fixes for configuring u2f device

src/Api/Controllers/TwoFactorController.cs

@@ -9,6 +9,8 @@ using Microsoft.AspNetCore.Identity;
 using Bit.Core.Models.Table;
 using Bit.Core.Enums;
 using System.Linq;
+using Bit.Core;
+using Newtonsoft.Json;
 
 namespace Bit.Api.Controllers
 {
@@ -17,13 +19,16 @@ namespace Bit.Api.Controllers
     public class TwoFactorController : Controller
     {
         private readonly IUserService _userService;
+        private readonly GlobalSettings _globalSettings;
         private readonly UserManager<User> _userManager;
 
         public TwoFactorController(
             IUserService userService,
+            GlobalSettings globalSettings,
             UserManager<User> userManager)
         {
             _userService = userService;
+            _globalSettings = globalSettings;
             _userManager = userManager;
         }
 
@@ -117,7 +122,7 @@ namespace Bit.Api.Controllers
         {
             var user = await CheckPasswordAsync(model.MasterPasswordHash);
             var provider = user.GetTwoFactorProvider(TwoFactorProviderType.U2f);
-            if(!provider.Enabled || (provider?.MetaData != null && provider.MetaData.Count > 0))
+            if(provider == null || !provider.Enabled || (provider.MetaData?.Count ?? 0) > 0)
             {
                 var reg = await _userService.StartU2fRegistrationAsync(user);
                 var response = new TwoFactorU2fResponseModel(user, provider, reg);
@@ -130,6 +135,34 @@ namespace Bit.Api.Controllers
             }
         }
 
+        [HttpGet("~/app-id.json")]
+        //[Produces("application/fido.trusted-apps+json")]
+        [AllowAnonymous]
+        public string GetU2fAppId()
+        {
+            return JsonConvert.SerializeObject(new
+            {
+                trustedFacets = new object[]
+                {
+                    new
+                    {
+                        version = new
+                        {
+                            major = 1,
+                            minor = 1
+                        },
+                        ids = new string[]
+                        {
+                            _globalSettings.U2f.AppId,
+                            //"ios:bundle-id:com.8bit.bitwarden",
+                            //"android:apk-key-hash:585215fd5153209a7e246f53286035838a0be227",
+                            //"chrome-extension://nngceckbapebfimnlniiiahkandclblb"
+                        }
+                    }
+                }
+            });
+        }
+
         [HttpPut("u2f")]
         [HttpPost("u2f")]
         public async Task<TwoFactorU2fResponseModel> PutU2f([FromBody]TwoFactorU2fRequestModel model)

src/Api/Properties/launchSettings.json

@@ -4,7 +4,7 @@
     "anonymousAuthentication": true,
     "iisExpress": {
       "applicationUrl": "http://localhost:4000",
-      "sslPort": 0
+      "sslPort": 44377
     }
   },
   "profiles": {

src/Api/Startup.cs

@@ -153,9 +153,9 @@ namespace Bit.Api
             // Add IdentityServer to the request pipeline.
             app.UseIdentityServer();
             app.UseIdentityServerAuthentication(
-                GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "33656"), "3"));
+                GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "44392"), "3"));
             app.UseIdentityServerAuthentication(
-                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2"));
+                GetIdentityOptions(env, IdentityServerAuthority(env, "api", "44377"), "2"));
 
             // Add current context
             app.UseMiddleware<CurrentContextMiddleware>();
@@ -195,7 +195,7 @@ namespace Bit.Api
             }
             else
             {
-                return $"http://localhost:{port}";
+                return $"https://localhost:{port}";
                 //return $"http://192.168.1.6:{port}"; // Desktop external
             }
         }

src/Api/settings.Preview.json

@@ -1,5 +1,9 @@
 {
   "globalSettings": {
-    "baseVaultUri": "https://preview-vault.bitwarden.com/#"
+    "baseVaultUri": "https://preview-vault.bitwarden.com/#",
+    "baseApiUri": "https://preview-api.bitwarden.com/",
+    "u2f": {
+      "appId": "https://preview-vault.bitwarden.com"
+    }
   }
 }

src/Api/settings.Production.json

@@ -1,5 +1,9 @@
 {
   "globalSettings": {
-    "baseVaultUri": "https://vault.bitwarden.com/#"
+    "baseVaultUri": "https://vault.bitwarden.com/#",
+    "baseApiUri": "https://api.bitwarden.com/",
+    "u2f": {
+      "appId": "https://vault.bitwarden.com"
+    }
   }
 }

src/Api/settings.Staging.json

@@ -1,5 +1,9 @@
 {
   "globalSettings": {
-    "baseVaultUri": "https://vault.bitwarden.com/#"
+    "baseVaultUri": "https://vault.bitwarden.com/#",
+    "baseApiUri": "https://api.bitwarden.com/",
+    "u2f": {
+      "appId": "https://vault.bitwarden.com"
+    }
   }
 }

src/Api/settings.json

@@ -2,6 +2,7 @@
   "globalSettings": {
     "siteName": "bitwarden",
     "baseVaultUri": "http://localhost:4001/#",
+    "baseApiUri": "http://localhost:4000/",
     "jwtSigningKey": "THIS IS A SECRET. IT KEEPS YOUR TOKEN SAFE. :)",
     "stripeApiKey": "SECRET",
     "sqlServer": {
@@ -47,7 +48,7 @@
       "aKey": "SECRET"
     },
     "u2f": {
-      "appId": "https://bitwarden.com"
+      "appId": "https://localhost:4001"
     }
   },
   "IpRateLimitOptions": {

src/Billing/settings.json

@@ -2,6 +2,7 @@
   "globalSettings": {
     "siteName": "bitwarden",
     "baseVaultUri": "http://localhost:4001/#",
+    "baseApiUri": "http://localhost:4000/",
     "jwtSigningKey": "THIS IS A SECRET. IT KEEPS YOUR TOKEN SAFE. :)",
     "stripeApiKey": "SECRET",
     "sqlServer": {

src/Core/Core.csproj

@@ -49,13 +49,14 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.1.2" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.1.2" />
     <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Portable.BouncyCastle" Version="1.8.1.2" />
     <PackageReference Include="RazorLight" Version="1.1.0" />
     <PackageReference Include="Sendgrid" Version="9.2.0" />
     <PackageReference Include="PushSharp" Version="4.0.10" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="1.4.0" />
     <PackageReference Include="Serilog.Sinks.AzureDocumentDB" Version="3.6.1" />
     <PackageReference Include="Stripe.net" Version="7.8.0" />
-    <PackageReference Include="U2F.Core" Version="1.0.1" />
+    <PackageReference Include="u2flib" Version="1.0.5" />
     <PackageReference Include="WindowsAzure.Storage" Version="8.1.1" />
     <PackageReference Include="Otp.NET" Version="1.0.1" />
     <PackageReference Include="YubicoDotNetClient" Version="1.0.0" />

src/Core/GlobalSettings.cs

@@ -4,6 +4,7 @@
     {
         public virtual string SiteName { get; set; }
         public virtual string BaseVaultUri { get; set; }
+        public virtual string BaseApiUri { get; set; }
         public virtual string JwtSigningKey { get; set; }
         public virtual string StripeApiKey { get; set; }
         public virtual SqlServerSettings SqlServer { get; set; } = new SqlServerSettings();

src/Core/Identity/U2fTokenProvider.cs

@@ -5,12 +5,13 @@ using Bit.Core.Enums;
 using Bit.Core.Models;
 using Bit.Core.Services;
 using Bit.Core.Repositories;
-using U2F.Core.Models;
-using U2fLib = U2F.Core.Crypto.U2F;
 using Newtonsoft.Json;
 using System.Collections.Generic;
 using System.Linq;
-using U2F.Core.Exceptions;
+using u2flib.Data;
+using u2flib;
+using u2flib.Data.Messages;
+using u2flib.Exceptions;
 
 namespace Bit.Core.Identity
 {
@@ -65,7 +66,7 @@ namespace Bit.Core.Identity
             {
                 var registration = new DeviceRegistration(key.KeyHandleBytes, key.PublicKeyBytes,
                     key.CertificateBytes, key.Counter);
-                var auth = U2fLib.StartAuthentication(_globalSettings.U2f.AppId, registration);
+                var auth = U2F.StartAuthentication(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings), registration);
 
                 // Maybe move this to a bulk create when we support more than 1 key?
                 await _u2fRepository.CreateAsync(new U2f
@@ -116,7 +117,7 @@ namespace Bit.Core.Identity
                 return false;
             }
 
-            var authenticateResponse = BaseModel.FromJson<AuthenticateResponse>(token);
+            var authenticateResponse = DataObject.FromJson<AuthenticateResponse>(token);
             var key = keys.FirstOrDefault(f => f.KeyHandle == authenticateResponse.KeyHandle);
 
             if(key == null)
@@ -139,7 +140,7 @@ namespace Bit.Core.Identity
             try
             {
                 var auth = new StartedAuthentication(challenge.Challenge, challenge.AppId, challenge.KeyHandle);
-                U2fLib.FinishAuthentication(auth, authenticateResponse, registration);
+                U2F.FinishAuthentication(auth, authenticateResponse, registration);
             }
             catch(U2fException)
             {

src/Core/Models/Api/Response/TwoFactor/TwoFactorU2fResponseModel.cs

@@ -19,7 +19,7 @@ namespace Bit.Core.Models.Api
             {
                 Challenge = new ChallengeModel(user, registration);
             }
-            Enabled = provider.Enabled;
+            Enabled = provider?.Enabled ?? false;
         }
 
         public TwoFactorU2fResponseModel(User user)

src/Core/Models/TwoFactorProvider.cs

@@ -1,6 +1,6 @@
 using System;
 using System.Collections.Generic;
-using U2F.Core.Utils;
+using u2flib.Util;
 
 namespace Bit.Core.Models
 {

src/Core/Services/Implementations/UserService.cs

@@ -10,11 +10,12 @@ using System.Linq;
 using Microsoft.AspNetCore.Builder;
 using Bit.Core.Enums;
 using System.Security.Claims;
-using U2fLib = U2F.Core.Crypto.U2F;
-using U2F.Core.Models;
 using Bit.Core.Models;
 using Bit.Core.Models.Business;
-using U2F.Core.Utils;
+using u2flib.Data.Messages;
+using u2flib.Util;
+using u2flib;
+using u2flib.Data;
 
 namespace Bit.Core.Services
 {
@@ -219,7 +220,7 @@ namespace Bit.Core.Services
         public async Task<U2fRegistration> StartU2fRegistrationAsync(User user)
         {
             await _u2fRepository.DeleteManyByUserIdAsync(user.Id);
-            var reg = U2fLib.StartRegistration(_globalSettings.U2f.AppId);
+            var reg = U2F.StartRegistration(Utilities.CoreHelpers.U2fAppIdUrl(_globalSettings));
             await _u2fRepository.CreateAsync(new U2f
             {
                 AppId = reg.AppId,
@@ -249,11 +250,11 @@ namespace Bit.Core.Services
                 return false;
             }
 
-            var registerResponse = BaseModel.FromJson<RegisterResponse>(deviceResponse);
+            var registerResponse = DataObject.FromJson<RegisterResponse>(deviceResponse);
 
             var challenge = challenges.OrderBy(i => i.Id).Last(i => i.KeyHandle == null);
             var statedReg = new StartedRegistration(challenge.Challenge, challenge.AppId);
-            var reg = U2fLib.FinishRegistration(statedReg, registerResponse);
+            var reg = U2F.FinishRegistration(statedReg, registerResponse);
 
             await _u2fRepository.DeleteManyByUserIdAsync(user.Id);
 

src/Core/Utilities/CoreHelpers.cs

@@ -119,5 +119,11 @@ namespace Bit.Core.Utilities
         {
             return _epoc.AddMilliseconds(milliseconds);
         }
+
+        public static string U2fAppIdUrl(GlobalSettings globalSettings)
+        {
+            //return $"{globalSettings.BaseApiUri}app-id.json";
+            return globalSettings.U2f.AppId;
+        }
     }
 }

src/Identity/Properties/launchSettings.json

@@ -1,10 +1,10 @@
-{
+{
   "iisSettings": {
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
       "applicationUrl": "http://localhost:33656/",
-      "sslPort": 0
+      "sslPort": 44392
     }
   },
   "profiles": {

src/Identity/settings.json

@@ -2,6 +2,7 @@
   "globalSettings": {
     "siteName": "bitwarden",
     "baseVaultUri": "http://localhost:4001/#",
+    "baseApiUri": "http://localhost:4000/",
     "jwtSigningKey": "THIS IS A SECRET. IT KEEPS YOUR TOKEN SAFE. :)",
     "stripeApiKey": "SECRET",
     "sqlServer": {

src/Sql/dbo/Stored Procedures/U2f_Create.sql

@@ -12,7 +12,6 @@ BEGIN
 
     INSERT INTO [dbo].[U2f]
     (
-        [Id],
         [UserId],
         [KeyHandle],
         [Challenge],
@@ -22,7 +21,6 @@ BEGIN
     )
     VALUES
     (
-        @Id,
         @UserId,
         @KeyHandle,
         @Challenge,

src/Sql/dbo/Tables/U2f.sql

@@ -1,10 +1,10 @@
 CREATE TABLE [dbo].[U2f] (
     [Id]           INT              IDENTITY (1, 1) NOT NULL,
     [UserId]       UNIQUEIDENTIFIER NOT NULL,
-    [KeyHandle]    VARCHAR (50)     NOT NULL,
-    [Challenge]    VARCHAR (50)     NOT NULL,
+    [KeyHandle]    VARCHAR (MAX)    NULL,
+    [Challenge]    VARCHAR (MAX)    NOT NULL,
     [AppId]        VARCHAR (50)     NOT NULL,
-    [Version]      VARCHAR (50)     NOT NULL,
+    [Version]      VARCHAR (20)     NOT NULL,
     [CreationDate] DATETIME2 (7)    NOT NULL,
     CONSTRAINT [PK_U2f] PRIMARY KEY CLUSTERED ([Id] ASC),
     CONSTRAINT [FK_U2f_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id])