nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-04 11:12:20 -05:00
Code

premium checks on two factor

Browse Source
This commit is contained in:
Kyle Spearrin 2017-07-06 16:38:28 -04:00
parent ae48c8d9b5
commit 99c1d68f5a
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/Api/Controllers/TwoFactorController.cs
View File

@ -48,7 +48,7 @@ namespace Bit.Api.Controllers
[HttpPost("get-authenticator")] [HttpPost("get-authenticator")]
public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator([FromBody]TwoFactorRequestModel model) public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator([FromBody]TwoFactorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
var response = new TwoFactorAuthenticatorResponseModel(user); var response = new TwoFactorAuthenticatorResponseModel(user);
return response; return response;
} }
@ -58,7 +58,7 @@ namespace Bit.Api.Controllers
public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator( public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
[FromBody]UpdateTwoFactorAuthenticatorRequestModel model) [FromBody]UpdateTwoFactorAuthenticatorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
model.ToUser(user); model.ToUser(user);
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token)) if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
@ -75,7 +75,7 @@ namespace Bit.Api.Controllers
[HttpPost("get-yubikey")] [HttpPost("get-yubikey")]
public async Task<TwoFactorYubiKeyResponseModel> GetYubiKey([FromBody]TwoFactorRequestModel model) public async Task<TwoFactorYubiKeyResponseModel> GetYubiKey([FromBody]TwoFactorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
var response = new TwoFactorYubiKeyResponseModel(user); var response = new TwoFactorYubiKeyResponseModel(user);
return response; return response;
} }
@ -84,7 +84,7 @@ namespace Bit.Api.Controllers
[HttpPost("yubikey")] [HttpPost("yubikey")]
public async Task<TwoFactorYubiKeyResponseModel> PutYubiKey([FromBody]UpdateTwoFactorYubicoOtpRequestModel model) public async Task<TwoFactorYubiKeyResponseModel> PutYubiKey([FromBody]UpdateTwoFactorYubicoOtpRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
model.ToUser(user); model.ToUser(user);
await ValidateYubiKeyAsync(user, nameof(model.Key1), model.Key1); await ValidateYubiKeyAsync(user, nameof(model.Key1), model.Key1);
@ -101,7 +101,7 @@ namespace Bit.Api.Controllers
[HttpPost("get-duo")] [HttpPost("get-duo")]
public async Task<TwoFactorDuoResponseModel> GetDuo([FromBody]TwoFactorRequestModel model) public async Task<TwoFactorDuoResponseModel> GetDuo([FromBody]TwoFactorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
var response = new TwoFactorDuoResponseModel(user); var response = new TwoFactorDuoResponseModel(user);
return response; return response;
} }
@ -110,7 +110,7 @@ namespace Bit.Api.Controllers
[HttpPost("duo")] [HttpPost("duo")]
public async Task<TwoFactorDuoResponseModel> PutDuo([FromBody]UpdateTwoFactorDuoRequestModel model) public async Task<TwoFactorDuoResponseModel> PutDuo([FromBody]UpdateTwoFactorDuoRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
model.ToUser(user); model.ToUser(user);
await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Duo); await _userService.UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.Duo);
var response = new TwoFactorDuoResponseModel(user); var response = new TwoFactorDuoResponseModel(user);
@ -120,7 +120,7 @@ namespace Bit.Api.Controllers
[HttpPost("get-u2f")] [HttpPost("get-u2f")]
public async Task<TwoFactorU2fResponseModel> GetU2f([FromBody]TwoFactorRequestModel model) public async Task<TwoFactorU2fResponseModel> GetU2f([FromBody]TwoFactorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f); var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
if(provider == null || !provider.Enabled || (provider.MetaData?.Count ?? 0) > 0) if(provider == null || !provider.Enabled || (provider.MetaData?.Count ?? 0) > 0)
{ {
@ -139,7 +139,7 @@ namespace Bit.Api.Controllers
[HttpPost("u2f")] [HttpPost("u2f")]
public async Task<TwoFactorU2fResponseModel> PutU2f([FromBody]TwoFactorU2fRequestModel model) public async Task<TwoFactorU2fResponseModel> PutU2f([FromBody]TwoFactorU2fRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, true);
await _userService.CompleteU2fRegistrationAsync(user, model.DeviceResponse); await _userService.CompleteU2fRegistrationAsync(user, model.DeviceResponse);
var response = new TwoFactorU2fResponseModel(user); var response = new TwoFactorU2fResponseModel(user);
return response; return response;
@ -166,7 +166,7 @@ namespace Bit.Api.Controllers
[HttpPost("get-email")] [HttpPost("get-email")]
public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody]TwoFactorRequestModel model) public async Task<TwoFactorEmailResponseModel> GetEmail([FromBody]TwoFactorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, false);
var response = new TwoFactorEmailResponseModel(user); var response = new TwoFactorEmailResponseModel(user);
return response; return response;
} }
@ -174,7 +174,7 @@ namespace Bit.Api.Controllers
[HttpPost("send-email")] [HttpPost("send-email")]
public async Task SendEmail([FromBody]TwoFactorEmailRequestModel model) public async Task SendEmail([FromBody]TwoFactorEmailRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, false);
model.ToUser(user); model.ToUser(user);
await _userService.SendTwoFactorEmailAsync(user); await _userService.SendTwoFactorEmailAsync(user);
} }
@ -201,7 +201,7 @@ namespace Bit.Api.Controllers
[HttpPost("email")] [HttpPost("email")]
public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model) public async Task<TwoFactorEmailResponseModel> PutEmail([FromBody]UpdateTwoFactorEmailRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, false);
model.ToUser(user); model.ToUser(user);
if(!await _userService.VerifyTwoFactorEmailAsync(user, model.Token)) if(!await _userService.VerifyTwoFactorEmailAsync(user, model.Token))
@ -219,7 +219,7 @@ namespace Bit.Api.Controllers
[HttpPost("disable")] [HttpPost("disable")]
public async Task<TwoFactorProviderResponseModel> PutDisable([FromBody]TwoFactorProviderRequestModel model) public async Task<TwoFactorProviderResponseModel> PutDisable([FromBody]TwoFactorProviderRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, false);
await _userService.DisableTwoFactorProviderAsync(user, model.Type.Value); await _userService.DisableTwoFactorProviderAsync(user, model.Type.Value);
var response = new TwoFactorProviderResponseModel(model.Type.Value, user); var response = new TwoFactorProviderResponseModel(model.Type.Value, user);
return response; return response;
@ -228,7 +228,7 @@ namespace Bit.Api.Controllers
[HttpPost("get-recover")] [HttpPost("get-recover")]
public async Task<TwoFactorRecoverResponseModel> GetRecover([FromBody]TwoFactorRequestModel model) public async Task<TwoFactorRecoverResponseModel> GetRecover([FromBody]TwoFactorRequestModel model)
{ {
var user = await CheckPasswordAsync(model.MasterPasswordHash); var user = await CheckAsync(model.MasterPasswordHash, false);
var response = new TwoFactorRecoverResponseModel(user); var response = new TwoFactorRecoverResponseModel(user);
return response; return response;
} }
@ -244,7 +244,7 @@ namespace Bit.Api.Controllers
} }
} }
private async Task<User> CheckPasswordAsync(string masterPasswordHash) private async Task<User> CheckAsync(string masterPasswordHash, bool premium)
{ {
var user = await _userService.GetUserByPrincipalAsync(User); var user = await _userService.GetUserByPrincipalAsync(User);
if(user == null) if(user == null)
@ -258,6 +258,11 @@ namespace Bit.Api.Controllers
throw new BadRequestException("MasterPasswordHash", "Invalid password."); throw new BadRequestException("MasterPasswordHash", "Invalid password.");
} }
if(premium && !user.Premium)
{
throw new BadRequestException("Premium membership required.");
}
return user; return user;
} }
} }