src/Core/Identity/OrganizationDuoWebTokenProvider.cs

using System.Threading.Tasks;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models;
using Bit.Core.Settings;
using Bit.Core.Utilities.Duo;

namespace Bit.Core.Identity
{
    public interface IOrganizationDuoWebTokenProvider : IOrganizationTwoFactorTokenProvider { }

    public class OrganizationDuoWebTokenProvider : IOrganizationDuoWebTokenProvider
    {
        private readonly GlobalSettings _globalSettings;

        public OrganizationDuoWebTokenProvider(GlobalSettings globalSettings)
        {
            _globalSettings = globalSettings;
        }

        public Task<bool> CanGenerateTwoFactorTokenAsync(Organization organization)
        {
            if (organization == null || !organization.Enabled || !organization.Use2fa)
            {
                return Task.FromResult(false);
            }

            var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
            var canGenerate = organization.TwoFactorProviderIsEnabled(TwoFactorProviderType.OrganizationDuo)
                && HasProperMetaData(provider);
            return Task.FromResult(canGenerate);
        }

        public Task<string> GenerateAsync(Organization organization, User user)
        {
            if (organization == null || !organization.Enabled || !organization.Use2fa)
            {
                return Task.FromResult<string>(null);
            }

            var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
            if (!HasProperMetaData(provider))
            {
                return Task.FromResult<string>(null);
            }

            var signatureRequest = DuoWeb.SignRequest(provider.MetaData["IKey"].ToString(),
                provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, user.Email);
            return Task.FromResult(signatureRequest);
        }

        public Task<bool> ValidateAsync(string token, Organization organization, User user)
        {
            if (organization == null || !organization.Enabled || !organization.Use2fa)
            {
                return Task.FromResult(false);
            }

            var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
            if (!HasProperMetaData(provider))
            {
                return Task.FromResult(false);
            }

            var response = DuoWeb.VerifyResponse(provider.MetaData["IKey"].ToString(),
                provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, token);

            return Task.FromResult(response == user.Email);
        }

        private bool HasProperMetaData(TwoFactorProvider provider)
        {
            return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
                provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
        }
    }
}
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								using System.Threading.Tasks;
-												Split out repositories to Infrastructure.Dapper / EntityFramework (#1759)


											
										
										
											2022-01-11 10:40:51 +01:00
+								using Bit.Core.Entities;
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								using Bit.Core.Enums;
 								using Bit.Core.Models;
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								using Bit.Core.Settings;
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								using Bit.Core.Utilities.Duo;
 								namespace Bit.Core.Identity
 								{
 								    public interface IOrganizationDuoWebTokenProvider : IOrganizationTwoFactorTokenProvider { }
 								    public class OrganizationDuoWebTokenProvider : IOrganizationDuoWebTokenProvider
 								    {
 								        private readonly GlobalSettings _globalSettings;
 								        public OrganizationDuoWebTokenProvider(GlobalSettings globalSettings)
 								        {
 								            _globalSettings = globalSettings;
 								        }
 								        public Task<bool> CanGenerateTwoFactorTokenAsync(Organization organization)
 								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (organization == null || !organization.Enabled || !organization.Use2fa)
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								            {
 								                return Task.FromResult(false);
 								            }
 								            var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
 								            var canGenerate = organization.TwoFactorProviderIsEnabled(TwoFactorProviderType.OrganizationDuo)
 								                && HasProperMetaData(provider);
 								            return Task.FromResult(canGenerate);
 								        }
 								        public Task<string> GenerateAsync(Organization organization, User user)
 								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (organization == null || !organization.Enabled || !organization.Use2fa)
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								            {
 								                return Task.FromResult<string>(null);
 								            }
 								            var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!HasProperMetaData(provider))
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								            {
 								                return Task.FromResult<string>(null);
 								            }
-												Fix organization duo 2fa not working due to switch to System.Text.Json (#1846)


											
										
										
											2022-02-09 13:45:20 +01:00
+								            var signatureRequest = DuoWeb.SignRequest(provider.MetaData["IKey"].ToString(),
 								                provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, user.Email);
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								            return Task.FromResult(signatureRequest);
 								        }
 								        public Task<bool> ValidateAsync(string token, Organization organization, User user)
 								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (organization == null || !organization.Enabled || !organization.Use2fa)
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								            {
 								                return Task.FromResult(false);
 								            }
 								            var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!HasProperMetaData(provider))
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
+								            {
 								                return Task.FromResult(false);
 								            }
-												Fix organization duo 2fa not working due to switch to System.Text.Json (#1846)


											
										
										
											2022-02-09 13:45:20 +01:00
+								            var response = DuoWeb.VerifyResponse(provider.MetaData["IKey"].ToString(),
 								                provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, token);
-												added org duo to 2fa flow

											
										
										
											2018-04-03 14:31:33 -04:00
 								            return Task.FromResult(response == user.Email);
 								        }
 								        private bool HasProperMetaData(TwoFactorProvider provider)
 								        {
 								            return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
 								                provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
 								        }
 								    }
 								}