Feature/token service (#1785)

* Implement draft token service * Add tokenizer and factory * Handle expiring tokens through base class * Allow direct token validity checks * Add safe unprotect to tokenizer * Add interface to tokenizer factory * Use tokenizer * Fix rebase * Handle cleartext prefix in tokenizer base * Use epoch milliseconds for expiration in tokens * Use tokenizers * Test tokens * Linter fixes * Add TokenizerFactory to DI services * Test epoch milliseconds deserialization * Use separate injectables for each token type * Fix directory * Add functional unprotect to token * Fix namespace and correct object names * Remove Tokenable interface * Test remaining Tokens classes * Dotnet format * Fix sut provider errors with update * Remove useless property Co-authored-by: Hinton <oscar@oscarhinton.com>
2025-07-01 08:02:49 -05:00 · 2022-01-10 10:58:16 -05:00
parent 924ebca153
commit e2c6fc81f4
19 changed files with 562 additions and 33 deletions
--- a/src/Core/Models/Business/Tokenables/EmergencyAccessInviteTokenable.cs
+++ b/src/Core/Models/Business/Tokenables/EmergencyAccessInviteTokenable.cs
@ -0,0 +1,37 @@
+using System;
+using System.Text.Json.Serialization;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Business.Tokenables
+{
+    public class EmergencyAccessInviteTokenable : Tokens.ExpiringTokenable
+    {
+        public const string ClearTextPrefix = "";
+        public const string DataProtectorPurpose = "EmergencyAccessServiceDataProtector";
+        public const string TokenIdentifier = "EmergencyAccessInvite";
+        public string Identifier { get; set; } = TokenIdentifier;
+        public Guid Id { get; set; }
+        public string Email { get; set; }
+
+        [JsonConstructor]
+        public EmergencyAccessInviteTokenable(DateTime expirationDate)
+        {
+            ExpirationDate = expirationDate;
+        }
+
+        public EmergencyAccessInviteTokenable(EmergencyAccess user, int hoursTillExpiration)
+        {
+            Id = user.Id;
+            Email = user.Email;
+            ExpirationDate = DateTime.UtcNow.AddHours(hoursTillExpiration);
+        }
+
+        public bool IsValid(Guid id, string email)
+        {
+            return Id == id &&
+                Email.Equals(email, StringComparison.InvariantCultureIgnoreCase);
+        }
+
+        protected override bool TokenIsValid() => Identifier == TokenIdentifier && Id != default && !string.IsNullOrWhiteSpace(Email);
+    }
+}
--- a/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs
+++ b/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs
@ -0,0 +1,40 @@
+using System;
+using System.Text.Json.Serialization;
+using Bit.Core.Models.Table;
+using Bit.Core.Tokens;
+
+namespace Bit.Core.Models.Business.Tokenables
+{
+    public class HCaptchaTokenable : ExpiringTokenable
+    {
+        private const double _tokenLifetimeInHours = (double)5 / 60; // 5 minutes
+        public const string ClearTextPrefix = "BWCaptchaBypass_";
+        public const string DataProtectorPurpose = "CaptchaServiceDataProtector";
+        public const string TokenIdentifier = "CaptchaBypassToken";
+
+        public string Identifier { get; set; } = TokenIdentifier;
+        public Guid Id { get; set; }
+        public string Email { get; set; }
+
+        [JsonConstructor]
+        public HCaptchaTokenable()
+        {
+            ExpirationDate = DateTime.UtcNow.AddHours(_tokenLifetimeInHours);
+        }
+
+        public HCaptchaTokenable(User user) : this()
+        {
+            Id = user.Id;
+            Email = user.Email;
+        }
+
+        public bool TokenIsValid(User user)
+        {
+            return Id == user.Id &&
+            Email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase);
+        }
+
+        // Validates deserialized 
+        protected override bool TokenIsValid() => Identifier == TokenIdentifier && Id != default && !string.IsNullOrWhiteSpace(Email);
+    }
+}