nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-28 00:02:26 -05:00
Code

Block legacy users on all clients over 2025.5

Browse Source
This commit is contained in:
Bernd Schoolmann 2025-04-11 11:53:34 +02:00
parent d553d52c93
commit d6fa6c240b
No known key found for this signature in database
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Core/Constants.cs
View File

@ -23,6 +23,7 @@ public static class Constants
public const string Fido2KeyCipherMinimumVersion = "2023.10.0"; public const string Fido2KeyCipherMinimumVersion = "2023.10.0";
public const string SSHKeyCipherMinimumVersion = "2024.12.0"; public const string SSHKeyCipherMinimumVersion = "2024.12.0";
public const string DenyLegacyUserMinimumVersion = "2025.5.0";
/// <summary> /// <summary>
/// Used by IdentityServer to identify our own provider. /// Used by IdentityServer to identify our own provider.

3
src/Identity/IdentityServer/RequestValidators/CustomTokenRequestValidator.cs
View File

@ -26,6 +26,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
{ {
private readonly UserManager<User> _userManager; private readonly UserManager<User> _userManager;
private readonly IUpdateInstallationCommand _updateInstallationCommand; private readonly IUpdateInstallationCommand _updateInstallationCommand;
private readonly Version _denyLegacyUserMinimumVersion = new(Constants.DenyLegacyUserMinimumVersion);
public CustomTokenRequestValidator( public CustomTokenRequestValidator(
UserManager<User> userManager, UserManager<User> userManager,
@ -73,7 +74,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
{ {
// Force legacy users to the web for migration // Force legacy users to the web for migration
if (await _userService.IsLegacyUser(GetSubject(context)?.GetSubjectId()) && if (await _userService.IsLegacyUser(GetSubject(context)?.GetSubjectId()) &&
context.Result.ValidatedRequest.ClientId != "web") (context.Result.ValidatedRequest.ClientId != "web" || CurrentContext.ClientVersion >= _denyLegacyUserMinimumVersion))
{ {
await FailAuthForLegacyUserAsync(null, context); await FailAuthForLegacyUserAsync(null, context);
return; return;