mirror of
https://github.com/bitwarden/server.git
synced 2025-04-05 05:00:19 -05:00
Resolves Auth Warnings (#4642)
* Resolve Auth Warnings * Move Assertion * ClaimsPrincipal is actually nullable
This commit is contained in:
Justin Baur
GitHub
parent
07ef299f1e
commit
abb223aabb
@ -7,9 +7,8 @@ namespace Bit.Core.Auth.Models.Api.Request.Accounts;
|
|||||||
public class RegisterSendVerificationEmailRequestModel
|
public class RegisterSendVerificationEmailRequestModel
|
||||||
{
|
{
|
||||||
[StringLength(50)] public string? Name { get; set; }
|
[StringLength(50)] public string? Name { get; set; }
|
||||||
[Required]
|
|
||||||
[StrictEmailAddress]
|
[StrictEmailAddress]
|
||||||
[StringLength(256)]
|
[StringLength(256)]
|
||||||
public string Email { get; set; }
|
public required string Email { get; set; }
|
||||||
public bool ReceiveMarketingEmails { get; set; }
|
public bool ReceiveMarketingEmails { get; set; }
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,12 +6,10 @@ namespace Bit.Core.Auth.Models.Api.Request.Accounts;
|
|||||||
|
|
||||||
public class RegisterVerificationEmailClickedRequestModel
|
public class RegisterVerificationEmailClickedRequestModel
|
||||||
{
|
{
|
||||||
[Required]
|
|
||||||
[StrictEmailAddress]
|
[StrictEmailAddress]
|
||||||
[StringLength(256)]
|
[StringLength(256)]
|
||||||
public string Email { get; set; }
|
public required string Email { get; set; }
|
||||||
|
|
||||||
[Required]
|
public required string EmailVerificationToken { get; set; }
|
||||||
public string EmailVerificationToken { get; set; }
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -122,6 +122,7 @@ public class AuthRequestService : IAuthRequestService
|
|||||||
throw new BadRequestException("User does not belong to any organizations.");
|
throw new BadRequestException("User does not belong to any organizations.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Debug.Assert(user is not null, "user should have been validated to be non-null and thrown if it's not.");
|
||||||
// A user event will automatically create logs for each organization/provider this user belongs to.
|
// A user event will automatically create logs for each organization/provider this user belongs to.
|
||||||
await _eventService.LogUserEventAsync(user.Id, EventType.User_RequestedDeviceApproval);
|
await _eventService.LogUserEventAsync(user.Id, EventType.User_RequestedDeviceApproval);
|
||||||
|
|
||||||
@ -136,6 +137,7 @@ public class AuthRequestService : IAuthRequestService
|
|||||||
return firstAuthRequest!;
|
return firstAuthRequest!;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Debug.Assert(user is not null, "user should have been validated to be non-null and thrown if it's not.");
|
||||||
var authRequest = await CreateAuthRequestAsync(model, user, organizationId: null);
|
var authRequest = await CreateAuthRequestAsync(model, user, organizationId: null);
|
||||||
await _pushNotificationService.PushAuthRequestAsync(authRequest);
|
await _pushNotificationService.PushAuthRequestAsync(authRequest);
|
||||||
return authRequest;
|
return authRequest;
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using System.Security.Claims;
|
using System.Diagnostics;
|
||||||
|
using System.Security.Claims;
|
||||||
using Bit.Core.AdminConsole.Services;
|
using Bit.Core.AdminConsole.Services;
|
||||||
using Bit.Core.Auth.Identity;
|
using Bit.Core.Auth.Identity;
|
||||||
using Bit.Core.Auth.Models.Api.Response;
|
using Bit.Core.Auth.Models.Api.Response;
|
||||||
@ -58,6 +59,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
|||||||
|
|
||||||
public async Task ValidateAsync(CustomTokenRequestValidationContext context)
|
public async Task ValidateAsync(CustomTokenRequestValidationContext context)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
if (context.Result.ValidatedRequest.GrantType == "refresh_token")
|
if (context.Result.ValidatedRequest.GrantType == "refresh_token")
|
||||||
{
|
{
|
||||||
// Force legacy users to the web for migration
|
// Force legacy users to the web for migration
|
||||||
@ -93,6 +95,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
|||||||
protected async override Task<bool> ValidateContextAsync(CustomTokenRequestValidationContext context,
|
protected async override Task<bool> ValidateContextAsync(CustomTokenRequestValidationContext context,
|
||||||
CustomValidatorRequestContext validatorContext)
|
CustomValidatorRequestContext validatorContext)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
var email = context.Result.ValidatedRequest.Subject?.GetDisplayName()
|
var email = context.Result.ValidatedRequest.Subject?.GetDisplayName()
|
||||||
?? context.Result.ValidatedRequest.ClientClaims
|
?? context.Result.ValidatedRequest.ClientClaims
|
||||||
?.FirstOrDefault(claim => claim.Type == JwtClaimTypes.Email)?.Value;
|
?.FirstOrDefault(claim => claim.Type == JwtClaimTypes.Email)?.Value;
|
||||||
@ -107,6 +110,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
|||||||
protected override Task SetSuccessResult(CustomTokenRequestValidationContext context, User user,
|
protected override Task SetSuccessResult(CustomTokenRequestValidationContext context, User user,
|
||||||
List<Claim> claims, Dictionary<string, object> customResponse)
|
List<Claim> claims, Dictionary<string, object> customResponse)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
context.Result.CustomResponse = customResponse;
|
context.Result.CustomResponse = customResponse;
|
||||||
if (claims?.Any() ?? false)
|
if (claims?.Any() ?? false)
|
||||||
{
|
{
|
||||||
@ -156,14 +160,16 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
|||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected override ClaimsPrincipal GetSubject(CustomTokenRequestValidationContext context)
|
protected override ClaimsPrincipal? GetSubject(CustomTokenRequestValidationContext context)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
return context.Result.ValidatedRequest.Subject;
|
return context.Result.ValidatedRequest.Subject;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected override void SetTwoFactorResult(CustomTokenRequestValidationContext context,
|
protected override void SetTwoFactorResult(CustomTokenRequestValidationContext context,
|
||||||
Dictionary<string, object> customResponse)
|
Dictionary<string, object> customResponse)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
context.Result.Error = "invalid_grant";
|
context.Result.Error = "invalid_grant";
|
||||||
context.Result.ErrorDescription = "Two factor required.";
|
context.Result.ErrorDescription = "Two factor required.";
|
||||||
context.Result.IsError = true;
|
context.Result.IsError = true;
|
||||||
@ -173,6 +179,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
|||||||
protected override void SetSsoResult(CustomTokenRequestValidationContext context,
|
protected override void SetSsoResult(CustomTokenRequestValidationContext context,
|
||||||
Dictionary<string, object> customResponse)
|
Dictionary<string, object> customResponse)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
context.Result.Error = "invalid_grant";
|
context.Result.Error = "invalid_grant";
|
||||||
context.Result.ErrorDescription = "Single Sign on required.";
|
context.Result.ErrorDescription = "Single Sign on required.";
|
||||||
context.Result.IsError = true;
|
context.Result.IsError = true;
|
||||||
@ -182,6 +189,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
|
|||||||
protected override void SetErrorResult(CustomTokenRequestValidationContext context,
|
protected override void SetErrorResult(CustomTokenRequestValidationContext context,
|
||||||
Dictionary<string, object> customResponse)
|
Dictionary<string, object> customResponse)
|
||||||
{
|
{
|
||||||
|
Debug.Assert(context.Result is not null);
|
||||||
context.Result.Error = "invalid_grant";
|
context.Result.Error = "invalid_grant";
|
||||||
context.Result.IsError = true;
|
context.Result.IsError = true;
|
||||||
context.Result.CustomResponse = customResponse;
|
context.Result.CustomResponse = customResponse;
|
||||||
|
|||||||
@ -22,7 +22,6 @@ public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwner
|
|||||||
IResourceOwnerPasswordValidator
|
IResourceOwnerPasswordValidator
|
||||||
{
|
{
|
||||||
private UserManager<User> _userManager;
|
private UserManager<User> _userManager;
|
||||||
private readonly IUserService _userService;
|
|
||||||
private readonly ICurrentContext _currentContext;
|
private readonly ICurrentContext _currentContext;
|
||||||
private readonly ICaptchaValidationService _captchaValidationService;
|
private readonly ICaptchaValidationService _captchaValidationService;
|
||||||
private readonly IAuthRequestRepository _authRequestRepository;
|
private readonly IAuthRequestRepository _authRequestRepository;
|
||||||
@ -55,7 +54,6 @@ public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwner
|
|||||||
tokenDataFactory, featureService, ssoConfigRepository, userDecryptionOptionsBuilder)
|
tokenDataFactory, featureService, ssoConfigRepository, userDecryptionOptionsBuilder)
|
||||||
{
|
{
|
||||||
_userManager = userManager;
|
_userManager = userManager;
|
||||||
_userService = userService;
|
|
||||||
_currentContext = currentContext;
|
_currentContext = currentContext;
|
||||||
_captchaValidationService = captchaValidationService;
|
_captchaValidationService = captchaValidationService;
|
||||||
_authRequestRepository = authRequestRepository;
|
_authRequestRepository = authRequestRepository;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user