From f4fa990cb1093c6d46cd68fe117b53fcaf7e99b9 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Sat, 24 Jun 2017 11:50:20 -0400 Subject: [PATCH] send redacted email on 2fa login --- .../ResourceOwnerPasswordValidator.cs | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs index 1ccc043557..8d7b4de181 100644 --- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs +++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs @@ -212,6 +212,7 @@ namespace Bit.Core.IdentityServer { case TwoFactorProviderType.Duo: case TwoFactorProviderType.U2f: + case TwoFactorProviderType.Email: var token = await _userManager.GenerateTwoFactorTokenAsync(user, type.ToString()); if(type == TwoFactorProviderType.Duo) { @@ -228,12 +229,50 @@ namespace Bit.Core.IdentityServer ["Challenges"] = token }; } + else if(type == TwoFactorProviderType.Email) + { + return new Dictionary + { + ["Email"] = RedactEmail((string)provider.MetaData["Email"]) + }; + } return null; default: return null; } } + private static string RedactEmail(string email) + { + var emailParts = email.Split('@'); + + string shownPart = null; + if(emailParts[0].Length > 2 && emailParts[0].Length <= 4) + { + shownPart = emailParts[0].Substring(0, 1); + } + else if(emailParts[0].Length > 4) + { + shownPart = emailParts[0].Substring(0, 2); + } + else + { + shownPart = string.Empty; + } + + string redactedPart = null; + if(emailParts[0].Length > 4) + { + redactedPart = new string('*', emailParts[0].Length - 2); + } + else + { + redactedPart = new string('*', emailParts[0].Length - shownPart.Length); + } + + return $"{shownPart}{redactedPart}@{emailParts[1]}"; + } + private async Task SaveDeviceAsync(User user, ResourceOwnerPasswordValidationContext context) { var device = GetDeviceFromRequest(context);