fix : add try catch blocks

src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs

@@ -1,68 +1,50 @@
-using Bit.Api.Auth.Models.Request.Opaque;
-using Bit.Api.Auth.Models.Response.Opaque;
+using Bit.Core;
 using Bit.Core.Auth.Models.Api.Request.Opaque;
 using Bit.Core.Auth.Models.Api.Response.Opaque;
 using Bit.Core.Auth.Services;
 using Bit.Core.Services;
+using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Api.Auth.Controllers;
 
+[RequireFeature(FeatureFlagKeys.OpaqueKeyExchange)]
 [Route("opaque")]
-public class OpaqueKeyExchangeController : Controller
+[Authorize("Web")]
+public class OpaqueKeyExchangeController(
+    IOpaqueKeyExchangeService opaqueKeyExchangeService,
+    IUserService userService
+    ) : Controller
 {
-    private readonly IOpaqueKeyExchangeService _opaqueKeyExchangeService;
-    private readonly IUserService _userService;
+    private readonly IOpaqueKeyExchangeService _opaqueKeyExchangeService = opaqueKeyExchangeService;
+    private readonly IUserService _userService = userService;
 
-    public OpaqueKeyExchangeController(
-        IOpaqueKeyExchangeService opaqueKeyExchangeService,
-        IUserService userService
-    )
+    [HttpPost("start-registration")]
+    public async Task<OpaqueRegistrationStartResponse> StartRegistrationAsync(
+        [FromBody] OpaqueRegistrationStartRequest request)
     {
-        _opaqueKeyExchangeService = opaqueKeyExchangeService;
-        _userService = userService;
-    }
-
-    [Authorize("Web")]
-    [HttpPost("~/opaque/start-registration")]
-    public async Task<OpaqueRegistrationStartResponse> StartRegistrationAsync([FromBody] OpaqueRegistrationStartRequest request)
-    {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        var result = await _opaqueKeyExchangeService.StartRegistration(Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration);
+        var user = await _userService.GetUserByPrincipalAsync(User)
+            ?? throw new UnauthorizedAccessException();
+        var result = await _opaqueKeyExchangeService.StartRegistration(
+            Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration);
         return result;
     }
 
-
-    [Authorize("Web")]
-    [HttpPost("~/opaque/finish-registration")]
-    public async void FinishRegistrationAsync([FromBody] OpaqueRegistrationFinishRequest request)
+    [HttpPost("finish-registration")]
+    public async Task FinishRegistrationAsync([FromBody] OpaqueRegistrationFinishRequest request)
     {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        await _opaqueKeyExchangeService.FinishRegistration(request.SessionId, Convert.FromBase64String(request.RegistrationUpload), user, request.KeySet);
+        var user = await _userService.GetUserByPrincipalAsync(User)
+            ?? throw new UnauthorizedAccessException();
+        await _opaqueKeyExchangeService.FinishRegistration(
+            request.SessionId, Convert.FromBase64String(request.RegistrationUpload), user, request.KeySet);
     }
 
-    [Authorize("Web")]
-    [HttpPost("~/opaque/set-registration-active")]
-    public async void SetRegistrationActive([FromBody] OpaqueSetRegistrationActiveRequest request)
+    [HttpPost("set-registration-active")]
+    public async Task SetRegistrationActiveAsync([FromBody] OpaqueSetRegistrationActiveRequest request)
     {
-        var user = await _userService.GetUserByPrincipalAsync(User);
-        await _opaqueKeyExchangeService.SetRegistrationActiveForAccount(request.SessionId, user);
-    }
-
-    // TODO: Remove and move to token endpoint
-    [HttpPost("~/opaque/start-login")]
-    public async Task<OpaqueLoginStartResponse> StartLoginAsync([FromBody] OpaqueLoginStartRequest request)
-    {
-        var result = await _opaqueKeyExchangeService.StartLogin(Convert.FromBase64String(request.CredentialRequest), request.Email);
-        return new OpaqueLoginStartResponse(result.Item1, Convert.ToBase64String(result.Item2));
-    }
-
-    // TODO: Remove and move to token endpoint
-    [HttpPost("~/opaque/finish-login")]
-    public async Task<bool> FinishLoginAsync([FromBody] OpaqueLoginFinishRequest request)
-    {
-        var result = await _opaqueKeyExchangeService.FinishLogin(request.SessionId, Convert.FromBase64String(request.CredentialFinalization));
-        return result;
+        var user = await _userService.GetUserByPrincipalAsync(User)
+            ?? throw new UnauthorizedAccessException();
+        await _opaqueKeyExchangeService.WriteCacheCredentialToDatabase(request.SessionId, user);
     }
 }