Skip to content

Commit

Permalink
[SG-617] [SG-697] [SG-686] Fix various minor passwordless bugs (#2320)
Browse files Browse the repository at this point in the history
* Only push auth request responses if the request is approved

* Add error message when an unknown device tries to send an auth request

* Send the vault URL for self hosted auth requests
  • Loading branch information
addisonbeck committed Oct 3, 2022
1 parent c511dcb commit aa51a4d
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 9 deletions.
15 changes: 8 additions & 7 deletions src/Api/Controllers/AuthRequestsController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public async Task<ListResponseModel<AuthRequestResponseModel>> Get()
{
var userId = _userService.GetProperUserId(User).Value;
var authRequests = await _authRequestRepository.GetManyByUserIdAsync(userId);
var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.SelfHosted)).ToList();
var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings)).ToList();
return new ListResponseModel<AuthRequestResponseModel>(responses);
}

Expand All @@ -60,7 +60,7 @@ public async Task<AuthRequestResponseModel> Get(string id)
throw new NotFoundException();
}

return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
return new AuthRequestResponseModel(authRequest, _globalSettings);
}

[HttpGet("{id}/response")]
Expand All @@ -73,7 +73,7 @@ public async Task<AuthRequestResponseModel> GetResponse(string id, [FromQuery] s
throw new NotFoundException();
}

return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
return new AuthRequestResponseModel(authRequest, _globalSettings);
}

[HttpPost("")]
Expand All @@ -94,7 +94,7 @@ public async Task<AuthRequestResponseModel> Post([FromBody] AuthRequestCreateReq
var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier))
{
throw new NotFoundException();
throw new BadRequestException("Login with device is only available on devices that have been previously logged in.");
}
}

Expand All @@ -111,7 +111,8 @@ public async Task<AuthRequestResponseModel> Post([FromBody] AuthRequestCreateReq
};
authRequest = await _authRequestRepository.CreateAsync(authRequest);
await _pushNotificationService.PushAuthRequestAsync(authRequest);
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
var r = new AuthRequestResponseModel(authRequest, _globalSettings);
return r;
}

[HttpPut("{id}")]
Expand All @@ -137,9 +138,9 @@ public async Task<AuthRequestResponseModel> Put(string id, [FromBody] AuthReques
authRequest.ResponseDeviceId = device.Id;
authRequest.ResponseDate = DateTime.UtcNow;
await _authRequestRepository.ReplaceAsync(authRequest);
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
}

await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
return new AuthRequestResponseModel(authRequest, _globalSettings.SelfHosted);
return new AuthRequestResponseModel(authRequest, _globalSettings);
}
}
5 changes: 3 additions & 2 deletions src/Api/Models/Response/AuthRequestResponseModel.cs
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,13 @@
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Api;
using Bit.Core.Settings;

namespace Bit.Api.Models.Response;

public class AuthRequestResponseModel : ResponseModel
{
public AuthRequestResponseModel(AuthRequest authRequest, bool isSelfHosted, string obj = "auth-request")
public AuthRequestResponseModel(AuthRequest authRequest, IGlobalSettings globalSettings, string obj = "auth-request")
: base(obj)
{
if (authRequest == null)
Expand All @@ -27,7 +28,7 @@ public AuthRequestResponseModel(AuthRequest authRequest, bool isSelfHosted, stri
CreationDate = authRequest.CreationDate;
RequestApproved = !string.IsNullOrWhiteSpace(Key) &&
(authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash));
Origin = Origin = isSelfHosted ? "SelfHosted" : "bitwarden.com";
Origin = globalSettings.SelfHosted ? globalSettings.BaseServiceUri.Vault : "bitwarden.com";
}

public string Id { get; set; }
Expand Down

0 comments on commit aa51a4d

Please sign in to comment.