Merge branch 'innovation/opaque-wanna-try-catch-son' into innovation/opaque

2025-07-07 02:52:50 -05:00 · 2025-03-20 14:43:55 -04:00
parent 9b7c14c2df 8f25ab6d73
commit 7f997246e5
6 changed files with 176 additions and 171 deletions
--- a/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
+++ b/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
@ -1,5 +1,3 @@
-using Bit.Api.Auth.Models.Request.Opaque;
-using Bit.Api.Auth.Models.Response.Opaque;
 using Bit.Core;
 using Bit.Core.Auth.Models.Api.Request.Opaque;
 using Bit.Core.Auth.Models.Api.Response.Opaque;
@ -12,64 +10,42 @@ using Microsoft.AspNetCore.Mvc;
 namespace Bit.Api.Auth.Controllers;

 // TODO: move to identity
-[Route("opaque")]
 [RequireFeature(FeatureFlagKeys.OpaqueKeyExchange)]
-public class OpaqueKeyExchangeController : Controller
+[Route("opaque")]
+[Authorize("Application")]
+public class OpaqueKeyExchangeController(
+    IOpaqueKeyExchangeService opaqueKeyExchangeService,
+    IUserService userService
+    ) : Controller
 {
-    private readonly IOpaqueKeyExchangeService _opaqueKeyExchangeService;
-    private readonly IUserService _userService;
+    private readonly IOpaqueKeyExchangeService _opaqueKeyExchangeService = opaqueKeyExchangeService;
+    private readonly IUserService _userService = userService;

-    public OpaqueKeyExchangeController(
-        IOpaqueKeyExchangeService opaqueKeyExchangeService,
-        IUserService userService
-    )
+    [HttpPost("start-registration")]
+    public async Task<OpaqueRegistrationStartResponse> StartRegistrationAsync(
+        [FromBody] OpaqueRegistrationStartRequest request)
    {
-        _opaqueKeyExchangeService = opaqueKeyExchangeService;
-        _userService = userService;
-    }
-
-    // TODO: investigate removing ~/opaque from all routes and using controller level route attribute
-    [Authorize("Application")]
-    [HttpPost("~/opaque/start-registration")]
-    public async Task<OpaqueRegistrationStartResponse> StartRegistrationAsync([FromBody] OpaqueRegistrationStartRequest request)
-    {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        var result = await _opaqueKeyExchangeService.StartRegistration(Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration);
+        var user = await _userService.GetUserByPrincipalAsync(User)
+            ?? throw new UnauthorizedAccessException();
+        var result = await _opaqueKeyExchangeService.StartRegistration(
+            Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration);
        return result;
    }

-
-    [Authorize("Application")]
-    [HttpPost("~/opaque/finish-registration")]
-    public async void FinishRegistrationAsync([FromBody] OpaqueRegistrationFinishRequest request)
+    [HttpPost("finish-registration")]
+    public async Task FinishRegistrationAsync([FromBody] OpaqueRegistrationFinishRequest request)
    {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        await _opaqueKeyExchangeService.FinishRegistration(request.SessionId, Convert.FromBase64String(request.RegistrationUpload), user, request.KeySet);
+        var user = await _userService.GetUserByPrincipalAsync(User)
+            ?? throw new UnauthorizedAccessException();
+        await _opaqueKeyExchangeService.FinishRegistration(
+            request.SessionId, Convert.FromBase64String(request.RegistrationUpload), user, request.KeySet);
    }

-    [Authorize("Application")]
-    [HttpPost("~/opaque/set-registration-active")]
-    public async void SetRegistrationActive([FromBody] OpaqueSetRegistrationActiveRequest request)
+    [HttpPost("set-registration-active")]
+    public async Task SetRegistrationActiveAsync([FromBody] OpaqueSetRegistrationActiveRequest request)
    {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        await _opaqueKeyExchangeService.SetRegistrationActiveForAccount(request.SessionId, user);
-    }
-
-    // TODO: Remove and move to token endpoint
-    [AllowAnonymous]
-    [HttpPost("~/opaque/start-login")]
-    public async Task<OpaqueLoginStartResponse> StartLoginAsync([FromBody] OpaqueLoginStartRequest request)
-    {
-        var result = await _opaqueKeyExchangeService.StartLogin(Convert.FromBase64String(request.CredentialRequest), request.Email);
-        return new OpaqueLoginStartResponse(result.Item1, Convert.ToBase64String(result.Item2));
-    }
-
-    // TODO: Remove and move to token endpoint
-    [AllowAnonymous]
-    [HttpPost("~/opaque/finish-login")]
-    public async Task<bool> FinishLoginAsync([FromBody] OpaqueLoginFinishRequest request)
-    {
-        var result = await _opaqueKeyExchangeService.FinishLogin(request.SessionId, Convert.FromBase64String(request.CredentialFinalization));
-        return result;
+        var user = await _userService.GetUserByPrincipalAsync(User)
+            ?? throw new UnauthorizedAccessException();
+        await _opaqueKeyExchangeService.WriteCacheCredentialToDatabase(request.SessionId, user);
    }
 }