two factor email setup

2025-04-21 04:55:08 -05:00 · 2017-06-20 09:21:35 -04:00 · 2017-06-20 09:21:35 -04:00 · 475160cfe1
commit 475160cfe1
parent 2eaaecd95c
4 changed files with 81 additions and 2 deletions
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -84,6 +84,24 @@ namespace Bit.Api.Controllers
            return response;
        }
        [HttpPost("send-email")]
        public async Task SendEmail([FromBody]TwoFactorEmailRequestModel model)
        {
            var user = await _userService.GetUserByPrincipalAsync(User);
            if(user == null)
            {
                throw new UnauthorizedAccessException();
            }
            if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
            {
                await Task.Delay(2000);
                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
            }
            await _userService.SendTwoFactorEmailAsync(user, model.Email);
        }
        [HttpPut("email")]
        [HttpPost("email")]
        public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
@ -100,12 +118,18 @@ namespace Bit.Api.Controllers
                throw new BadRequestException("MasterPasswordHash", "Invalid password.");
            }
-            if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Email.ToString(), model.Token))
+            if(!await _userService.VerifyTwoFactorEmailAsync(user, model.Token, model.Email))
            {
                await Task.Delay(2000);
                throw new BadRequestException("Token", "Invalid token.");
            }
            var providers = user.GetTwoFactorProviders();
            providers[TwoFactorProviderType.Email] = new Core.Models.TwoFactorProvider
            {
                MetaData = new System.Collections.Generic.Dictionary<string, string> { ["Email"] = model.Email }
            };
            user.SetTwoFactorProviders(providers);
            await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Email);
            var response = new TwoFactorEmailResponseModel(user);
--- a/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
+++ b/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
@ -42,12 +42,16 @@ namespace Bit.Core.Models.Api
        }
    }
-    public class UpdateTwoFactorEmailRequestModel : TwoFactorRequestModel
+    public class TwoFactorEmailRequestModel : TwoFactorRequestModel
    {
        [Required]
        [EmailAddress]
        [StringLength(50)]
        public string Email { get; set; }
    }
    public class UpdateTwoFactorEmailRequestModel : TwoFactorEmailRequestModel
    {
        [Required]
        [StringLength(50)]
        public string Token { get; set; }
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@ -19,6 +19,8 @@ namespace Bit.Core.Services
        Task SaveUserAsync(User user);
        Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
        Task SendMasterPasswordHintAsync(string email);
        Task SendTwoFactorEmailAsync(User user, string email = null);
        Task<bool> VerifyTwoFactorEmailAsync(User user, string token, string email = null);
        Task InitiateEmailChangeAsync(User user, string newEmail);
        Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
            string token, string key);
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -182,6 +182,45 @@ namespace Bit.Core.Services
            await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
        }
        public async Task SendTwoFactorEmailAsync(User user, string email = null)
        {
            if(string.IsNullOrWhiteSpace(email))
            {
                var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
                if(provider != null && provider.MetaData != null && provider.MetaData.ContainsKey("Email"))
                {
                    email = provider.MetaData["Email"];
                }
            }
            if(string.IsNullOrWhiteSpace(email))
            {
                throw new ArgumentNullException(nameof(email));
            }
            var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider, "2faEmail:" + email);
            await _mailService.SendChangeEmailEmailAsync(email, token);
        }
        public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token, string email = null)
        {
            if(string.IsNullOrWhiteSpace(email))
            {
                var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
                if(provider != null && provider.MetaData != null && provider.MetaData.ContainsKey("Email"))
                {
                    email = provider.MetaData["Email"];
                }
            }
            if(string.IsNullOrWhiteSpace(email))
            {
                throw new ArgumentNullException(nameof(email));
            }
            return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider, "2faEmail:" + email, token);
        }
        public async Task InitiateEmailChangeAsync(User user, string newEmail)
        {
            var existingUser = await _userRepository.GetByEmailAsync(newEmail);
@ -329,6 +368,11 @@ namespace Bit.Core.Services
                            return;
                        }
                        break;
                    case TwoFactorProviderType.Email:
                    case TwoFactorProviderType.U2F:
                    case TwoFactorProviderType.YubiKey:
                    case TwoFactorProviderType.Duo:
                        break;
                    default:
                        throw new ArgumentException(nameof(provider));
                }
@ -356,6 +400,11 @@ namespace Bit.Core.Services
                    var key = KeyGeneration.GenerateRandomKey(20);
                    providerInfo.MetaData = new Dictionary<string, string> { ["Key"] = Base32Encoding.ToString(key) };
                    break;
                case TwoFactorProviderType.Email:
                case TwoFactorProviderType.U2F:
                case TwoFactorProviderType.YubiKey:
                case TwoFactorProviderType.Duo:
                    break;
                default:
                    throw new ArgumentException(nameof(provider));
            }