From 4968ea0adb807bc800b8217469e45ed3cddee247 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Mon, 17 Mar 2025 16:34:04 +0100 Subject: [PATCH] Add prelogin response --- src/Identity/Controllers/AccountsController.cs | 18 +++++++++++++++++- .../Response/Accounts/PreloginResponseModel.cs | 7 +++++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/Identity/Controllers/AccountsController.cs b/src/Identity/Controllers/AccountsController.cs index c840a7ddc5..3ffeeec2ca 100644 --- a/src/Identity/Controllers/AccountsController.cs +++ b/src/Identity/Controllers/AccountsController.cs @@ -1,10 +1,13 @@ using System.Diagnostics; using System.Text; +using System.Text.Json; using Bit.Core; using Bit.Core.Auth.Enums; using Bit.Core.Auth.Models.Api.Request.Accounts; +using Bit.Core.Auth.Models.Api.Request.Opaque; using Bit.Core.Auth.Models.Api.Response.Accounts; using Bit.Core.Auth.Models.Business.Tokenables; +using Bit.Core.Auth.Repositories; using Bit.Core.Auth.Services; using Bit.Core.Auth.UserFeatures.Registration; using Bit.Core.Auth.UserFeatures.WebAuthnLogin; @@ -45,6 +48,7 @@ public class AccountsController : Controller private readonly IReferenceEventService _referenceEventService; private readonly IFeatureService _featureService; private readonly IDataProtectorTokenFactory _registrationEmailVerificationTokenDataFactory; + private readonly IOpaqueKeyExchangeCredentialRepository _opaqueKeyExchangeCredentialRepository; private readonly byte[] _defaultKdfHmacKey = null; private static readonly List _defaultKdfResults = @@ -93,6 +97,7 @@ public class AccountsController : Controller IReferenceEventService referenceEventService, IFeatureService featureService, IDataProtectorTokenFactory registrationEmailVerificationTokenDataFactory, + IOpaqueKeyExchangeCredentialRepository opaqueKeyExchangeCredentialRepository, GlobalSettings globalSettings ) { @@ -107,6 +112,7 @@ public class AccountsController : Controller _referenceEventService = referenceEventService; _featureService = featureService; _registrationEmailVerificationTokenDataFactory = registrationEmailVerificationTokenDataFactory; + _opaqueKeyExchangeCredentialRepository = opaqueKeyExchangeCredentialRepository; if (CoreHelpers.SettingHasValue(globalSettings.KdfDefaultHashKey)) { @@ -259,7 +265,17 @@ public class AccountsController : Controller { kdfInformation = GetDefaultKdf(model.Email); } - return new PreloginResponseModel(kdfInformation); + + var user = await _userRepository.GetByEmailAsync(model.Email); + var credential = await _opaqueKeyExchangeCredentialRepository.GetByUserIdAsync(user.Id); + if (credential != null) + { + return new PreloginResponseModel(kdfInformation, JsonSerializer.Deserialize(credential.CipherConfiguration)!); + } + else + { + return new PreloginResponseModel(kdfInformation, null); + } } [HttpGet("webauthn/assertion-options")] diff --git a/src/Identity/Models/Response/Accounts/PreloginResponseModel.cs b/src/Identity/Models/Response/Accounts/PreloginResponseModel.cs index 129aa3e7a9..46c988edd6 100644 --- a/src/Identity/Models/Response/Accounts/PreloginResponseModel.cs +++ b/src/Identity/Models/Response/Accounts/PreloginResponseModel.cs @@ -1,20 +1,23 @@ -using Bit.Core.Enums; +using Bit.Core.Auth.Models.Api.Request.Opaque; +using Bit.Core.Enums; using Bit.Core.Models.Data; namespace Bit.Identity.Models.Response.Accounts; public class PreloginResponseModel { - public PreloginResponseModel(UserKdfInformation kdfInformation) + public PreloginResponseModel(UserKdfInformation kdfInformation, CipherConfiguration opaqueConfiguration) { Kdf = kdfInformation.Kdf; KdfIterations = kdfInformation.KdfIterations; KdfMemory = kdfInformation.KdfMemory; KdfParallelism = kdfInformation.KdfParallelism; + OpaqueConfiguration = opaqueConfiguration; } public KdfType Kdf { get; set; } public int KdfIterations { get; set; } public int? KdfMemory { get; set; } public int? KdfParallelism { get; set; } + public CipherConfiguration OpaqueConfiguration { get; set; } }