refactor to a new two-factor controller

2025-07-02 16:42:50 -05:00 · 2017-06-19 22:08:10 -04:00
parent 5a67df60de
commit 3b5b24531b
14 changed files with 411 additions and 152 deletions
--- a/src/Core/Models/Api/Request/Accounts/RecoverTwoFactorRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/RecoverTwoFactorRequestModel.cs
@ -1,18 +0,0 @@
-using System.Collections.Generic;
-using System.ComponentModel.DataAnnotations;
-
-namespace Bit.Core.Models.Api
-{
-    public class RecoverTwoFactorRequestModel
-    {
-        [Required]
-        [EmailAddress]
-        [StringLength(50)]
-        public string Email { get; set; }
-        [Required]
-        public string MasterPasswordHash { get; set; }
-        [Required]
-        [StringLength(32)]
-        public string RecoveryCode { get; set; }
-    }
-}
--- a/src/Core/Models/Api/Request/Accounts/UpdateTwoFactorRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/UpdateTwoFactorRequestModel.cs
@ -1,16 +0,0 @@
-using System.Collections.Generic;
-using System.ComponentModel.DataAnnotations;
-
-namespace Bit.Core.Models.Api
-{
-    public class UpdateTwoFactorRequestModel
-    {
-        [Required]
-        public string MasterPasswordHash { get; set; }
-        [Required]
-        public bool? Enabled { get; set; }
-        [Required]
-        [StringLength(50)]
-        public string Token { get; set; }
-    }
-}
--- a/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
+++ b/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
@ -0,0 +1,80 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Core.Models.Api
+{
+    public class UpdateTwoFactorAuthenticatorRequestModel : TwoFactorRequestModel
+    {
+        [Required]
+        [StringLength(50)]
+        public string Token { get; set; }
+    }
+
+    public class UpdateTwoFactorDuoRequestModel : TwoFactorRequestModel
+    {
+        [Required]
+        [StringLength(50)]
+        public string IntegrationKey { get; set; }
+        [Required]
+        [StringLength(50)]
+        public string SecretKey { get; set; }
+        [Required]
+        [StringLength(50)]
+        public string Host { get; set; }
+    }
+
+    public class UpdateTwoFactorYubicoOtpRequestModel : TwoFactorRequestModel, IValidatableObject
+    {
+        public string Key1 { get; set; }
+        public string Key2 { get; set; }
+        public string Key3 { get; set; }
+        public string Key4 { get; set; }
+        public string Key5 { get; set; }
+
+        public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+        {
+            if(string.IsNullOrWhiteSpace(Key1) && string.IsNullOrWhiteSpace(Key2) && string.IsNullOrWhiteSpace(Key3) &&
+                string.IsNullOrWhiteSpace(Key4) && string.IsNullOrWhiteSpace(Key5))
+            {
+                yield return new ValidationResult("A Key is required.", new string[] { nameof(Key1) });
+            }
+        }
+    }
+
+    public class UpdateTwoFactorEmailRequestModel : TwoFactorRequestModel
+    {
+        [Required]
+        [EmailAddress]
+        [StringLength(50)]
+        public string Email { get; set; }
+        [Required]
+        [StringLength(50)]
+        public string Token { get; set; }
+    }
+
+    public class TwoFactorProviderRequestModel : TwoFactorRequestModel
+    {
+        [Required]
+        public Enums.TwoFactorProviderType? Type { get; set; }
+    }
+
+    public class TwoFactorRequestModel
+    {
+        [Required]
+        public string MasterPasswordHash { get; set; }
+    }
+
+    public class TwoFactorRecoveryRequestModel
+    {
+        [Required]
+        [EmailAddress]
+        [StringLength(50)]
+        public string Email { get; set; }
+        [Required]
+        public string MasterPasswordHash { get; set; }
+        [Required]
+        [StringLength(32)]
+        public string RecoveryCode { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/ProfileResponseModel.cs
+++ b/src/Core/Models/Api/Response/ProfileResponseModel.cs
@ -3,7 +3,6 @@ using Bit.Core.Models.Table;
 using System.Collections.Generic;
 using System.Linq;
 using Bit.Core.Models.Data;
-using Bit.Core.Enums;

 namespace Bit.Core.Models.Api
 {
--- a/src/Core/Models/Api/Response/TwoFactor/TwoFactorAuthenticatorResponseModel.cs
+++ b/src/Core/Models/Api/Response/TwoFactor/TwoFactorAuthenticatorResponseModel.cs
@ -0,0 +1,32 @@
+using System;
+using Bit.Core.Enums;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api
+{
+    public class TwoFactorAuthenticatorResponseModel : ResponseModel
+    {
+        public TwoFactorAuthenticatorResponseModel(User user)
+            : base("twoFactorAuthenticator")
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Authenticator);
+            if(provider?.MetaData?.ContainsKey("Key") ?? false)
+            {
+                Key = provider.MetaData["Key"];
+                Enabled = provider.Enabled;
+            }
+            else
+            {
+                Enabled = false;
+            }
+        }
+
+        public bool Enabled { get; set; }
+        public string Key { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/TwoFactor/TwoFactorEmailResponseModel.cs
+++ b/src/Core/Models/Api/Response/TwoFactor/TwoFactorEmailResponseModel.cs
@ -0,0 +1,32 @@
+using System;
+using Bit.Core.Enums;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api
+{
+    public class TwoFactorEmailResponseModel : ResponseModel
+    {
+        public TwoFactorEmailResponseModel(User user)
+            : base("twoFactorEmail")
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
+            if(provider?.MetaData?.ContainsKey("Email") ?? false)
+            {
+                Email = provider.MetaData["Email"];
+                Enabled = provider.Enabled;
+            }
+            else
+            {
+                Enabled = false;
+            }
+        }
+
+        public bool Enabled { get; set; }
+        public string Email { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/TwoFactor/TwoFactorProviderResponseModel.cs
+++ b/src/Core/Models/Api/Response/TwoFactor/TwoFactorProviderResponseModel.cs
@ -0,0 +1,23 @@
+using System;
+using Bit.Core.Enums;
+
+namespace Bit.Core.Models.Api
+{
+    public class TwoFactorProviderResponseModel : ResponseModel
+    {
+        public TwoFactorProviderResponseModel(TwoFactorProviderType type, TwoFactorProvider provider)
+            : base("twoFactorProvider")
+        {
+            if(provider == null)
+            {
+                throw new ArgumentNullException(nameof(provider));
+            }
+
+            Enabled = provider.Enabled;
+            Type = type;
+        }
+
+        public bool Enabled { get; set; }
+        public TwoFactorProviderType Type { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs
+++ b/src/Core/Models/Api/Response/TwoFactor/TwoFactorYubiKeyResponseModel.cs
@ -0,0 +1,56 @@
+using System;
+using Bit.Core.Enums;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api
+{
+    public class TwoFactorYubiKeyResponseModel : ResponseModel
+    {
+        public TwoFactorYubiKeyResponseModel(User user)
+            : base("twoFactorYubiKey")
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
+            if(provider?.MetaData != null && provider.MetaData.Count > 0)
+            {
+                Enabled = provider.Enabled;
+
+                if(provider.MetaData.ContainsKey("Key1"))
+                {
+                    Key1 = provider.MetaData["Key1"];
+                }
+                if(provider.MetaData.ContainsKey("Key2"))
+                {
+                    Key2 = provider.MetaData["Key2"];
+                }
+                if(provider.MetaData.ContainsKey("Key3"))
+                {
+                    Key1 = provider.MetaData["Key3"];
+                }
+                if(provider.MetaData.ContainsKey("Key4"))
+                {
+                    Key4 = provider.MetaData["Key4"];
+                }
+                if(provider.MetaData.ContainsKey("Key5"))
+                {
+                    Key5 = provider.MetaData["Key5"];
+                }
+            }
+            else
+            {
+                Enabled = false;
+            }
+        }
+
+        public bool Enabled { get; set; }
+        public string Key1 { get; set; }
+        public string Key2 { get; set; }
+        public string Key3 { get; set; }
+        public string Key4 { get; set; }
+        public string Key5 { get; set; }
+    }
+}
--- a/src/Core/Models/Api/Response/TwoFactorResponseModel.cs
+++ b/src/Core/Models/Api/Response/TwoFactorResponseModel.cs
@ -1,45 +0,0 @@
-using System;
-using Bit.Core.Models.Table;
-using Bit.Core.Enums;
-
-namespace Bit.Core.Models.Api
-{
-    public class TwoFactorResponseModel : ResponseModel
-    {
-        public TwoFactorResponseModel(User user)
-            : base("twoFactor")
-        {
-            if(user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            var providers = user.GetTwoFactorProviders();
-            if(user.TwoFactorProvider.HasValue && providers.ContainsKey(user.TwoFactorProvider.Value))
-            {
-                var provider = providers[user.TwoFactorProvider.Value];
-                switch(user.TwoFactorProvider.Value)
-                {
-                    case TwoFactorProviderType.Authenticator:
-                        AuthenticatorKey = provider.MetaData["Key"];
-                        break;
-                    default:
-                        break;
-                }
-            }
-            else
-            {
-                TwoFactorEnabled = false;
-            }
-
-            TwoFactorEnabled = user.TwoFactorIsEnabled();
-            TwoFactorProvider = user.TwoFactorProvider;
-            TwoFactorRecoveryCode = user.TwoFactorRecoveryCode;
-        }
-
-        public bool TwoFactorEnabled { get; set; }
-        public TwoFactorProviderType? TwoFactorProvider { get; set; }
-        public string AuthenticatorKey { get; set; }
-        public string TwoFactorRecoveryCode { get; set; }
-    }
-}
--- a/src/Core/Models/TwoFactorProvider.cs
+++ b/src/Core/Models/TwoFactorProvider.cs
@ -1,12 +1,10 @@
-using Bit.Core.Enums;
-using System.Collections.Generic;
+using System.Collections.Generic;

 namespace Bit.Core.Models
 {
    public class TwoFactorProvider
    {
        public bool Enabled { get; set; }
-        public bool Remember { get; set; }
        public Dictionary<string, string> MetaData { get; set; } = new Dictionary<string, string>();
    }
 }
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@ -28,6 +28,7 @@ namespace Bit.Core.Services
        Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
        Task SetupTwoFactorAsync(User user, TwoFactorProviderType provider);
        Task UpdateTwoFactorProviderAsync(User user, TwoFactorProviderType type);
+        Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type);
        Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);
        Task<string> GenerateUserTokenAsync(User user, string tokenProvider, string purpose);
        Task<IdentityResult> DeleteAsync(User user);
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -319,8 +319,7 @@ namespace Bit.Core.Services
        public async Task SetupTwoFactorAsync(User user, TwoFactorProviderType provider)
        {
            var providers = user.GetTwoFactorProviders();
-            if(providers != null && providers.ContainsKey(provider) && providers[provider].Enabled &&
-                user.TwoFactorProvider.HasValue && user.TwoFactorProvider.Value == provider)
+            if(providers != null && providers.ContainsKey(provider) && providers[provider].MetaData != null)
            {
                switch(provider)
                {
@ -355,8 +354,7 @@ namespace Bit.Core.Services
            {
                case TwoFactorProviderType.Authenticator:
                    var key = KeyGeneration.GenerateRandomKey(20);
-                    providerInfo.MetaData["Key"] = Base32Encoding.ToString(key);
-                    providerInfo.Remember = true;
+                    providerInfo.MetaData = new Dictionary<string, string> { ["Key"] = Base32Encoding.ToString(key) };
                    break;
                default:
                    throw new ArgumentException(nameof(provider));
@ -375,11 +373,26 @@ namespace Bit.Core.Services
                return;
            }

-            providers[type].Enabled = user.TwoFactorEnabled;
+            providers[type].Enabled = true;
            user.SetTwoFactorProviders(providers);

-            user.TwoFactorProvider = type;
-            user.TwoFactorRecoveryCode = user.TwoFactorIsEnabled() ? Guid.NewGuid().ToString("N") : null;
+            if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
+            {
+                user.TwoFactorRecoveryCode = Guid.NewGuid().ToString("N");
+            }
+            await SaveUserAsync(user);
+        }
+
+        public async Task DisableTwoFactorProviderAsync(User user, TwoFactorProviderType type)
+        {
+            var providers = user.GetTwoFactorProviders();
+            if(!providers?.ContainsKey(type) ?? true)
+            {
+                return;
+            }
+
+            providers.Remove(type);
+            user.SetTwoFactorProviders(providers);
            await SaveUserAsync(user);
        }