feat (opaque-ke) : moved endpoints to Identity.

2025-07-07 02:52:50 -05:00 · 2025-03-20 14:59:34 -04:00
parent 7f997246e5
commit 525174068f
4 changed files with 30 additions and 18 deletions
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@ -209,11 +209,12 @@ public class AccountsController : Controller
            throw new UnauthorizedAccessException();
        }

-        // TODO: should this be feature flagged
        Guid? opaqueSessionId = null;
-        if (model.OpaqueSessionId != null)
-        {
-            opaqueSessionId = Guid.Parse(model.OpaqueSessionId);
+        if(_featureService.IsEnabled(FeatureFlagKeys.OpaqueKeyExchange)){
+            if (model.OpaqueSessionId != null)
+            {
+                opaqueSessionId = Guid.Parse(model.OpaqueSessionId);
+            }
        }

        var result = await _userService.ChangePasswordAsync(user, model.MasterPasswordHash,
--- a/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
+++ b/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
@ -1,51 +0,0 @@
-using Bit.Core;
-using Bit.Core.Auth.Models.Api.Request.Opaque;
-using Bit.Core.Auth.Models.Api.Response.Opaque;
-using Bit.Core.Auth.Services;
-using Bit.Core.Services;
-using Bit.Core.Utilities;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-
-namespace Bit.Api.Auth.Controllers;
-
-// TODO: move to identity
-[RequireFeature(FeatureFlagKeys.OpaqueKeyExchange)]
-[Route("opaque")]
-[Authorize("Application")]
-public class OpaqueKeyExchangeController(
-    IOpaqueKeyExchangeService opaqueKeyExchangeService,
-    IUserService userService
-    ) : Controller
-{
-    private readonly IOpaqueKeyExchangeService _opaqueKeyExchangeService = opaqueKeyExchangeService;
-    private readonly IUserService _userService = userService;
-
-    [HttpPost("start-registration")]
-    public async Task<OpaqueRegistrationStartResponse> StartRegistrationAsync(
-        [FromBody] OpaqueRegistrationStartRequest request)
-    {
-        var user = await _userService.GetUserByPrincipalAsync(User)
-            ?? throw new UnauthorizedAccessException();
-        var result = await _opaqueKeyExchangeService.StartRegistration(
-            Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration);
-        return result;
-    }
-
-    [HttpPost("finish-registration")]
-    public async Task FinishRegistrationAsync([FromBody] OpaqueRegistrationFinishRequest request)
-    {
-        var user = await _userService.GetUserByPrincipalAsync(User)
-            ?? throw new UnauthorizedAccessException();
-        await _opaqueKeyExchangeService.FinishRegistration(
-            request.SessionId, Convert.FromBase64String(request.RegistrationUpload), user, request.KeySet);
-    }
-
-    [HttpPost("set-registration-active")]
-    public async Task SetRegistrationActiveAsync([FromBody] OpaqueSetRegistrationActiveRequest request)
-    {
-        var user = await _userService.GetUserByPrincipalAsync(User)
-            ?? throw new UnauthorizedAccessException();
-        await _opaqueKeyExchangeService.WriteCacheCredentialToDatabase(request.SessionId, user);
-    }
-}