"user key" schema and api changes

2025-07-03 00:52:49 -05:00 · 2017-05-31 09:54:32 -04:00
parent bdce4064b2
commit a01d5d9a51
16 changed files with 97 additions and 59 deletions
--- a/src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs
@ -18,6 +18,6 @@ namespace Bit.Core.Models.Api
        [Required]
        public string Token { get; set; }
        [Required]
-        public DataReloadRequestModel Data { get; set; }
+        public string Key { get; set; }
    }
 }
--- a/src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs
@ -12,6 +12,6 @@ namespace Bit.Core.Models.Api
        [StringLength(300)]
        public string NewMasterPasswordHash { get; set; }
        [Required]
-        public DataReloadRequestModel Data { get; set; }
+        public string Key { get; set; }
    }
 }
--- a/src/Core/Models/Api/Request/Accounts/RegisterRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/RegisterRequestModel.cs
@ -16,6 +16,7 @@ namespace Bit.Core.Models.Api
        public string MasterPasswordHash { get; set; }
        [StringLength(50)]
        public string MasterPasswordHint { get; set; }
+        public string Key { get; set; }
        public KeysRequestModel Keys { get; set; }

        public User ToUser()
@ -27,6 +28,11 @@ namespace Bit.Core.Models.Api
                MasterPasswordHint = MasterPasswordHint
            };

+            if(Key != null)
+            {
+                user.Key = Key;
+            }
+
            if(Keys != null)
            {
                Keys.ToUser(user);
--- a/src/Core/Models/Api/Request/Accounts/UpdateKeyRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/UpdateKeyRequestModel.cs
@ -3,13 +3,18 @@ using System.ComponentModel.DataAnnotations;

 namespace Bit.Core.Models.Api
 {
-    public class DataReloadRequestModel
+    public class UpdateKeyRequestModel
    {
+        [Required]
+        [StringLength(300)]
+        public string MasterPasswordHash { get; set; }
        [Required]
        public IEnumerable<LoginWithIdRequestModel> Ciphers { get; set; }
        [Required]
        public IEnumerable<FolderWithIdRequestModel> Folders { get; set; }
        [Required]
        public string PrivateKey { get; set; }
+        [Required]
+        public string Key { get; set; }
    }
 }
--- a/src/Core/Models/Api/Response/KeysResponseModel.cs
+++ b/src/Core/Models/Api/Response/KeysResponseModel.cs
@ -13,10 +13,12 @@ namespace Bit.Core.Models.Api
                throw new ArgumentNullException(nameof(user));
            }

+            Key = user.Key;
            PublicKey = user.PublicKey;
            PrivateKey = user.PrivateKey;
        }

+        public string Key { get; set; }
        public string PublicKey { get; set; }
        public string PrivateKey { get; set; }
    }
--- a/src/Core/Models/Table/User.cs
+++ b/src/Core/Models/Table/User.cs
@ -21,6 +21,7 @@ namespace Bit.Core.Models.Table
        public string EquivalentDomains { get; set; }
        public string ExcludedGlobalEquivalentDomains { get; set; }
        public DateTime AccountRevisionDate { get; internal set; } = DateTime.UtcNow;
+        public string Key { get; set; }
        public string PublicKey { get; set; }
        public string PrivateKey { get; set; }
        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
--- a/src/Core/Repositories/ICipherRepository.cs
+++ b/src/Core/Repositories/ICipherRepository.cs
@ -19,7 +19,7 @@ namespace Bit.Core.Repositories
        Task UpsertAsync(CipherDetails cipher);
        Task ReplaceAsync(Cipher obj, IEnumerable<Guid> collectionIds);
        Task UpdatePartialAsync(Guid id, Guid userId, Guid? folderId, bool favorite);
-        Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
+        Task UpdateUserKeysAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
        Task CreateAsync(IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
    }
 }
--- a/src/Core/Repositories/SqlServer/CipherRepository.cs
+++ b/src/Core/Repositories/SqlServer/CipherRepository.cs
@ -176,7 +176,7 @@ namespace Bit.Core.Repositories.SqlServer
            }
        }

-        public Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
+        public Task UpdateUserKeysAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
        {
            using(var connection = new SqlConnection(ConnectionString))
            {
@ -188,14 +188,13 @@ namespace Bit.Core.Repositories.SqlServer
                    {
                        // 1. Update user.

-                        using(var cmd = new SqlCommand("[dbo].[User_UpdateEmailPassword]", connection, transaction))
+                        using(var cmd = new SqlCommand("[dbo].[User_UpdateKeys]", connection, transaction))
                        {
                            cmd.CommandType = CommandType.StoredProcedure;
                            cmd.Parameters.Add("@Id", SqlDbType.UniqueIdentifier).Value = user.Id;
-                            cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = user.Email;
-                            cmd.Parameters.Add("@EmailVerified", SqlDbType.NVarChar).Value = user.EmailVerified;
-                            cmd.Parameters.Add("@MasterPassword", SqlDbType.NVarChar).Value = user.MasterPassword;
                            cmd.Parameters.Add("@SecurityStamp", SqlDbType.NVarChar).Value = user.SecurityStamp;
+                            cmd.Parameters.Add("@Key", SqlDbType.VarChar).Value = user.Key;
+
                            if(string.IsNullOrWhiteSpace(user.PrivateKey))
                            {
                                cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = DBNull.Value;
@ -204,6 +203,7 @@ namespace Bit.Core.Repositories.SqlServer
                            {
                                cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey;
                            }
+
                            cmd.Parameters.Add("@RevisionDate", SqlDbType.DateTime2).Value = user.RevisionDate;
                            cmd.ExecuteNonQuery();
                        }
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@ -18,14 +18,15 @@ namespace Bit.Core.Services
        Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
        Task SendMasterPasswordHintAsync(string email);
        Task InitiateEmailChangeAsync(User user, string newEmail);
-        Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword, 
-            string token, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey);
-        Task<IdentityResult> ChangePasswordAsync(User user, string currentMasterPasswordHash, string newMasterPasswordHash, 
-            IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey);
+        Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
+            string token, string key);
+        Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword, string key);
+        Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,
+            IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
        Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
        Task GetTwoFactorAsync(User user, Enums.TwoFactorProviderType provider);
        Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);
-       Task<string> GenerateUserTokenAsync(User user, string tokenProvider, string purpose);
+        Task<string> GenerateUserTokenAsync(User user, string tokenProvider, string purpose);
        Task<IdentityResult> DeleteAsync(User user);
    }
 }
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -195,7 +195,7 @@ namespace Bit.Core.Services
        }

        public async Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail,
-            string newMasterPassword, string token, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey)
+            string newMasterPassword, string token, string key)
        {
            var verifyPasswordResult = _passwordHasher.VerifyHashedPassword(user, user.MasterPassword, masterPassword);
            if(verifyPasswordResult == PasswordVerificationResult.Failed)
@ -221,19 +221,11 @@ namespace Bit.Core.Services
                return result;
            }

+            user.Key = key;
            user.Email = newEmail;
            user.EmailVerified = true;
            user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
-            user.PrivateKey = privateKey;
-
-            if(ciphers.Any() || folders.Any())
-            {
-                await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers, folders);
-            }
-            else
-            {
-                await _userRepository.ReplaceAsync(user);
-            }
+            await _userRepository.ReplaceAsync(user);

            return IdentityResult.Success;
        }
@ -244,7 +236,7 @@ namespace Bit.Core.Services
        }

        public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword,
-            IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey)
+            string key)
        {
            if(user == null)
            {
@ -260,10 +252,33 @@ namespace Bit.Core.Services
                }

                user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
+                user.Key = key;
+                await _userRepository.ReplaceAsync(user);
+
+                return IdentityResult.Success;
+            }
+
+            Logger.LogWarning("Change password failed for user {userId}.", user.Id);
+            return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
+        }
+
+        public async Task<IdentityResult> UpdateKeyAsync(User user, string masterPassword, string key, string privateKey,
+            IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            if(await base.CheckPasswordAsync(user, masterPassword))
+            {
+                user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
+                user.SecurityStamp = Guid.NewGuid().ToString();
+                user.Key = key;
                user.PrivateKey = privateKey;
                if(ciphers.Any() || folders.Any())
                {
-                    await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers, folders);
+                    await _cipherRepository.UpdateUserKeysAndCiphersAsync(user, ciphers, folders);
                }
                else
                {
@ -273,7 +288,7 @@ namespace Bit.Core.Services
                return IdentityResult.Success;
            }

-            Logger.LogWarning("Change password failed for user {userId}.", user.Id);
+            Logger.LogWarning("Update key for user {userId}.", user.Id);
            return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
        }