nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-13 00:58:13 -05:00
Code

new "Challenge" token for U2f

Browse Source
This commit is contained in:
Kyle Spearrin 2018-10-10 17:51:38 -04:00
parent 5a75134cf6
commit 006cfffab3
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/Core/Identity/U2fTokenProvider.cs
View File

@ -10,6 +10,7 @@ using System.Linq;
using U2fLib = U2F.Core.Crypto.U2F; using U2fLib = U2F.Core.Crypto.U2F;
using U2F.Core.Models; using U2F.Core.Models;
using U2F.Core.Exceptions; using U2F.Core.Exceptions;
using U2F.Core.Utils;
using System; using System;
using Bit.Core.Services; using Bit.Core.Services;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
@ -69,13 +70,14 @@ namespace Bit.Core.Identity
try try
{ {
var challengeBytes = U2fLib.Crypto.GenerateChallenge(); var challengeBytes = U2fLib.Crypto.GenerateChallenge();
var challenges = new List<object>(); var appId = Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings);
var oldChallenges = new List<object>();
var challengeKeys = new List<object>();
foreach(var key in keys) foreach(var key in keys)
{ {
var registration = new DeviceRegistration(key.Item2.KeyHandleBytes, key.Item2.PublicKeyBytes, var registration = new DeviceRegistration(key.Item2.KeyHandleBytes, key.Item2.PublicKeyBytes,
key.Item2.CertificateBytes, key.Item2.Counter); key.Item2.CertificateBytes, key.Item2.Counter);
var auth = U2fLib.StartAuthentication(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings), registration, var auth = U2fLib.StartAuthentication(appId, registration, challengeBytes);
challengeBytes);
// TODO: Maybe move this to a bulk create? // TODO: Maybe move this to a bulk create?
await _u2fRepository.CreateAsync(new U2f await _u2fRepository.CreateAsync(new U2f
@ -88,7 +90,14 @@ namespace Bit.Core.Identity
CreationDate = DateTime.UtcNow CreationDate = DateTime.UtcNow
}); });
challenges.Add(new challengeKeys.Add(new
{
keyHandle = auth.KeyHandle,
version = auth.Version
});
// TODO: Old challenges array is here for backwards compat. Remove in the future.
oldChallenges.Add(new
{ {
appId = auth.AppId, appId = auth.AppId,
challenge = auth.Challenge, challenge = auth.Challenge,
@ -97,8 +106,14 @@ namespace Bit.Core.Identity
}); });
} }
var token = JsonConvert.SerializeObject(challenges); var oldToken = JsonConvert.SerializeObject(oldChallenges);
return token; var token = JsonConvert.SerializeObject(new
{
appId = appId,
challenge = challengeBytes.ByteArrayToBase64String(),
keys = challengeKeys
});
return $"{token}|{oldToken}";
} }
catch(U2fException) catch(U2fException)
{ {

5
src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -327,9 +327,12 @@ namespace Bit.Core.IdentityServer
} }
else if(type == TwoFactorProviderType.U2f) else if(type == TwoFactorProviderType.U2f)
{ {
// TODO: Remove "Challenges" in a future update. Deprecated.
var tokens = token?.Split('|');
return new Dictionary<string, object> return new Dictionary<string, object>
{ {
["Challenges"] = token ["Challenge"] = tokens.Length > 0 ? tokens[0] : null,
["Challenges"] = tokens.Length > 1 ? tokens[1] : null
}; };
} }
else if(type == TwoFactorProviderType.Email) else if(type == TwoFactorProviderType.Email)