mirror of
https://github.com/bitwarden/server.git
synced 2026-02-01 22:53:12 +08:00
44c559c723
* support for fido2 auth * stub out registration implementations * stub out assertion steps and token issuance * verify token * webauthn tokenable * remove duplicate expiration set * revert sqlproj changes * update sqlproj target framework * update new validator signature * [PM-2014] Passkey registration (#2915) * [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository` * [PM-2014] fix: add missing service registration * [PM-2014] feat: add user verification when fetching options * [PM-2014] feat: create migration script for mssql * [PM-2014] chore: append to todo comment * [PM-2014] feat: add support for creation token * [PM-2014] feat: implement credential saving * [PM-2014] chore: add resident key TODO comment * [PM-2014] feat: implement passkey listing * [PM-2014] feat: implement deletion without user verification * [PM-2014] feat: add user verification to delete * [PM-2014] feat: implement passkey limit * [PM-2014] chore: clean up todo comments * [PM-2014] fix: add missing sql scripts Missed staging them when commiting * [PM-2014] feat: include options response model in swagger docs * [PM-2014] chore: move properties after ctor * [PM-2014] feat: use `Guid` directly as input paramter * [PM-2014] feat: use nullable guid in token * [PM-2014] chore: add new-line * [PM-2014] feat: add support for feature flag * [PM-2014] feat: start adding controller tests * [PM-2014] feat: add user verification test * [PM-2014] feat: add controller tests for token interaction * [PM-2014] feat: add tokenable tests * [PM-2014] chore: clean up commented premium check * [PM-2014] feat: add user service test for credential limit * [PM-2014] fix: run `dotnet format` * [PM-2014] chore: remove trailing comma * [PM-2014] chore: add `Async` suffix * [PM-2014] chore: move delay to constant * [PM-2014] chore: change `default` to `null` * [PM-2014] chore: remove autogenerated weirdness * [PM-2014] fix: lint * Added check for PasswordlessLogin feature flag on new controller and methods. (#3284) * Added check for PasswordlessLogin feature flag on new controller and methods. * fix: build error from missing constructor argument --------- Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> * [PM-4171] Update DB to support PRF (#3321) * [PM-4171] feat: update database to support PRF * [PM-4171] feat: rename `DescriptorId` to `CredentialId` * [PM-4171] feat: add PRF felds to domain object * [PM-4171] feat: add `SupportsPrf` column * [PM-4171] fix: add missing comma * [PM-4171] fix: add comma * [PM-3263] fix identity server tests for passkey registration (#3331) * Added WebAuthnRepo to EF DI * updated config to match current grant types * Remove ExtensionGrantValidator (#3363) * Linting --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com>
111 lines
4.0 KiB
C#
111 lines
4.0 KiB
C#
using Bit.Core;
|
|
using Bit.Core.Auth.Models.Api.Request.Accounts;
|
|
using Bit.Core.Auth.Models.Api.Response.Accounts;
|
|
using Bit.Core.Auth.Services;
|
|
using Bit.Core.Auth.Utilities;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.Models.Data;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Utilities;
|
|
using Bit.SharedWeb.Utilities;
|
|
using Fido2NetLib;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace Bit.Identity.Controllers;
|
|
|
|
[Route("accounts")]
|
|
[ExceptionHandlerFilter]
|
|
public class AccountsController : Controller
|
|
{
|
|
private readonly ILogger<AccountsController> _logger;
|
|
private readonly IUserRepository _userRepository;
|
|
private readonly IUserService _userService;
|
|
private readonly ICaptchaValidationService _captchaValidationService;
|
|
|
|
public AccountsController(
|
|
ILogger<AccountsController> logger,
|
|
IUserRepository userRepository,
|
|
IUserService userService,
|
|
ICaptchaValidationService captchaValidationService)
|
|
{
|
|
_logger = logger;
|
|
_userRepository = userRepository;
|
|
_userService = userService;
|
|
_captchaValidationService = captchaValidationService;
|
|
}
|
|
|
|
// Moved from API, If you modify this endpoint, please update API as well. Self hosted installs still use the API endpoints.
|
|
[HttpPost("register")]
|
|
[CaptchaProtected]
|
|
public async Task<RegisterResponseModel> PostRegister([FromBody] RegisterRequestModel model)
|
|
{
|
|
var user = model.ToUser();
|
|
var result = await _userService.RegisterUserAsync(user, model.MasterPasswordHash,
|
|
model.Token, model.OrganizationUserId);
|
|
if (result.Succeeded)
|
|
{
|
|
var captchaBypassToken = _captchaValidationService.GenerateCaptchaBypassToken(user);
|
|
return new RegisterResponseModel(captchaBypassToken);
|
|
}
|
|
|
|
foreach (var error in result.Errors.Where(e => e.Code != "DuplicateUserName"))
|
|
{
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
}
|
|
|
|
await Task.Delay(2000);
|
|
throw new BadRequestException(ModelState);
|
|
}
|
|
|
|
// Moved from API, If you modify this endpoint, please update API as well. Self hosted installs still use the API endpoints.
|
|
[HttpPost("prelogin")]
|
|
public async Task<PreloginResponseModel> PostPrelogin([FromBody] PreloginRequestModel model)
|
|
{
|
|
var kdfInformation = await _userRepository.GetKdfInformationByEmailAsync(model.Email);
|
|
if (kdfInformation == null)
|
|
{
|
|
kdfInformation = new UserKdfInformation
|
|
{
|
|
Kdf = KdfType.PBKDF2_SHA256,
|
|
KdfIterations = 100000,
|
|
};
|
|
}
|
|
return new PreloginResponseModel(kdfInformation);
|
|
}
|
|
|
|
[HttpPost("webauthn-assertion-options")]
|
|
[ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly
|
|
[RequireFeature(FeatureFlagKeys.PasswordlessLogin)]
|
|
// TODO: Create proper models for this call
|
|
public async Task<AssertionOptions> PostWebAuthnAssertionOptions([FromBody] PreloginRequestModel model)
|
|
{
|
|
var user = await _userRepository.GetByEmailAsync(model.Email);
|
|
if (user == null)
|
|
{
|
|
// TODO: return something? possible enumeration attacks with this response
|
|
return new AssertionOptions();
|
|
}
|
|
|
|
var options = await _userService.StartWebAuthnLoginAssertionAsync(user);
|
|
return options;
|
|
}
|
|
|
|
[HttpPost("webauthn-assertion")]
|
|
[RequireFeature(FeatureFlagKeys.PasswordlessLogin)]
|
|
// TODO: Create proper models for this call
|
|
public async Task<string> PostWebAuthnAssertion([FromBody] PreloginRequestModel model)
|
|
{
|
|
var user = await _userRepository.GetByEmailAsync(model.Email);
|
|
if (user == null)
|
|
{
|
|
// TODO: proper response here?
|
|
throw new BadRequestException();
|
|
}
|
|
|
|
var token = await _userService.CompleteWebAuthLoginAssertionAsync(null, user);
|
|
return token;
|
|
}
|
|
}
|