nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-21 03:24:31 -05:00
Code

[SG-692] Block unknown devices from using passwordless auth (#2315)

Browse Source 
* Block unknown devices from initiating auth requests

* Rename anonymousHub route to anonymous-hub
This commit is contained in:
Addison Beck 2022-09-29 14:10:21 -04:00 committed by GitHub
parent 96fa8781f3
commit 53f6ec0a71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Controllers/AuthRequestsController.cs
View File

@ -89,9 +89,9 @@ public class AuthRequestsController : Controller
{ {
throw new BadRequestException("Device type not provided."); throw new BadRequestException("Device type not provided.");
} }
if (!_globalSettings.PasswordlessAuth.KnownDevicesOnly) if (_globalSettings.PasswordlessAuth.KnownDevicesOnly)
{ {
var d = await _deviceRepository.GetByIdentifierAsync(_currentContext.DeviceIdentifier); var d = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier);
if (d == null || d.UserId != user.Id) if (d == null || d.UserId != user.Id)
{ {
throw new NotFoundException(); throw new NotFoundException();

2
src/Notifications/Startup.cs
View File

@ -113,7 +113,7 @@ public class Startup
options.ApplicationMaxBufferSize = 2048; options.ApplicationMaxBufferSize = 2048;
options.TransportMaxBufferSize = 4096; options.TransportMaxBufferSize = 4096;
}); });
endpoints.MapHub<AnonymousNotificationsHub>("/anonymousHub", options => endpoints.MapHub<AnonymousNotificationsHub>("/anonymous-hub", options =>
{ {
options.ApplicationMaxBufferSize = 2048; options.ApplicationMaxBufferSize = 2048;
options.TransportMaxBufferSize = 4096; options.TransportMaxBufferSize = 4096;