mirror of
https://github.com/bitwarden/server.git
synced 2025-04-06 05:28:15 -05:00
move some 2fa logic functions to userService
This commit is contained in:
Kyle Spearrin
parent
b7362ae741
commit
ac7c7b5077
@ -69,7 +69,7 @@
|
|||||||
{
|
{
|
||||||
<i class="fa fa-times-circle-o fa-lg fa-fw text-muted" title="Email Not Verified"></i>
|
<i class="fa fa-times-circle-o fa-lg fa-fw text-muted" title="Email Not Verified"></i>
|
||||||
}
|
}
|
||||||
@if(await user.TwoFactorIsEnabledAsync(userService))
|
@if(await userService.TwoFactorIsEnabledAsync(user))
|
||||||
{
|
{
|
||||||
<i class="fa fa-lock fa-lg fa-fw" title="2FA Enabled"></i>
|
<i class="fa fa-lock fa-lg fa-fw" title="2FA Enabled"></i>
|
||||||
}
|
}
|
||||||
|
|||||||
@ -14,7 +14,7 @@
|
|||||||
<dd class="col-sm-8 col-lg-9">@(Model.User.EmailVerified ? "Yes" : "No")</dd>
|
<dd class="col-sm-8 col-lg-9">@(Model.User.EmailVerified ? "Yes" : "No")</dd>
|
||||||
|
|
||||||
<dt class="col-sm-4 col-lg-3">Using 2FA</dt>
|
<dt class="col-sm-4 col-lg-3">Using 2FA</dt>
|
||||||
<dd class="col-sm-8 col-lg-9">@(await Model.User.TwoFactorIsEnabledAsync(userService) ? "Yes" : "No")</dd>
|
<dd class="col-sm-8 col-lg-9">@(await userService.TwoFactorIsEnabledAsync(Model.User) ? "Yes" : "No")</dd>
|
||||||
|
|
||||||
<dt class="col-sm-4 col-lg-3">Items</dt>
|
<dt class="col-sm-4 col-lg-3">Items</dt>
|
||||||
<dd class="col-sm-8 col-lg-9">@Model.CipherCount</dd>
|
<dd class="col-sm-8 col-lg-9">@Model.CipherCount</dd>
|
||||||
|
|||||||
@ -307,7 +307,7 @@ namespace Bit.Api.Controllers
|
|||||||
var organizationUserDetails = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id,
|
var organizationUserDetails = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id,
|
||||||
OrganizationUserStatusType.Confirmed);
|
OrganizationUserStatusType.Confirmed);
|
||||||
var response = new ProfileResponseModel(user, organizationUserDetails,
|
var response = new ProfileResponseModel(user, organizationUserDetails,
|
||||||
await user.TwoFactorIsEnabledAsync(_userService));
|
await _userService.TwoFactorIsEnabledAsync(user));
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -332,7 +332,7 @@ namespace Bit.Api.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
await _userService.SaveUserAsync(model.ToUser(user));
|
await _userService.SaveUserAsync(model.ToUser(user));
|
||||||
var response = new ProfileResponseModel(user, null, await user.TwoFactorIsEnabledAsync(_userService));
|
var response = new ProfileResponseModel(user, null, await _userService.TwoFactorIsEnabledAsync(user));
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -462,7 +462,7 @@ namespace Bit.Api.Controllers
|
|||||||
|
|
||||||
await _userService.SignUpPremiumAsync(user, model.PaymentToken,
|
await _userService.SignUpPremiumAsync(user, model.PaymentToken,
|
||||||
model.AdditionalStorageGb.GetValueOrDefault(0), license);
|
model.AdditionalStorageGb.GetValueOrDefault(0), license);
|
||||||
return new ProfileResponseModel(user, null, await user.TwoFactorIsEnabledAsync(_userService));
|
return new ProfileResponseModel(user, null, await _userService.TwoFactorIsEnabledAsync(user));
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("billing")]
|
[HttpGet("billing")]
|
||||||
|
|||||||
@ -69,7 +69,7 @@ namespace Bit.Api.Controllers
|
|||||||
collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
|
collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
|
||||||
}
|
}
|
||||||
|
|
||||||
var userTwoFactorEnabled = await user.TwoFactorIsEnabledAsync(_userService);
|
var userTwoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
|
||||||
var response = new SyncResponseModel(_globalSettings, user, userTwoFactorEnabled, organizationUserDetails,
|
var response = new SyncResponseModel(_globalSettings, user, userTwoFactorEnabled, organizationUserDetails,
|
||||||
folders, collections, ciphers, collectionCiphersGroupDict, excludeDomains);
|
folders, collections, ciphers, collectionCiphersGroupDict, excludeDomains);
|
||||||
return response;
|
return response;
|
||||||
|
|||||||
@ -4,7 +4,9 @@
|
|||||||
<handlers>
|
<handlers>
|
||||||
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
|
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
|
||||||
</handlers>
|
</handlers>
|
||||||
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" startupTimeLimit="3600" requestTimeout="23:00:00" />
|
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" startupTimeLimit="3600" requestTimeout="23:00:00">
|
||||||
|
<environmentVariables />
|
||||||
|
</aspNetCore>
|
||||||
<security>
|
<security>
|
||||||
<requestFiltering>
|
<requestFiltering>
|
||||||
<requestLimits maxQueryString="5120" maxAllowedContentLength="105906176" />
|
<requestLimits maxQueryString="5120" maxAllowedContentLength="105906176" />
|
||||||
|
|||||||
@ -25,8 +25,8 @@ namespace Bit.Core.Identity
|
|||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Authenticator,
|
return await _serviceProvider.GetRequiredService<IUserService>()
|
||||||
_serviceProvider.GetRequiredService<IUserService>());
|
.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Authenticator, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
|
|||||||
@ -37,7 +37,7 @@ namespace Bit.Core.Identity
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, userService);
|
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
|
|||||||
@ -24,7 +24,7 @@ namespace Bit.Core.Identity
|
|||||||
CancellationToken cancellationToken = default(CancellationToken))
|
CancellationToken cancellationToken = default(CancellationToken))
|
||||||
{
|
{
|
||||||
var user = await _userRepository.GetByEmailAsync(normalizedEmail);
|
var user = await _userRepository.GetByEmailAsync(normalizedEmail);
|
||||||
return user?.ToIdentityUser(await user.TwoFactorIsEnabledAsync(_userService));
|
return user?.ToIdentityUser(await _userService.TwoFactorIsEnabledAsync(user));
|
||||||
}
|
}
|
||||||
|
|
||||||
public override async Task<IdentityUser> FindByIdAsync(string userId,
|
public override async Task<IdentityUser> FindByIdAsync(string userId,
|
||||||
@ -36,7 +36,7 @@ namespace Bit.Core.Identity
|
|||||||
}
|
}
|
||||||
|
|
||||||
var user = await _userRepository.GetByIdAsync(userIdGuid);
|
var user = await _userRepository.GetByIdAsync(userIdGuid);
|
||||||
return user?.ToIdentityUser(await user.TwoFactorIsEnabledAsync(_userService));
|
return user?.ToIdentityUser(await _userService.TwoFactorIsEnabledAsync(user));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -47,7 +47,7 @@ namespace Bit.Core.Identity
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.U2f, userService);
|
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.U2f, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
|
|||||||
@ -169,7 +169,7 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public async Task<bool> GetTwoFactorEnabledAsync(User user, CancellationToken cancellationToken)
|
public async Task<bool> GetTwoFactorEnabledAsync(User user, CancellationToken cancellationToken)
|
||||||
{
|
{
|
||||||
return await user.TwoFactorIsEnabledAsync(_serviceProvider.GetRequiredService<IUserService>());
|
return await _serviceProvider.GetRequiredService<IUserService>().TwoFactorIsEnabledAsync(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Task SetSecurityStampAsync(User user, string stamp, CancellationToken cancellationToken)
|
public Task SetSecurityStampAsync(User user, string stamp, CancellationToken cancellationToken)
|
||||||
|
|||||||
@ -37,7 +37,7 @@ namespace Bit.Core.Identity
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.YubiKey, userService);
|
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.YubiKey, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
public Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
|
|||||||
@ -164,7 +164,7 @@ namespace Bit.Core.IdentityServer
|
|||||||
{
|
{
|
||||||
foreach(var p in user.GetTwoFactorProviders())
|
foreach(var p in user.GetTwoFactorProviders())
|
||||||
{
|
{
|
||||||
if(await user.TwoFactorProviderIsEnabledAsync(p.Key, _userService))
|
if(await _userService.TwoFactorProviderIsEnabledAsync(p.Key, user))
|
||||||
{
|
{
|
||||||
enabledProviders.Add(p);
|
enabledProviders.Add(p);
|
||||||
}
|
}
|
||||||
@ -279,13 +279,13 @@ namespace Bit.Core.IdentityServer
|
|||||||
case TwoFactorProviderType.U2f:
|
case TwoFactorProviderType.U2f:
|
||||||
case TwoFactorProviderType.Remember:
|
case TwoFactorProviderType.Remember:
|
||||||
if(type != TwoFactorProviderType.Remember &&
|
if(type != TwoFactorProviderType.Remember &&
|
||||||
!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
|
!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return await _userManager.VerifyTwoFactorTokenAsync(user, type.ToString(), token);
|
return await _userManager.VerifyTwoFactorTokenAsync(user, type.ToString(), token);
|
||||||
case TwoFactorProviderType.Email:
|
case TwoFactorProviderType.Email:
|
||||||
if(!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
|
if(!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -311,7 +311,7 @@ namespace Bit.Core.IdentityServer
|
|||||||
case TwoFactorProviderType.U2f:
|
case TwoFactorProviderType.U2f:
|
||||||
case TwoFactorProviderType.Email:
|
case TwoFactorProviderType.Email:
|
||||||
case TwoFactorProviderType.YubiKey:
|
case TwoFactorProviderType.YubiKey:
|
||||||
if(!(await user.TwoFactorProviderIsEnabledAsync(type, _userService)))
|
if(!(await _userService.TwoFactorProviderIsEnabledAsync(type, user)))
|
||||||
{
|
{
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,48 +92,6 @@ namespace Bit.Core.Models.Table
|
|||||||
_twoFactorProviders = providers;
|
_twoFactorProviders = providers;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider,
|
|
||||||
IUserService userService)
|
|
||||||
{
|
|
||||||
var providers = GetTwoFactorProviders();
|
|
||||||
if(providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!TwoFactorProvider.RequiresPremium(provider))
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
return await userService.CanAccessPremium(this);
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task<bool> TwoFactorIsEnabledAsync(IUserService userService)
|
|
||||||
{
|
|
||||||
var providers = GetTwoFactorProviders();
|
|
||||||
if(providers == null)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
foreach(var p in providers)
|
|
||||||
{
|
|
||||||
if(p.Value?.Enabled ?? false)
|
|
||||||
{
|
|
||||||
if(!TwoFactorProvider.RequiresPremium(p.Key))
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
if(await userService.CanAccessPremium(this))
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
|
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
|
||||||
{
|
{
|
||||||
var providers = GetTwoFactorProviders();
|
var providers = GetTwoFactorProviders();
|
||||||
|
|||||||
@ -55,5 +55,7 @@ namespace Bit.Core.Services
|
|||||||
Task<UserLicense> GenerateLicenseAsync(User user, BillingInfo billingInfo = null);
|
Task<UserLicense> GenerateLicenseAsync(User user, BillingInfo billingInfo = null);
|
||||||
Task<bool> CheckPasswordAsync(User user, string password);
|
Task<bool> CheckPasswordAsync(User user, string password);
|
||||||
Task<bool> CanAccessPremium(User user);
|
Task<bool> CanAccessPremium(User user);
|
||||||
|
Task<bool> TwoFactorIsEnabledAsync(User user);
|
||||||
|
Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, User user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -916,6 +916,47 @@ namespace Bit.Core.Services
|
|||||||
orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled);
|
orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<bool> TwoFactorIsEnabledAsync(User user)
|
||||||
|
{
|
||||||
|
var providers = user.GetTwoFactorProviders();
|
||||||
|
if(providers == null)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach(var p in providers)
|
||||||
|
{
|
||||||
|
if(p.Value?.Enabled ?? false)
|
||||||
|
{
|
||||||
|
if(!TwoFactorProvider.RequiresPremium(p.Key))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if(await CanAccessPremium(user))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, User user)
|
||||||
|
{
|
||||||
|
var providers = user.GetTwoFactorProviders();
|
||||||
|
if(providers == null || !providers.ContainsKey(provider) || !providers[provider].Enabled)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!TwoFactorProvider.RequiresPremium(provider))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return await CanAccessPremium(user);
|
||||||
|
}
|
||||||
|
|
||||||
private async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
|
private async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
|
||||||
bool validatePassword = true, bool refreshStamp = true)
|
bool validatePassword = true, bool refreshStamp = true)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user