nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

premium checks on 2fa providers

Browse Source
This commit is contained in:
Kyle Spearrin 2017-07-06 16:56:12 -04:00
parent 99c1d68f5a
commit 295d6510a9
7 changed files with 79 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Core/Identity/DuoTokenProvider.cs
View File

@ -12,6 +12,11 @@ namespace Bit.Core.Identity
{
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult(false);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo)
&& !string.IsNullOrWhiteSpace((string)provider?.MetaData["UserId"]);
@ -22,6 +27,11 @@ namespace Bit.Core.Identity
/// <param name="purpose">Ex: "auto", "push", "passcode:123456", "sms", "phone"</param>
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult<string>(null);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
var duoClient = new DuoApi((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
(string)provider.MetaData["Host"]);
@ -61,6 +71,11 @@ namespace Bit.Core.Identity
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
{
if(!user.Premium)
{
return false;
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
var duoClient = new DuoApi((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
(string)provider.MetaData["Host"]);

15
src/Core/Identity/DuoWebTokenProvider.cs
View File

@ -19,6 +19,11 @@ namespace Bit.Core.Identity
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult(false);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo) && HasProperMetaData(provider);
return Task.FromResult(canGenerate);
@ -26,6 +31,11 @@ namespace Bit.Core.Identity
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult<string>(null);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
if(!HasProperMetaData(provider))
{
@ -39,6 +49,11 @@ namespace Bit.Core.Identity
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult(false);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
if(!HasProperMetaData(provider))
{

12
src/Core/Identity/U2fTokenProvider.cs
View File

@ -28,6 +28,11 @@ namespace Bit.Core.Identity
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult(false);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.U2f) && HasProperMetaData(provider);
return Task.FromResult(canGenerate);
@ -35,6 +40,11 @@ namespace Bit.Core.Identity
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
{
if(!user.Premium)
{
return null;
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
if(!HasProperMetaData(provider))
{
@ -88,7 +98,7 @@ namespace Bit.Core.Identity
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
{
if(string.IsNullOrWhiteSpace(token))
if(!user.Premium || string.IsNullOrWhiteSpace(token))
{
return false;
}

10
src/Core/Identity/YubicoOtpTokenProvider.cs
View File

@ -18,6 +18,11 @@ namespace Bit.Core.Identity
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult(false);
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.YubiKey);
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.YubiKey)
&& (provider?.MetaData.Values.Any(v => !string.IsNullOrWhiteSpace((string)v)) ?? false);
@ -32,6 +37,11 @@ namespace Bit.Core.Identity
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
{
if(!user.Premium)
{
return Task.FromResult(false);
}
if(string.IsNullOrWhiteSpace(token) || token.Length != 44)
{
return Task.FromResult(false);

12
src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -122,7 +122,7 @@ namespace Bit.Core.IdentityServer
{
var providerKeys = new List<byte>();
var providers = new Dictionary<byte, Dictionary<string, object>>();
var enabledProviders = user.GetTwoFactorProviders()?.Where(p => p.Value.Enabled);
var enabledProviders = user.GetTwoFactorProviders()?.Where(p => user.TwoFactorProviderIsEnabled(p.Key));
if(enabledProviders == null)
{
BuildErrorResult(false, context);
@ -192,6 +192,11 @@ namespace Bit.Core.IdentityServer
private async Task<bool> VerifyTwoFactor(User user, TwoFactorProviderType type, string token)
{
if(!user.TwoFactorProviderIsEnabled(type))
{
return false;
}
switch(type)
{
case TwoFactorProviderType.Authenticator:
@ -210,6 +215,11 @@ namespace Bit.Core.IdentityServer
private async Task<Dictionary<string, object>> BuildTwoFactorParams(User user, TwoFactorProviderType type,
TwoFactorProvider provider)
{
if(!user.TwoFactorProviderIsEnabled(type))
{
return null;
}
switch(type)
{
case TwoFactorProviderType.Duo:

4
src/Core/Models/Table/User.cs
View File

@ -90,7 +90,7 @@ namespace Bit.Core.Models.Table
return false;
}
return providers[provider].Enabled;
return providers[provider].Enabled && (Premium || !TwoFactorProvider.RequiresPremium(provider));
}
public bool TwoFactorIsEnabled()
@ -101,7 +101,7 @@ namespace Bit.Core.Models.Table
return false;
}
return providers.Any(p => p.Value?.Enabled ?? false);
return providers.Any(p => (p.Value?.Enabled ?? false) && (Premium || !TwoFactorProvider.RequiresPremium(p.Key)));
}
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)

16
src/Core/Models/TwoFactorProvider.cs
View File

@ -1,4 +1,5 @@
using Newtonsoft.Json;
using Bit.Core.Enums;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using U2F.Core.Utils;
@ -38,5 +39,18 @@ namespace Bit.Core.Models
public uint Counter { get; set; }
public bool Compromised { get; set; }
}
public static bool RequiresPremium(TwoFactorProviderType type)
{
switch(type)
{
case TwoFactorProviderType.Duo:
case TwoFactorProviderType.YubiKey:
case TwoFactorProviderType.U2f:
return true;
default:
return false;
}
}
}
}