Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-22 21:51:22 +01:00
Code Issues Projects Releases Wiki Activity

"user key" schema and api changes

Browse Source
This commit is contained in:
Kyle Spearrin 2017-05-31 09:54:32 -04:00
parent bdce4064b2
commit a01d5d9a51
16 changed files with 97 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/Api/Controllers/AccountsController.cs
View File

@ -78,23 +78,8 @@ namespace Bit.Api.Controllers
public async Task PutEmail([FromBody]EmailRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
// NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
var result = await _userService.ChangeEmailAsync(
user,
model.MasterPasswordHash,
model.NewEmail,
model.NewMasterPasswordHash,
model.Token,
ciphers,
folders,
model.Data.PrivateKey);
var result = await _userService.ChangeEmailAsync(user, model.MasterPasswordHash, model.NewEmail,
model.NewMasterPasswordHash, model.Token, model.Key);
if(result.Succeeded)
{
return;
@ -112,22 +97,43 @@ namespace Bit.Api.Controllers
[HttpPut("password")]
[HttpPost("password")]
public async Task PutPassword([FromBody]PasswordRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
var result = await _userService.ChangePasswordAsync(user, model.MasterPasswordHash,
model.NewMasterPasswordHash, model.Key);
if(result.Succeeded)
{
return;
}
foreach(var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
await Task.Delay(2000);
throw new BadRequestException(ModelState);
}
[HttpPut("key")]
[HttpPost("key")]
public async Task PutKey([FromBody]UpdateKeyRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
// NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Folders.Select(c => c.ToFolder(user.Id));
var result = await _userService.ChangePasswordAsync(
var result = await _userService.UpdateKeyAsync(
user,
model.MasterPasswordHash,
model.NewMasterPasswordHash,
model.Key,
model.PrivateKey,
ciphers,
folders,
model.Data.PrivateKey);
folders);
if(result.Succeeded)
{

2
src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs
View File

@ -18,6 +18,6 @@ namespace Bit.Core.Models.Api
[Required]
public string Token { get; set; }
[Required]
public DataReloadRequestModel Data { get; set; }
public string Key { get; set; }
}
}

2
src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs
View File

@ -12,6 +12,6 @@ namespace Bit.Core.Models.Api
[StringLength(300)]
public string NewMasterPasswordHash { get; set; }
[Required]
public DataReloadRequestModel Data { get; set; }
public string Key { get; set; }
}
}

6
src/Core/Models/Api/Request/Accounts/RegisterRequestModel.cs
View File

@ -16,6 +16,7 @@ namespace Bit.Core.Models.Api
public string MasterPasswordHash { get; set; }
[StringLength(50)]
public string MasterPasswordHint { get; set; }
public string Key { get; set; }
public KeysRequestModel Keys { get; set; }
public User ToUser()
@ -27,6 +28,11 @@ namespace Bit.Core.Models.Api
MasterPasswordHint = MasterPasswordHint
};
if(Key != null)
{
user.Key = Key;
}
if(Keys != null)
{
Keys.ToUser(user);

7
src/Core/Models/Api/Request/DataReloadRequestModel.cs → src/Core/Models/Api/Request/Accounts/UpdateKeyRequestModel.cs
View File

@ -3,13 +3,18 @@ using System.ComponentModel.DataAnnotations;
namespace Bit.Core.Models.Api
{
public class DataReloadRequestModel
public class UpdateKeyRequestModel
{
[Required]
[StringLength(300)]
public string MasterPasswordHash { get; set; }
[Required]
public IEnumerable<LoginWithIdRequestModel> Ciphers { get; set; }
[Required]
public IEnumerable<FolderWithIdRequestModel> Folders { get; set; }
[Required]
public string PrivateKey { get; set; }
[Required]
public string Key { get; set; }
}
}

2
src/Core/Models/Api/Response/KeysResponseModel.cs
View File

@ -13,10 +13,12 @@ namespace Bit.Core.Models.Api
throw new ArgumentNullException(nameof(user));
}
Key = user.Key;
PublicKey = user.PublicKey;
PrivateKey = user.PrivateKey;
}
public string Key { get; set; }
public string PublicKey { get; set; }
public string PrivateKey { get; set; }
}

1
src/Core/Models/Table/User.cs
View File

@ -21,6 +21,7 @@ namespace Bit.Core.Models.Table
public string EquivalentDomains { get; set; }
public string ExcludedGlobalEquivalentDomains { get; set; }
public DateTime AccountRevisionDate { get; internal set; } = DateTime.UtcNow;
public string Key { get; set; }
public string PublicKey { get; set; }
public string PrivateKey { get; set; }
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;

2
src/Core/Repositories/ICipherRepository.cs
View File

@ -19,7 +19,7 @@ namespace Bit.Core.Repositories
Task UpsertAsync(CipherDetails cipher);
Task ReplaceAsync(Cipher obj, IEnumerable<Guid> collectionIds);
Task UpdatePartialAsync(Guid id, Guid userId, Guid? folderId, bool favorite);
Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
Task UpdateUserKeysAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
Task CreateAsync(IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
}
}

10
src/Core/Repositories/SqlServer/CipherRepository.cs
View File

@ -176,7 +176,7 @@ namespace Bit.Core.Repositories.SqlServer
}
}
public Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
public Task UpdateUserKeysAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
{
using(var connection = new SqlConnection(ConnectionString))
{
@ -188,14 +188,13 @@ namespace Bit.Core.Repositories.SqlServer
{
// 1. Update user.
using(var cmd = new SqlCommand("[dbo].[User_UpdateEmailPassword]", connection, transaction))
using(var cmd = new SqlCommand("[dbo].[User_UpdateKeys]", connection, transaction))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@Id", SqlDbType.UniqueIdentifier).Value = user.Id;
cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = user.Email;
cmd.Parameters.Add("@EmailVerified", SqlDbType.NVarChar).Value = user.EmailVerified;
cmd.Parameters.Add("@MasterPassword", SqlDbType.NVarChar).Value = user.MasterPassword;
cmd.Parameters.Add("@SecurityStamp", SqlDbType.NVarChar).Value = user.SecurityStamp;
cmd.Parameters.Add("@Key", SqlDbType.VarChar).Value = user.Key;
if(string.IsNullOrWhiteSpace(user.PrivateKey))
{
cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = DBNull.Value;
@ -204,6 +203,7 @@ namespace Bit.Core.Repositories.SqlServer
{
cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey;
}
cmd.Parameters.Add("@RevisionDate", SqlDbType.DateTime2).Value = user.RevisionDate;
cmd.ExecuteNonQuery();
}

11
src/Core/Services/IUserService.cs
View File

@ -18,14 +18,15 @@ namespace Bit.Core.Services
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
Task SendMasterPasswordHintAsync(string email);
Task InitiateEmailChangeAsync(User user, string newEmail);
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
string token, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey);
Task<IdentityResult> ChangePasswordAsync(User user, string currentMasterPasswordHash, string newMasterPasswordHash,
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey);
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
string token, string key);
Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string key);
Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
Task GetTwoFactorAsync(User user, Enums.TwoFactorProviderType provider);
Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);
Task<string> GenerateUserTokenAsync(User user, string tokenProvider, string purpose);
Task<string> GenerateUserTokenAsync(User user, string tokenProvider, string purpose);
Task<IdentityResult> DeleteAsync(User user);
}
}

43
src/Core/Services/Implementations/UserService.cs
View File

@ -195,7 +195,7 @@ namespace Bit.Core.Services
}
public async Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail,
string newMasterPassword, string token, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey)
string newMasterPassword, string token, string key)
{
var verifyPasswordResult = _passwordHasher.VerifyHashedPassword(user, user.MasterPassword, masterPassword);
if(verifyPasswordResult == PasswordVerificationResult.Failed)
@ -221,19 +221,11 @@ namespace Bit.Core.Services
return result;
}
user.Key = key;
user.Email = newEmail;
user.EmailVerified = true;
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.PrivateKey = privateKey;
if(ciphers.Any() || folders.Any())
{
await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers, folders);
}
else
{
await _userRepository.ReplaceAsync(user);
}
await _userRepository.ReplaceAsync(user);
return IdentityResult.Success;
}
@ -244,7 +236,7 @@ namespace Bit.Core.Services
}
public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword,
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey)
string key)
{
if(user == null)
{
@ -260,10 +252,33 @@ namespace Bit.Core.Services
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.Key = key;
await _userRepository.ReplaceAsync(user);
return IdentityResult.Success;
}
Logger.LogWarning("Change password failed for user {userId}.", user.Id);
return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
}
public async Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
{
if(user == null)
{
throw new ArgumentNullException(nameof(user));
}
if(await base.CheckPasswordAsync(user, masterPassword))
{
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.SecurityStamp = Guid.NewGuid().ToString();
user.Key = key;
user.PrivateKey = privateKey;
if(ciphers.Any() || folders.Any())
{
await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers, folders);
await _cipherRepository.UpdateUserKeysAndCiphersAsync(user, ciphers, folders);
}
else
{
@ -273,7 +288,7 @@ namespace Bit.Core.Services
return IdentityResult.Success;
}
Logger.LogWarning("Change password failed for user {userId}.", user.Id);
Logger.LogWarning("Update key for user {userId}.", user.Id);
return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
}

2
src/Sql/Sql.sqlproj
View File

@ -148,7 +148,7 @@
<Build Include="dbo\Stored Procedures\User_ReadByEmail.sql" />
<Build Include="dbo\Stored Procedures\User_ReadById.sql" />
<Build Include="dbo\Stored Procedures\User_Update.sql" />
<Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" />
<Build Include="dbo\Stored Procedures\User_UpdateKeys.sql" />
<Build Include="dbo\Stored Procedures\Device_ClearPushTokenByIdentifier.sql" />
<Build Include="dbo\Stored Procedures\Collection_CreateWithGroups.sql" />
<Build Include="dbo\Stored Procedures\Collection_ReadWithGroupsById.sql" />

3
src/Sql/dbo/Stored Procedures/User_Create.sql
View File

@ -14,6 +14,7 @@
@EquivalentDomains NVARCHAR(MAX),
@ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
@AccountRevisionDate DATETIME2(7),
@Key NVARCHAR(MAX),
@PublicKey NVARCHAR(MAX),
@PrivateKey NVARCHAR(MAX),
@CreationDate DATETIME2(7),
@ -39,6 +40,7 @@ BEGIN
[EquivalentDomains],
[ExcludedGlobalEquivalentDomains],
[AccountRevisionDate],
[Key],
[PublicKey],
[PrivateKey],
[CreationDate],
@ -61,6 +63,7 @@ BEGIN
@EquivalentDomains,
@ExcludedGlobalEquivalentDomains,
@AccountRevisionDate,
@Key,
@PublicKey,
@PrivateKey,
@CreationDate,

2
src/Sql/dbo/Stored Procedures/User_Update.sql
View File

@ -14,6 +14,7 @@
@EquivalentDomains NVARCHAR(MAX),
@ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
@AccountRevisionDate DATETIME2(7),
@Key NVARCHAR(MAX),
@PublicKey NVARCHAR(MAX),
@PrivateKey NVARCHAR(MAX),
@CreationDate DATETIME2(7),
@ -39,6 +40,7 @@ BEGIN
[EquivalentDomains] = @EquivalentDomains,
[ExcludedGlobalEquivalentDomains] = @ExcludedGlobalEquivalentDomains,
[AccountRevisionDate] = @AccountRevisionDate,
[Key] = @Key,
[PublicKey] = @PublicKey,
[PrivateKey] = @PrivateKey,
[CreationDate] = @CreationDate,

10
src/Sql/dbo/Stored Procedures/User_UpdateEmailPassword.sql → src/Sql/dbo/Stored Procedures/User_UpdateKeys.sql
View File

@ -1,9 +1,7 @@
CREATE PROCEDURE [dbo].[User_UpdateEmailPassword]
CREATE PROCEDURE [dbo].[User_UpdateKeys]
@Id UNIQUEIDENTIFIER,
@Email NVARCHAR(50),
@EmailVerified BIT,
@MasterPassword NVARCHAR(300),
@SecurityStamp NVARCHAR(50),
@Key NVARCHAR(MAX),
@PrivateKey VARCHAR(MAX),
@RevisionDate DATETIME2(7)
AS
@ -13,10 +11,8 @@ BEGIN
UPDATE
[dbo].[User]
SET
[Email] = @Email,
[EmailVerified] = @EmailVerified,
[MasterPassword] = @MasterPassword,
[SecurityStamp] = @SecurityStamp,
[Key] = @Key,
[PrivateKey] = @PrivateKey,
[RevisionDate] = @RevisionDate,
[AccountRevisionDate] = @RevisionDate

1
src/Sql/dbo/Tables/User.sql
View File

@ -14,6 +14,7 @@
[EquivalentDomains] NVARCHAR (MAX) NULL,
[ExcludedGlobalEquivalentDomains] NVARCHAR (MAX) NULL,
[AccountRevisionDate] DATETIME2 (7) NOT NULL,
[Key] VARCHAR (MAX) NULL,
[PublicKey] VARCHAR (MAX) NULL,
[PrivateKey] VARCHAR (MAX) NULL,
[CreationDate] DATETIME2 (7) NOT NULL,