 @@ namespace Bit.Core.Services switch(provider) { - case Enums.TwoFactorProviderType.Authenticator: + case TwoFactorProviderType.Authenticator: var key = KeyGeneration.GenerateRandomKey(20); user.AuthenticatorKey = Base32Encoding.ToString(key); break;