Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-28 13:15:12 +01:00
Code Issues Projects Releases Wiki Activity

fix logic (#4550)

Browse Source
This commit is contained in:
Jake Fink 2024-07-22 15:43:14 -04:00 committed by GitHub
parent a0599e71eb
commit fd90bf5f3d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Api/Auth/Controllers/TwoFactorController.cs
View File

@ -93,7 +93,7 @@ public class TwoFactorController : Controller
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator( public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator(
[FromBody] SecretVerificationRequestModel model) [FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, false, false); var user = await CheckAsync(model, false, true);
var response = new TwoFactorAuthenticatorResponseModel(user); var response = new TwoFactorAuthenticatorResponseModel(user);
return response; return response;
} }
@ -121,7 +121,7 @@ public class TwoFactorController : Controller
[HttpPost("get-yubikey")] [HttpPost("get-yubikey")]
public async Task<TwoFactorYubiKeyResponseModel> GetYubiKey([FromBody] SecretVerificationRequestModel model) public async Task<TwoFactorYubiKeyResponseModel> GetYubiKey([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, true, false); var user = await CheckAsync(model, true, true);
var response = new TwoFactorYubiKeyResponseModel(user); var response = new TwoFactorYubiKeyResponseModel(user);
return response; return response;
} }
@ -147,7 +147,7 @@ public class TwoFactorController : Controller
[HttpPost("get-duo")] [HttpPost("get-duo")]
public async Task<TwoFactorDuoResponseModel> GetDuo([FromBody] SecretVerificationRequestModel model) public async Task<TwoFactorDuoResponseModel> GetDuo([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, true, false); var user = await CheckAsync(model, true, true);
var response = new TwoFactorDuoResponseModel(user); var response = new TwoFactorDuoResponseModel(user);
return response; return response;
} }
@ -187,7 +187,7 @@ public class TwoFactorController : Controller
public async Task<TwoFactorDuoResponseModel> GetOrganizationDuo(string id, public async Task<TwoFactorDuoResponseModel> GetOrganizationDuo(string id,
[FromBody] SecretVerificationRequestModel model) [FromBody] SecretVerificationRequestModel model)
{ {
await CheckAsync(model, false, false); await CheckAsync(model, false, true);
var orgIdGuid = new Guid(id); var orgIdGuid = new Guid(id);
if (!await _currentContext.ManagePolicies(orgIdGuid)) if (!await _currentContext.ManagePolicies(orgIdGuid))
@ -244,7 +244,7 @@ public class TwoFactorController : Controller
[HttpPost("get-webauthn")] [HttpPost("get-webauthn")]
public async Task<TwoFactorWebAuthnResponseModel> GetWebAuthn([FromBody] SecretVerificationRequestModel model) public async Task<TwoFactorWebAuthnResponseModel> GetWebAuthn([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, false, false); var user = await CheckAsync(model, false, true);
var response = new TwoFactorWebAuthnResponseModel(user); var response = new TwoFactorWebAuthnResponseModel(user);
return response; return response;
} }
@ -253,7 +253,7 @@ public class TwoFactorController : Controller
[ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly [ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly
public async Task<CredentialCreateOptions> GetWebAuthnChallenge([FromBody] SecretVerificationRequestModel model) public async Task<CredentialCreateOptions> GetWebAuthnChallenge([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, false, false); var user = await CheckAsync(model, false, true);
var reg = await _userService.StartWebAuthnRegistrationAsync(user); var reg = await _userService.StartWebAuthnRegistrationAsync(user);
return reg; return reg;
} }
@ -288,7 +288,7 @@ public class TwoFactorController : Controller
[HttpPost("get-email")] [HttpPost("get-email")]
public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody] SecretVerificationRequestModel model) public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody] SecretVerificationRequestModel model)
{ {
var user = await CheckAsync(model, false, false); var user = await CheckAsync(model, false, true);
var response = new TwoFactorEmailResponseModel(user); var response = new TwoFactorEmailResponseModel(user);
return response; return response;
} }
@ -296,7 +296,7 @@ public class TwoFactorController : Controller
[HttpPost("send-email")] [HttpPost("send-email")]
public async Task SendEmail([FromBody] TwoFactorEmailRequestModel model) public async Task SendEmail([FromBody] TwoFactorEmailRequestModel model)
{ {
var user = await CheckAsync(model, false, false); var user = await CheckAsync(model, false, true);
model.ToUser(user); model.ToUser(user);
await _userService.SendTwoFactorEmailAsync(user); await _userService.SendTwoFactorEmailAsync(user);
} }
@ -433,7 +433,8 @@ public class TwoFactorController : Controller
return Task.FromResult(new DeviceVerificationResponseModel(false, false)); return Task.FromResult(new DeviceVerificationResponseModel(false, false));
} }
private async Task<User> CheckAsync(SecretVerificationRequestModel model, bool premium, bool isSetMethod = true) private async Task<User> CheckAsync(SecretVerificationRequestModel model, bool premium,
bool skipVerification = false)
{ {
var user = await _userService.GetUserByPrincipalAsync(User); var user = await _userService.GetUserByPrincipalAsync(User);
if (user == null) if (user == null)
@ -441,7 +442,7 @@ public class TwoFactorController : Controller
throw new UnauthorizedAccessException(); throw new UnauthorizedAccessException();
} }
if (!await _userService.VerifySecretAsync(user, model.Secret, isSetMethod)) if (!await _userService.VerifySecretAsync(user, model.Secret, skipVerification))
{ {
await Task.Delay(2000); await Task.Delay(2000);
throw new BadRequestException(string.Empty, "User verification failed."); throw new BadRequestException(string.Empty, "User verification failed.");