mirror of
https://github.com/bitwarden/server.git
synced 2025-05-03 18:52:22 -05:00
88dd745070
* [PM-1188] add sso project to auth * [PM-1188] move sso api models to auth * [PM-1188] fix sso api model namespace & imports * [PM-1188] move core files to auth * [PM-1188] fix core sso namespace & models * [PM-1188] move sso repository files to auth * [PM-1188] fix sso repo files namespace & imports * [PM-1188] move sso sql files to auth folder * [PM-1188] move sso test files to auth folders * [PM-1188] fix sso tests namespace & imports * [PM-1188] move auth api files to auth folder * [PM-1188] fix auth api files namespace & imports * [PM-1188] move auth core files to auth folder * [PM-1188] fix auth core files namespace & imports * [PM-1188] move auth email templates to auth folder * [PM-1188] move auth email folder back into shared directory * [PM-1188] fix auth email names * [PM-1188] move auth core models to auth folder * [PM-1188] fix auth model namespace & imports * [PM-1188] add entire Identity project to auth codeowners * [PM-1188] fix auth orm files namespace & imports * [PM-1188] move auth orm files to auth folder * [PM-1188] move auth sql files to auth folder * [PM-1188] move auth tests to auth folder * [PM-1188] fix auth test files namespace & imports * [PM-1188] move emergency access api files to auth folder * [PM-1188] fix emergencyaccess api files namespace & imports * [PM-1188] move emergency access core files to auth folder * [PM-1188] fix emergency access core files namespace & imports * [PM-1188] move emergency access orm files to auth folder * [PM-1188] fix emergency access orm files namespace & imports * [PM-1188] move emergency access sql files to auth folder * [PM-1188] move emergencyaccess test files to auth folder * [PM-1188] fix emergency access test files namespace & imports * [PM-1188] move captcha files to auth folder * [PM-1188] fix captcha files namespace & imports * [PM-1188] move auth admin files into auth folder * [PM-1188] fix admin auth files namespace & imports - configure mvc to look in auth folders for views * [PM-1188] remove extra imports and formatting * [PM-1188] fix ef auth model imports * [PM-1188] fix DatabaseContextModelSnapshot paths * [PM-1188] fix grant import in ef * [PM-1188] update sqlproj * [PM-1188] move missed sqlproj files * [PM-1188] move auth ef models out of auth folder * [PM-1188] fix auth ef models namespace * [PM-1188] remove auth ef models unused imports * [PM-1188] fix imports for auth ef models * [PM-1188] fix more ef model imports * [PM-1188] fix file encodings
87 lines
2.8 KiB
C#
87 lines
2.8 KiB
C#
using Bit.Core.Auth.Enums;
|
|
using Bit.Core.Auth.Models;
|
|
using Bit.Core.Auth.Utilities.Duo;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Settings;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
namespace Bit.Core.Auth.Identity;
|
|
|
|
public class DuoWebTokenProvider : IUserTwoFactorTokenProvider<User>
|
|
{
|
|
private readonly IServiceProvider _serviceProvider;
|
|
private readonly GlobalSettings _globalSettings;
|
|
|
|
public DuoWebTokenProvider(
|
|
IServiceProvider serviceProvider,
|
|
GlobalSettings globalSettings)
|
|
{
|
|
_serviceProvider = serviceProvider;
|
|
_globalSettings = globalSettings;
|
|
}
|
|
|
|
public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
|
{
|
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
|
if (!(await userService.CanAccessPremium(user)))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
if (!HasProperMetaData(provider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, user);
|
|
}
|
|
|
|
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
|
{
|
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
|
if (!(await userService.CanAccessPremium(user)))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
if (!HasProperMetaData(provider))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
var signatureRequest = DuoWeb.SignRequest((string)provider.MetaData["IKey"],
|
|
(string)provider.MetaData["SKey"], _globalSettings.Duo.AKey, user.Email);
|
|
return signatureRequest;
|
|
}
|
|
|
|
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
|
{
|
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
|
if (!(await userService.CanAccessPremium(user)))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
if (!HasProperMetaData(provider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
var response = DuoWeb.VerifyResponse((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
|
|
_globalSettings.Duo.AKey, token);
|
|
|
|
return response == user.Email;
|
|
}
|
|
|
|
private bool HasProperMetaData(TwoFactorProvider provider)
|
|
{
|
|
return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
|
|
provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
|
|
}
|
|
}
|