[SG-617] [SG-697] [SG-686] Fix various minor passwordless bugs (#2320)

* Only push auth request responses if the request is approved * Add error message when an unknown device tries to send an auth request * Send the vault URL for self hosted auth requests
2025-07-01 08:02:49 -05:00 · 2022-10-03 11:37:37 -04:00
parent c8783ced6d
commit 707a39972b
2 changed files with 11 additions and 9 deletions
--- a/src/Api/Controllers/AuthRequestsController.cs
+++ b/src/Api/Controllers/AuthRequestsController.cs
@ -46,7 +46,7 @@ public class AuthRequestsController : Controller
    {
        var userId = _userService.GetProperUserId(User).Value;
        var authRequests = await _authRequestRepository.GetManyByUserIdAsync(userId);
-        var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.SelfHosted)).ToList();
+        var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings)).ToList();
        return new ListResponseModel<AuthRequestResponseModel>(responses);
    }

@ -60,7 +60,7 @@ public class AuthRequestsController : Controller
            throw new NotFoundException();
        }

-        return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
+        return new AuthRequestResponseModel(authRequest, _globalSettings);
    }

    [HttpGet("{id}/response")]
@ -73,7 +73,7 @@ public class AuthRequestsController : Controller
            throw new NotFoundException();
        }

-        return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
+        return new AuthRequestResponseModel(authRequest, _globalSettings);
    }

    [HttpPost("")]
@ -94,7 +94,7 @@ public class AuthRequestsController : Controller
            var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
            if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier))
            {
-                throw new NotFoundException();
+                throw new BadRequestException("Login with device is only available on devices that have been previously logged in.");
            }
        }

@ -111,7 +111,8 @@ public class AuthRequestsController : Controller
        };
        authRequest = await _authRequestRepository.CreateAsync(authRequest);
        await _pushNotificationService.PushAuthRequestAsync(authRequest);
-        return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
+        var r = new AuthRequestResponseModel(authRequest, _globalSettings);
+        return r;
    }

    [HttpPut("{id}")]
@ -137,9 +138,9 @@ public class AuthRequestsController : Controller
            authRequest.ResponseDeviceId = device.Id;
            authRequest.ResponseDate = DateTime.UtcNow;
            await _authRequestRepository.ReplaceAsync(authRequest);
+            await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
        }

-        await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
-        return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
+        return new AuthRequestResponseModel(authRequest, _globalSettings);
    }
 }