Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-22 21:51:22 +01:00
Code Issues Projects Releases Wiki Activity

move some 2fa logic functions to userService

Browse Source
This commit is contained in:
Kyle Spearrin 2018-12-19 10:47:53 -05:00
parent b7362ae741
commit ac7c7b5077
15 changed files with 64 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Admin/Views/Users/Index.cshtml
View File

@ -69,7 +69,7 @@
{
<i class="fa fa-times-circle-o fa-lg fa-fw text-muted" title="Email Not Verified"></i>
}
@if(await user.TwoFactorIsEnabledAsync(userService))
@if(await userService.TwoFactorIsEnabledAsync(user))
{
<i class="fa fa-lock fa-lg fa-fw" title="2FA Enabled"></i>
}

2
src/Admin/Views/Users/_ViewInformation.cshtml
View File

@ -14,7 +14,7 @@
<dd class="col-sm-8 col-lg-9">@(Model.User.EmailVerified ? "Yes" : "No")</dd>
<dt class="col-sm-4 col-lg-3">Using 2FA</dt>
<dd class="col-sm-8 col-lg-9">@(await Model.User.TwoFactorIsEnabledAsync(userService) ? "Yes" : "No")</dd>
<dd class="col-sm-8 col-lg-9">@(await userService.TwoFactorIsEnabledAsync(Model.User) ? "Yes" : "No")</dd>
<dt class="col-sm-4 col-lg-3">Items</dt>
<dd class="col-sm-8 col-lg-9">@Model.CipherCount</dd>

6
src/Api/Controllers/AccountsController.cs
View File

@ -307,7 +307,7 @@ namespace Bit.Api.Controllers
var organizationUserDetails = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id,
OrganizationUserStatusType.Confirmed);
var response = new ProfileResponseModel(user, organizationUserDetails,
await user.TwoFactorIsEnabledAsync(_userService));
await _userService.TwoFactorIsEnabledAsync(user));
return response;
}
@ -332,7 +332,7 @@ namespace Bit.Api.Controllers
}
await _userService.SaveUserAsync(model.ToUser(user));
var response = new ProfileResponseModel(user, null, await user.TwoFactorIsEnabledAsync(_userService));
var response = new ProfileResponseModel(user, null, await _userService.TwoFactorIsEnabledAsync(user));
return response;
}
@ -462,7 +462,7 @@ namespace Bit.Api.Controllers
await _userService.SignUpPremiumAsync(user, model.PaymentToken,
model.AdditionalStorageGb.GetValueOrDefault(0), license);
return new ProfileResponseModel(user, null, await user.TwoFactorIsEnabledAsync(_userService));
return new ProfileResponseModel(user, null, await _userService.TwoFactorIsEnabledAsync(user));
}
[HttpGet("billing")]

2
src/Api/Controllers/SyncController.cs
View File

@ -69,7 +69,7 @@ namespace Bit.Api.Controllers
collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
}
var userTwoFactorEnabled = await user.TwoFactorIsEnabledAsync(_userService);
var userTwoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
var response = new SyncResponseModel(_globalSettings, user, userTwoFactorEnabled, organizationUserDetails,
folders, collections, ciphers, collectionCiphersGroupDict, excludeDomains);
return response;

4
src/Api/web.config
View File

@ -4,7 +4,9 @@
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" startupTimeLimit="3600" requestTimeout="23:00:00" />
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" startupTimeLimit="3600" requestTimeout="23:00:00">
<environmentVariables />
</aspNetCore>
<security>
<requestFiltering>
<requestLimits maxQueryString="5120" maxAllowedContentLength="105906176" />

4
src/Core/Identity/AuthenticatorTokenProvider.cs
View File

@ -25,8 +25,8 @@ namespace Bit.Core.Identity
{
return false;
}
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Authenticator,
_serviceProvider.GetRequiredService<IUserService>());
return await _serviceProvider.GetRequiredService<IUserService>()
.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Authenticator, user);
}
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)

2
src/Core/Identity/DuoWebTokenProvider.cs
View File

@ -37,7 +37,7 @@ namespace Bit.Core.Identity
return false;
}
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, userService);
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, user);
}
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)

4
src/Core/Identity/ReadOnlyDatabaseIdentityUserStore.cs
View File

@ -24,7 +24,7 @@ namespace Bit.Core.Identity
CancellationToken cancellationToken = default(CancellationToken))
{
var user = await _userRepository.GetByEmailAsync(normalizedEmail);
return user?.ToIdentityUser(await user.TwoFactorIsEnabledAsync(_userService));
return user?.ToIdentityUser(await _userService.TwoFactorIsEnabledAsync(user));
}
public override async Task<IdentityUser> FindByIdAsync(string userId,
@ -36,7 +36,7 @@ namespace Bit.Core.Identity
}
var user = await _userRepository.GetByIdAsync(userIdGuid);
return user?.ToIdentityUser(await user.TwoFactorIsEnabledAsync(_userService));
return user?.ToIdentityUser(await _userService.TwoFactorIsEnabledAsync(user));
}
}
}

2
src/Core/Identity/U2fTokenProvider.cs
View File

@ -47,7 +47,7 @@ namespace Bit.Core.Identity
return false;
}
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.U2f, userService);
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.U2f, user);
}
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)

2
src/Core/Identity/UserStore.cs
View File

@ -169,7 +169,7 @@ namespace Bit.Core.Identity
public async Task<bool> GetTwoFactorEnabledAsync(User user, CancellationToken cancellationToken)
{
return await user.TwoFactorIsEnabledAsync(_serviceProvider.GetRequiredService<IUserService>());
return await _serviceProvider.GetRequiredService<IUserService>().TwoFactorIsEnabledAsync(user);
}
public Task SetSecurityStampAsync(User user, string stamp, CancellationToken cancellationToken)

2
src/Core/Identity/YubicoOtpTokenProvider.cs
View File

@ -37,7 +37,7 @@ namespace Bit.Core.Identity
return false;
}
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.YubiKey, userService);
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.YubiKey, user);
}
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)

8
src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -164,7 +164,7 @@ namespace Bit.Core.IdentityServer
{
foreach(var p in user.GetTwoFactorProviders())
{
if(await user.TwoFactorProviderIsEnabledAsync(p.Key, _userService))
if(await _userService.TwoFactorProviderIsEnabledAsync(p.Key, user))
{
enabledProviders.Add(p);
}
@ -279,13 +279,13 @@ namespace Bit.Core.IdentityServer
case TwoFactorProviderType.U2f:
case TwoFactorProviderType.Remember:
if(type != TwoFactorProviderType.Remember &&
!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
{
return false;
}
return await _userManager.VerifyTwoFactorTokenAsync(user, type.ToString(), token);
case TwoFactorProviderType.Email:
if(!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
if(!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
{
return false;
}
@ -311,7 +311,7 @@ namespace Bit.Core.IdentityServer
case TwoFactorProviderType.U2f:
case TwoFactorProviderType.Email:
case TwoFactorProviderType.YubiKey:
if(!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
if(!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
{
return null;
}

42
src/Core/Models/Table/User.cs
View File

@ -92,48 +92,6 @@ namespace Bit.Core.Models.Table
_twoFactorProviders = providers;
}
public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider,
IUserService userService)
{
var providers = GetTwoFactorProviders();
if(providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
{
return false;
}
if(!TwoFactorProvider.RequiresPremium(provider))
{
return true;
}
return await userService.CanAccessPremium(this);
}
public async Task<bool> TwoFactorIsEnabledAsync(IUserService userService)
{
var providers = GetTwoFactorProviders();
if(providers == null)
{
return false;
}
foreach(var p in providers)
{
if(p.Value?.Enabled ?? false)
{
if(!TwoFactorProvider.RequiresPremium(p.Key))
{
return true;
}
if(await userService.CanAccessPremium(this))
{
return true;
}
}
}
return false;
}
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
{
var providers = GetTwoFactorProviders();

2
src/Core/Services/IUserService.cs
View File

@ -55,5 +55,7 @@ namespace Bit.Core.Services
Task<UserLicense> GenerateLicenseAsync(User user, BillingInfo billingInfo = null);
Task<bool> CheckPasswordAsync(User user, string password);
Task<bool> CanAccessPremium(User user);
Task<bool> TwoFactorIsEnabledAsync(User user);
Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, User user);
}
}

41
src/Core/Services/Implementations/UserService.cs
View File

@ -916,6 +916,47 @@ namespace Bit.Core.Services
orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled);
}
public async Task<bool> TwoFactorIsEnabledAsync(User user)
{
var providers = user.GetTwoFactorProviders();
if(providers == null)
{
return false;
}
foreach(var p in providers)
{
if(p.Value?.Enabled ?? false)
{
if(!TwoFactorProvider.RequiresPremium(p.Key))
{
return true;
}
if(await CanAccessPremium(user))
{
return true;
}
}
}
return false;
}
public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, User user)
{
var providers = user.GetTwoFactorProviders();
if(providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
{
return false;
}
if(!TwoFactorProvider.RequiresPremium(provider))
{
return true;
}
return await CanAccessPremium(user);
}
private async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
bool validatePassword = true, bool refreshStamp = true)
{