mirror of
https://github.com/bitwarden/server.git
synced 2025-07-02 16:42:50 -05:00
move some 2fa logic functions to userService
This commit is contained in:
Kyle Spearrin
@ -25,8 +25,8 @@ namespace Bit.Core.Identity
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Authenticator,
|
||||
_serviceProvider.GetRequiredService<IUserService>());
|
||||
return await _serviceProvider.GetRequiredService<IUserService>()
|
||||
.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Authenticator, user);
|
||||
}
|
||||
|
||||
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||
|
||||
@ -37,7 +37,7 @@ namespace Bit.Core.Identity
|
||||
return false;
|
||||
}
|
||||
|
||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, userService);
|
||||
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, user);
|
||||
}
|
||||
|
||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||
|
||||
@ -24,7 +24,7 @@ namespace Bit.Core.Identity
|
||||
CancellationToken cancellationToken = default(CancellationToken))
|
||||
{
|
||||
var user = await _userRepository.GetByEmailAsync(normalizedEmail);
|
||||
return user?.ToIdentityUser(await user.TwoFactorIsEnabledAsync(_userService));
|
||||
return user?.ToIdentityUser(await _userService.TwoFactorIsEnabledAsync(user));
|
||||
}
|
||||
|
||||
public override async Task<IdentityUser> FindByIdAsync(string userId,
|
||||
@ -36,7 +36,7 @@ namespace Bit.Core.Identity
|
||||
}
|
||||
|
||||
var user = await _userRepository.GetByIdAsync(userIdGuid);
|
||||
return user?.ToIdentityUser(await user.TwoFactorIsEnabledAsync(_userService));
|
||||
return user?.ToIdentityUser(await _userService.TwoFactorIsEnabledAsync(user));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -47,7 +47,7 @@ namespace Bit.Core.Identity
|
||||
return false;
|
||||
}
|
||||
|
||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.U2f, userService);
|
||||
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.U2f, user);
|
||||
}
|
||||
|
||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||
|
||||
@ -169,7 +169,7 @@ namespace Bit.Core.Identity
|
||||
|
||||
public async Task<bool> GetTwoFactorEnabledAsync(User user, CancellationToken cancellationToken)
|
||||
{
|
||||
return await user.TwoFactorIsEnabledAsync(_serviceProvider.GetRequiredService<IUserService>());
|
||||
return await _serviceProvider.GetRequiredService<IUserService>().TwoFactorIsEnabledAsync(user);
|
||||
}
|
||||
|
||||
public Task SetSecurityStampAsync(User user, string stamp, CancellationToken cancellationToken)
|
||||
|
||||
@ -37,7 +37,7 @@ namespace Bit.Core.Identity
|
||||
return false;
|
||||
}
|
||||
|
||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.YubiKey, userService);
|
||||
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.YubiKey, user);
|
||||
}
|
||||
|
||||
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||
|
||||
@ -164,7 +164,7 @@ namespace Bit.Core.IdentityServer
|
||||
{
|
||||
foreach(var p in user.GetTwoFactorProviders())
|
||||
{
|
||||
if(await user.TwoFactorProviderIsEnabledAsync(p.Key, _userService))
|
||||
if(await _userService.TwoFactorProviderIsEnabledAsync(p.Key, user))
|
||||
{
|
||||
enabledProviders.Add(p);
|
||||
}
|
||||
@ -279,13 +279,13 @@ namespace Bit.Core.IdentityServer
|
||||
case TwoFactorProviderType.U2f:
|
||||
case TwoFactorProviderType.Remember:
|
||||
if(type != TwoFactorProviderType.Remember &&
|
||||
!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
|
||||
!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return await _userManager.VerifyTwoFactorTokenAsync(user, type.ToString(), token);
|
||||
case TwoFactorProviderType.Email:
|
||||
if(!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
|
||||
if(!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -311,7 +311,7 @@ namespace Bit.Core.IdentityServer
|
||||
case TwoFactorProviderType.U2f:
|
||||
case TwoFactorProviderType.Email:
|
||||
case TwoFactorProviderType.YubiKey:
|
||||
if(!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
|
||||
if(!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
@ -92,48 +92,6 @@ namespace Bit.Core.Models.Table
|
||||
_twoFactorProviders = providers;
|
||||
}
|
||||
|
||||
public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider,
|
||||
IUserService userService)
|
||||
{
|
||||
var providers = GetTwoFactorProviders();
|
||||
if(providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!TwoFactorProvider.RequiresPremium(provider))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return await userService.CanAccessPremium(this);
|
||||
}
|
||||
|
||||
public async Task<bool> TwoFactorIsEnabledAsync(IUserService userService)
|
||||
{
|
||||
var providers = GetTwoFactorProviders();
|
||||
if(providers == null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
foreach(var p in providers)
|
||||
{
|
||||
if(p.Value?.Enabled ?? false)
|
||||
{
|
||||
if(!TwoFactorProvider.RequiresPremium(p.Key))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if(await userService.CanAccessPremium(this))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
|
||||
{
|
||||
var providers = GetTwoFactorProviders();
|
||||
|
||||
@ -55,5 +55,7 @@ namespace Bit.Core.Services
|
||||
Task<UserLicense> GenerateLicenseAsync(User user, BillingInfo billingInfo = null);
|
||||
Task<bool> CheckPasswordAsync(User user, string password);
|
||||
Task<bool> CanAccessPremium(User user);
|
||||
Task<bool> TwoFactorIsEnabledAsync(User user);
|
||||
Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, User user);
|
||||
}
|
||||
}
|
||||
|
||||
@ -916,6 +916,47 @@ namespace Bit.Core.Services
|
||||
orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled);
|
||||
}
|
||||
|
||||
public async Task<bool> TwoFactorIsEnabledAsync(User user)
|
||||
{
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(providers == null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
foreach(var p in providers)
|
||||
{
|
||||
if(p.Value?.Enabled ?? false)
|
||||
{
|
||||
if(!TwoFactorProvider.RequiresPremium(p.Key))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if(await CanAccessPremium(user))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, User user)
|
||||
{
|
||||
var providers = user.GetTwoFactorProviders();
|
||||
if(providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!TwoFactorProvider.RequiresPremium(provider))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return await CanAccessPremium(user);
|
||||
}
|
||||
|
||||
private async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
|
||||
bool validatePassword = true, bool refreshStamp = true)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user