bitwarden-android/src/Core/Services/AuthService.cs

using Bit.Core.Abstractions;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Domain;
using Bit.Core.Models.Request;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;

namespace Bit.Core.Services
{
    public class AuthService : IAuthService
    {
        private readonly ICryptoService _cryptoService;
        private readonly ICryptoFunctionService _cryptoFunctionService;
        private readonly IApiService _apiService;
        private readonly IUserService _userService;
        private readonly ITokenService _tokenService;
        private readonly IAppIdService _appIdService;
        private readonly II18nService _i18nService;
        private readonly IPlatformUtilsService _platformUtilsService;
        private readonly IMessagingService _messagingService;
        private readonly IVaultTimeoutService _vaultTimeoutService;
        private readonly IKeyConnectorService _keyConnectorService;
        private readonly bool _setCryptoKeys;

        private SymmetricCryptoKey _key;

        public AuthService(
            ICryptoService cryptoService,
            ICryptoFunctionService cryptoFunctionService,
            IApiService apiService,
            IUserService userService,
            ITokenService tokenService,
            IAppIdService appIdService,
            II18nService i18nService,
            IPlatformUtilsService platformUtilsService,
            IMessagingService messagingService,
            IVaultTimeoutService vaultTimeoutService,
            IKeyConnectorService keyConnectorService,
            bool setCryptoKeys = true)
        {
            _cryptoService = cryptoService;
            _cryptoFunctionService = cryptoFunctionService;
            _apiService = apiService;
            _userService = userService;
            _tokenService = tokenService;
            _appIdService = appIdService;
            _i18nService = i18nService;
            _platformUtilsService = platformUtilsService;
            _messagingService = messagingService;
            _vaultTimeoutService = vaultTimeoutService;
            _keyConnectorService = keyConnectorService;
            _setCryptoKeys = setCryptoKeys;

            TwoFactorProviders = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
            TwoFactorProviders.Add(TwoFactorProviderType.Authenticator, new TwoFactorProvider
            {
                Type = TwoFactorProviderType.Authenticator,
                Priority = 1,
                Sort = 1
            });
            TwoFactorProviders.Add(TwoFactorProviderType.YubiKey, new TwoFactorProvider
            {
                Type = TwoFactorProviderType.YubiKey,
                Priority = 3,
                Sort = 2,
                Premium = true
            });
            TwoFactorProviders.Add(TwoFactorProviderType.Duo, new TwoFactorProvider
            {
                Type = TwoFactorProviderType.Duo,
                Name = "Duo",
                Priority = 2,
                Sort = 3,
                Premium = true
            });
            TwoFactorProviders.Add(TwoFactorProviderType.OrganizationDuo, new TwoFactorProvider
            {
                Type = TwoFactorProviderType.OrganizationDuo,
                Name = "Duo (Organization)",
                Priority = 10,
                Sort = 4
            });
            TwoFactorProviders.Add(TwoFactorProviderType.Fido2WebAuthn, new TwoFactorProvider
            {
                Type = TwoFactorProviderType.Fido2WebAuthn,
                Priority = 4,
                Sort = 5,
                Premium = true
            });
            TwoFactorProviders.Add(TwoFactorProviderType.Email, new TwoFactorProvider
            {
                Type = TwoFactorProviderType.Email,
                Priority = 0,
                Sort = 6,
            });
        }

        public string Email { get; set; }
        public string CaptchaToken { get; set; }
        public string MasterPasswordHash { get; set; }
        public string LocalMasterPasswordHash { get; set; }
        public string Code { get; set; }
        public string CodeVerifier { get; set; }
        public string SsoRedirectUrl { get; set; }
        public Dictionary<TwoFactorProviderType, TwoFactorProvider> TwoFactorProviders { get; set; }
        public Dictionary<TwoFactorProviderType, Dictionary<string, object>> TwoFactorProvidersData { get; set; }
        public TwoFactorProviderType? SelectedTwoFactorProviderType { get; set; }

        public void Init()
        {
            TwoFactorProviders[TwoFactorProviderType.Email].Name = _i18nService.T("Email");
            TwoFactorProviders[TwoFactorProviderType.Email].Description = _i18nService.T("EmailDesc");
            TwoFactorProviders[TwoFactorProviderType.Authenticator].Name = _i18nService.T("AuthenticatorAppTitle");
            TwoFactorProviders[TwoFactorProviderType.Authenticator].Description =
                _i18nService.T("AuthenticatorAppDesc");
            TwoFactorProviders[TwoFactorProviderType.Duo].Description = _i18nService.T("DuoDesc");
            TwoFactorProviders[TwoFactorProviderType.OrganizationDuo].Name =
                string.Format("Duo ({0})", _i18nService.T("Organization"));
            TwoFactorProviders[TwoFactorProviderType.OrganizationDuo].Description =
                _i18nService.T("DuoOrganizationDesc");
            TwoFactorProviders[TwoFactorProviderType.Fido2WebAuthn].Name = _i18nService.T("Fido2Title");
            TwoFactorProviders[TwoFactorProviderType.Fido2WebAuthn].Description = _i18nService.T("Fido2Desc");
            TwoFactorProviders[TwoFactorProviderType.YubiKey].Name = _i18nService.T("YubiKeyTitle");
            TwoFactorProviders[TwoFactorProviderType.YubiKey].Description = _i18nService.T("YubiKeyDesc");
        }

        public async Task<AuthResult> LogInAsync(string email, string masterPassword, string captchaToken)
        {
            SelectedTwoFactorProviderType = null;
            var key = await MakePreloginKeyAsync(masterPassword, email);
            var hashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key);
            var localHashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
            return await LogInHelperAsync(email, hashedPassword, localHashedPassword, null, null, null, key, null, null,
                null, captchaToken);
        }

        public async Task<AuthResult> LogInSsoAsync(string code, string codeVerifier, string redirectUrl)
        {
            SelectedTwoFactorProviderType = null;
            return await LogInHelperAsync(null, null, null, code, codeVerifier, redirectUrl, null, null, null, null);
        }

        public Task<AuthResult> LogInTwoFactorAsync(TwoFactorProviderType twoFactorProvider, string twoFactorToken,
            bool? remember = null)
        {
            return LogInHelperAsync(Email, MasterPasswordHash, LocalMasterPasswordHash, Code, CodeVerifier, SsoRedirectUrl, _key,
                twoFactorProvider, twoFactorToken, remember, CaptchaToken);
        }

        public async Task<AuthResult> LogInCompleteAsync(string email, string masterPassword,
            TwoFactorProviderType twoFactorProvider, string twoFactorToken, bool? remember = null)
        {
            SelectedTwoFactorProviderType = null;
            var key = await MakePreloginKeyAsync(masterPassword, email);
            var hashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key);
            var localHashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
            return await LogInHelperAsync(email, hashedPassword, localHashedPassword, null, null, null, key, twoFactorProvider,
                twoFactorToken, remember);
        }

        public async Task<AuthResult> LogInSsoCompleteAsync(string code, string codeVerifier, string redirectUrl,
            TwoFactorProviderType twoFactorProvider, string twoFactorToken, bool? remember = null)
        {
            SelectedTwoFactorProviderType = null;
            return await LogInHelperAsync(null, null, null, code, codeVerifier, redirectUrl, null, twoFactorProvider,
                twoFactorToken, remember);
        }

        public void LogOut(Action callback)
        {
            callback.Invoke();
            _messagingService.Send("loggedOut");
        }

        public List<TwoFactorProvider> GetSupportedTwoFactorProviders()
        {
            var providers = new List<TwoFactorProvider>();
            if (TwoFactorProvidersData == null)
            {
                return providers;
            }
            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.OrganizationDuo) &&
                _platformUtilsService.SupportsDuo())
            {
                providers.Add(TwoFactorProviders[TwoFactorProviderType.OrganizationDuo]);
            }
            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Authenticator))
            {
                providers.Add(TwoFactorProviders[TwoFactorProviderType.Authenticator]);
            }
            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.YubiKey))
            {
                providers.Add(TwoFactorProviders[TwoFactorProviderType.YubiKey]);
            }
            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Duo) && _platformUtilsService.SupportsDuo())
            {
                providers.Add(TwoFactorProviders[TwoFactorProviderType.Duo]);
            }
            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Fido2WebAuthn) &&
                _platformUtilsService.SupportsFido2())
            {
                providers.Add(TwoFactorProviders[TwoFactorProviderType.Fido2WebAuthn]);
            }
            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Email))
            {
                providers.Add(TwoFactorProviders[TwoFactorProviderType.Email]);
            }
            return providers;
        }

        public TwoFactorProviderType? GetDefaultTwoFactorProvider(bool fido2Supported)
        {
            if (TwoFactorProvidersData == null)
            {
                return null;
            }
            if (SelectedTwoFactorProviderType != null &&
                TwoFactorProvidersData.ContainsKey(SelectedTwoFactorProviderType.Value))
            {
                return SelectedTwoFactorProviderType.Value;
            }
            TwoFactorProviderType? providerType = null;
            var providerPriority = -1;
            foreach (var providerKvp in TwoFactorProvidersData)
            {
                if (TwoFactorProviders.ContainsKey(providerKvp.Key))
                {
                    var provider = TwoFactorProviders[providerKvp.Key];
                    if (provider.Priority > providerPriority)
                    {
                        if (providerKvp.Key == TwoFactorProviderType.Fido2WebAuthn && !fido2Supported)
                        {
                            continue;
                        }
                        providerType = providerKvp.Key;
                        providerPriority = provider.Priority;
                    }
                }
            }
            return providerType;
        }

        public bool AuthingWithSso()
        {
            return Code != null && CodeVerifier != null && SsoRedirectUrl != null;
        }

        public bool AuthingWithPassword()
        {
            return Email != null && MasterPasswordHash != null;
        }

        // Helpers

        private async Task<SymmetricCryptoKey> MakePreloginKeyAsync(string masterPassword, string email)
        {
            email = email.Trim().ToLower();
            KdfType? kdf = null;
            int? kdfIterations = null;
            try
            {
                var preloginResponse = await _apiService.PostPreloginAsync(new PreloginRequest { Email = email });
                if (preloginResponse != null)
                {
                    kdf = preloginResponse.Kdf;
                    kdfIterations = preloginResponse.KdfIterations;
                }
            }
            catch (ApiException e)
            {
                if (e.Error == null || e.Error.StatusCode != System.Net.HttpStatusCode.NotFound)
                {
                    throw e;
                }
            }
            return await _cryptoService.MakeKeyAsync(masterPassword, email, kdf, kdfIterations);
        }

        private async Task<AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
            string code, string codeVerifier, string redirectUrl, SymmetricCryptoKey key,
            TwoFactorProviderType? twoFactorProvider = null, string twoFactorToken = null, bool? remember = null,
            string captchaToken = null, string orgId = null)
        {
            var storedTwoFactorToken = await _tokenService.GetTwoFactorTokenAsync(email);
            var appId = await _appIdService.GetAppIdAsync();
            var deviceRequest = new DeviceRequest(appId, _platformUtilsService);

            string[] emailPassword;
            string[] codeCodeVerifier;
            if (email != null && hashedPassword != null)
            {
                emailPassword = new[] { email, hashedPassword };
            }
            else
            {
                emailPassword = null;
            }
            if (code != null && codeVerifier != null && redirectUrl != null)
            {
                codeCodeVerifier = new[] { code, codeVerifier, redirectUrl };
            }
            else
            {
                codeCodeVerifier = null;
            }

            TokenRequest request;
            if (twoFactorToken != null && twoFactorProvider != null)
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember,
                    captchaToken, deviceRequest);
            }
            else if (storedTwoFactorToken != null)
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember,
                    storedTwoFactorToken, false, captchaToken, deviceRequest);
            }
            else
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, captchaToken, deviceRequest);
            }

            var response = await _apiService.PostIdentityTokenAsync(request);
            ClearState();
            var result = new AuthResult { TwoFactor = response.TwoFactorNeeded, CaptchaSiteKey = response.CaptchaResponse?.SiteKey };

            if (result.CaptchaNeeded)
            {
                return result;
            }

            if (result.TwoFactor)
            {
                // Two factor required.
                Email = email;
                MasterPasswordHash = hashedPassword;
                LocalMasterPasswordHash = localHashedPassword;
                Code = code;
                CodeVerifier = codeVerifier;
                SsoRedirectUrl = redirectUrl;
                _key = _setCryptoKeys ? key : null;
                TwoFactorProvidersData = response.TwoFactorResponse.TwoFactorProviders2;
                result.TwoFactorProviders = response.TwoFactorResponse.TwoFactorProviders2;
                CaptchaToken = response.TwoFactorResponse.CaptchaToken;
                return result;
            }

            var tokenResponse = response.TokenResponse;
            result.ResetMasterPassword = tokenResponse.ResetMasterPassword;
            result.ForcePasswordReset = tokenResponse.ForcePasswordReset;
            if (tokenResponse.TwoFactorToken != null)
            {
                await _tokenService.SetTwoFactorTokenAsync(tokenResponse.TwoFactorToken, email);
            }
            await _tokenService.SetTokensAsync(tokenResponse.AccessToken, tokenResponse.RefreshToken);
            await _userService.SetInformationAsync(_tokenService.GetUserId(), _tokenService.GetEmail(),
                tokenResponse.Kdf, tokenResponse.KdfIterations);
            if (_setCryptoKeys)
            {
                if (key != null)
                {
                    await _cryptoService.SetKeyAsync(key);
                }

                if (localHashedPassword != null)
                {
                    await _cryptoService.SetKeyHashAsync(localHashedPassword);
                }

                if (code == null || tokenResponse.Key != null)
                {
                    if (tokenResponse.KeyConnectorUrl != null)
                    {
                        await _keyConnectorService.GetAndSetKey(tokenResponse.KeyConnectorUrl);
                    }

                    await _cryptoService.SetEncKeyAsync(tokenResponse.Key);

                    // User doesn't have a key pair yet (old account), let's generate one for them.
                    if (tokenResponse.PrivateKey == null)
                    {
                        try
                        {
                            var keyPair = await _cryptoService.MakeKeyPairAsync();
                            await _apiService.PostAccountKeysAsync(new KeysRequest
                            {
                                PublicKey = keyPair.Item1,
                                EncryptedPrivateKey = keyPair.Item2.EncryptedString
                            });
                            tokenResponse.PrivateKey = keyPair.Item2.EncryptedString;
                        }
                        catch { }
                    }

                    await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
                }
                else if (tokenResponse.KeyConnectorUrl != null)
                {
                    // SSO Key Connector Onboarding
                    var password = await _cryptoFunctionService.RandomBytesAsync(64);
                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.Kdf, tokenResponse.KdfIterations);
                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
                    await _cryptoService.SetKeyAsync(k);

                    var encKey = await _cryptoService.MakeEncKeyAsync(k);
                    await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
                    var keyPair = await _cryptoService.MakeKeyPairAsync();

                    try
                    {
                        await _apiService.PostUserKeyToKeyConnector(tokenResponse.KeyConnectorUrl, keyConnectorRequest);
                    }
                    catch (Exception e)
                    {
                        throw new Exception("Unable to reach Key Connector", e);
                    }

                    var keys = new KeysRequest
                    {
                        PublicKey = keyPair.Item1,
                        EncryptedPrivateKey = keyPair.Item2.EncryptedString
                    };
                    var setPasswordRequest = new SetKeyConnectorKeyRequest(
                        encKey.Item2.EncryptedString, keys, tokenResponse.Kdf, tokenResponse.KdfIterations, orgId
                    );
                    await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
                }

            }

            _vaultTimeoutService.BiometricLocked = false;
            _messagingService.Send("loggedIn");
            return result;
        }

        private void ClearState()
        {
            _key = null;
            Email = null;
            CaptchaToken = null;
            MasterPasswordHash = null;
            Code = null;
            CodeVerifier = null;
            SsoRedirectUrl = null;
            TwoFactorProvidersData = null;
            SelectedTwoFactorProviderType = null;
        }
    }
}
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								using Bit.Core.Abstractions;
 								using Bit.Core.Enums;
 								using Bit.Core.Exceptions;
 								using Bit.Core.Models.Domain;
 								using Bit.Core.Models.Request;
 								using System;
 								using System.Collections.Generic;
 								using System.Threading.Tasks;
 								namespace Bit.Core.Services
 								{
 								    public class AuthService : IAuthService
 								    {
 								        private readonly ICryptoService _cryptoService;
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								        private readonly ICryptoFunctionService _cryptoFunctionService;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        private readonly IApiService _apiService;
 								        private readonly IUserService _userService;
 								        private readonly ITokenService _tokenService;
 								        private readonly IAppIdService _appIdService;
 								        private readonly II18nService _i18nService;
 								        private readonly IPlatformUtilsService _platformUtilsService;
 								        private readonly IMessagingService _messagingService;
-												[Auto Logout] Final review of feature (#932)

* Initial commit of LockService name refactor (#831)

* [Auto-Logout] Update Service layer logic (#835)

* Initial commit of service logic update

* Added default value for action

* Updated ToggleTokensAsync conditional

* Removed unused variables, updated action conditional

* Initial commit: lockOption/lock refactor app layer (#840)

* [Auto-Logout] Settings Refactor - Application Layer Part 2 (#844)

* Initial commit of app layer part 2

* Updated biometrics position

* Reverted resource name refactor

* LockOptions refactor revert

* Updated method casing :: Removed VaultTimeout prefix for timeouts

* Fixed dupe string resource (#854)

* Updated dependency to use VaultTimeoutService (#896)

* [Auto Logout] Xamarin Forms in AutoFill flow (iOS) (#902)

* fix typo in PINRequireMasterPasswordRestart (#900)

* initial commit for xf usage in autofill

* Fixed databinding for hint button

* Updated Two Factor page launch - removed unused imports

* First pass at broadcast/messenger implentation for autofill

* setting theme in extension using theme manager

* extension app resources

* App resources from main app

* fix ref to twoFactorPage

* apply resources to page

* load empty app for sytling in extension

* move ios renderers to ios core

* static ref to resources and GetResourceColor helper

* fix method ref

* move application.current.resources refs to helper

* switch login page alerts to device action dialogs

* run on main thread

* showDialog with device action service

* abstract action sheet to device action service

* add support for yubikey

* add yubikey iimages to extension

* support close button action

* add support to action extension

* remove empty lines

Co-authored-by: Jonas Kittner <54631600+theendlessriver13@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>

* [Auto Logout] Update lock option to be default value (#929)

* Initial commit - make lock action default

* Removed extra whitespace

Co-authored-by: Jonas Kittner <54631600+theendlessriver13@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-05-29 19:26:36 +03:00
+								        private readonly IVaultTimeoutService _vaultTimeoutService;
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								        private readonly IKeyConnectorService _keyConnectorService;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        private readonly bool _setCryptoKeys;
 								        private SymmetricCryptoKey _key;
 								        public AuthService(
 								            ICryptoService cryptoService,
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								            ICryptoFunctionService cryptoFunctionService,
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            IApiService apiService,
 								            IUserService userService,
 								            ITokenService tokenService,
 								            IAppIdService appIdService,
 								            II18nService i18nService,
 								            IPlatformUtilsService platformUtilsService,
 								            IMessagingService messagingService,
-												[Auto Logout] Final review of feature (#932)

* Initial commit of LockService name refactor (#831)

* [Auto-Logout] Update Service layer logic (#835)

* Initial commit of service logic update

* Added default value for action

* Updated ToggleTokensAsync conditional

* Removed unused variables, updated action conditional

* Initial commit: lockOption/lock refactor app layer (#840)

* [Auto-Logout] Settings Refactor - Application Layer Part 2 (#844)

* Initial commit of app layer part 2

* Updated biometrics position

* Reverted resource name refactor

* LockOptions refactor revert

* Updated method casing :: Removed VaultTimeout prefix for timeouts

* Fixed dupe string resource (#854)

* Updated dependency to use VaultTimeoutService (#896)

* [Auto Logout] Xamarin Forms in AutoFill flow (iOS) (#902)

* fix typo in PINRequireMasterPasswordRestart (#900)

* initial commit for xf usage in autofill

* Fixed databinding for hint button

* Updated Two Factor page launch - removed unused imports

* First pass at broadcast/messenger implentation for autofill

* setting theme in extension using theme manager

* extension app resources

* App resources from main app

* fix ref to twoFactorPage

* apply resources to page

* load empty app for sytling in extension

* move ios renderers to ios core

* static ref to resources and GetResourceColor helper

* fix method ref

* move application.current.resources refs to helper

* switch login page alerts to device action dialogs

* run on main thread

* showDialog with device action service

* abstract action sheet to device action service

* add support for yubikey

* add yubikey iimages to extension

* support close button action

* add support to action extension

* remove empty lines

Co-authored-by: Jonas Kittner <54631600+theendlessriver13@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>

* [Auto Logout] Update lock option to be default value (#929)

* Initial commit - make lock action default

* Removed extra whitespace

Co-authored-by: Jonas Kittner <54631600+theendlessriver13@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-05-29 19:26:36 +03:00
+								            IVaultTimeoutService vaultTimeoutService,
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								            IKeyConnectorService keyConnectorService,
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            bool setCryptoKeys = true)
 								        {
 								            _cryptoService = cryptoService;
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								            _cryptoFunctionService = cryptoFunctionService;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            _apiService = apiService;
 								            _userService = userService;
 								            _tokenService = tokenService;
 								            _appIdService = appIdService;
 								            _i18nService = i18nService;
 								            _platformUtilsService = platformUtilsService;
 								            _messagingService = messagingService;
-												[Auto Logout] Final review of feature (#932)

* Initial commit of LockService name refactor (#831)

* [Auto-Logout] Update Service layer logic (#835)

* Initial commit of service logic update

* Added default value for action

* Updated ToggleTokensAsync conditional

* Removed unused variables, updated action conditional

* Initial commit: lockOption/lock refactor app layer (#840)

* [Auto-Logout] Settings Refactor - Application Layer Part 2 (#844)

* Initial commit of app layer part 2

* Updated biometrics position

* Reverted resource name refactor

* LockOptions refactor revert

* Updated method casing :: Removed VaultTimeout prefix for timeouts

* Fixed dupe string resource (#854)

* Updated dependency to use VaultTimeoutService (#896)

* [Auto Logout] Xamarin Forms in AutoFill flow (iOS) (#902)

* fix typo in PINRequireMasterPasswordRestart (#900)

* initial commit for xf usage in autofill

* Fixed databinding for hint button

* Updated Two Factor page launch - removed unused imports

* First pass at broadcast/messenger implentation for autofill

* setting theme in extension using theme manager

* extension app resources

* App resources from main app

* fix ref to twoFactorPage

* apply resources to page

* load empty app for sytling in extension

* move ios renderers to ios core

* static ref to resources and GetResourceColor helper

* fix method ref

* move application.current.resources refs to helper

* switch login page alerts to device action dialogs

* run on main thread

* showDialog with device action service

* abstract action sheet to device action service

* add support for yubikey

* add yubikey iimages to extension

* support close button action

* add support to action extension

* remove empty lines

Co-authored-by: Jonas Kittner <54631600+theendlessriver13@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>

* [Auto Logout] Update lock option to be default value (#929)

* Initial commit - make lock action default

* Removed extra whitespace

Co-authored-by: Jonas Kittner <54631600+theendlessriver13@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
											
										
										
											2020-05-29 19:26:36 +03:00
+								            _vaultTimeoutService = vaultTimeoutService;
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								            _keyConnectorService = keyConnectorService;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            _setCryptoKeys = setCryptoKeys;
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
 								            TwoFactorProviders.Add(TwoFactorProviderType.Authenticator, new TwoFactorProvider
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                Type = TwoFactorProviderType.Authenticator,
 								                Priority = 1,
 								                Sort = 1
 								            });
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders.Add(TwoFactorProviderType.YubiKey, new TwoFactorProvider
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                Type = TwoFactorProviderType.YubiKey,
 								                Priority = 3,
 								                Sort = 2,
 								                Premium = true
 								            });
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders.Add(TwoFactorProviderType.Duo, new TwoFactorProvider
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                Type = TwoFactorProviderType.Duo,
 								                Name = "Duo",
 								                Priority = 2,
 								                Sort = 3,
 								                Premium = true
 								            });
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders.Add(TwoFactorProviderType.OrganizationDuo, new TwoFactorProvider
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                Type = TwoFactorProviderType.OrganizationDuo,
 								                Name = "Duo (Organization)",
 								                Priority = 10,
 								                Sort = 4
 								            });
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								            TwoFactorProviders.Add(TwoFactorProviderType.Fido2WebAuthn, new TwoFactorProvider
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								                Type = TwoFactorProviderType.Fido2WebAuthn,
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                Priority = 4,
 								                Sort = 5,
 								                Premium = true
 								            });
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders.Add(TwoFactorProviderType.Email, new TwoFactorProvider
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                Type = TwoFactorProviderType.Email,
 								                Priority = 0,
 								                Sort = 6,
 								            });
 								        }
 								        public string Email { get; set; }
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								        public string CaptchaToken { get; set; }
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        public string MasterPasswordHash { get; set; }
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								        public string LocalMasterPasswordHash { get; set; }
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								        public string Code { get; set; }
 								        public string CodeVerifier { get; set; }
 								        public string SsoRedirectUrl { get; set; }
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								        public Dictionary<TwoFactorProviderType, TwoFactorProvider> TwoFactorProviders { get; set; }
 								        public Dictionary<TwoFactorProviderType, Dictionary<string, object>> TwoFactorProvidersData { get; set; }
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        public TwoFactorProviderType? SelectedTwoFactorProviderType { get; set; }
 								        public void Init()
 								        {
-fa for email

											
										
										
											2019-05-28 17:12:51 +03:00
+								            TwoFactorProviders[TwoFactorProviderType.Email].Name = _i18nService.T("Email");
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders[TwoFactorProviderType.Email].Description = _i18nService.T("EmailDesc");
 								            TwoFactorProviders[TwoFactorProviderType.Authenticator].Name = _i18nService.T("AuthenticatorAppTitle");
 								            TwoFactorProviders[TwoFactorProviderType.Authenticator].Description =
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                _i18nService.T("AuthenticatorAppDesc");
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders[TwoFactorProviderType.Duo].Description = _i18nService.T("DuoDesc");
 								            TwoFactorProviders[TwoFactorProviderType.OrganizationDuo].Name =
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                string.Format("Duo ({0})", _i18nService.T("Organization"));
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders[TwoFactorProviderType.OrganizationDuo].Description =
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                _i18nService.T("DuoOrganizationDesc");
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								            TwoFactorProviders[TwoFactorProviderType.Fido2WebAuthn].Name = _i18nService.T("Fido2Title");
 								            TwoFactorProviders[TwoFactorProviderType.Fido2WebAuthn].Description = _i18nService.T("Fido2Desc");
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProviders[TwoFactorProviderType.YubiKey].Name = _i18nService.T("YubiKeyTitle");
 								            TwoFactorProviders[TwoFactorProviderType.YubiKey].Description = _i18nService.T("YubiKeyDesc");
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        }
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								        public async Task<AuthResult> LogInAsync(string email, string masterPassword, string captchaToken)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        {
 								            SelectedTwoFactorProviderType = null;
 								            var key = await MakePreloginKeyAsync(masterPassword, email);
 								            var hashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key);
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								            var localHashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								            return await LogInHelperAsync(email, hashedPassword, localHashedPassword, null, null, null, key, null, null,
 								                null, captchaToken);
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								        }
 								        public async Task<AuthResult> LogInSsoAsync(string code, string codeVerifier, string redirectUrl)
 								        {
 								            SelectedTwoFactorProviderType = null;
-												bugfix in AuthService.LogInSsoAsync (#1474) (#1475)

add missing parameter in call to LogInHelperAsync
											
										
										
											2021-07-23 21:36:49 +03:00
+								            return await LogInHelperAsync(null, null, null, code, codeVerifier, redirectUrl, null, null, null, null);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        }
 								        public Task<AuthResult> LogInTwoFactorAsync(TwoFactorProviderType twoFactorProvider, string twoFactorToken,
 								            bool? remember = null)
 								        {
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								            return LogInHelperAsync(Email, MasterPasswordHash, LocalMasterPasswordHash, Code, CodeVerifier, SsoRedirectUrl, _key,
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								                twoFactorProvider, twoFactorToken, remember, CaptchaToken);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        }
 								        public async Task<AuthResult> LogInCompleteAsync(string email, string masterPassword,
 								            TwoFactorProviderType twoFactorProvider, string twoFactorToken, bool? remember = null)
 								        {
 								            SelectedTwoFactorProviderType = null;
 								            var key = await MakePreloginKeyAsync(masterPassword, email);
 								            var hashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key);
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								            var localHashedPassword = await _cryptoService.HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
 								            return await LogInHelperAsync(email, hashedPassword, localHashedPassword, null, null, null, key, twoFactorProvider,
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                twoFactorToken, remember);
 								        }
 								        public async Task<AuthResult> LogInSsoCompleteAsync(string code, string codeVerifier, string redirectUrl,
 								            TwoFactorProviderType twoFactorProvider, string twoFactorToken, bool? remember = null)
 								        {
 								            SelectedTwoFactorProviderType = null;
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								            return await LogInHelperAsync(null, null, null, code, codeVerifier, redirectUrl, null, twoFactorProvider,
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                twoFactorToken, remember);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        }
 								        public void LogOut(Action callback)
 								        {
 								            callback.Invoke();
-												re-worked message sending

											
										
										
											2019-04-19 19:29:37 +03:00
+								            _messagingService.Send("loggedOut");
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        }
 								        public List<TwoFactorProvider> GetSupportedTwoFactorProviders()
 								        {
 								            var providers = new List<TwoFactorProvider>();
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData == null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                return providers;
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.OrganizationDuo) &&
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                _platformUtilsService.SupportsDuo())
 								            {
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                providers.Add(TwoFactorProviders[TwoFactorProviderType.OrganizationDuo]);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Authenticator))
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                providers.Add(TwoFactorProviders[TwoFactorProviderType.Authenticator]);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.YubiKey))
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                providers.Add(TwoFactorProviders[TwoFactorProviderType.YubiKey]);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Duo) && _platformUtilsService.SupportsDuo())
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                providers.Add(TwoFactorProviders[TwoFactorProviderType.Duo]);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Fido2WebAuthn) &&
 								                _platformUtilsService.SupportsFido2())
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								                providers.Add(TwoFactorProviders[TwoFactorProviderType.Fido2WebAuthn]);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData.ContainsKey(TwoFactorProviderType.Email))
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                providers.Add(TwoFactorProviders[TwoFactorProviderType.Email]);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
 								            return providers;
 								        }
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								        public TwoFactorProviderType? GetDefaultTwoFactorProvider(bool fido2Supported)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (TwoFactorProvidersData == null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                return null;
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (SelectedTwoFactorProviderType != null &&
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                TwoFactorProvidersData.ContainsKey(SelectedTwoFactorProviderType.Value))
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                return SelectedTwoFactorProviderType.Value;
 								            }
 								            TwoFactorProviderType? providerType = null;
 								            var providerPriority = -1;
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            foreach (var providerKvp in TwoFactorProvidersData)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								                if (TwoFactorProviders.ContainsKey(providerKvp.Key))
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                {
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								                    var provider = TwoFactorProviders[providerKvp.Key];
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								                    if (provider.Priority > providerPriority)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                    {
-												FIDO2 WebAuthn support for mobile (#1519)

* FIDO2 / WebAuthn support for mobile

* fixes
											
										
										
											2021-08-30 19:44:12 +03:00
+								                        if (providerKvp.Key == TwoFactorProviderType.Fido2WebAuthn && !fido2Supported)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                        {
 								                            continue;
 								                        }
 								                        providerType = providerKvp.Key;
 								                        providerPriority = provider.Priority;
 								                    }
 								                }
 								            }
 								            return providerType;
 								        }
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								        public bool AuthingWithSso()
 								        {
 								            return Code != null && CodeVerifier != null && SsoRedirectUrl != null;
 								        }
 								        public bool AuthingWithPassword()
 								        {
 								            return Email != null && MasterPasswordHash != null;
 								        }
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        // Helpers
 								        private async Task<SymmetricCryptoKey> MakePreloginKeyAsync(string masterPassword, string email)
 								        {
 								            email = email.Trim().ToLower();
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								            KdfType? kdf = null;
 								            int? kdfIterations = null;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            try
 								            {
 								                var preloginResponse = await _apiService.PostPreloginAsync(new PreloginRequest { Email = email });
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								                if (preloginResponse != null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                {
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                    kdf = preloginResponse.Kdf;
 								                    kdfIterations = preloginResponse.KdfIterations;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                }
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            catch (ApiException e)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								                if (e.Error == null || e.Error.StatusCode != System.Net.HttpStatusCode.NotFound)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                {
 								                    throw e;
 								                }
 								            }
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								            return await _cryptoService.MakeKeyAsync(masterPassword, email, kdf, kdfIterations);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        }
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								        private async Task<AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
 								            string code, string codeVerifier, string redirectUrl, SymmetricCryptoKey key,
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								            TwoFactorProviderType? twoFactorProvider = null, string twoFactorToken = null, bool? remember = null,
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								            string captchaToken = null, string orgId = null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								        {
 								            var storedTwoFactorToken = await _tokenService.GetTwoFactorTokenAsync(email);
 								            var appId = await _appIdService.GetAppIdAsync();
 								            var deviceRequest = new DeviceRequest(appId, _platformUtilsService);
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
 								            string[] emailPassword;
 								            string[] codeCodeVerifier;
 								            if (email != null && hashedPassword != null)
 								            {
 								                emailPassword = new[] { email, hashedPassword };
 								            }
 								            else
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                emailPassword = null;
 								            }
 								            if (code != null && codeVerifier != null && redirectUrl != null)
 								            {
 								                codeCodeVerifier = new[] { code, codeVerifier, redirectUrl };
 								            }
 								            else
 								            {
 								                codeCodeVerifier = null;
 								            }
 								            TokenRequest request;
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (twoFactorToken != null && twoFactorProvider != null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember,
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								                    captchaToken, deviceRequest);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            else if (storedTwoFactorToken != null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember,
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								                    storedTwoFactorToken, false, captchaToken, deviceRequest);
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								            }
 								            else
 								            {
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								                request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, captchaToken, deviceRequest);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            }
 								            var response = await _apiService.PostIdentityTokenAsync(request);
 								            ClearState();
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								            var result = new AuthResult { TwoFactor = response.TwoFactorNeeded, CaptchaSiteKey = response.CaptchaResponse?.SiteKey };
 								            if (result.CaptchaNeeded)
 								            {
 								                return result;
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (result.TwoFactor)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                // Two factor required.
 								                Email = email;
 								                MasterPasswordHash = hashedPassword;
-												Use 2 iterations for local password hashing (#1423)

* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa7e1f2814b455d90a7a788e15d8ec98.

* Add backwards compatability with existing keyHash
											
										
										
											2021-06-15 00:39:34 +03:00
+								                LocalMasterPasswordHash = localHashedPassword;
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                Code = code;
 								                CodeVerifier = codeVerifier;
 								                SsoRedirectUrl = redirectUrl;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                _key = _setCryptoKeys ? key : null;
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								                TwoFactorProvidersData = response.TwoFactorResponse.TwoFactorProviders2;
 								                result.TwoFactorProviders = response.TwoFactorResponse.TwoFactorProviders2;
 								                CaptchaToken = response.TwoFactorResponse.CaptchaToken;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                return result;
 								            }
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								            var tokenResponse = response.TokenResponse;
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								            result.ResetMasterPassword = tokenResponse.ResetMasterPassword;
-												[Reset Password v1] Update Temp Password (#1492)

* [Reset Password v1] Update Temp Password

* fixed order of operations for reset temp password flow

* Refactored bool with auth result

* Finished removal of temp password flow from set password

* iOS extension support plus extension bugfixes

Co-authored-by: addison <addisonbeck1@gmail.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
											
										
										
											2021-09-24 21:14:26 +03:00
+								            result.ForcePasswordReset = tokenResponse.ForcePasswordReset;
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (tokenResponse.TwoFactorToken != null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
 								                await _tokenService.SetTwoFactorTokenAsync(tokenResponse.TwoFactorToken, email);
 								            }
 								            await _tokenService.SetTokensAsync(tokenResponse.AccessToken, tokenResponse.RefreshToken);
 								            await _userService.SetInformationAsync(_tokenService.GetUserId(), _tokenService.GetEmail(),
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								                tokenResponse.Kdf, tokenResponse.KdfIterations);
-												Changed all C# control flow block statements to include space between keyword and open paren (#800)


											
										
										
											2020-03-28 16:16:28 +03:00
+								            if (_setCryptoKeys)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            {
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								                if (key != null)
 								                {
 								                    await _cryptoService.SetKeyAsync(key);
 								                }
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								                if (localHashedPassword != null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                {
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								                    await _cryptoService.SetKeyHashAsync(localHashedPassword);
 								                }
 								                if (code == null || tokenResponse.Key != null)
 								                {
 								                    if (tokenResponse.KeyConnectorUrl != null)
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                    {
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								                        await _keyConnectorService.GetAndSetKey(tokenResponse.KeyConnectorUrl);
 								                    }
 								                    await _cryptoService.SetEncKeyAsync(tokenResponse.Key);
 								                    // User doesn't have a key pair yet (old account), let's generate one for them.
 								                    if (tokenResponse.PrivateKey == null)
 								                    {
 								                        try
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                        {
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
+								                            var keyPair = await _cryptoService.MakeKeyPairAsync();
 								                            await _apiService.PostAccountKeysAsync(new KeysRequest
 								                            {
 								                                PublicKey = keyPair.Item1,
 								                                EncryptedPrivateKey = keyPair.Item2.EncryptedString
 								                            });
 								                            tokenResponse.PrivateKey = keyPair.Item2.EncryptedString;
 								                        }
 								                        catch { }
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                    }
-												[KeyConnector] Add support for key connector OTP (#1633)

* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication

* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector

* Bypass lock page if already unlocked

* Move logic to KeyConnectorService, log out if no pin or biometric is set

* Disable password reprompt when using key connector

* hide password reprompt checkbox when editing or adding cipher

* add PostUserKey and PostSetKeyConnector calls

* add ConvertMasterPasswordPage

* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove

* Hide Change Master Password button if using key connector

* Add OTP verification for export component

* Update src/App/Pages/Vault/AddEditPage.xaml.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove toolbar item "close"

* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously

* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call

* remove unnecesary orgIdentifier

* move RemoveMasterPasswordPage call to LockPage

* add spacing to export vault page

* log out if no PIN or bio on lock page with key connector

* Delete excessive whitespace

* Delete excessive whitespace

* Change capitalisation of OTP

* add default value to models for backwards compatibility

* remove this keyword

* actually handle exceptions

* move RemoveMasterPasswordPage to TabPage using messaging service

* add minor improvements

* remove 'this.'

Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
											
										
										
											2021-11-11 04:46:48 +03:00
 								                    await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
 								                }
 								                else if (tokenResponse.KeyConnectorUrl != null)
 								                {
 								                    // SSO Key Connector Onboarding
 								                    var password = await _cryptoFunctionService.RandomBytesAsync(64);
 								                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.Kdf, tokenResponse.KdfIterations);
 								                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
 								                    await _cryptoService.SetKeyAsync(k);
 								                    var encKey = await _cryptoService.MakeEncKeyAsync(k);
 								                    await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
 								                    var keyPair = await _cryptoService.MakeKeyPairAsync();
 								                    try
 								                    {
 								                        await _apiService.PostUserKeyToKeyConnector(tokenResponse.KeyConnectorUrl, keyConnectorRequest);
 								                    }
 								                    catch (Exception e)
 								                    {
 								                        throw new Exception("Unable to reach Key Connector", e);
 								                    }
 								                    var keys = new KeysRequest
 								                    {
 								                        PublicKey = keyPair.Item1,
 								                        EncryptedPrivateKey = keyPair.Item2.EncryptedString
 								                    };
 								                    var setPasswordRequest = new SetKeyConnectorKeyRequest(
 								                        encKey.Item2.EncryptedString, keys, tokenResponse.Kdf, tokenResponse.KdfIterations, orgId
 								                    );
 								                    await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								                }
 								            }
-												biometrics cleanup (#964)


											
										
										
											2020-06-08 15:25:13 +03:00
+								            _vaultTimeoutService.BiometricLocked = false;
-												re-worked message sending

											
										
										
											2019-04-19 19:29:37 +03:00
+								            _messagingService.Send("loggedIn");
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            return result;
 								        }
 								        private void ClearState()
 								        {
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								            _key = null;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            Email = null;
-												Feature/use hcaptcha if bot (#1476)

* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
											
										
										
											2021-08-04 22:47:23 +03:00
+								            CaptchaToken = null;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            MasterPasswordHash = null;
-												Added SSO flows and functionality (#1047)

* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
											
										
										
											2020-09-03 19:30:40 +03:00
+								            Code = null;
 								            CodeVerifier = null;
 								            SsoRedirectUrl = null;
-												stub our 2fa page backend

											
										
										
											2019-05-27 17:28:38 +03:00
+								            TwoFactorProvidersData = null;
-												auth service

											
										
										
											2019-04-18 16:45:31 +03:00
+								            SelectedTwoFactorProviderType = null;
 								        }
 								    }
 								}