Feature/token service (#1785)

* Implement draft token service

* Add tokenizer and factory

* Handle expiring tokens through base class

* Allow direct token validity checks

* Add safe unprotect to tokenizer

* Add interface to tokenizer factory

* Use tokenizer

* Fix rebase

* Handle cleartext prefix in tokenizer base

* Use epoch milliseconds for expiration in tokens

* Use tokenizers

* Test tokens

* Linter fixes

* Add TokenizerFactory to DI services

* Test epoch milliseconds deserialization

* Use separate injectables for each token type

* Fix directory

* Add functional unprotect to token

* Fix namespace and correct object names

* Remove Tokenable interface

* Test remaining Tokens classes

* Dotnet format

* Fix sut provider errors with update

* Remove useless property

Co-authored-by: Hinton <oscar@oscarhinton.com>

src/Core/Services/Implementations/EmergencyAccessService.cs

@@ -5,12 +5,12 @@ using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models;
+using Bit.Core.Models.Business.Tokenables;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Table;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
-using Bit.Core.Utilities;
-using Microsoft.AspNetCore.DataProtection;
+using Bit.Core.Tokens;
 using Microsoft.AspNetCore.Identity;
 
 namespace Bit.Core.Services
@@ -25,10 +25,10 @@ namespace Bit.Core.Services
         private readonly ICipherService _cipherService;
         private readonly IMailService _mailService;
         private readonly IUserService _userService;
-        private readonly IDataProtector _dataProtector;
         private readonly GlobalSettings _globalSettings;
         private readonly IPasswordHasher<User> _passwordHasher;
         private readonly IOrganizationService _organizationService;
+        private readonly IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> _dataProtectorTokenizer;
 
         public EmergencyAccessService(
             IEmergencyAccessRepository emergencyAccessRepository,
@@ -40,9 +40,9 @@ namespace Bit.Core.Services
             IMailService mailService,
             IUserService userService,
             IPasswordHasher<User> passwordHasher,
-            IDataProtectionProvider dataProtectionProvider,
             GlobalSettings globalSettings,
-            IOrganizationService organizationService)
+            IOrganizationService organizationService,
+            IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> dataProtectorTokenizer)
         {
             _emergencyAccessRepository = emergencyAccessRepository;
             _organizationUserRepository = organizationUserRepository;
@@ -53,9 +53,9 @@ namespace Bit.Core.Services
             _mailService = mailService;
             _userService = userService;
             _passwordHasher = passwordHasher;
-            _dataProtector = dataProtectionProvider.CreateProtector("EmergencyAccessServiceDataProtector");
             _globalSettings = globalSettings;
             _organizationService = organizationService;
+            _dataProtectorTokenizer = dataProtectorTokenizer;
         }
 
         public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime)
@@ -118,8 +118,7 @@ namespace Bit.Core.Services
                 throw new BadRequestException("Emergency Access not valid.");
             }
 
-            if (!CoreHelpers.TokenIsValid("EmergencyAccessInvite", _dataProtector, token, user.Email, emergencyAccessId,
-                _globalSettings.OrganizationInviteExpirationHours))
+            if (!_dataProtectorTokenizer.TryUnprotect(token, out var data) && data.IsValid(emergencyAccessId, user.Email))
             {
                 throw new BadRequestException("Invalid token.");
             }
@@ -403,8 +402,7 @@ namespace Bit.Core.Services
 
         private async Task SendInviteAsync(EmergencyAccess emergencyAccess, string invitingUsersName)
         {
-            var nowMillis = CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow);
-            var token = _dataProtector.Protect($"EmergencyAccessInvite {emergencyAccess.Id} {emergencyAccess.Email} {nowMillis}");
+            var token = _dataProtectorTokenizer.Protect(new EmergencyAccessInviteTokenable(emergencyAccess, _globalSettings.OrganizationInviteExpirationHours));
             await _mailService.SendEmergencyAccessInviteEmailAsync(emergencyAccess, invitingUsersName, token);
         }
 

src/Core/Services/Implementations/HCaptchaValidationService.cs

@@ -3,10 +3,10 @@ using System.Collections.Generic;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Bit.Core.Context;
+using Bit.Core.Models.Business.Tokenables;
 using Bit.Core.Models.Table;
 using Bit.Core.Settings;
-using Bit.Core.Utilities;
-using Microsoft.AspNetCore.DataProtection;
+using Bit.Core.Tokens;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 
@@ -14,31 +14,27 @@ namespace Bit.Core.Services
 {
     public class HCaptchaValidationService : ICaptchaValidationService
     {
-        private const double TokenLifetimeInHours = (double)5 / 60; // 5 minutes
-        private const string TokenName = "CaptchaBypassToken";
-        private const string TokenClearTextPrefix = "BWCaptchaBypass_";
         private readonly ILogger<HCaptchaValidationService> _logger;
         private readonly IHttpClientFactory _httpClientFactory;
         private readonly GlobalSettings _globalSettings;
-        private readonly IDataProtector _dataProtector;
+        private readonly IDataProtectorTokenFactory<HCaptchaTokenable> _tokenizer;
 
         public HCaptchaValidationService(
             ILogger<HCaptchaValidationService> logger,
             IHttpClientFactory httpClientFactory,
-            IDataProtectionProvider dataProtectorProvider,
+            IDataProtectorTokenFactory<HCaptchaTokenable> tokenizer,
             GlobalSettings globalSettings)
         {
             _logger = logger;
             _httpClientFactory = httpClientFactory;
             _globalSettings = globalSettings;
-            _dataProtector = dataProtectorProvider.CreateProtector("CaptchaServiceDataProtector");
+            _tokenizer = tokenizer;
         }
 
         public string SiteKeyResponseKeyName => "HCaptcha_SiteKey";
         public string SiteKey => _globalSettings.Captcha.HCaptchaSiteKey;
 
-        public string GenerateCaptchaBypassToken(User user) =>
-            $"{TokenClearTextPrefix}{_dataProtector.Protect(CaptchaBypassTokenContent(user))}";
+        public string GenerateCaptchaBypassToken(User user) => _tokenizer.Protect(new HCaptchaTokenable(user));
 
         public bool ValidateCaptchaBypassToken(string bypassToken, User user) =>
             TokenIsApiKey(bypassToken, user) || TokenIsCaptchaBypassToken(bypassToken, user);
@@ -89,20 +85,12 @@ namespace Bit.Core.Services
         public bool RequireCaptchaValidation(ICurrentContext currentContext) =>
             currentContext.IsBot || _globalSettings.Captcha.ForceCaptchaRequired;
 
-        private static string CaptchaBypassTokenContent(User user) =>
-            string.Join(' ', new object[] {
-                TokenName,
-                user?.Id,
-                user?.Email,
-                CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow.AddHours(TokenLifetimeInHours))
-            });
-
         private static bool TokenIsApiKey(string bypassToken, User user) =>
             !string.IsNullOrWhiteSpace(bypassToken) && user != null && user.ApiKey == bypassToken;
-        private bool TokenIsCaptchaBypassToken(string encryptedToken, User user) =>
-            encryptedToken.StartsWith(TokenClearTextPrefix) && user != null &&
-            CoreHelpers.TokenIsValid(TokenName, _dataProtector, encryptedToken[TokenClearTextPrefix.Length..],
-            user.Email, user.Id, TokenLifetimeInHours);
-
+        private bool TokenIsCaptchaBypassToken(string encryptedToken, User user)
+        {
+            return _tokenizer.TryUnprotect(encryptedToken, out var data) &&
+                data.Valid && data.TokenIsValid(user);
+        }
     }
 }