nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 13:38:13 -05:00
Code

Add email notification on Two Factor recovery use (#625)

Browse Source 
* Add email notification on Two Factor recovery use

* A user who has lost their 2fa device can clear out the
  2fa settings using a recovery code.  When this happens
  it gets logged but no notification to the user occurs.
* Add a notification to be sent when 2fa recovery code is
  used

* Add email message templates
This commit is contained in:
Brian Becker 2019-12-23 15:26:39 -05:00 committed by Kyle Spearrin
parent 665e78ec1c
commit 0be86072f7
7 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/Core/MailTemplates/Handlebars/RecoverTwoFactor.html.hbs Normal file
View File

@ -0,0 +1,20 @@
{{#>FullHtmlLayout}}
<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
Your Bitwarden account Two Factor was just reset.
</td>
</tr>
<tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
<b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">Date:</b> {{TheDate}} at {{TheTime}} {{TimeZone}}<br style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
<b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">IP Address:</b> {{IpAddress}}
</td>
</tr>
<tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
<td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top">
If this was not you, you should immediately log in and secure your account.
</td>
</tr>
</table>
{{/FullHtmlLayout}}

8
src/Core/MailTemplates/Handlebars/RecoverTwoFactor.text.hbs Normal file
View File

@ -0,0 +1,8 @@
{{#>BasicTextLayout}}
Your Bitwarden account Two Factor was just reset.
Date: {{TheDate}} at {{TheTime}} {{TimeZone}}
IP Address: {{IpAddress}}
If this was not you, you should immediately log in and secure your account.
{{/BasicTextLayout}}

10
src/Core/Models/Mail/RecoverTwoFactorModel.cs Normal file
View File

@ -0,0 +1,10 @@
namespace Bit.Core.Models.Mail
{
public class RecoverTwoFactorModel : BaseMailModel
{
public string TheDate { get; set; }
public string TheTime { get; set; }
public string TimeZone { get; set; }
public string IpAddress { get; set; }
}
}

1
src/Core/Services/IMailService.cs
View File

@ -25,5 +25,6 @@ namespace Bit.Core.Services
Task SendPaymentFailedAsync(string email, decimal amount, bool mentionInvoices); Task SendPaymentFailedAsync(string email, decimal amount, bool mentionInvoices);
Task SendAddedCreditAsync(string email, decimal amount); Task SendAddedCreditAsync(string email, decimal amount);
Task SendNewDeviceLoggedInEmail(string email, string deviceType, DateTime timestamp, string ip); Task SendNewDeviceLoggedInEmail(string email, string deviceType, DateTime timestamp, string ip);
Task SendRecoverTwoFactorEmail(string email, DateTime timestamp, string ip);
} }
} }

17
src/Core/Services/Implementations/HandlebarsMailService.cs
View File

@ -283,6 +283,23 @@ namespace Bit.Core.Services
await _mailDeliveryService.SendEmailAsync(message); await _mailDeliveryService.SendEmailAsync(message);
} }
public async Task SendRecoverTwoFactorEmail(string email, DateTime timestamp, string ip)
{
var message = CreateDefaultMessage($"Recover 2FA From {ip}", email);
var model = new RecoverTwoFactorModel
{
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
SiteName = _globalSettings.SiteName,
TheDate = timestamp.ToLongDateString(),
TheTime = timestamp.ToShortTimeString(),
TimeZone = "UTC",
IpAddress = ip
};
await AddMessageContentAsync(message, "RecoverTwoFactor", model);
message.Category = "RecoverTwoFactor";
await _mailDeliveryService.SendEmailAsync(message);
}
private MailMessage CreateDefaultMessage(string subject, string toEmail) private MailMessage CreateDefaultMessage(string subject, string toEmail)
{ {
return CreateDefaultMessage(subject, new List<string> { toEmail }); return CreateDefaultMessage(subject, new List<string> { toEmail });

1
src/Core/Services/Implementations/UserService.cs
View File

@ -674,6 +674,7 @@ namespace Bit.Core.Services
user.TwoFactorProviders = null; user.TwoFactorProviders = null;
user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false); user.TwoFactorRecoveryCode = CoreHelpers.SecureRandomString(32, upper: false, special: false);
await SaveUserAsync(user); await SaveUserAsync(user);
await _mailService.SendRecoverTwoFactorEmail(user.Email, DateTime.UtcNow, _currentContext.IpAddress);
await _eventService.LogUserEventAsync(user.Id, EventType.User_Recovered2fa); await _eventService.LogUserEventAsync(user.Id, EventType.User_Recovered2fa);
return true; return true;

5
src/Core/Services/NoopImplementations/NoopMailService.cs
View File

@ -87,5 +87,10 @@ namespace Bit.Core.Services
{ {
return Task.FromResult(0); return Task.FromResult(0);
} }
public Task SendRecoverTwoFactorEmail(string email, DateTime timestamp, string ip)
{
return Task.FromResult(0);
}
} }
} }