catch u2f exceptions

2025-05-29 23:34:53 -05:00 · 2018-10-10 15:21:54 -04:00 · 2018-10-10 15:21:54 -04:00 · b5a4bad637
commit b5a4bad637
parent cbab6eb9d7
3 changed files with 97 additions and 78 deletions
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -218,7 +218,12 @@ namespace Bit.Api.Controllers
        public async Task<TwoFactorU2fResponseModel> PutU2f([FromBody]TwoFactorU2fRequestModel model)
        {
            var user = await CheckAsync(model.MasterPasswordHash, true);
-            await _userService.CompleteU2fRegistrationAsync(user, model.Id.Value, model.Name, model.DeviceResponse);
+            var success = await _userService.CompleteU2fRegistrationAsync(
+                user, model.Id.Value, model.Name, model.DeviceResponse);
+            if(!success)
+            {
+                throw new BadRequestException("Unable to complete U2F key registration.");
+            }
            var response = new TwoFactorU2fResponseModel(user);
            return response;
        }
--- a/src/Core/Identity/U2fTokenProvider.cs
+++ b/src/Core/Identity/U2fTokenProvider.cs
@ -10,7 +10,6 @@ using System.Linq;
 using U2fLib = U2F.Core.Crypto.U2F;
 using U2F.Core.Models;
 using U2F.Core.Exceptions;
-using U2F.Core.Utils;
 using System;
 using Bit.Core.Services;
 using Microsoft.Extensions.DependencyInjection;
@ -67,6 +66,8 @@ namespace Bit.Core.Identity

            await _u2fRepository.DeleteManyByUserIdAsync(user.Id);

+            try
+            {
                var challengeBytes = U2fLib.Crypto.GenerateChallenge();
                var challenges = new List<object>();
                foreach(var key in keys)
@ -99,6 +100,11 @@ namespace Bit.Core.Identity
                var token = JsonConvert.SerializeObject(challenges);
                return token;
            }
+            catch(U2fException)
+            {
+                return null;
+            }
+        }

        public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
        {
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -19,6 +19,7 @@ using Bit.Core.Utilities;
 using System.IO;
 using Newtonsoft.Json;
 using Microsoft.AspNetCore.DataProtection;
+using U2F.Core.Exceptions;

 namespace Bit.Core.Services
 {
@ -322,6 +323,8 @@ namespace Bit.Core.Services

            var registerResponse = BaseModel.FromJson<RegisterResponse>(deviceResponse);

+            try
+            {
                var challenge = challenges.OrderBy(i => i.Id).Last(i => i.KeyHandle == null);
                var startedReg = new StartedRegistration(challenge.Challenge, challenge.AppId);
                var reg = U2fLib.FinishRegistration(startedReg, registerResponse);
@ -377,6 +380,11 @@ namespace Bit.Core.Services
                await UpdateTwoFactorProviderAsync(user, TwoFactorProviderType.U2f);
                return true;
            }
+            catch(U2fException)
+            {
+                return false;
+            }
+        }

        public async Task<bool> DeleteU2fKeyAsync(User user, int id)
        {