nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-22 13:35:10 -05:00
Code

refactored logic around remember me token

Browse Source
This commit is contained in:
Kyle Spearrin 2017-08-15 08:19:20 -04:00
parent 829a9e2dd7
commit a9b9094b9c
1 changed files with 48 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -40,53 +40,56 @@ namespace Bit.Core.IdentityServer
var twoFactorProvider = context.Request.Raw["TwoFactorProvider"]?.ToString(); var twoFactorProvider = context.Request.Raw["TwoFactorProvider"]?.ToString();
var twoFactorRemember = context.Request.Raw["TwoFactorRemember"]?.ToString() == "1"; var twoFactorRemember = context.Request.Raw["TwoFactorRemember"]?.ToString() == "1";
var twoFactorRequest = !string.IsNullOrWhiteSpace(twoFactorToken) && !string.IsNullOrWhiteSpace(twoFactorProvider); var twoFactorRequest = !string.IsNullOrWhiteSpace(twoFactorToken) && !string.IsNullOrWhiteSpace(twoFactorProvider);
var credentialsCorrect = false;
if(!string.IsNullOrWhiteSpace(context.UserName)) if(string.IsNullOrWhiteSpace(context.UserName))
{ {
await BuildErrorResultAsync(false, context);
return;
}
var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant()); var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
if(user != null) if(user == null || !await _userManager.CheckPasswordAsync(user, context.Password))
{ {
credentialsCorrect = await _userManager.CheckPasswordAsync(user, context.Password); await BuildErrorResultAsync(false, context);
if(credentialsCorrect) return;
}
if(await TwoFactorRequiredAsync(user))
{ {
TwoFactorProviderType twoFactorProviderType = TwoFactorProviderType.Authenticator; // Just defaulting it var twoFactorProviderType = TwoFactorProviderType.Authenticator; // Just defaulting it
if(!twoFactorRequest && await TwoFactorRequiredAsync(user)) if(!twoFactorRequest || !Enum.TryParse(twoFactorProvider, out twoFactorProviderType))
{ {
await BuildTwoFactorResultAsync(user, context); await BuildTwoFactorResultAsync(user, context);
return; return;
} }
if(twoFactorRequest && !Enum.TryParse(twoFactorProvider, out twoFactorProviderType)) var verified = await VerifyTwoFactor(user, twoFactorProviderType, twoFactorToken);
if(!verified && twoFactorProviderType != TwoFactorProviderType.Remember)
{ {
await BuildErrorResultAsync(true, context);
return;
}
else if(!verified && twoFactorProviderType == TwoFactorProviderType.Remember)
{
await Task.Delay(2000); // Delay for brute force.
await BuildTwoFactorResultAsync(user, context); await BuildTwoFactorResultAsync(user, context);
return; return;
} }
}
if(!twoFactorRequest || await VerifyTwoFactor(user, twoFactorProviderType, twoFactorToken)) else
{ {
twoFactorRequest = false;
twoFactorRemember = false;
twoFactorToken = null;
}
var device = await SaveDeviceAsync(user, context); var device = await SaveDeviceAsync(user, context);
await BuildSuccessResultAsync(user, context, device, twoFactorRequest, await BuildSuccessResultAsync(user, context, device, twoFactorRequest && twoFactorRemember);
twoFactorProviderType, twoFactorRemember);
return; return;
} }
if(twoFactorRequest && twoFactorProviderType == TwoFactorProviderType.Remember) private async Task BuildSuccessResultAsync(User user, ResourceOwnerPasswordValidationContext context,
{ Device device, bool sendRememberToken)
await Task.Delay(2000); // Delay for brute force.
await BuildTwoFactorResultAsync(user, context);
return;
}
}
}
}
await Task.Delay(2000); // Delay for brute force.
BuildErrorResult(credentialsCorrect && twoFactorRequest, context);
}
private async Task BuildSuccessResultAsync(User user, ResourceOwnerPasswordValidationContext context, Device device,
bool twoFactorRequest, TwoFactorProviderType twoFactorProviderType, bool twoFactorRemember)
{ {
var claims = new List<Claim>(); var claims = new List<Claim>();
@ -106,7 +109,7 @@ namespace Bit.Core.IdentityServer
customResponse.Add("Key", user.Key); customResponse.Add("Key", user.Key);
} }
if(twoFactorRequest && twoFactorRemember) if(sendRememberToken)
{ {
var token = await _userManager.GenerateTwoFactorTokenAsync(user, TwoFactorProviderType.Remember.ToString()); var token = await _userManager.GenerateTwoFactorTokenAsync(user, TwoFactorProviderType.Remember.ToString());
customResponse.Add("TwoFactorToken", token); customResponse.Add("TwoFactorToken", token);
@ -125,7 +128,7 @@ namespace Bit.Core.IdentityServer
var enabledProviders = user.GetTwoFactorProviders()?.Where(p => user.TwoFactorProviderIsEnabled(p.Key)); var enabledProviders = user.GetTwoFactorProviders()?.Where(p => user.TwoFactorProviderIsEnabled(p.Key));
if(enabledProviders == null) if(enabledProviders == null)
{ {
BuildErrorResult(false, context); await BuildErrorResultAsync(false, context);
return; return;
} }
@ -150,8 +153,9 @@ namespace Bit.Core.IdentityServer
} }
} }
private void BuildErrorResult(bool twoFactorRequest, ResourceOwnerPasswordValidationContext context) private async Task BuildErrorResultAsync(bool twoFactorRequest, ResourceOwnerPasswordValidationContext context)
{ {
await Task.Delay(2000); // Delay for brute force.
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant,
customResponse: new Dictionary<string, object> customResponse: new Dictionary<string, object>
{{ {{