nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-04 17:42:49 -05:00
Code Activity

PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)

Browse Source
This commit is contained in:
Federico Maccaroni
2022-04-28 13:14:09 -03:00
committed by GitHub
parent 68f875b3d9
commit a7a45893a3
6 changed files with 161 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Core/IdentityServer/BaseRequestValidator.cs
View File

@ -319,9 +319,11 @@ namespace Bit.Core.IdentityServer
var requires2FA = individualRequired || firstEnabledOrg != null;
var requires2FABecauseNewDevice = !requires2FA
&& user.EmailVerified
&& request.GrantType != "authorization_code"
&& await IsNewDeviceAndNotTheFirstOneAsync(user, request);
&&
await _userService.Needs2FABecauseNewDeviceAsync(
user,
GetDeviceFromRequest(request)?.Identifier,
request.GrantType);
requires2FA = requires2FA || requires2FABecauseNewDevice;
@ -536,22 +538,6 @@ namespace Bit.Core.IdentityServer
return await _deviceRepository.GetByIdentifierAsync(GetDeviceFromRequest(request).Identifier, user.Id);
}
protected async Task<bool> IsNewDeviceAndNotTheFirstOneAsync(User user, ValidatedTokenRequest request)
{
if (user == null)
{
return default;
}
var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
if (!devices.Any())
{
return false;
}
return !devices.Any(d => d.Identifier == GetDeviceFromRequest(request)?.Identifier);
}
private async Task<Device> SaveDeviceAsync(User user, ValidatedTokenRequest request)
{
var device = GetDeviceFromRequest(request);