remove deprecated jwt bearer authentication method

2025-07-02 00:22:50 -05:00 · 2017-06-06 23:19:42 -04:00
parent 811bbbfe0a
commit d8c0994ed3
16 changed files with 29 additions and 624 deletions
--- a/src/Api/Controllers/AuthController.cs
+++ b/src/Api/Controllers/AuthController.cs
@ -1,11 +1,7 @@
 using System;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
-using Bit.Core.Identity;
-using Bit.Core.Models.Api;
 using Microsoft.AspNetCore.Authorization;
 using Bit.Core.Exceptions;
-using Bit.Core.Services;

 namespace Bit.Api.Controllers
 {
@ -13,54 +9,12 @@ namespace Bit.Api.Controllers
    [Route("auth")]
    public class AuthController : Controller
    {
-        private readonly JwtBearerSignInManager _signInManager;
-        private readonly IUserService _userService;
-
-        public AuthController(
-            JwtBearerSignInManager signInManager,
-            IUserService userService)
-        {
-            _signInManager = signInManager;
-            _userService = userService;
-        }
-
        [HttpPost("token")]
        [AllowAnonymous]
-        public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
+        public IActionResult PostToken()
        {
-            var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash, 
-                model.Device?.ToDevice());
-            if(result == JwtBearerSignInResult.Success)
-            {
-                return new AuthTokenResponseModel(result.Token, result.User);
-            }
-            else if(result == JwtBearerSignInResult.TwoFactorRequired)
-            {
-                return new AuthTokenResponseModel(result.Token, null);
-            }
-
-            await Task.Delay(2000);
-            throw new BadRequestException("Username or password is incorrect. Try again.");
-        }
-
-        [HttpPost("token/two-factor")]
-        [Authorize("TwoFactor")]
-        public async Task<AuthTokenResponseModel> PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model)
-        {
-            var user = await _userService.GetUserByPrincipalAsync(User);
-            if(user == null)
-            {
-                throw new UnauthorizedAccessException();
-            }
-
-            var result = await _signInManager.TwoFactorSignInAsync(user, model.Provider, model.Code, model.Device?.ToDevice());
-            if(result == JwtBearerSignInResult.Success)
-            {
-                return new AuthTokenResponseModel(result.Token, result.User);
-            }
-
-            await Task.Delay(2000);
-            throw new BadRequestException("Code is not correct. Try again.");
+            throw new BadRequestException("You are using an outdated version of bitwarden that is no longer supported. " +
+                "Please update your app first and try again.");
        }
    }
 }
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -1,12 +1,10 @@
 using System;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using Bit.Api.Utilities;
 using Bit.Core;
@ -20,6 +18,7 @@ using Bit.Api.Middleware;
 using Serilog.Events;
 using Stripe;
 using Bit.Core.Utilities;
+using IdentityModel;

 namespace Bit.Api
 {
@ -73,21 +72,13 @@ namespace Bit.Api
            // Identity
            services.AddCustomIdentityServices(globalSettings);

-            var jwtIdentityOptions = provider.GetRequiredService<IOptions<JwtBearerIdentityOptions>>().Value;
            services.AddAuthorization(config =>
            {
                config.AddPolicy("Application", policy =>
                {
-                    policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2", "Bearer3");
+                    policy.AddAuthenticationSchemes("Bearer2", "Bearer3");
                    policy.RequireAuthenticatedUser();
-                    policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod);
-                });
-
-                config.AddPolicy("TwoFactor", policy =>
-                {
-                    policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2", "Bearer3");
-                    policy.RequireAuthenticatedUser();
-                    policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod);
+                    policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
                });
            });

@ -166,9 +157,6 @@ namespace Bit.Api
            app.UseIdentityServerAuthentication(
                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2"));

-            // Add Jwt authentication to the request pipeline.
-            app.UseJwtBearerIdentity();
-
            // Add current context
            app.UseMiddleware<CurrentContextMiddleware>();

@ -208,7 +196,7 @@ namespace Bit.Api
            else
            {
                return $"http://localhost:{port}";
-                //return $"http://192.168.1.8:{port}"; // Desktop external
+                //return $"http://192.168.1.6:{port}"; // Desktop external
            }
        }
    }