fixes for configuring u2f device

2025-07-02 08:32:50 -05:00 · 2017-06-22 17:03:35 -04:00
parent 3ae96bd510
commit f28ae5ccd9
19 changed files with 89 additions and 33 deletions
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -9,6 +9,8 @@ using Microsoft.AspNetCore.Identity;
 using Bit.Core.Models.Table;
 using Bit.Core.Enums;
 using System.Linq;
+using Bit.Core;
+using Newtonsoft.Json;

 namespace Bit.Api.Controllers
 {
@ -17,13 +19,16 @@ namespace Bit.Api.Controllers
    public class TwoFactorController : Controller
    {
        private readonly IUserService _userService;
+        private readonly GlobalSettings _globalSettings;
        private readonly UserManager<User> _userManager;

        public TwoFactorController(
            IUserService userService,
+            GlobalSettings globalSettings,
            UserManager<User> userManager)
        {
            _userService = userService;
+            _globalSettings = globalSettings;
            _userManager = userManager;
        }

@ -117,7 +122,7 @@ namespace Bit.Api.Controllers
        {
            var user = await CheckPasswordAsync(model.MasterPasswordHash);
            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
-            if(!provider.Enabled || (provider?.MetaData != null && provider.MetaData.Count > 0))
+            if(provider == null || !provider.Enabled || (provider.MetaData?.Count ?? 0) > 0)
            {
                var reg = await _userService.StartU2fRegistrationAsync(user);
                var response = new TwoFactorU2fResponseModel(user, provider, reg);
@ -130,6 +135,34 @@ namespace Bit.Api.Controllers
            }
        }

+        [HttpGet("~/app-id.json")]
+        //[Produces("application/fido.trusted-apps+json")]
+        [AllowAnonymous]
+        public string GetU2fAppId()
+        {
+            return JsonConvert.SerializeObject(new
+            {
+                trustedFacets = new object[]
+                {
+                    new
+                    {
+                        version = new
+                        {
+                            major = 1,
+                            minor = 1
+                        },
+                        ids = new string[]
+                        {
+                            _globalSettings.U2f.AppId,
+                            //"ios:bundle-id:com.8bit.bitwarden",
+                            //"android:apk-key-hash:585215fd5153209a7e246f53286035838a0be227",
+                            //"chrome-extension://nngceckbapebfimnlniiiahkandclblb"
+                        }
+                    }
+                }
+            });
+        }
+
        [HttpPut("u2f")]
        [HttpPost("u2f")]
        public async Task<TwoFactorU2fResponseModel> PutU2f([FromBody]TwoFactorU2fRequestModel model)
--- a/src/Api/Properties/launchSettings.json
+++ b/src/Api/Properties/launchSettings.json
@ -4,7 +4,7 @@
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:4000",
-      "sslPort": 0
+      "sslPort": 44377
    }
  },
  "profiles": {
@ -24,4 +24,4 @@
      }
    }
  }
-}
+}
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -153,9 +153,9 @@ namespace Bit.Api
            // Add IdentityServer to the request pipeline.
            app.UseIdentityServer();
            app.UseIdentityServerAuthentication(
-                GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "33656"), "3"));
+                GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "44392"), "3"));
            app.UseIdentityServerAuthentication(
-                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2"));
+                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "44377"), "2"));

            // Add current context
            app.UseMiddleware<CurrentContextMiddleware>();
@ -195,7 +195,7 @@ namespace Bit.Api
            }
            else
            {
-                return $"http://localhost:{port}";
+                return $"https://localhost:{port}";
                //return $"http://192.168.1.6:{port}"; // Desktop external
            }
        }
--- a/src/Api/settings.Preview.json
+++ b/src/Api/settings.Preview.json
@ -1,5 +1,9 @@
 {
  "globalSettings": {
-    "baseVaultUri": "https://preview-vault.bitwarden.com/#"
+    "baseVaultUri": "https://preview-vault.bitwarden.com/#",
+    "baseApiUri": "https://preview-api.bitwarden.com/",
+    "u2f": {
+      "appId": "https://preview-vault.bitwarden.com"
+    }
  }
 }
--- a/src/Api/settings.Production.json
+++ b/src/Api/settings.Production.json
@ -1,5 +1,9 @@
 {
  "globalSettings": {
-    "baseVaultUri": "https://vault.bitwarden.com/#"
+    "baseVaultUri": "https://vault.bitwarden.com/#",
+    "baseApiUri": "https://api.bitwarden.com/",
+    "u2f": {
+      "appId": "https://vault.bitwarden.com"
+    }
  }
 }
--- a/src/Api/settings.Staging.json
+++ b/src/Api/settings.Staging.json
@ -1,5 +1,9 @@
 {
  "globalSettings": {
-    "baseVaultUri": "https://vault.bitwarden.com/#"
+    "baseVaultUri": "https://vault.bitwarden.com/#",
+    "baseApiUri": "https://api.bitwarden.com/",
+    "u2f": {
+      "appId": "https://vault.bitwarden.com"
+    }
  }
 }
--- a/src/Api/settings.json
+++ b/src/Api/settings.json
@ -2,6 +2,7 @@
  "globalSettings": {
    "siteName": "bitwarden",
    "baseVaultUri": "http://localhost:4001/#",
+    "baseApiUri": "http://localhost:4000/",
    "jwtSigningKey": "THIS IS A SECRET. IT KEEPS YOUR TOKEN SAFE. :)",
    "stripeApiKey": "SECRET",
    "sqlServer": {
@ -47,7 +48,7 @@
      "aKey": "SECRET"
    },
    "u2f": {
-      "appId": "https://bitwarden.com"
+      "appId": "https://localhost:4001"
    }
  },
  "IpRateLimitOptions": {