nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-13 17:18:14 -05:00
Code

u2f fixes

Browse Source
This commit is contained in:
Kyle Spearrin 2017-06-22 22:14:51 -04:00
parent f28ae5ccd9
commit ca979e0c40
6 changed files with 34 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Core/Identity/U2fTokenProvider.cs
View File

@ -3,7 +3,6 @@ using Microsoft.AspNetCore.Identity;
using Bit.Core.Models.Table;
using Bit.Core.Enums;
using Bit.Core.Models;
using Bit.Core.Services;
using Bit.Core.Repositories;
using Newtonsoft.Json;
using System.Collections.Generic;
@ -18,16 +17,13 @@ namespace Bit.Core.Identity
public class U2fTokenProvider : IUserTwoFactorTokenProvider<User>
{
private readonly IU2fRepository _u2fRepository;
private readonly IUserService _userService;
private readonly GlobalSettings _globalSettings;
public U2fTokenProvider(
IU2fRepository u2fRepository,
IUserService userService,
GlobalSettings globalSettings)
{
_u2fRepository = u2fRepository;
_userService = userService;
_globalSettings = globalSettings;
}
@ -48,7 +44,7 @@ namespace Bit.Core.Identity
var keys = new List<TwoFactorProvider.U2fMetaData>();
var key1 = provider.MetaData["Key1"] as TwoFactorProvider.U2fMetaData;
var key1 = new TwoFactorProvider.U2fMetaData((dynamic)provider.MetaData["Key1"]);
if(!key1?.Compromised ?? false)
{
keys.Add(key1);
@ -98,7 +94,7 @@ namespace Bit.Core.Identity
return false;
}
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
if(!HasProperMetaData(provider))
{
return false;
@ -106,7 +102,7 @@ namespace Bit.Core.Identity
var keys = new List<TwoFactorProvider.U2fMetaData>();
var key1 = provider.MetaData["Key1"] as TwoFactorProvider.U2fMetaData;
var key1 = new TwoFactorProvider.U2fMetaData((dynamic)provider.MetaData["Key1"]);
if(!key1?.Compromised ?? false)
{
keys.Add(key1);
@ -131,10 +127,15 @@ namespace Bit.Core.Identity
return false;
}
var success = true;
// User will have a authentication request for each device they have registered so get the one that matches
// the device key handle
var challenge = challenges.First(c => c.KeyHandle == authenticateResponse.KeyHandle);
var challenge = challenges.FirstOrDefault(c => c.KeyHandle == authenticateResponse.KeyHandle);
if(challenge == null)
{
return false;
}
var success = true;
var registration = new DeviceRegistration(key.KeyHandleBytes, key.PublicKeyBytes, key.CertificateBytes,
key.Counter);
try
@ -155,7 +156,7 @@ namespace Bit.Core.Identity
var providers = user.GetTwoFactorProviders();
providers[TwoFactorProviderType.U2f].MetaData["Key1"] = key;
user.SetTwoFactorProviders(providers);
await _userService.SaveUserAsync(user);
await manager.UpdateAsync(user);
return success;
}

17
src/Core/Models/TwoFactorProvider.cs
View File

@ -1,4 +1,5 @@
using System;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using u2flib.Util;
@ -11,13 +12,27 @@ namespace Bit.Core.Models
public class U2fMetaData
{
public U2fMetaData() { }
public U2fMetaData(dynamic o)
{
KeyHandle = o.KeyHandle;
PublicKey = o.PublicKey;
Certificate = o.Certificate;
Counter = o.Counter;
Compromised = o.Compromised;
}
public string KeyHandle { get; set; }
[JsonIgnore]
public byte[] KeyHandleBytes =>
string.IsNullOrWhiteSpace(KeyHandle) ? null : Utils.Base64StringToByteArray(KeyHandle);
public string PublicKey { get; set; }
[JsonIgnore]
public byte[] PublicKeyBytes =>
string.IsNullOrWhiteSpace(PublicKey) ? null : Utils.Base64StringToByteArray(PublicKey);
public string Certificate { get; set; }
[JsonIgnore]
public byte[] CertificateBytes =>
string.IsNullOrWhiteSpace(Certificate) ? null : Utils.Base64StringToByteArray(Certificate);
public uint Counter { get; set; }

1
src/Core/Utilities/ServiceCollectionExtensions.cs
View File

@ -101,6 +101,7 @@ namespace Bit.Core.Utilities
.AddTokenProvider<AuthenticatorTokenProvider>(TwoFactorProviderType.Authenticator.ToString())
.AddTokenProvider<YubicoOtpTokenProvider>(TwoFactorProviderType.YubiKey.ToString())
.AddTokenProvider<DuoWebTokenProvider>(TwoFactorProviderType.Duo.ToString())
.AddTokenProvider<U2fTokenProvider>(TwoFactorProviderType.U2f.ToString())
.AddTokenProvider<EmailTokenProvider<User>>(TokenOptions.DefaultEmailProvider);
return identityBuilder;

2
src/Identity/settings.json
View File

@ -44,7 +44,7 @@
"aKey": "SECRET"
},
"u2f": {
"appId": "https://bitwarden.com"
"appId": "https://localhost:4001"
}
}
}

6
src/Sql/dbo/Stored Procedures/U2f_Create.sql
View File

@ -1,10 +1,10 @@
CREATE PROCEDURE [dbo].[U2f_Create]
@Id INT,
@UserId UNIQUEIDENTIFIER,
@KeyHandle VARCHAR(50),
@Challenge VARCHAR(50),
@KeyHandle VARCHAR(200),
@Challenge VARCHAR(200),
@AppId VARCHAR(50),
@Version VARCHAR(50),
@Version VARCHAR(20),
@CreationDate DATETIME2(7)
AS
BEGIN

4
src/Sql/dbo/Tables/U2f.sql
View File

@ -1,8 +1,8 @@
CREATE TABLE [dbo].[U2f] (
[Id] INT IDENTITY (1, 1) NOT NULL,
[UserId] UNIQUEIDENTIFIER NOT NULL,
[KeyHandle] VARCHAR (MAX) NULL,
[Challenge] VARCHAR (MAX) NOT NULL,
[KeyHandle] VARCHAR (200) NULL,
[Challenge] VARCHAR (200) NOT NULL,
[AppId] VARCHAR (50) NOT NULL,
[Version] VARCHAR (20) NOT NULL,
[CreationDate] DATETIME2 (7) NOT NULL,