nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code
bitwarden/src/Core/Auth/Services/IOpaqueKeyExchangeService.cs
Ike Kottlowski 8f25ab6d73
fix : add try catch blocks
2025-03-20 13:55:11 -04:00

74 lines
4.0 KiB
C#
Raw Blame History

using Bit.Core.Auth.Models.Api.Request.Opaque;
using Bit.Core.Auth.Models.Api.Response.Opaque;
using Bit.Core.Entities;
namespace Bit.Core.Auth.Services;
/// <summary>
/// Service that exposes methods enabling the use of the Opaque Key Exchange extension.
/// </summary>
public interface IOpaqueKeyExchangeService
{
/// <summary>
/// Begin registering a user's Opaque Key Exchange Credential. We write to the distributed cache so since there is some back and forth between the client and server.
/// </summary>
/// <param name="request">unsure what this byte array is for.</param>
/// <param name="user">user being acted on</param>
/// <param name="cipherConfiguration">configuration shared between the client and server to ensure the proper crypto-algorithms are being utilized.</param>
/// <returns>void</returns>
public Task<OpaqueRegistrationStartResponse> StartRegistration(byte[] request, User user, OpaqueKeyExchangeCipherConfiguration cipherConfiguration);
/// <summary>
/// This updates the cache with the server setup and cipher configuration so that WriteCacheCredentialToDatabase method can finish registration
/// by writing the credential to the database.
/// </summary>
/// <param name="sessionId">Cache Id</param>
/// <param name="registrationUpload">Byte Array for Rust Magic</param>
/// <param name="user">User being acted on</param>
/// <param name="keyset">Key Pair that can be used for vault decryption</param>
/// <returns>void</returns>
public Task<bool> FinishRegistration(Guid sessionId, byte[] registrationUpload, User user, RotateableOpaqueKeyset keyset);
/// <summary>
/// Returns server crypto material for the client to consume and reply with a login request to the identity/token endpoint.
/// To protect against account enumeration we will always return a deterministic response based on the user's email.
/// </summary>
/// <param name="request">client crypto material</param>
/// <param name="email">user email trying to login</param>
/// <returns>tuple(login SessionId for cache lookup, Server crypto material)</returns>
public Task<(Guid, byte[])> StartLogin(byte[] request, string email);
/// <summary>
/// Accepts the client's login request and validates it against the server's crypto material. If successful then the session is marked as authenticated.
/// If using a fake account we will return a standard failed login. If the account does have a legitimate credential but is still invalid
/// the session is not marked as authenticated.
/// </summary>
/// <param name="sessionId"></param>
/// <param name="finishCredential"></param>
/// <returns></returns>
public Task<bool> FinishLogin(Guid sessionId, byte[] finishCredential);
/// <summary>
/// Returns the user for the authentication session, or null if the session is invalid or has not yet finished authentication.
/// </summary>
/// <param name="sessionId"></param>
/// <returns></returns>
public Task<User> GetUserForAuthenticatedSession(Guid sessionId);
/// <summary>
/// Clears the authentication session from the cache.
/// </summary>
/// <param name="sessionId">session being acted on.</param>
/// <returns>void</returns>
public Task ClearAuthenticationSession(Guid sessionId);
/// <summary>
/// This method writes the Credential to the database. If a credential already exists then it will be removed before the new one is added.
/// A user can only have one credential.
/// </summary>
/// <param name="sessionId">cache value</param>
/// <param name="user">user being acted on</param>
/// <returns>bool based on action result</returns>
public Task<bool> WriteCacheCredentialToDatabase(Guid sessionId, User user);
/// <summary>
/// Removes the credential for the user. If the user does not exist then this does nothing.
/// </summary>
/// <param name="user">User being acted on.</param>
/// <returns>void</returns>
public Task RemoveUserOpaqueKeyExchangeCredential(User user);
}
View Git Blame Copy Permalink