refactor to a new two-factor controller

2025-07-02 00:22:50 -05:00 · 2017-06-19 22:08:10 -04:00
parent 5a67df60de
commit 3b5b24531b
14 changed files with 411 additions and 152 deletions
--- a/src/Api/Controllers/AccountsController.cs
+++ b/src/Api/Controllers/AccountsController.cs
@ -248,68 +248,6 @@ namespace Bit.Api.Controllers
            return revisionDate;
        }

-        [HttpGet("two-factor")]
-        public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider)
-        {
-            var user = await _userService.GetUserByPrincipalAsync(User);
-            if(user == null)
-            {
-                throw new UnauthorizedAccessException();
-            }
-
-            if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
-            {
-                await Task.Delay(2000);
-                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
-            }
-
-            await _userService.SetupTwoFactorAsync(user, provider);
-
-            var response = new TwoFactorResponseModel(user);
-            return response;
-        }
-
-        [Obsolete]
-        [HttpPut("two-factor")]
-        [HttpPost("two-factor")]
-        public async Task<TwoFactorResponseModel> PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model)
-        {
-            var user = await _userService.GetUserByPrincipalAsync(User);
-            if(user == null)
-            {
-                throw new UnauthorizedAccessException();
-            }
-
-            if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
-            {
-                await Task.Delay(2000);
-                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
-            }
-
-            if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
-            {
-                await Task.Delay(2000);
-                throw new BadRequestException("Token", "Invalid token.");
-            }
-
-            user.TwoFactorEnabled = model.Enabled.Value;
-            await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Authenticator);
-
-            var response = new TwoFactorResponseModel(user);
-            return response;
-        }
-
-        [HttpPost("two-factor-recover")]
-        [AllowAnonymous]
-        public async Task PostTwoFactorRecover([FromBody]RecoverTwoFactorRequestModel model)
-        {
-            if(!await _userService.RecoverTwoFactorAsync(model.Email, model.MasterPasswordHash, model.RecoveryCode))
-            {
-                await Task.Delay(2000);
-                throw new BadRequestException(string.Empty, "Invalid information. Try again.");
-            }
-        }
-
        [HttpPut("keys")]
        [HttpPost("keys")]
        public async Task<KeysResponseModel> PutKeys([FromBody]KeysRequestModel model)
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -0,0 +1,166 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Bit.Core.Models.Api;
+using Bit.Core.Exceptions;
+using Bit.Core.Services;
+using Microsoft.AspNetCore.Identity;
+using Bit.Core.Models.Table;
+using Bit.Core.Enums;
+using System.Linq;
+
+namespace Bit.Api.Controllers
+{
+    [Route("two-factor")]
+    [Authorize("Application")]
+    public class TwoFactorController : Controller
+    {
+        private readonly IUserService _userService;
+        private readonly UserManager<User> _userManager;
+
+        public TwoFactorController(
+            IUserService userService,
+            UserManager<User> userManager)
+        {
+            _userService = userService;
+            _userManager = userManager;
+        }
+
+        [HttpGet("")]
+        public async Task<ListResponseModel<TwoFactorProviderResponseModel>> Get()
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if(user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            var providers = user.GetTwoFactorProviders().Select(p => new TwoFactorProviderResponseModel(p.Key, p.Value));
+            return new ListResponseModel<TwoFactorProviderResponseModel>(providers);
+        }
+
+        [HttpPost("get-authenticator")]
+        public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator([FromBody]TwoFactorRequestModel model)
+        {
+            var user = await GetProviderAsync(model, TwoFactorProviderType.Authenticator);
+            var response = new TwoFactorAuthenticatorResponseModel(user);
+            return response;
+        }
+
+        [HttpPut("authenticator")]
+        [HttpPost("authenticator")]
+        public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
+            [FromBody]UpdateTwoFactorAuthenticatorRequestModel model)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if(user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
+            }
+
+            if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("Token", "Invalid token.");
+            }
+
+            await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Authenticator);
+            var response = new TwoFactorAuthenticatorResponseModel(user);
+            return response;
+        }
+
+        [HttpPost("get-email")]
+        public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody]TwoFactorRequestModel model)
+        {
+            var user = await GetProviderAsync(model, TwoFactorProviderType.Email);
+            var response = new TwoFactorEmailResponseModel(user);
+            return response;
+        }
+
+        [HttpPut("email")]
+        [HttpPost("email")]
+        public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if(user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
+            }
+
+            if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Email.ToString(), model.Token))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("Token", "Invalid token.");
+            }
+
+            await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
+
+            var response = new TwoFactorEmailResponseModel(user);
+            return response;
+        }
+
+        [HttpPut("disable")]
+        [HttpPost("disable")]
+        public async Task<TwoFactorEmailResponseModel> PutDisable([FromBody]TwoFactorProviderRequestModel model)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if(user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
+            }
+
+            await _userService.DisableTwoFactorProviderAsync(user, model.Type.Value);
+
+            var response = new TwoFactorEmailResponseModel(user);
+            return response;
+        }
+
+        [HttpPost("recover")]
+        [AllowAnonymous]
+        public async Task PostTwoFactorRecover([FromBody]TwoFactorRecoveryRequestModel model)
+        {
+            if(!await _userService.RecoverTwoFactorAsync(model.Email, model.MasterPasswordHash, model.RecoveryCode))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException(string.Empty, "Invalid information. Try again.");
+            }
+        }
+
+        private async Task<User> GetProviderAsync(TwoFactorRequestModel model, TwoFactorProviderType type)
+        {
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            if(user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
+            {
+                await Task.Delay(2000);
+                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
+            }
+
+            await _userService.SetupTwoFactorAsync(user, type);
+            return user;
+        }
+    }
+}