src/Core/Identity/DuoWebTokenProvider.cs

using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Bit.Core.Models.Table;
using Bit.Core.Enums;
using Bit.Core.Utilities.Duo;
using Bit.Core.Models;
using Bit.Core.Services;

namespace Bit.Core.Identity
{
    public class DuoWebTokenProvider : IUserTwoFactorTokenProvider<User>
    {
        private readonly IUserService _userService;
        private readonly GlobalSettings _globalSettings;

        public DuoWebTokenProvider(
            IUserService userService,
            GlobalSettings globalSettings)
        {
            _userService = userService;
            _globalSettings = globalSettings;
        }

        public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
        {
            if(!(await _userService.CanAccessPremium(user)))
            {
                return false;
            }

            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
            if(!HasProperMetaData(provider))
            {
                return false;
            }

            return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, _userService);
        }

        public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
        {
            if(!(await _userService.CanAccessPremium(user)))
            {
                return null;
            }

            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
            if(!HasProperMetaData(provider))
            {
                return null;
            }

            var signatureRequest = DuoWeb.SignRequest((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
                _globalSettings.Duo.AKey, user.Email);
            return signatureRequest;
        }

        public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
        {
            if(!(await _userService.CanAccessPremium(user)))
            {
                return false;
            }

            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
            if(!HasProperMetaData(provider))
            {
                return false;
            }

            var response = DuoWeb.VerifyResponse((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
                _globalSettings.Duo.AKey, token);

            return response == user.Email;
        }

        private bool HasProperMetaData(TwoFactorProvider provider)
        {
            return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
                provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
        }
    }
}
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								using System.Threading.Tasks;
 								using Microsoft.AspNetCore.Identity;
 								using Bit.Core.Models.Table;
 								using Bit.Core.Enums;
 								using Bit.Core.Utilities.Duo;
 								using Bit.Core.Models;
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								using Bit.Core.Services;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
 								namespace Bit.Core.Identity
 								{
 								    public class DuoWebTokenProvider : IUserTwoFactorTokenProvider<User>
 								    {
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        private readonly IUserService _userService;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        private readonly GlobalSettings _globalSettings;
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        public DuoWebTokenProvider(
 								            IUserService userService,
 								            GlobalSettings globalSettings)
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        {
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								            _userService = userService;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								            _globalSettings = globalSettings;
 								        }
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								        public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        {
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								            if(!(await _userService.CanAccessPremium(user)))
-												premium checks on 2fa providers

											
										
										
											2017-07-06 16:56:12 -04:00
+								            {
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								                return false;
-												premium checks on 2fa providers

											
										
										
											2017-07-06 16:56:12 -04:00
+								            }
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
-												CanAccessPremium checks instead of User.Premium

											
										
										
											2018-08-28 16:23:58 -04:00
+								            if(!HasProperMetaData(provider))
 								            {
 								                return false;
 								            }
 								            return await user.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, _userService);
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        }
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								        public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        {
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								            if(!(await _userService.CanAccessPremium(user)))
-												premium checks on 2fa providers

											
										
										
											2017-07-06 16:56:12 -04:00
+								            {
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								                return null;
-												premium checks on 2fa providers

											
										
										
											2017-07-06 16:56:12 -04:00
+								            }
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
 								            if(!HasProperMetaData(provider))
 								            {
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								                return null;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								            }
-												stubbing out api setup for u2f

											
										
										
											2017-06-21 21:46:52 -04:00
+								            var signatureRequest = DuoWeb.SignRequest((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
-												change duo username to email

											
										
										
											2017-07-24 14:39:41 -04:00
+								                _globalSettings.Duo.AKey, user.Email);
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								            return signatureRequest;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        }
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								        public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        {
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								            if(!(await _userService.CanAccessPremium(user)))
-												premium checks on 2fa providers

											
										
										
											2017-07-06 16:56:12 -04:00
+								            {
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								                return false;
-												premium checks on 2fa providers

											
										
										
											2017-07-06 16:56:12 -04:00
+								            }
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								            var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
 								            if(!HasProperMetaData(provider))
 								            {
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								                return false;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								            }
-												stubbing out api setup for u2f

											
										
										
											2017-06-21 21:46:52 -04:00
+								            var response = DuoWeb.VerifyResponse((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								                _globalSettings.Duo.AKey, token);
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								            return response == user.Email;
-												Duo WebSDK Token Provider

											
										
										
											2017-06-21 00:04:25 -04:00
+								        }
 								        private bool HasProperMetaData(TwoFactorProvider provider)
 								        {
 								            return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
 								                provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
 								        }
 								    }
 								}