nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 00:22:50 -05:00
Code Activity

Email verification for new devices (#1931)

Browse Source 
* PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled

* PS-56 Fixed wrong argument in VerifyTwoFactor call
This commit is contained in:
Federico Maccaroni
2022-04-01 17:08:47 -03:00
committed by GitHub
parent ff23bb87c8
commit 6f60d24f5a
10 changed files with 251 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Core/Services/IMailService.cs
View File

@ -16,6 +16,7 @@ namespace Bit.Core.Services
Task SendChangeEmailAlreadyExistsEmailAsync(string fromEmail, string toEmail);
Task SendChangeEmailEmailAsync(string newEmailAddress, string token);
Task SendTwoFactorEmailAsync(string email, string token);
Task SendNewDeviceLoginTwoFactorEmailAsync(string email, string token);
Task SendNoMasterPasswordHintEmailAsync(string email);
Task SendMasterPasswordHintEmailAsync(string email, string hint);
Task SendOrganizationInviteEmailAsync(string organizationName, bool orgCanSponsor, OrganizationUser orgUser, ExpiringToken token);

2
src/Core/Services/IUserService.cs
View File

@ -22,7 +22,7 @@ namespace Bit.Core.Services
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword, string token, Guid? orgUserId);
Task<IdentityResult> RegisterUserAsync(User user);
Task SendMasterPasswordHintAsync(string email);
Task SendTwoFactorEmailAsync(User user);
Task SendTwoFactorEmailAsync(User user, bool isBecauseNewDeviceLogin = false);
Task<bool> VerifyTwoFactorEmailAsync(User user, string token);
Task<CredentialCreateOptions> StartWebAuthnRegistrationAsync(User user);
Task<bool> DeleteWebAuthnKeyAsync(User user, int id);

15
src/Core/Services/Implementations/HandlebarsMailService.cs
View File

@ -119,6 +119,21 @@ namespace Bit.Core.Services
await _mailDeliveryService.SendEmailAsync(message);
}
public async Task SendNewDeviceLoginTwoFactorEmailAsync(string email, string token)
{
var message = CreateDefaultMessage("New Device Login Verification Code", email);
var model = new EmailTokenViewModel
{
Token = token,
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
SiteName = _globalSettings.SiteName
};
await AddMessageContentAsync(message, "NewDeviceLoginTwoFactorEmail", model);
message.MetaData.Add("SendGridBypassListManagement", true);
message.Category = "TwoFactorEmail";
await _mailDeliveryService.SendEmailAsync(message);
}
public async Task SendMasterPasswordHintEmailAsync(string email, string hint)
{
var message = CreateDefaultMessage("Your Master Password Hint", email);

12
src/Core/Services/Implementations/UserService.cs
View File

@ -346,7 +346,7 @@ namespace Bit.Core.Services
await _mailService.SendMasterPasswordHintEmailAsync(email, user.MasterPasswordHint);
}
public async Task SendTwoFactorEmailAsync(User user)
public async Task SendTwoFactorEmailAsync(User user, bool isBecauseNewDeviceLogin = false)
{
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Email);
if (provider == null || provider.MetaData == null || !provider.MetaData.ContainsKey("Email"))
@ -357,7 +357,15 @@ namespace Bit.Core.Services
var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
"2faEmail:" + email);
await _mailService.SendTwoFactorEmailAsync(email, token);
if (isBecauseNewDeviceLogin)
{
await _mailService.SendNewDeviceLoginTwoFactorEmailAsync(email, token);
}
else
{
await _mailService.SendTwoFactorEmailAsync(email, token);
}
}
public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)

5
src/Core/Services/NoopImplementations/NoopMailService.cs
View File

@ -75,6 +75,11 @@ namespace Bit.Core.Services
return Task.FromResult(0);
}
public Task SendNewDeviceLoginTwoFactorEmailAsync(string email, string token)
{
return Task.CompletedTask;
}
public Task SendWelcomeEmailAsync(User user)
{
return Task.FromResult(0);