nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-04 01:22:50 -05:00
Code Activity

initial commit of source

Browse Source
This commit is contained in:
Kyle Spearrin
2015-12-08 22:57:38 -05:00
commit 437b971003
87 changed files with 3819 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
src/Api/Controllers/AccountsController.cs Normal file
View File

@ -0,0 +1,210 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.DataProtection;
using Microsoft.AspNet.Mvc;
using Bit.Api.Models;
using Bit.Core.Exceptions;
using Bit.Core.Services;
using Microsoft.AspNet.Identity;
using Bit.Core.Domains;
using Bit.Core.Enums;
using Bit.Core;
using System.Security.Claims;
namespace Bit.Api.Controllers
{
[Route("accounts")]
[Authorize("Application")]
public class AccountsController : Controller
{
private readonly IUserService _userService;
private readonly UserManager<User> _userManager;
private readonly CurrentContext _currentContext;
public AccountsController(
IDataProtectionProvider dataProtectionProvider,
IUserService userService,
UserManager<User> userManager,
CurrentContext currentContext)
{
_userService = userService;
_userManager = userManager;
_currentContext = currentContext;
}
[HttpPost("register-token")]
[AllowAnonymous]
public async Task PostRegisterToken([FromBody]RegisterTokenRequestModel model)
{
await _userService.InitiateRegistrationAsync(model.Email);
}
[HttpPost("register")]
[AllowAnonymous]
public async Task PostRegister([FromBody]RegisterRequestModel model)
{
var result = await _userService.RegisterUserAsync(model.Token, model.ToUser(), model.MasterPasswordHash);
if(result.Succeeded)
{
return;
}
foreach(var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
await Task.Delay(2000);
throw new BadRequestException(ModelState);
}
[HttpPost("password-hint")]
[AllowAnonymous]
public async Task PostPasswordHint([FromBody]PasswordHintRequestModel model)
{
await _userService.SendMasterPasswordHintAsync(model.Email);
}
[HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
await _userService.InitiateEmailChangeAsync(_currentContext.User, model.NewEmail);
}
[HttpPut("email")]
public async Task PutEmail([FromBody]EmailRequestModel model)
{
// NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = CipherRequestModel.ToDynamicCiphers(model.Ciphers, User.GetUserId());
var result = await _userService.ChangeEmailAsync(
_currentContext.User,
model.MasterPasswordHash,
model.NewEmail,
model.NewMasterPasswordHash,
model.Token,
ciphers);
if(result.Succeeded)
{
return;
}
foreach(var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
await Task.Delay(2000);
throw new BadRequestException(ModelState);
}
[HttpPut("password")]
public async Task PutPassword([FromBody]PasswordRequestModel model)
{
// NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = CipherRequestModel.ToDynamicCiphers(model.Ciphers, User.GetUserId());
var result = await _userService.ChangePasswordAsync(
_currentContext.User,
model.MasterPasswordHash,
model.NewMasterPasswordHash,
ciphers);
if(result.Succeeded)
{
return;
}
foreach(var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
await Task.Delay(2000);
throw new BadRequestException(ModelState);
}
[HttpPut("security-stamp")]
public async Task PutSecurityStamp([FromBody]SecurityStampRequestModel model)
{
var result = await _userService.RefreshSecurityStampAsync(_currentContext.User, model.MasterPasswordHash);
if(result.Succeeded)
{
return;
}
foreach(var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
await Task.Delay(2000);
throw new BadRequestException(ModelState);
}
[HttpGet("profile")]
public Task<ProfileResponseModel> GetProfile()
{
var response = new ProfileResponseModel(_currentContext.User);
return Task.FromResult(response);
}
[HttpPut("profile")]
public async Task<ProfileResponseModel> PutProfile([FromBody]UpdateProfileRequestModel model)
{
await _userService.SaveUserAsync(model.ToUser(_currentContext.User));
var response = new ProfileResponseModel(_currentContext.User);
return response;
}
[HttpGet("two-factor")]
public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProvider provider)
{
var user = _currentContext.User;
if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
await _userService.GetTwoFactorAsync(user, provider);
var response = new TwoFactorResponseModel(user);
return response;
}
[HttpPut("two-factor")]
public async Task<TwoFactorResponseModel> PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model)
{
var user = _currentContext.User;
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
if(model.Enabled.Value && !await _userManager.VerifyTwoFactorTokenAsync(user, "Authenticator", model.Token))
{
await Task.Delay(2000);
throw new BadRequestException("Token", "Invalid token.");
}
user.TwoFactorEnabled = model.Enabled.Value;
await _userService.SaveUserAsync(user);
var response = new TwoFactorResponseModel(user);
return response;
}
}
}

62
src/Api/Controllers/AuthController.cs Normal file
View File

@ -0,0 +1,62 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Bit.Core.Identity;
using Bit.Core.Repositories;
using Bit.Api.Models;
using Microsoft.AspNet.Authorization;
using Bit.Core.Exceptions;
using Bit.Core;
namespace Bit.Api.Controllers
{
[Route("auth")]
public class AuthController : Controller
{
private readonly JwtBearerSignInManager _signInManager;
private readonly IUserRepository _userRepository;
private readonly CurrentContext _currentContext;
public AuthController(
JwtBearerSignInManager signInManager,
IUserRepository userRepository,
CurrentContext currentContext)
{
_signInManager = signInManager;
_userRepository = userRepository;
_currentContext = currentContext;
}
[HttpPost("token")]
[AllowAnonymous]
public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
{
var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash);
if(result == JwtBearerSignInResult.Success)
{
return new AuthTokenResponseModel(result.Token, result.User);
}
else if(result == JwtBearerSignInResult.TwoFactorRequired)
{
return new AuthTokenResponseModel(result.Token, null);
}
await Task.Delay(2000);
throw new BadRequestException("Username or password is incorrect. Try again.");
}
[HttpPost("token/two-factor")]
[Authorize("TwoFactor")]
public async Task<AuthTokenResponseModel> PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model)
{
var result = await _signInManager.TwoFactorSignInAsync(_currentContext.User, model.Provider, model.Code);
if(result == JwtBearerSignInResult.Success)
{
return new AuthTokenResponseModel(result.Token, result.User);
}
await Task.Delay(2000);
throw new BadRequestException("Code is not correct. Try again.");
}
}
}

78
src/Api/Controllers/FoldersController.cs Normal file
View File

@ -0,0 +1,78 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Bit.Core.Repositories;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Bit.Api.Models;
using Bit.Core.Exceptions;
namespace Bit.Api.Controllers
{
[Route("folders")]
[Authorize("Application")]
public class FoldersController : Controller
{
private readonly IFolderRepository _folderRepository;
public FoldersController(
IFolderRepository folderRepository)
{
_folderRepository = folderRepository;
}
[HttpGet("{id}")]
public async Task<FolderResponseModel> Get(string id)
{
var folder = await _folderRepository.GetByIdAsync(id, User.GetUserId());
if(folder == null)
{
throw new NotFoundException();
}
return new FolderResponseModel(folder);
}
[HttpGet("")]
public async Task<ListResponseModel<FolderResponseModel>> Get(bool dirty = false)
{
var folders = await _folderRepository.GetManyByUserIdAsync(User.GetUserId());
return new ListResponseModel<FolderResponseModel>(folders.Select(f => new FolderResponseModel(f)));
}
[HttpPost("")]
public async Task<FolderResponseModel> Post([FromBody]FolderRequestModel model)
{
var folder = model.ToFolder(User.GetUserId());
await _folderRepository.CreateAsync(folder);
return new FolderResponseModel(folder);
}
[HttpPut("{id}")]
public async Task<FolderResponseModel> Put(string id, [FromBody]FolderRequestModel model)
{
var folder = await _folderRepository.GetByIdAsync(id, User.GetUserId());
if(folder == null)
{
throw new NotFoundException();
}
await _folderRepository.ReplaceAsync(model.ToFolder(folder));
return new FolderResponseModel(folder);
}
[HttpDelete("{id}")]
public async Task Delete(string id)
{
var folder = await _folderRepository.GetByIdAsync(id, User.GetUserId());
if(folder == null)
{
throw new NotFoundException();
}
await _folderRepository.DeleteAsync(folder);
}
}
}

148
src/Api/Controllers/SitesController.cs Normal file
View File

@ -0,0 +1,148 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Bit.Core.Repositories;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Bit.Api.Models;
using Bit.Core.Exceptions;
using Bit.Core.Domains;
namespace Bit.Api.Controllers
{
[Route("sites")]
[Authorize("Application")]
public class SitesController : Controller
{
private readonly ISiteRepository _siteRepository;
private readonly IFolderRepository _folderRepository;
public SitesController(
ISiteRepository siteRepository,
IFolderRepository folderRepository)
{
_siteRepository = siteRepository;
_folderRepository = folderRepository;
}
[HttpGet("{id}")]
public async Task<SiteResponseModel> Get(string id, string[] expand = null)
{
var site = await _siteRepository.GetByIdAsync(id, User.GetUserId());
if(site == null)
{
throw new NotFoundException();
}
var response = new SiteResponseModel(site);
await ExpandAsync(site, response, expand, null);
return response;
}
[HttpGet("")]
public async Task<ListResponseModel<SiteResponseModel>> Get(bool dirty = false, string[] expand = null)
{
var sites = await _siteRepository.GetManyByUserIdAsync(User.GetUserId(), dirty);
var responses = sites.Select(s => new SiteResponseModel(s));
await ExpandManyAsync(sites, responses, expand, null);
return new ListResponseModel<SiteResponseModel>(responses);
}
[HttpPost("")]
public async Task<SiteResponseModel> Post([FromBody]SiteRequestModel model, string[] expand = null)
{
var site = model.ToSite(User.GetUserId());
await _siteRepository.CreateAsync(site);
var response = new SiteResponseModel(site);
await ExpandAsync(site, response, expand, null);
return response;
}
[HttpPut("{id}")]
public async Task<SiteResponseModel> Put(string id, [FromBody]SiteRequestModel model, string[] expand = null)
{
var site = await _siteRepository.GetByIdAsync(id, User.GetUserId());
if(site == null)
{
throw new NotFoundException();
}
await _siteRepository.ReplaceAsync(model.ToSite(site));
var response = new SiteResponseModel(site);
await ExpandAsync(site, response, expand, null);
return response;
}
[HttpDelete("{id}")]
public async Task Delete(string id)
{
var site = await _siteRepository.GetByIdAsync(id, User.GetUserId());
if(site == null)
{
throw new NotFoundException();
}
await _siteRepository.DeleteAsync(site);
}
private async Task ExpandAsync(Site site, SiteResponseModel response, string[] expand, Folder folder)
{
if(expand == null || expand.Count() == 0)
{
return;
}
if(expand.Any(e => e.ToLower() == "folder"))
{
if(folder == null)
{
folder = await _folderRepository.GetByIdAsync(site.FolderId);
}
response.Folder = new FolderResponseModel(folder);
}
}
private async Task ExpandManyAsync(IEnumerable<Site> sites, IEnumerable<SiteResponseModel> responses, string[] expand, IEnumerable<Folder> folders)
{
if(expand == null || expand.Count() == 0)
{
return;
}
if(expand.Any(e => e.ToLower() == "folder"))
{
if(folders == null)
{
folders = await _folderRepository.GetManyByUserIdAsync(User.GetUserId());
}
if(folders != null && folders.Count() > 0)
{
foreach(var response in responses)
{
var site = sites.SingleOrDefault(s => s.Id == response.Id);
if(site == null)
{
continue;
}
var folder = folders.SingleOrDefault(f => f.Id == site.FolderId);
if(folder == null)
{
continue;
}
response.Folder = new FolderResponseModel(folder);
}
}
}
}
}
}