admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-31 22:23:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

[PM-31394] use email address hash for send access email verification (#6921)

Browse Source 
* [PM-31394] use email address hash for send access email verification

* [PM-31394] fixing identity server tests for send access

* [PM-31394] fixing more identity server tests for send access
This commit is contained in:
Alex Dragovich
2026-01-29 11:48:12 -08:00
committed by GitHub
parent 7855c4ee6e
commit 0544ec41d5
6 changed files with 41 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Identity/IdentityServer/RequestValidators/SendAccess/SendEmailOtpRequestValidator.cs
View File

@@ -1,4 +1,6 @@
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using Bit.Core;
using Bit.Core.Auth.Identity;
using Bit.Core.Auth.Identity.TokenProviders;
@@ -40,8 +42,10 @@ public class SendEmailOtpRequestValidator(
return BuildErrorResult(SendAccessConstants.EmailOtpValidatorResults.EmailRequired);
}
// email must be in the list of emails in the EmailOtp array
if (!authMethod.Emails.Contains(email))
// email hash must be in the list of email hashes in the EmailOtp array
byte[] hashBytes = SHA256.HashData(Encoding.UTF8.GetBytes(email));
string hashEmailHex = Convert.ToHexString(hashBytes).ToUpperInvariant();
if (!authMethod.EmailHashes.Contains(hashEmailHex))
{
return BuildErrorResult(SendAccessConstants.EmailOtpValidatorResults.EmailInvalid);
}