nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-04 01:22:50 -05:00
Code Activity

dont cycle security token on re-hash

Browse Source
This commit is contained in:
Kyle Spearrin
2018-04-17 08:10:17 -04:00
parent 6e7bc8369d
commit e350ef650a
7 changed files with 42 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -69,7 +69,7 @@ namespace Bit.Core.IdentityServer
}
var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
if(user == null || !await _userManager.CheckPasswordAsync(user, context.Password))
if(user == null || !await _userService.CheckPasswordAsync(user, context.Password))
{
await BuildErrorResultAsync(false, context, user);
return;

1
src/Core/Services/IUserService.cs
View File

@ -50,5 +50,6 @@ namespace Bit.Core.Services
Task DisablePremiumAsync(User user, DateTime? expirationDate);
Task UpdatePremiumExpirationAsync(Guid userId, DateTime? expirationDate);
Task<UserLicense> GenerateLicenseAsync(User user, BillingInfo billingInfo = null);
Task<bool> CheckPasswordAsync(User user, string password);
}
}

39
src/Core/Services/Implementations/UserService.cs
View File

@ -411,7 +411,7 @@ namespace Bit.Core.Services
throw new ArgumentNullException(nameof(user));
}
if(await base.CheckPasswordAsync(user, masterPassword))
if(await CheckPasswordAsync(user, masterPassword))
{
var result = await UpdatePasswordHash(user, newMasterPassword);
if(!result.Succeeded)
@ -440,7 +440,7 @@ namespace Bit.Core.Services
throw new ArgumentNullException(nameof(user));
}
if(await base.CheckPasswordAsync(user, masterPassword))
if(await CheckPasswordAsync(user, masterPassword))
{
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.SecurityStamp = Guid.NewGuid().ToString();
@ -469,7 +469,7 @@ namespace Bit.Core.Services
throw new ArgumentNullException(nameof(user));
}
if(await base.CheckPasswordAsync(user, masterPassword))
if(await CheckPasswordAsync(user, masterPassword))
{
var result = await base.UpdateSecurityStampAsync(user);
if(!result.Succeeded)
@ -527,7 +527,7 @@ namespace Bit.Core.Services
return false;
}
if(!await base.CheckPasswordAsync(user, masterPassword))
if(!await CheckPasswordAsync(user, masterPassword))
{
return false;
}
@ -745,7 +745,31 @@ namespace Bit.Core.Services
new UserLicense(user, billingInfo, _licenseService);
}
private async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword, bool validatePassword = true)
public override async Task<bool> CheckPasswordAsync(User user, string password)
{
if(user == null)
{
return false;
}
var result = await base.VerifyPasswordAsync(Store as IUserPasswordStore<User>, user, password);
if(result == PasswordVerificationResult.SuccessRehashNeeded)
{
await UpdatePasswordHash(user, password, false, false);
user.RevisionDate = DateTime.UtcNow;
await _userRepository.ReplaceAsync(user);
}
var success = result != PasswordVerificationResult.Failed;
if(!success)
{
Logger.LogWarning(0, "Invalid password for user {userId}.", user.Id);
}
return success;
}
private async Task<IdentityResult> UpdatePasswordHash(User user, string newPassword,
bool validatePassword = true, bool refreshStamp = true)
{
if(validatePassword)
{
@ -757,7 +781,10 @@ namespace Bit.Core.Services
}
user.MasterPassword = _passwordHasher.HashPassword(user, newPassword);
user.SecurityStamp = Guid.NewGuid().ToString();
if(refreshStamp)
{
user.SecurityStamp = Guid.NewGuid().ToString();
}
return IdentityResult.Success;
}