nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Update UserDecryptionOptions.cs to add BuildOpaqueOption

Browse Source
This commit is contained in:
Jared Snider 2025-03-20 14:18:35 -04:00
parent 9b7c14c2df
commit 2741b04e88
No known key found for this signature in database
GPG Key ID: A149DDD612516286
2 changed files with 61 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/Core/Auth/Models/Api/Response/UserDecryptionOptions.cs
View File

@ -5,7 +5,6 @@ using Bit.Core.Models.Api;
namespace Bit.Core.Auth.Models.Api.Response; namespace Bit.Core.Auth.Models.Api.Response;
// TODO: in order to support opaque decryption via export key, we must update this to have a new option for opaque
public class UserDecryptionOptions : ResponseModel public class UserDecryptionOptions : ResponseModel
{ {
public UserDecryptionOptions() : base("userDecryptionOptions") public UserDecryptionOptions() : base("userDecryptionOptions")
@ -30,10 +29,16 @@ public class UserDecryptionOptions : ResponseModel
public TrustedDeviceUserDecryptionOption? TrustedDeviceOption { get; set; } public TrustedDeviceUserDecryptionOption? TrustedDeviceOption { get; set; }
/// <summary> /// <summary>
/// Gets or set information about the current users KeyConnector setup. /// Gets or sets information about the current users KeyConnector setup.
/// </summary> /// </summary>
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
public KeyConnectorUserDecryptionOption? KeyConnectorOption { get; set; } public KeyConnectorUserDecryptionOption? KeyConnectorOption { get; set; }
/// <summary>
/// Gets or sets information about the current OPAQUE setup.
/// </summary>
[JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
public OpaqueUserDecryptionOption? OpaqueOption { get; set; }
} }
public class WebAuthnPrfDecryptionOption public class WebAuthnPrfDecryptionOption
@ -84,3 +89,18 @@ public class KeyConnectorUserDecryptionOption
KeyConnectorUrl = keyConnectorUrl; KeyConnectorUrl = keyConnectorUrl;
} }
} }
public class OpaqueUserDecryptionOption
{
public string EncryptedPrivateKey { get; }
public string EncryptedUserKey { get; }
public OpaqueUserDecryptionOption(
string encryptedPrivateKey,
string encryptedUserKey)
{
EncryptedPrivateKey = encryptedPrivateKey;
EncryptedUserKey = encryptedUserKey;
}
}

41
src/Identity/IdentityServer/UserDecryptionOptionsBuilder.cs
View File

@ -1,11 +1,14 @@
using Bit.Core.Auth.Entities; using Bit.Core;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Enums; using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Api.Response; using Bit.Core.Auth.Models.Api.Response;
using Bit.Core.Auth.Repositories;
using Bit.Core.Auth.Utilities; using Bit.Core.Auth.Utilities;
using Bit.Core.Context; using Bit.Core.Context;
using Bit.Core.Entities; using Bit.Core.Entities;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core.Repositories; using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Identity.Utilities; using Bit.Identity.Utilities;
namespace Bit.Identity.IdentityServer; namespace Bit.Identity.IdentityServer;
@ -21,6 +24,8 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
private readonly ICurrentContext _currentContext; private readonly ICurrentContext _currentContext;
private readonly IDeviceRepository _deviceRepository; private readonly IDeviceRepository _deviceRepository;
private readonly IOrganizationUserRepository _organizationUserRepository; private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IFeatureService _featureService;
private readonly IOpaqueKeyExchangeCredentialRepository _opaqueKeyExchangeCredentialRepository;
private UserDecryptionOptions _options = new UserDecryptionOptions(); private UserDecryptionOptions _options = new UserDecryptionOptions();
private User? _user; private User? _user;
@ -30,12 +35,16 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
public UserDecryptionOptionsBuilder( public UserDecryptionOptionsBuilder(
ICurrentContext currentContext, ICurrentContext currentContext,
IDeviceRepository deviceRepository, IDeviceRepository deviceRepository,
IOrganizationUserRepository organizationUserRepository IOrganizationUserRepository organizationUserRepository,
IFeatureService featureService,
IOpaqueKeyExchangeCredentialRepository opaqueKeyExchangeCredentialRepository
) )
{ {
_currentContext = currentContext; _currentContext = currentContext;
_deviceRepository = deviceRepository; _deviceRepository = deviceRepository;
_organizationUserRepository = organizationUserRepository; _organizationUserRepository = organizationUserRepository;
_featureService = featureService;
_opaqueKeyExchangeCredentialRepository = opaqueKeyExchangeCredentialRepository;
} }
public IUserDecryptionOptionsBuilder ForUser(User user) public IUserDecryptionOptionsBuilder ForUser(User user)
@ -70,6 +79,7 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
{ {
BuildKeyConnectorOptions(); BuildKeyConnectorOptions();
await BuildTrustedDeviceOptions(); await BuildTrustedDeviceOptions();
await BuildOpaqueOption();
return _options; return _options;
} }
@ -151,4 +161,31 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
encryptedPrivateKey, encryptedPrivateKey,
encryptedUserKey); encryptedUserKey);
} }
private async Task BuildOpaqueOption()
{
if (!_featureService.IsEnabled(FeatureFlagKeys.OpaqueKeyExchange))
{
return;
}
if (_user == null)
{
return;
}
var credential = await _opaqueKeyExchangeCredentialRepository.GetByUserIdAsync(_user.Id);
if (credential == null)
{
return;
}
_options.OpaqueOption = new OpaqueUserDecryptionOption(
credential.EncryptedPrivateKey,
credential.EncryptedUserKey
);
}
} }