2015-12-08 22:57:38 -05:00
|
|
|
|
using System;
|
|
|
|
|
|
using System.Threading.Tasks;
|
2016-05-19 19:10:24 -04:00
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
using Bit.Api.Models;
|
|
|
|
|
|
using Bit.Core.Exceptions;
|
|
|
|
|
|
using Bit.Core.Services;
|
2016-05-19 19:10:24 -04:00
|
|
|
|
using Microsoft.AspNetCore.Identity;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
using Bit.Core.Domains;
|
|
|
|
|
|
using Bit.Core.Enums;
|
2015-12-26 23:09:53 -05:00
|
|
|
|
using System.Linq;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
namespace Bit.Api.Controllers
|
|
|
|
|
|
{
|
|
|
|
|
|
[Route("accounts")]
|
|
|
|
|
|
[Authorize("Application")]
|
|
|
|
|
|
public class AccountsController : Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly IUserService _userService;
|
2015-12-26 23:09:53 -05:00
|
|
|
|
private readonly ICipherService _cipherService;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
private readonly UserManager<User> _userManager;
|
|
|
|
|
|
|
|
|
|
|
|
public AccountsController(
|
|
|
|
|
|
IUserService userService,
|
2015-12-26 23:09:53 -05:00
|
|
|
|
ICipherService cipherService,
|
2017-01-24 22:46:54 -05:00
|
|
|
|
UserManager<User> userManager)
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
_userService = userService;
|
2015-12-26 23:09:53 -05:00
|
|
|
|
_cipherService = cipherService;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
_userManager = userManager;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("register")]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task PostRegister([FromBody]RegisterRequestModel model)
|
|
|
|
|
|
{
|
2016-02-20 23:25:44 -05:00
|
|
|
|
var result = await _userService.RegisterUserAsync(model.ToUser(), model.MasterPasswordHash);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-03-08 21:20:56 -05:00
|
|
|
|
foreach(var error in result.Errors.Where(e => e.Code != "DuplicateUserName"))
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("password-hint")]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task PostPasswordHint([FromBody]PasswordHintRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _userService.SendMasterPasswordHintAsync(model.Email);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("email-token")]
|
|
|
|
|
|
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-24 22:46:54 -05:00
|
|
|
|
await _userService.InitiateEmailChangeAsync(user, model.NewEmail);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("email")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("email")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task PutEmail([FromBody]EmailRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
|
2015-12-08 22:57:38 -05:00
|
|
|
|
// NOTE: It is assumed that the eventual repository call will make sure the updated
|
|
|
|
|
|
// ciphers belong to user making this call. Therefore, no check is done here.
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
var result = await _userService.ChangeEmailAsync(
|
2017-01-24 22:46:54 -05:00
|
|
|
|
user,
|
2015-12-08 22:57:38 -05:00
|
|
|
|
model.MasterPasswordHash,
|
|
|
|
|
|
model.NewEmail,
|
|
|
|
|
|
model.NewMasterPasswordHash,
|
|
|
|
|
|
model.Token,
|
|
|
|
|
|
ciphers);
|
|
|
|
|
|
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("password")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("password")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task PutPassword([FromBody]PasswordRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
|
2015-12-08 22:57:38 -05:00
|
|
|
|
// NOTE: It is assumed that the eventual repository call will make sure the updated
|
|
|
|
|
|
// ciphers belong to user making this call. Therefore, no check is done here.
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
var result = await _userService.ChangePasswordAsync(
|
2017-01-24 22:46:54 -05:00
|
|
|
|
user,
|
2015-12-08 22:57:38 -05:00
|
|
|
|
model.MasterPasswordHash,
|
|
|
|
|
|
model.NewMasterPasswordHash,
|
|
|
|
|
|
ciphers);
|
|
|
|
|
|
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("security-stamp")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("security-stamp")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task PutSecurityStamp([FromBody]SecurityStampRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
var result = await _userService.RefreshSecurityStampAsync(user, model.MasterPasswordHash);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("profile")]
|
2017-01-24 22:46:54 -05:00
|
|
|
|
public async Task<ProfileResponseModel> GetProfile()
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
var response = new ProfileResponseModel(user);
|
2017-01-11 21:46:36 -05:00
|
|
|
|
return response;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("profile")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("profile")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task<ProfileResponseModel> PutProfile([FromBody]UpdateProfileRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
await _userService.SaveUserAsync(model.ToUser(user));
|
|
|
|
|
|
var response = new ProfileResponseModel(user);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
return response;
|
2017-01-11 21:46:36 -05:00
|
|
|
|
}
|
2017-01-14 10:02:37 -05:00
|
|
|
|
|
|
|
|
|
|
[HttpGet("revision-date")]
|
2017-01-24 22:46:54 -05:00
|
|
|
|
public async Task<long?> GetAccountRevisionDate()
|
2017-01-14 10:02:37 -05:00
|
|
|
|
{
|
2017-01-28 02:15:07 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
|
|
|
|
|
long? revisionDate = null;
|
|
|
|
|
|
if(userId.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
|
|
|
|
|
|
revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
|
|
|
|
|
|
}
|
2017-01-16 22:02:12 -05:00
|
|
|
|
|
2017-01-28 02:15:07 -05:00
|
|
|
|
return revisionDate;
|
2017-01-14 10:02:37 -05:00
|
|
|
|
}
|
2017-01-09 22:20:34 -05:00
|
|
|
|
|
2015-12-08 22:57:38 -05:00
|
|
|
|
[HttpGet("two-factor")]
|
2017-01-09 22:20:34 -05:00
|
|
|
|
public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider)
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
|
|
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.GetTwoFactorAsync(user, provider);
|
|
|
|
|
|
|
|
|
|
|
|
var response = new TwoFactorResponseModel(user);
|
|
|
|
|
|
return response;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("two-factor")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("two-factor")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task<TwoFactorResponseModel> PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-28 17:28:28 -05:00
|
|
|
|
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("Token", "Invalid token.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-09 22:20:34 -05:00
|
|
|
|
user.TwoFactorProvider = TwoFactorProviderType.Authenticator;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
user.TwoFactorEnabled = model.Enabled.Value;
|
2016-11-14 21:13:53 -05:00
|
|
|
|
user.TwoFactorRecoveryCode = user.TwoFactorEnabled ? Guid.NewGuid().ToString("N") : null;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
await _userService.SaveUserAsync(user);
|
|
|
|
|
|
|
|
|
|
|
|
var response = new TwoFactorResponseModel(user);
|
|
|
|
|
|
return response;
|
|
|
|
|
|
}
|
2015-12-26 23:09:53 -05:00
|
|
|
|
|
2016-11-14 21:13:53 -05:00
|
|
|
|
[HttpPost("two-factor-recover")]
|
2016-11-14 23:32:15 -05:00
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task PostTwoFactorRecover([FromBody]RecoverTwoFactorRequestModel model)
|
2016-11-14 21:13:53 -05:00
|
|
|
|
{
|
2016-11-14 23:32:15 -05:00
|
|
|
|
if(!await _userService.RecoverTwoFactorAsync(model.Email, model.MasterPasswordHash, model.RecoveryCode))
|
2016-11-14 21:13:53 -05:00
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
2016-11-14 23:32:15 -05:00
|
|
|
|
throw new BadRequestException(string.Empty, "Invalid information. Try again.");
|
2016-11-14 21:13:53 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("two-factor-regenerate")]
|
|
|
|
|
|
[HttpPost("two-factor-regenerate")]
|
|
|
|
|
|
public async Task<TwoFactorResponseModel> PutTwoFactorRegenerate([FromBody]RegenerateTwoFactorRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2016-11-14 21:13:53 -05:00
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-28 17:28:28 -05:00
|
|
|
|
if(!await _userManager.VerifyTwoFactorTokenAsync(user, TwoFactorProviderType.Authenticator.ToString(), model.Token))
|
2016-11-14 21:13:53 -05:00
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("Token", "Invalid token.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(user.TwoFactorEnabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
user.TwoFactorRecoveryCode = Guid.NewGuid().ToString("N");
|
|
|
|
|
|
await _userService.SaveUserAsync(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var response = new TwoFactorResponseModel(user);
|
|
|
|
|
|
return response;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-12-27 00:14:56 -05:00
|
|
|
|
[HttpPost("delete")]
|
|
|
|
|
|
public async Task PostDelete([FromBody]DeleteAccountRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2015-12-27 00:14:56 -05:00
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
var result = await _userService.DeleteAsync(user);
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
