From a1008353fd2ae9f5d13c5d666fe5288d950678e2 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 29 Jun 2017 12:34:10 -0400 Subject: [PATCH] added nfc flag for yubikey config --- src/Api/Startup.cs | 6 +++--- .../ResourceOwnerPasswordValidator.cs | 16 +++++++++++++--- .../Models/Api/Request/TwoFactorRequestModels.cs | 5 ++++- .../TwoFactor/TwoFactorYubiKeyResponseModel.cs | 5 +++++ 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index ce3f4bb28..d68fa9576 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -164,7 +164,7 @@ namespace Bit.Api app.UseIdentityServerAuthentication( GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "33656"), "3")); app.UseIdentityServerAuthentication( - GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4001"), "2")); + GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2")); // Add current context app.UseMiddleware(); @@ -204,8 +204,8 @@ namespace Bit.Api } else { - return $"http://localhost:{port}"; - //return $"http://192.168.1.6:{port}"; // Desktop external + //return $"http://localhost:{port}"; + return $"http://192.168.1.6:{port}"; // Desktop external } } } diff --git a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs index 8d7b4de18..9a9a0337f 100644 --- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs +++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs @@ -40,13 +40,15 @@ namespace Bit.Core.IdentityServer var twoFactorProvider = context.Request.Raw["TwoFactorProvider"]?.ToString(); var twoFactorRemember = context.Request.Raw["TwoFactorRemember"]?.ToString() == "1"; var twoFactorRequest = !string.IsNullOrWhiteSpace(twoFactorToken) && !string.IsNullOrWhiteSpace(twoFactorProvider); + var credentialsCorrect = false; if(!string.IsNullOrWhiteSpace(context.UserName)) { var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant()); if(user != null) { - if(await _userManager.CheckPasswordAsync(user, context.Password)) + credentialsCorrect = await _userManager.CheckPasswordAsync(user, context.Password); + if(credentialsCorrect) { TwoFactorProviderType twoFactorProviderType = TwoFactorProviderType.Authenticator; // Just defaulting it if(!twoFactorRequest && await TwoFactorRequiredAsync(user)) @@ -80,7 +82,7 @@ namespace Bit.Core.IdentityServer } await Task.Delay(2000); // Delay for brute force. - BuildErrorResult(twoFactorRequest, context); + BuildErrorResult(credentialsCorrect && twoFactorRequest, context); } private async Task BuildSuccessResultAsync(User user, ResourceOwnerPasswordValidationContext context, Device device, @@ -154,7 +156,7 @@ namespace Bit.Core.IdentityServer customResponse: new Dictionary {{ "ErrorModel", new ErrorResponseModel(twoFactorRequest ? - "Code is not correct. Try again." : "Username or password is incorrect. Try again.") + "Two-step token is invalid. Try again." : "Username or password is incorrect. Try again.") }}); } @@ -213,6 +215,7 @@ namespace Bit.Core.IdentityServer case TwoFactorProviderType.Duo: case TwoFactorProviderType.U2f: case TwoFactorProviderType.Email: + case TwoFactorProviderType.YubiKey: var token = await _userManager.GenerateTwoFactorTokenAsync(user, type.ToString()); if(type == TwoFactorProviderType.Duo) { @@ -236,6 +239,13 @@ namespace Bit.Core.IdentityServer ["Email"] = RedactEmail((string)provider.MetaData["Email"]) }; } + else if(type == TwoFactorProviderType.YubiKey) + { + return new Dictionary + { + ["Nfc"] = (bool)provider.MetaData["Nfc"] + }; + } return null; default: return null; diff --git a/src/Core/Models/Api/Request/TwoFactorRequestModels.cs b/src/Core/Models/Api/Request/TwoFactorRequestModels.cs index 3b9659606..2a6b57f1b 100644 --- a/src/Core/Models/Api/Request/TwoFactorRequestModels.cs +++ b/src/Core/Models/Api/Request/TwoFactorRequestModels.cs @@ -92,6 +92,8 @@ namespace Bit.Core.Models.Api public string Key3 { get; set; } public string Key4 { get; set; } public string Key5 { get; set; } + [Required] + public bool? Nfc { get; set; } public User ToUser(User extistingUser) { @@ -113,7 +115,8 @@ namespace Bit.Core.Models.Api ["Key2"] = FormatKey(Key2), ["Key3"] = FormatKey(Key3), ["Key4"] = FormatKey(Key4), - ["Key5"] = FormatKey(Key5) + ["Key5"] = FormatKey(Key5), + ["Nfc"] = Nfc.Value }, Enabled = true }); diff --git a/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs b/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs index 8be8654e3..ecdb686b2 100644 --- a/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs +++ b/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs @@ -39,6 +39,10 @@ namespace Bit.Core.Models.Api { Key5 = (string)provider.MetaData["Key5"]; } + if(provider.MetaData.ContainsKey("Nfc")) + { + Nfc = (bool)provider.MetaData["Nfc"]; + } } else { @@ -52,5 +56,6 @@ namespace Bit.Core.Models.Api public string Key3 { get; set; } public string Key4 { get; set; } public string Key5 { get; set; } + public bool Nfc { get; set; } } }