2021-09-08 20:43:24 +03:00
|
|
|
|
using System;
|
|
|
|
|
using System.Collections.Generic;
|
2020-02-21 18:23:38 +03:00
|
|
|
|
using System.Linq;
|
2020-09-03 19:30:40 +03:00
|
|
|
|
using System.Text.RegularExpressions;
|
2020-02-21 18:23:38 +03:00
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
using Bit.Core.Abstractions;
|
|
|
|
|
using Bit.Core.Enums;
|
|
|
|
|
using Bit.Core.Models.Data;
|
|
|
|
|
using Bit.Core.Models.Domain;
|
|
|
|
|
|
|
|
|
|
namespace Bit.Core.Services
|
|
|
|
|
{
|
|
|
|
|
public class PolicyService : IPolicyService
|
|
|
|
|
{
|
|
|
|
|
private const string Keys_PoliciesPrefix = "policies_{0}";
|
|
|
|
|
|
|
|
|
|
private readonly IStorageService _storageService;
|
|
|
|
|
private readonly IUserService _userService;
|
|
|
|
|
|
|
|
|
|
private IEnumerable<Policy> _policyCache;
|
|
|
|
|
|
|
|
|
|
public PolicyService(
|
|
|
|
|
IStorageService storageService,
|
|
|
|
|
IUserService userService)
|
|
|
|
|
{
|
|
|
|
|
_storageService = storageService;
|
|
|
|
|
_userService = userService;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void ClearCache()
|
|
|
|
|
{
|
|
|
|
|
_policyCache = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async Task<IEnumerable<Policy>> GetAll(PolicyType? type)
|
|
|
|
|
{
|
2020-03-28 16:16:28 +03:00
|
|
|
|
if (_policyCache == null)
|
2020-02-21 18:23:38 +03:00
|
|
|
|
{
|
|
|
|
|
var userId = await _userService.GetUserIdAsync();
|
|
|
|
|
var policies = await _storageService.GetAsync<Dictionary<string, PolicyData>>(
|
|
|
|
|
string.Format(Keys_PoliciesPrefix, userId));
|
2020-03-28 16:16:28 +03:00
|
|
|
|
if (policies == null)
|
2020-03-03 18:53:03 +03:00
|
|
|
|
{
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2020-02-21 18:23:38 +03:00
|
|
|
|
_policyCache = policies.Select(p => new Policy(policies[p.Key]));
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-28 16:16:28 +03:00
|
|
|
|
if (type != null)
|
2020-02-21 18:23:38 +03:00
|
|
|
|
{
|
|
|
|
|
return _policyCache.Where(p => p.Type == type).ToList();
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return _policyCache;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async Task Replace(Dictionary<string, PolicyData> policies)
|
|
|
|
|
{
|
|
|
|
|
var userId = await _userService.GetUserIdAsync();
|
|
|
|
|
await _storageService.SaveAsync(string.Format(Keys_PoliciesPrefix, userId), policies);
|
|
|
|
|
_policyCache = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async Task Clear(string userId)
|
|
|
|
|
{
|
|
|
|
|
await _storageService.RemoveAsync(string.Format(Keys_PoliciesPrefix, userId));
|
|
|
|
|
_policyCache = null;
|
|
|
|
|
}
|
2020-09-03 19:30:40 +03:00
|
|
|
|
|
|
|
|
|
public async Task<MasterPasswordPolicyOptions> GetMasterPasswordPolicyOptions(
|
|
|
|
|
IEnumerable<Policy> policies = null)
|
|
|
|
|
{
|
|
|
|
|
MasterPasswordPolicyOptions enforcedOptions = null;
|
|
|
|
|
|
|
|
|
|
if (policies == null)
|
|
|
|
|
{
|
|
|
|
|
policies = await GetAll(PolicyType.MasterPassword);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
policies = policies.Where(p => p.Type == PolicyType.MasterPassword);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (policies == null || !policies.Any())
|
|
|
|
|
{
|
|
|
|
|
return enforcedOptions;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach (var currentPolicy in policies)
|
|
|
|
|
{
|
|
|
|
|
if (!currentPolicy.Enabled || currentPolicy.Data == null)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedOptions == null)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions = new MasterPasswordPolicyOptions();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var minComplexity = GetPolicyInt(currentPolicy, "minComplexity");
|
|
|
|
|
if (minComplexity != null && (int)(long)minComplexity > enforcedOptions.MinComplexity)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions.MinComplexity = (int)(long)minComplexity;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var minLength = GetPolicyInt(currentPolicy, "minLength");
|
|
|
|
|
if (minLength != null && (int)(long)minLength > enforcedOptions.MinLength)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions.MinLength = (int)(long)minLength;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var requireUpper = GetPolicyBool(currentPolicy, "requireUpper");
|
|
|
|
|
if (requireUpper != null && (bool)requireUpper)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions.RequireUpper = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var requireLower = GetPolicyBool(currentPolicy, "requireLower");
|
|
|
|
|
if (requireLower != null && (bool)requireLower)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions.RequireLower = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var requireNumbers = GetPolicyBool(currentPolicy, "requireNumbers");
|
|
|
|
|
if (requireNumbers != null && (bool)requireNumbers)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions.RequireNumbers = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var requireSpecial = GetPolicyBool(currentPolicy, "requireSpecial");
|
|
|
|
|
if (requireSpecial != null && (bool)requireSpecial)
|
|
|
|
|
{
|
|
|
|
|
enforcedOptions.RequireSpecial = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return enforcedOptions;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async Task<bool> EvaluateMasterPassword(int passwordStrength, string newPassword,
|
|
|
|
|
MasterPasswordPolicyOptions enforcedPolicyOptions)
|
|
|
|
|
{
|
|
|
|
|
if (enforcedPolicyOptions == null)
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedPolicyOptions.MinComplexity > 0 && enforcedPolicyOptions.MinComplexity > passwordStrength)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedPolicyOptions.MinLength > 0 && enforcedPolicyOptions.MinLength > newPassword.Length)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedPolicyOptions.RequireUpper && newPassword.ToLower() == newPassword)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedPolicyOptions.RequireLower && newPassword.ToUpper() == newPassword)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedPolicyOptions.RequireNumbers && !newPassword.Any(char.IsDigit))
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (enforcedPolicyOptions.RequireSpecial && !Regex.IsMatch(newPassword, "^.*[!@#$%\\^&*].*$"))
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-08 20:43:24 +03:00
|
|
|
|
public Tuple<ResetPasswordPolicyOptions, bool> GetResetPasswordPolicyOptions(IEnumerable<Policy> policies,
|
|
|
|
|
string orgId)
|
|
|
|
|
{
|
|
|
|
|
var resetPasswordPolicyOptions = new ResetPasswordPolicyOptions();
|
|
|
|
|
|
|
|
|
|
if (policies == null || orgId == null)
|
|
|
|
|
{
|
|
|
|
|
return new Tuple<ResetPasswordPolicyOptions, bool>(resetPasswordPolicyOptions, false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var policy = policies.FirstOrDefault(p =>
|
|
|
|
|
p.OrganizationId == orgId && p.Type == PolicyType.ResetPassword && p.Enabled);
|
|
|
|
|
resetPasswordPolicyOptions.AutoEnrollEnabled = GetPolicyBool(policy, "autoEnrollEnabled") ?? false;
|
|
|
|
|
|
|
|
|
|
return new Tuple<ResetPasswordPolicyOptions, bool>(resetPasswordPolicyOptions, policy != null);
|
|
|
|
|
}
|
2021-09-23 16:42:38 +03:00
|
|
|
|
|
2021-09-24 02:51:02 +03:00
|
|
|
|
public async Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter)
|
2021-09-23 16:42:38 +03:00
|
|
|
|
{
|
|
|
|
|
var policies = await GetAll(policyType);
|
2021-10-14 20:53:57 +03:00
|
|
|
|
if (policies == null)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2021-09-23 16:42:38 +03:00
|
|
|
|
var organizations = await _userService.GetAllOrganizationAsync();
|
|
|
|
|
|
2021-09-24 02:51:02 +03:00
|
|
|
|
IEnumerable<Policy> filteredPolicies;
|
|
|
|
|
|
|
|
|
|
if (policyFilter != null)
|
|
|
|
|
{
|
|
|
|
|
filteredPolicies = policies.Where(p => p.Enabled && policyFilter(p));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
filteredPolicies = policies.Where(p => p.Enabled);
|
|
|
|
|
}
|
2021-09-23 16:42:38 +03:00
|
|
|
|
|
2021-09-24 02:51:02 +03:00
|
|
|
|
var policySet = new HashSet<string>(filteredPolicies.Select(p => p.OrganizationId));
|
2021-09-23 16:42:38 +03:00
|
|
|
|
|
|
|
|
|
return organizations.Any(o =>
|
|
|
|
|
o.Enabled &&
|
|
|
|
|
o.Status >= OrganizationUserStatusType.Accepted &&
|
|
|
|
|
o.UsePolicies &&
|
2021-10-12 16:35:01 +03:00
|
|
|
|
!isExcemptFromPolicies(o, policyType) &&
|
2021-09-24 02:51:02 +03:00
|
|
|
|
policySet.Contains(o.Id));
|
2021-09-23 16:42:38 +03:00
|
|
|
|
}
|
|
|
|
|
|
2021-10-12 16:35:01 +03:00
|
|
|
|
private bool isExcemptFromPolicies(Organization organization, PolicyType policyType)
|
|
|
|
|
{
|
|
|
|
|
if (policyType == PolicyType.MaximumVaultTimeout)
|
|
|
|
|
{
|
|
|
|
|
return organization.Type == OrganizationUserType.Owner;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return organization.isExemptFromPolicies;
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-23 16:42:38 +03:00
|
|
|
|
public int? GetPolicyInt(Policy policy, string key)
|
2020-09-03 19:30:40 +03:00
|
|
|
|
{
|
|
|
|
|
if (policy.Data.ContainsKey(key))
|
|
|
|
|
{
|
|
|
|
|
var value = policy.Data[key];
|
|
|
|
|
if (value != null)
|
|
|
|
|
{
|
|
|
|
|
return (int)(long)value;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private bool? GetPolicyBool(Policy policy, string key)
|
|
|
|
|
{
|
|
|
|
|
if (policy.Data.ContainsKey(key))
|
|
|
|
|
{
|
|
|
|
|
var value = policy.Data[key];
|
|
|
|
|
if (value != null)
|
|
|
|
|
{
|
|
|
|
|
return (bool)value;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private string GetPolicyString(Policy policy, string key)
|
|
|
|
|
{
|
|
|
|
|
if (policy.Data.ContainsKey(key))
|
|
|
|
|
{
|
|
|
|
|
var value = policy.Data[key];
|
|
|
|
|
if (value != null)
|
|
|
|
|
{
|
|
|
|
|
return (string)value;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2020-02-21 18:23:38 +03:00
|
|
|
|
}
|
|
|
|
|
}
|