nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[SG-762] Prevent approving request on second device after denying on first (#2370)

Browse Source 
* Added check to ensure a passwordless request is not acted upon multiple times

* Corrected grammer
This commit is contained in:
Gbubemi Smith 2022-10-28 11:58:05 -04:00 committed by GitHub
parent ea33c27b9e
commit 9703fb6874
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/Controllers/AuthRequestsController.cs
View File

@ -125,6 +125,11 @@ public class AuthRequestsController : Controller
throw new NotFoundException(); throw new NotFoundException();
} }
if (authRequest.Approved is not null)
{
throw new DuplicateAuthRequestException();
}
var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier); var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier);
if (device == null) if (device == null)
{ {

10
src/Core/Exceptions/DuplicateAuthRequestException.cs Normal file
View File

@ -0,0 +1,10 @@
namespace Bit.Core.Exceptions;
public class DuplicateAuthRequestException : Exception
{
public DuplicateAuthRequestException()
: base("An authentication request with the same device already exists.")
{
}
}