2023-11-29 09:18:08 +10:00
|
|
|
|
using Bit.Core.AdminConsole.Entities;
|
|
|
|
|
|
using Bit.Core.Auth.Enums;
|
2023-04-14 13:25:56 -04:00
|
|
|
|
using Bit.Core.Auth.Models;
|
|
|
|
|
|
using Bit.Core.Entities;
|
2021-12-14 15:05:07 +00:00
|
|
|
|
using Bit.Core.Models.Api;
|
2017-06-21 14:19:07 -04:00
|
|
|
|
|
2023-04-14 13:25:56 -04:00
|
|
|
|
namespace Bit.Api.Auth.Models.Response.TwoFactor;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2017-06-21 14:19:07 -04:00
|
|
|
|
public class TwoFactorDuoResponseModel : ResponseModel
|
|
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
private const string ResponseObj = "twoFactorDuo";
|
2022-08-29 15:53:48 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
public TwoFactorDuoResponseModel(User user)
|
2018-04-02 23:18:26 -04:00
|
|
|
|
: base(ResponseObj)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-04-02 23:18:26 -04:00
|
|
|
|
if (user == null)
|
2017-06-21 14:19:07 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new ArgumentNullException(nameof(user));
|
2018-04-02 23:18:26 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
|
|
|
|
Build(provider);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-21 14:19:07 -04:00
|
|
|
|
public TwoFactorDuoResponseModel(Organization org)
|
2018-04-02 23:18:26 -04:00
|
|
|
|
: base(ResponseObj)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-21 14:19:07 -04:00
|
|
|
|
if (org == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-21 14:19:07 -04:00
|
|
|
|
throw new ArgumentNullException(nameof(org));
|
2022-08-29 14:53:16 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-04-02 23:18:26 -04:00
|
|
|
|
var provider = org.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
|
|
|
|
|
Build(provider);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-04-02 23:18:26 -04:00
|
|
|
|
public bool Enabled { get; set; }
|
|
|
|
|
|
public string Host { get; set; }
|
2024-06-05 11:42:02 -07:00
|
|
|
|
//TODO - will remove SecretKey with PM-8107
|
2018-04-02 23:18:26 -04:00
|
|
|
|
public string SecretKey { get; set; }
|
2024-06-05 11:42:02 -07:00
|
|
|
|
//TODO - will remove IntegrationKey with PM-8107
|
2018-04-02 23:18:26 -04:00
|
|
|
|
public string IntegrationKey { get; set; }
|
2024-06-05 11:42:02 -07:00
|
|
|
|
public string ClientSecret { get; set; }
|
|
|
|
|
|
public string ClientId { get; set; }
|
2018-04-02 23:18:26 -04:00
|
|
|
|
|
2024-06-05 11:42:02 -07:00
|
|
|
|
// updated build to assist in the EDD migration for the Duo 2FA provider
|
2018-04-02 23:18:26 -04:00
|
|
|
|
private void Build(TwoFactorProvider provider)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (provider?.MetaData != null && provider.MetaData.Count > 0)
|
2018-04-02 23:18:26 -04:00
|
|
|
|
{
|
2017-06-21 14:19:07 -04:00
|
|
|
|
Enabled = provider.Enabled;
|
2022-08-29 15:53:48 -04:00
|
|
|
|
|
2024-06-05 11:42:02 -07:00
|
|
|
|
if (provider.MetaData.TryGetValue("Host", out var host))
|
2022-08-29 15:53:48 -04:00
|
|
|
|
{
|
2024-06-05 11:42:02 -07:00
|
|
|
|
Host = (string)host;
|
2017-06-21 14:19:07 -04:00
|
|
|
|
}
|
2024-06-05 11:42:02 -07:00
|
|
|
|
|
|
|
|
|
|
//todo - will remove SKey and IKey with PM-8107
|
|
|
|
|
|
// check Skey and IKey first if they exist
|
|
|
|
|
|
if (provider.MetaData.TryGetValue("SKey", out var sKey))
|
|
|
|
|
|
{
|
2024-07-22 11:21:14 -04:00
|
|
|
|
ClientSecret = MaskKey((string)sKey);
|
|
|
|
|
|
SecretKey = MaskKey((string)sKey);
|
2024-06-05 11:42:02 -07:00
|
|
|
|
}
|
|
|
|
|
|
if (provider.MetaData.TryGetValue("IKey", out var iKey))
|
|
|
|
|
|
{
|
|
|
|
|
|
IntegrationKey = (string)iKey;
|
|
|
|
|
|
ClientId = (string)iKey;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Even if IKey and SKey exist prioritize v4 params ClientId and ClientSecret
|
|
|
|
|
|
if (provider.MetaData.TryGetValue("ClientSecret", out var clientSecret))
|
2017-06-21 14:19:07 -04:00
|
|
|
|
{
|
2024-06-05 11:42:02 -07:00
|
|
|
|
if (!string.IsNullOrWhiteSpace((string)clientSecret))
|
|
|
|
|
|
{
|
2024-07-22 11:21:14 -04:00
|
|
|
|
ClientSecret = MaskKey((string)clientSecret);
|
|
|
|
|
|
SecretKey = MaskKey((string)clientSecret);
|
2024-06-05 11:42:02 -07:00
|
|
|
|
}
|
2017-06-21 14:19:07 -04:00
|
|
|
|
}
|
2024-06-05 11:42:02 -07:00
|
|
|
|
if (provider.MetaData.TryGetValue("ClientId", out var clientId))
|
2017-06-21 14:19:07 -04:00
|
|
|
|
{
|
2024-06-05 11:42:02 -07:00
|
|
|
|
if (!string.IsNullOrWhiteSpace((string)clientId))
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientId = (string)clientId;
|
|
|
|
|
|
IntegrationKey = (string)clientId;
|
|
|
|
|
|
}
|
2017-06-21 14:19:07 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-08-29 16:06:55 -04:00
|
|
|
|
else
|
|
|
|
|
|
{
|
2017-06-21 14:19:07 -04:00
|
|
|
|
Enabled = false;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2017-06-21 14:19:07 -04:00
|
|
|
|
}
|
2024-06-05 11:42:02 -07:00
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
use this method to ensure that both v2 params and v4 params are in sync
|
|
|
|
|
|
todo will be removed in pm-8107
|
|
|
|
|
|
*/
|
|
|
|
|
|
private void Temporary_SyncDuoParams()
|
|
|
|
|
|
{
|
|
|
|
|
|
// Even if IKey and SKey exist prioritize v4 params ClientId and ClientSecret
|
|
|
|
|
|
if (!string.IsNullOrWhiteSpace(ClientSecret) && !string.IsNullOrWhiteSpace(ClientId))
|
|
|
|
|
|
{
|
|
|
|
|
|
SecretKey = ClientSecret;
|
|
|
|
|
|
IntegrationKey = ClientId;
|
|
|
|
|
|
}
|
|
|
|
|
|
else if (!string.IsNullOrWhiteSpace(SecretKey) && !string.IsNullOrWhiteSpace(IntegrationKey))
|
|
|
|
|
|
{
|
|
|
|
|
|
ClientSecret = SecretKey;
|
|
|
|
|
|
ClientId = IntegrationKey;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new InvalidDataException("Invalid Duo parameters.");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2024-07-22 11:21:14 -04:00
|
|
|
|
|
|
|
|
|
|
private static string MaskKey(string key)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (string.IsNullOrWhiteSpace(key) || key.Length <= 6)
|
|
|
|
|
|
{
|
|
|
|
|
|
return key;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Mask all but the first 6 characters.
|
|
|
|
|
|
return string.Concat(key.AsSpan(0, 6), new string('*', key.Length - 6));
|
|
|
|
|
|
}
|
2017-06-21 14:19:07 -04:00
|
|
|
|
}
|
