diff --git a/src/Api/Auth/Controllers/TwoFactorController.cs b/src/Api/Auth/Controllers/TwoFactorController.cs index 0a50f9bc2..149237e28 100644 --- a/src/Api/Auth/Controllers/TwoFactorController.cs +++ b/src/Api/Auth/Controllers/TwoFactorController.cs @@ -3,7 +3,6 @@ using Bit.Api.Auth.Models.Request.Accounts; using Bit.Api.Auth.Models.Response.TwoFactor; using Bit.Api.Models.Request; using Bit.Api.Models.Response; -using Bit.Core; using Bit.Core.Auth.Enums; using Bit.Core.Auth.LoginFeatures.PasswordlessLogin.Interfaces; using Bit.Core.Auth.Models.Business.Tokenables; @@ -37,7 +36,6 @@ public class TwoFactorController : Controller private readonly IFeatureService _featureService; private readonly IDataProtectorTokenFactory _twoFactorAuthenticatorDataProtector; private readonly IDataProtectorTokenFactory _ssoEmailTwoFactorSessionDataProtector; - private readonly bool _TwoFactorAuthenticatorTokenFeatureFlagEnabled; public TwoFactorController( IUserService userService, @@ -61,7 +59,6 @@ public class TwoFactorController : Controller _featureService = featureService; _twoFactorAuthenticatorDataProtector = twoFactorAuthenticatorDataProtector; _ssoEmailTwoFactorSessionDataProtector = ssoEmailTwoFactorSessionDataProtector; - _TwoFactorAuthenticatorTokenFeatureFlagEnabled = _featureService.IsEnabled(FeatureFlagKeys.AuthenticatorTwoFactorToken); } [HttpGet("")] @@ -102,13 +99,10 @@ public class TwoFactorController : Controller public async Task GetAuthenticator( [FromBody] SecretVerificationRequestModel model) { - var user = _TwoFactorAuthenticatorTokenFeatureFlagEnabled ? await CheckAsync(model, false) : await CheckAsync(model, false, true); + var user = await CheckAsync(model, false); var response = new TwoFactorAuthenticatorResponseModel(user); - if (_TwoFactorAuthenticatorTokenFeatureFlagEnabled) - { - var tokenable = new TwoFactorAuthenticatorUserVerificationTokenable(user, response.Key); - response.UserVerificationToken = _twoFactorAuthenticatorDataProtector.Protect(tokenable); - } + var tokenable = new TwoFactorAuthenticatorUserVerificationTokenable(user, response.Key); + response.UserVerificationToken = _twoFactorAuthenticatorDataProtector.Protect(tokenable); return response; } @@ -117,20 +111,11 @@ public class TwoFactorController : Controller public async Task PutAuthenticator( [FromBody] UpdateTwoFactorAuthenticatorRequestModel model) { - User user; - if (_TwoFactorAuthenticatorTokenFeatureFlagEnabled) + var user = model.ToUser(await _userService.GetUserByPrincipalAsync(User)); + _twoFactorAuthenticatorDataProtector.TryUnprotect(model.UserVerificationToken, out var decryptedToken); + if (!decryptedToken.TokenIsValid(user, model.Key)) { - user = model.ToUser(await _userService.GetUserByPrincipalAsync(User)); - _twoFactorAuthenticatorDataProtector.TryUnprotect(model.UserVerificationToken, out var decryptedToken); - if (!decryptedToken.TokenIsValid(user, model.Key)) - { - throw new BadRequestException("UserVerificationToken", "User verification failed."); - } - } - else - { - user = await CheckAsync(model, false); - model.ToUser(user); // populates user obj with proper metadata for VerifyTwoFactorTokenAsync + throw new BadRequestException("UserVerificationToken", "User verification failed."); } if (!await _userManager.VerifyTwoFactorTokenAsync(user, @@ -145,7 +130,6 @@ public class TwoFactorController : Controller return response; } - [RequireFeature(FeatureFlagKeys.AuthenticatorTwoFactorToken)] [HttpDelete("authenticator")] public async Task DisableAuthenticator( [FromBody] TwoFactorAuthenticatorDisableRequestModel model)