added nfc flag for yubikey config

2024-11-25 12:45:18 +01:00 · 2017-06-29 12:34:10 -04:00 · 2017-06-29 12:34:10 -04:00 · a1008353fd
commit a1008353fd
parent 205a6d14a6
4 changed files with 25 additions and 7 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -164,7 +164,7 @@ namespace Bit.Api
            app.UseIdentityServerAuthentication(
                GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "33656"), "3"));
            app.UseIdentityServerAuthentication(
-                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4001"), "2"));
+                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2"));

            // Add current context
            app.UseMiddleware<CurrentContextMiddleware>();
@ -204,8 +204,8 @@ namespace Bit.Api
            }
            else
            {
-                return $"http://localhost:{port}";
-                //return $"http://192.168.1.6:{port}"; // Desktop external
+                //return $"http://localhost:{port}";
+                return $"http://192.168.1.6:{port}"; // Desktop external
            }
        }
    }
--- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
@ -40,13 +40,15 @@ namespace Bit.Core.IdentityServer
            var twoFactorProvider = context.Request.Raw["TwoFactorProvider"]?.ToString();
            var twoFactorRemember = context.Request.Raw["TwoFactorRemember"]?.ToString() == "1";
            var twoFactorRequest = !string.IsNullOrWhiteSpace(twoFactorToken) && !string.IsNullOrWhiteSpace(twoFactorProvider);
+            var credentialsCorrect = false;

            if(!string.IsNullOrWhiteSpace(context.UserName))
            {
                var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
                if(user != null)
                {
-                    if(await _userManager.CheckPasswordAsync(user, context.Password))
+                    credentialsCorrect = await _userManager.CheckPasswordAsync(user, context.Password);
+                    if(credentialsCorrect)
                    {
                        TwoFactorProviderType twoFactorProviderType = TwoFactorProviderType.Authenticator; // Just defaulting it
                        if(!twoFactorRequest && await TwoFactorRequiredAsync(user))
@ -80,7 +82,7 @@ namespace Bit.Core.IdentityServer
            }

            await Task.Delay(2000); // Delay for brute force.
-            BuildErrorResult(twoFactorRequest, context);
+            BuildErrorResult(credentialsCorrect && twoFactorRequest, context);
        }

        private async Task BuildSuccessResultAsync(User user, ResourceOwnerPasswordValidationContext context, Device device,
@ -154,7 +156,7 @@ namespace Bit.Core.IdentityServer
                customResponse: new Dictionary<string, object>
                {{
                    "ErrorModel", new ErrorResponseModel(twoFactorRequest ?
-                        "Code is not correct. Try again." : "Username or password is incorrect. Try again.")
+                        "Two-step token is invalid. Try again." : "Username or password is incorrect. Try again.")
                }});
        }

@ -213,6 +215,7 @@ namespace Bit.Core.IdentityServer
                case TwoFactorProviderType.Duo:
                case TwoFactorProviderType.U2f:
                case TwoFactorProviderType.Email:
+                case TwoFactorProviderType.YubiKey:
                    var token = await _userManager.GenerateTwoFactorTokenAsync(user, type.ToString());
                    if(type == TwoFactorProviderType.Duo)
                    {
@ -236,6 +239,13 @@ namespace Bit.Core.IdentityServer
                            ["Email"] = RedactEmail((string)provider.MetaData["Email"])
                        };
                    }
+                    else if(type == TwoFactorProviderType.YubiKey)
+                    {
+                        return new Dictionary<string, object>
+                        {
+                            ["Nfc"] = (bool)provider.MetaData["Nfc"]
+                        };
+                    }
                    return null;
                default:
                    return null;
--- a/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
+++ b/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
@ -92,6 +92,8 @@ namespace Bit.Core.Models.Api
        public string Key3 { get; set; }
        public string Key4 { get; set; }
        public string Key5 { get; set; }
+        [Required]
+        public bool? Nfc { get; set; }

        public User ToUser(User extistingUser)
        {
@ -113,7 +115,8 @@ namespace Bit.Core.Models.Api
                    ["Key2"] = FormatKey(Key2),
                    ["Key3"] = FormatKey(Key3),
                    ["Key4"] = FormatKey(Key4),
-                    ["Key5"] = FormatKey(Key5)
+                    ["Key5"] = FormatKey(Key5),
+                    ["Nfc"] = Nfc.Value
                },
                Enabled = true
            });
--- a/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs
+++ b/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs
@ -39,6 +39,10 @@ namespace Bit.Core.Models.Api
                {
                    Key5 = (string)provider.MetaData["Key5"];
                }
+                if(provider.MetaData.ContainsKey("Nfc"))
+                {
+                    Nfc = (bool)provider.MetaData["Nfc"];
+                }
            }
            else
            {
@ -52,5 +56,6 @@ namespace Bit.Core.Models.Api
        public string Key3 { get; set; }
        public string Key4 { get; set; }
        public string Key5 { get; set; }
+        public bool Nfc { get; set; }
    }
 }