remember two factor token

2025-04-06 05:28:15 -05:00 · 2017-06-23 10:08:29 -04:00 · 2017-06-23 10:08:29 -04:00 · 15dcb43f44
commit 15dcb43f44
parent c069fad4e7
4 changed files with 42 additions and 3 deletions
--- a/src/Core/Enums/TwoFactorProviderType.cs
+++ b/src/Core/Enums/TwoFactorProviderType.cs
@ -6,6 +6,7 @@
        Email = 1,
        Duo = 2,
        YubiKey = 3,
-        U2f = 4
+        U2f = 4,
+        Remember = 5
    }
 }
--- a/src/Core/Identity/TwoFactorRememberTokenProvider.cs
+++ b/src/Core/Identity/TwoFactorRememberTokenProvider.cs
@ -0,0 +1,21 @@
+using Microsoft.AspNetCore.Identity;
+using Bit.Core.Models.Table;
+using Microsoft.Extensions.Options;
+using Microsoft.AspNetCore.DataProtection;
+
+namespace Bit.Core.Identity
+{
+    public class TwoFactorRememberTokenProvider : DataProtectorTokenProvider<User>
+    {
+        private readonly GlobalSettings _globalSettings;
+
+        public TwoFactorRememberTokenProvider(
+            IDataProtectionProvider dataProtectionProvider,
+            IOptions<TwoFactorRememberTokenProviderOptions> options)
+            : base(dataProtectionProvider, options)
+        { }
+    }
+
+    public class TwoFactorRememberTokenProviderOptions : DataProtectionTokenProviderOptions
+    { }
+}
--- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
@ -38,6 +38,7 @@ namespace Bit.Core.IdentityServer
        {
            var twoFactorToken = context.Request.Raw["TwoFactorToken"]?.ToString();
            var twoFactorProvider = context.Request.Raw["TwoFactorProvider"]?.ToString();
+            var twoFactorRemember = context.Request.Raw["TwoFactorRemember"]?.ToString() == "1";
            var twoFactorRequest = !string.IsNullOrWhiteSpace(twoFactorToken) && !string.IsNullOrWhiteSpace(twoFactorProvider);

            if(!string.IsNullOrWhiteSpace(context.UserName))
@ -63,7 +64,8 @@ namespace Bit.Core.IdentityServer
                        if(!twoFactorRequest || await VerifyTwoFactor(user, twoFactorProviderType, twoFactorToken))
                        {
                            var device = await SaveDeviceAsync(user, context);
-                            BuildSuccessResult(user, context, device);
+                            await BuildSuccessResultAsync(user, context, device, twoFactorRequest,
+                                twoFactorProviderType, twoFactorRemember);
                            return;
                        }
                    }
@ -74,7 +76,8 @@ namespace Bit.Core.IdentityServer
            BuildErrorResult(twoFactorRequest, context);
        }

-        private void BuildSuccessResult(User user, ResourceOwnerPasswordValidationContext context, Device device)
+        private async Task BuildSuccessResultAsync(User user, ResourceOwnerPasswordValidationContext context, Device device,
+            bool twoFactorRequest, TwoFactorProviderType twoFactorProviderType, bool twoFactorRemember)
        {
            var claims = new List<Claim>();

@ -94,6 +97,12 @@ namespace Bit.Core.IdentityServer
                customResponse.Add("Key", user.Key);
            }

+            if(twoFactorRequest && twoFactorRemember)
+            {
+                var token = await _userManager.GenerateTwoFactorTokenAsync(user, TwoFactorProviderType.Remember.ToString());
+                customResponse.Add("TwoFactorToken", token);
+            }
+
            context.Result = new GrantValidationResult(user.Id.ToString(), "Application",
                identityProvider: "bitwarden",
                claims: claims.Count > 0 ? claims : null,
@ -167,6 +176,7 @@ namespace Bit.Core.IdentityServer
                case TwoFactorProviderType.Duo:
                case TwoFactorProviderType.YubiKey:
                case TwoFactorProviderType.U2f:
+                case TwoFactorProviderType.Remember:
                    return await _userManager.VerifyTwoFactorTokenAsync(user, type.ToString(), token);
                case TwoFactorProviderType.Email:
                    return await _userService.VerifyTwoFactorEmailAsync(user, token);
--- a/src/Core/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Core/Utilities/ServiceCollectionExtensions.cs
@ -14,6 +14,7 @@ using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.WindowsAzure.Storage;
+using System;
 using SqlServerRepos = Bit.Core.Repositories.SqlServer;

 namespace Bit.Core.Utilities
@ -71,6 +72,11 @@ namespace Bit.Core.Utilities
        {
            services.AddTransient<ILookupNormalizer, LowerInvariantLookupNormalizer>();

+            services.Configure<TwoFactorRememberTokenProviderOptions>(options =>
+            {
+                options.TokenLifespan = TimeSpan.FromDays(30);
+            });
+
            var identityBuilder = services.AddIdentity<User, Role>(options =>
            {
                options.User = new UserOptions
@ -102,6 +108,7 @@ namespace Bit.Core.Utilities
                .AddTokenProvider<YubicoOtpTokenProvider>(TwoFactorProviderType.YubiKey.ToString())
                .AddTokenProvider<DuoWebTokenProvider>(TwoFactorProviderType.Duo.ToString())
                .AddTokenProvider<U2fTokenProvider>(TwoFactorProviderType.U2f.ToString())
+                .AddTokenProvider<TwoFactorRememberTokenProvider>(TwoFactorProviderType.Remember.ToString())
                .AddTokenProvider<EmailTokenProvider<User>>(TokenOptions.DefaultEmailProvider);

            return identityBuilder;