Update opaque login with password and update cipherconfig model

2025-07-15 22:57:44 -05:00 · 2025-03-14 16:22:53 +01:00
parent 0b34f09fc7
commit d617004435
7 changed files with 73 additions and 11 deletions
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@ -15,6 +15,7 @@ using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Auth.Models.Data;
+using Bit.Core.Auth.Services;
 using Bit.Core.Auth.UserFeatures.TdeOffboardingPassword.Interfaces;
 using Bit.Core.Auth.UserFeatures.UserMasterPassword.Interfaces;
 using Bit.Core.Entities;
@ -57,6 +58,7 @@ public class AccountsController : Controller
        _organizationUserValidator;
    private readonly IRotationValidator<IEnumerable<WebAuthnLoginRotateKeyRequestModel>, IEnumerable<WebAuthnLoginRotateKeyData>>
        _webauthnKeyValidator;
+    private readonly IOpaqueKeyExchangeService _opaqueKeyExchangeService;


    public AccountsController(
@ -76,7 +78,8 @@ public class AccountsController : Controller
            emergencyAccessValidator,
        IRotationValidator<IEnumerable<ResetPasswordWithOrgIdRequestModel>, IReadOnlyList<OrganizationUser>>
            organizationUserValidator,
-        IRotationValidator<IEnumerable<WebAuthnLoginRotateKeyRequestModel>, IEnumerable<WebAuthnLoginRotateKeyData>> webAuthnKeyValidator
+        IRotationValidator<IEnumerable<WebAuthnLoginRotateKeyRequestModel>, IEnumerable<WebAuthnLoginRotateKeyData>> webAuthnKeyValidator,
+        IOpaqueKeyExchangeService opaqueKeyExchangeService
        )
    {
        _organizationService = organizationService;
@ -94,6 +97,7 @@ public class AccountsController : Controller
        _emergencyAccessValidator = emergencyAccessValidator;
        _organizationUserValidator = organizationUserValidator;
        _webauthnKeyValidator = webAuthnKeyValidator;
+        _opaqueKeyExchangeService = opaqueKeyExchangeService;
    }


@ -209,8 +213,14 @@ public class AccountsController : Controller
            throw new UnauthorizedAccessException();
        }

+        Guid? sessionId = null;
+        if (model.OpaqueSessionId != null)
+        {
+            sessionId = Guid.Parse(model.OpaqueSessionId);
+        }
+
        var result = await _userService.ChangePasswordAsync(user, model.MasterPasswordHash,
-            model.NewMasterPasswordHash, model.MasterPasswordHint, model.Key);
+            model.NewMasterPasswordHash, model.MasterPasswordHint, model.Key, sessionId);
        if (result.Succeeded)
        {
            return;
--- a/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
+++ b/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs
@ -27,7 +27,7 @@ public class OpaqueKeyExchangeController : Controller
    public async Task<OpaqueRegistrationStartResponse> StartRegistrationAsync([FromBody] OpaqueRegistrationStartRequest request)
    {
        var user = await _userService.GetUserByPrincipalAsync(User);
-        var result = await _opaqueKeyExchangeService.StartRegistration(Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration);
+        var result = await _opaqueKeyExchangeService.StartRegistration(Convert.FromBase64String(request.RegistrationRequest), user, request.CipherConfiguration.ToNativeConfiguration());
        return new OpaqueRegistrationStartResponse(result.Item1, Convert.ToBase64String(result.Item2));
    }