mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
[PM-12429] Remove authenticator token flag from business logic on 2FA controller (#4868)
* Removed flag from business logic on 2FA controller * Linting.
This commit is contained in:
parent
c4e79ae9e9
commit
d4c486e189
@ -3,7 +3,6 @@ using Bit.Api.Auth.Models.Request.Accounts;
|
|||||||
using Bit.Api.Auth.Models.Response.TwoFactor;
|
using Bit.Api.Auth.Models.Response.TwoFactor;
|
||||||
using Bit.Api.Models.Request;
|
using Bit.Api.Models.Request;
|
||||||
using Bit.Api.Models.Response;
|
using Bit.Api.Models.Response;
|
||||||
using Bit.Core;
|
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.LoginFeatures.PasswordlessLogin.Interfaces;
|
using Bit.Core.Auth.LoginFeatures.PasswordlessLogin.Interfaces;
|
||||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
@ -37,7 +36,6 @@ public class TwoFactorController : Controller
|
|||||||
private readonly IFeatureService _featureService;
|
private readonly IFeatureService _featureService;
|
||||||
private readonly IDataProtectorTokenFactory<TwoFactorAuthenticatorUserVerificationTokenable> _twoFactorAuthenticatorDataProtector;
|
private readonly IDataProtectorTokenFactory<TwoFactorAuthenticatorUserVerificationTokenable> _twoFactorAuthenticatorDataProtector;
|
||||||
private readonly IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> _ssoEmailTwoFactorSessionDataProtector;
|
private readonly IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> _ssoEmailTwoFactorSessionDataProtector;
|
||||||
private readonly bool _TwoFactorAuthenticatorTokenFeatureFlagEnabled;
|
|
||||||
|
|
||||||
public TwoFactorController(
|
public TwoFactorController(
|
||||||
IUserService userService,
|
IUserService userService,
|
||||||
@ -61,7 +59,6 @@ public class TwoFactorController : Controller
|
|||||||
_featureService = featureService;
|
_featureService = featureService;
|
||||||
_twoFactorAuthenticatorDataProtector = twoFactorAuthenticatorDataProtector;
|
_twoFactorAuthenticatorDataProtector = twoFactorAuthenticatorDataProtector;
|
||||||
_ssoEmailTwoFactorSessionDataProtector = ssoEmailTwoFactorSessionDataProtector;
|
_ssoEmailTwoFactorSessionDataProtector = ssoEmailTwoFactorSessionDataProtector;
|
||||||
_TwoFactorAuthenticatorTokenFeatureFlagEnabled = _featureService.IsEnabled(FeatureFlagKeys.AuthenticatorTwoFactorToken);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("")]
|
[HttpGet("")]
|
||||||
@ -102,13 +99,10 @@ public class TwoFactorController : Controller
|
|||||||
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator(
|
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator(
|
||||||
[FromBody] SecretVerificationRequestModel model)
|
[FromBody] SecretVerificationRequestModel model)
|
||||||
{
|
{
|
||||||
var user = _TwoFactorAuthenticatorTokenFeatureFlagEnabled ? await CheckAsync(model, false) : await CheckAsync(model, false, true);
|
var user = await CheckAsync(model, false);
|
||||||
var response = new TwoFactorAuthenticatorResponseModel(user);
|
var response = new TwoFactorAuthenticatorResponseModel(user);
|
||||||
if (_TwoFactorAuthenticatorTokenFeatureFlagEnabled)
|
var tokenable = new TwoFactorAuthenticatorUserVerificationTokenable(user, response.Key);
|
||||||
{
|
response.UserVerificationToken = _twoFactorAuthenticatorDataProtector.Protect(tokenable);
|
||||||
var tokenable = new TwoFactorAuthenticatorUserVerificationTokenable(user, response.Key);
|
|
||||||
response.UserVerificationToken = _twoFactorAuthenticatorDataProtector.Protect(tokenable);
|
|
||||||
}
|
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -117,20 +111,11 @@ public class TwoFactorController : Controller
|
|||||||
public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
|
public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
|
||||||
[FromBody] UpdateTwoFactorAuthenticatorRequestModel model)
|
[FromBody] UpdateTwoFactorAuthenticatorRequestModel model)
|
||||||
{
|
{
|
||||||
User user;
|
var user = model.ToUser(await _userService.GetUserByPrincipalAsync(User));
|
||||||
if (_TwoFactorAuthenticatorTokenFeatureFlagEnabled)
|
_twoFactorAuthenticatorDataProtector.TryUnprotect(model.UserVerificationToken, out var decryptedToken);
|
||||||
|
if (!decryptedToken.TokenIsValid(user, model.Key))
|
||||||
{
|
{
|
||||||
user = model.ToUser(await _userService.GetUserByPrincipalAsync(User));
|
throw new BadRequestException("UserVerificationToken", "User verification failed.");
|
||||||
_twoFactorAuthenticatorDataProtector.TryUnprotect(model.UserVerificationToken, out var decryptedToken);
|
|
||||||
if (!decryptedToken.TokenIsValid(user, model.Key))
|
|
||||||
{
|
|
||||||
throw new BadRequestException("UserVerificationToken", "User verification failed.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
user = await CheckAsync(model, false);
|
|
||||||
model.ToUser(user); // populates user obj with proper metadata for VerifyTwoFactorTokenAsync
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!await _userManager.VerifyTwoFactorTokenAsync(user,
|
if (!await _userManager.VerifyTwoFactorTokenAsync(user,
|
||||||
@ -145,7 +130,6 @@ public class TwoFactorController : Controller
|
|||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
[RequireFeature(FeatureFlagKeys.AuthenticatorTwoFactorToken)]
|
|
||||||
[HttpDelete("authenticator")]
|
[HttpDelete("authenticator")]
|
||||||
public async Task<TwoFactorProviderResponseModel> DisableAuthenticator(
|
public async Task<TwoFactorProviderResponseModel> DisableAuthenticator(
|
||||||
[FromBody] TwoFactorAuthenticatorDisableRequestModel model)
|
[FromBody] TwoFactorAuthenticatorDisableRequestModel model)
|
||||||
|
Loading…
Reference in New Issue
Block a user