mirror of
https://github.com/bitwarden/server.git
synced 2025-04-11 08:08:14 -05:00
premium checks on 2fa providers
This commit is contained in:
Kyle Spearrin
parent
99c1d68f5a
commit
295d6510a9
@ -12,6 +12,11 @@ namespace Bit.Core.Identity
|
|||||||
{
|
{
|
||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo)
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo)
|
||||||
&& !string.IsNullOrWhiteSpace((string)provider?.MetaData["UserId"]);
|
&& !string.IsNullOrWhiteSpace((string)provider?.MetaData["UserId"]);
|
||||||
@ -22,6 +27,11 @@ namespace Bit.Core.Identity
|
|||||||
/// <param name="purpose">Ex: "auto", "push", "passcode:123456", "sms", "phone"</param>
|
/// <param name="purpose">Ex: "auto", "push", "passcode:123456", "sms", "phone"</param>
|
||||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult<string>(null);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
var duoClient = new DuoApi((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
|
var duoClient = new DuoApi((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
|
||||||
(string)provider.MetaData["Host"]);
|
(string)provider.MetaData["Host"]);
|
||||||
@ -61,6 +71,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
var duoClient = new DuoApi((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
|
var duoClient = new DuoApi((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
|
||||||
(string)provider.MetaData["Host"]);
|
(string)provider.MetaData["Host"]);
|
||||||
|
|||||||
@ -19,6 +19,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo) && HasProperMetaData(provider);
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.Duo) && HasProperMetaData(provider);
|
||||||
return Task.FromResult(canGenerate);
|
return Task.FromResult(canGenerate);
|
||||||
@ -26,6 +31,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult<string>(null);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
if(!HasProperMetaData(provider))
|
if(!HasProperMetaData(provider))
|
||||||
{
|
{
|
||||||
@ -39,6 +49,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
if(!HasProperMetaData(provider))
|
if(!HasProperMetaData(provider))
|
||||||
{
|
{
|
||||||
|
|||||||
@ -28,6 +28,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.U2f) && HasProperMetaData(provider);
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.U2f) && HasProperMetaData(provider);
|
||||||
return Task.FromResult(canGenerate);
|
return Task.FromResult(canGenerate);
|
||||||
@ -35,6 +40,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
|
||||||
if(!HasProperMetaData(provider))
|
if(!HasProperMetaData(provider))
|
||||||
{
|
{
|
||||||
@ -88,7 +98,7 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
if(string.IsNullOrWhiteSpace(token))
|
if(!user.Premium || string.IsNullOrWhiteSpace(token))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,6 +18,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.YubiKey);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.YubiKey);
|
||||||
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.YubiKey)
|
var canGenerate = user.TwoFactorProviderIsEnabled(TwoFactorProviderType.YubiKey)
|
||||||
&& (provider?.MetaData.Values.Any(v => !string.IsNullOrWhiteSpace((string)v)) ?? false);
|
&& (provider?.MetaData.Values.Any(v => !string.IsNullOrWhiteSpace((string)v)) ?? false);
|
||||||
@ -32,6 +37,11 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
public Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
|
if(!user.Premium)
|
||||||
|
{
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
if(string.IsNullOrWhiteSpace(token) || token.Length != 44)
|
if(string.IsNullOrWhiteSpace(token) || token.Length != 44)
|
||||||
{
|
{
|
||||||
return Task.FromResult(false);
|
return Task.FromResult(false);
|
||||||
|
|||||||
@ -122,7 +122,7 @@ namespace Bit.Core.IdentityServer
|
|||||||
{
|
{
|
||||||
var providerKeys = new List<byte>();
|
var providerKeys = new List<byte>();
|
||||||
var providers = new Dictionary<byte, Dictionary<string, object>>();
|
var providers = new Dictionary<byte, Dictionary<string, object>>();
|
||||||
var enabledProviders = user.GetTwoFactorProviders()?.Where(p => p.Value.Enabled);
|
var enabledProviders = user.GetTwoFactorProviders()?.Where(p => user.TwoFactorProviderIsEnabled(p.Key));
|
||||||
if(enabledProviders == null)
|
if(enabledProviders == null)
|
||||||
{
|
{
|
||||||
BuildErrorResult(false, context);
|
BuildErrorResult(false, context);
|
||||||
@ -192,6 +192,11 @@ namespace Bit.Core.IdentityServer
|
|||||||
|
|
||||||
private async Task<bool> VerifyTwoFactor(User user, TwoFactorProviderType type, string token)
|
private async Task<bool> VerifyTwoFactor(User user, TwoFactorProviderType type, string token)
|
||||||
{
|
{
|
||||||
|
if(!user.TwoFactorProviderIsEnabled(type))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
switch(type)
|
switch(type)
|
||||||
{
|
{
|
||||||
case TwoFactorProviderType.Authenticator:
|
case TwoFactorProviderType.Authenticator:
|
||||||
@ -210,6 +215,11 @@ namespace Bit.Core.IdentityServer
|
|||||||
private async Task<Dictionary<string, object>> BuildTwoFactorParams(User user, TwoFactorProviderType type,
|
private async Task<Dictionary<string, object>> BuildTwoFactorParams(User user, TwoFactorProviderType type,
|
||||||
TwoFactorProvider provider)
|
TwoFactorProvider provider)
|
||||||
{
|
{
|
||||||
|
if(!user.TwoFactorProviderIsEnabled(type))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
switch(type)
|
switch(type)
|
||||||
{
|
{
|
||||||
case TwoFactorProviderType.Duo:
|
case TwoFactorProviderType.Duo:
|
||||||
|
|||||||
@ -90,7 +90,7 @@ namespace Bit.Core.Models.Table
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return providers[provider].Enabled;
|
return providers[provider].Enabled && (Premium || !TwoFactorProvider.RequiresPremium(provider));
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool TwoFactorIsEnabled()
|
public bool TwoFactorIsEnabled()
|
||||||
@ -101,7 +101,7 @@ namespace Bit.Core.Models.Table
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return providers.Any(p => p.Value?.Enabled ?? false);
|
return providers.Any(p => (p.Value?.Enabled ?? false) && (Premium || !TwoFactorProvider.RequiresPremium(p.Key)));
|
||||||
}
|
}
|
||||||
|
|
||||||
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
|
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using Newtonsoft.Json;
|
using Bit.Core.Enums;
|
||||||
|
using Newtonsoft.Json;
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using U2F.Core.Utils;
|
using U2F.Core.Utils;
|
||||||
@ -38,5 +39,18 @@ namespace Bit.Core.Models
|
|||||||
public uint Counter { get; set; }
|
public uint Counter { get; set; }
|
||||||
public bool Compromised { get; set; }
|
public bool Compromised { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static bool RequiresPremium(TwoFactorProviderType type)
|
||||||
|
{
|
||||||
|
switch(type)
|
||||||
|
{
|
||||||
|
case TwoFactorProviderType.Duo:
|
||||||
|
case TwoFactorProviderType.YubiKey:
|
||||||
|
case TwoFactorProviderType.U2f:
|
||||||
|
return true;
|
||||||
|
default:
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user