From 31cdf401f1e2f42bb6d0c5e27ac698b678c161a9 Mon Sep 17 00:00:00 2001 From: Federico Maccaroni Date: Thu, 3 Feb 2022 17:46:45 -0300 Subject: [PATCH] Fix delete account SSO with CME that the OTP parameter was being sent incorrectly to the server (#1751) --- src/Android/MainApplication.cs | 4 ++-- src/App/Pages/Accounts/DeleteAccountViewModel.cs | 7 ++----- .../Pages/Accounts/VerificationCodeViewModel.cs | 4 +++- .../Utilities/VerificationActionsFlowHelper.cs | 15 ++++++++++++--- src/Core/Models/Request/DeleteAccountRequest.cs | 2 ++ src/Core/Services/UserVerificationService.cs | 6 ++---- src/iOS.Core/Utilities/iOSCoreHelpers.cs | 6 +++--- 7 files changed, 26 insertions(+), 18 deletions(-) diff --git a/src/Android/MainApplication.cs b/src/Android/MainApplication.cs index 3e58b4cab..1957f70a2 100644 --- a/src/Android/MainApplication.cs +++ b/src/Android/MainApplication.cs @@ -52,14 +52,14 @@ namespace Bit.Droid var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner( ServiceContainer.Resolve("apiService"), ServiceContainer.Resolve("messagingService"), - ServiceContainer.Resolve("cryptoService"), ServiceContainer.Resolve("platformUtilsService"), ServiceContainer.Resolve("deviceActionService")); ServiceContainer.Register("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner); var verificationActionsFlowHelper = new VerificationActionsFlowHelper( ServiceContainer.Resolve("keyConnectorService"), - ServiceContainer.Resolve("passwordRepromptService")); + ServiceContainer.Resolve("passwordRepromptService"), + ServiceContainer.Resolve("cryptoService")); ServiceContainer.Register("verificationActionsFlowHelper", verificationActionsFlowHelper); } #if !FDROID diff --git a/src/App/Pages/Accounts/DeleteAccountViewModel.cs b/src/App/Pages/Accounts/DeleteAccountViewModel.cs index 53c195e58..cab70bd38 100644 --- a/src/App/Pages/Accounts/DeleteAccountViewModel.cs +++ b/src/App/Pages/Accounts/DeleteAccountViewModel.cs @@ -58,19 +58,16 @@ namespace Bit.App.Pages { readonly IApiService _apiService; readonly IMessagingService _messagingService; - readonly ICryptoService _cryptoService; readonly IPlatformUtilsService _platformUtilsService; readonly IDeviceActionService _deviceActionService; public DeleteAccountActionFlowExecutioner(IApiService apiService, IMessagingService messagingService, - ICryptoService cryptoService, IPlatformUtilsService platformUtilsService, IDeviceActionService deviceActionService) { _apiService = apiService; _messagingService = messagingService; - _cryptoService = cryptoService; _platformUtilsService = platformUtilsService; _deviceActionService = deviceActionService; } @@ -81,10 +78,10 @@ namespace Bit.App.Pages { await _deviceActionService.ShowLoadingAsync(AppResources.DeletingYourAccount); - var masterPasswordHashKey = await _cryptoService.HashPasswordAsync(parameters.Secret, null); await _apiService.DeleteAccountAsync(new Core.Models.Request.DeleteAccountRequest { - MasterPasswordHash = masterPasswordHashKey + MasterPasswordHash = parameters.VerificationType == Core.Enums.VerificationType.MasterPassword ? parameters.Secret : (string)null, + OTP = parameters.VerificationType == Core.Enums.VerificationType.OTP ? parameters.Secret : (string)null }); await _deviceActionService.HideLoadingAsync(); diff --git a/src/App/Pages/Accounts/VerificationCodeViewModel.cs b/src/App/Pages/Accounts/VerificationCodeViewModel.cs index 5bc57a2f4..e160a535d 100644 --- a/src/App/Pages/Accounts/VerificationCodeViewModel.cs +++ b/src/App/Pages/Accounts/VerificationCodeViewModel.cs @@ -10,6 +10,7 @@ using Xamarin.CommunityToolkit.ObjectModel; using System.Windows.Input; using Bit.App.Utilities; using Bit.Core; +using Bit.Core.Enums; #if !FDROID using Microsoft.AppCenter.Crashes; #endif @@ -144,7 +145,7 @@ namespace Bit.App.Pages await _deviceActionService.ShowLoadingAsync(AppResources.Verifying); - if (!await _userVerificationService.VerifyUser(Secret, Core.Enums.VerificationType.OTP)) + if (!await _userVerificationService.VerifyUser(Secret, VerificationType.OTP)) { await _deviceActionService.HideLoadingAsync(); return; @@ -154,6 +155,7 @@ namespace Bit.App.Pages var parameters = _verificationActionsFlowHelper.GetParameters(); parameters.Secret = Secret; + parameters.VerificationType = VerificationType.OTP; await _verificationActionsFlowHelper.ExecuteAsync(parameters); Secret = string.Empty; diff --git a/src/App/Utilities/VerificationActionsFlowHelper.cs b/src/App/Utilities/VerificationActionsFlowHelper.cs index 79feab0bc..eaf3376e9 100644 --- a/src/App/Utilities/VerificationActionsFlowHelper.cs +++ b/src/App/Utilities/VerificationActionsFlowHelper.cs @@ -24,11 +24,15 @@ namespace Bit.App.Utilities public interface IActionFlowParmeters { + VerificationType VerificationType { get; set; } + string Secret { get; set; } } public class DefaultActionFlowParameters : IActionFlowParmeters { + public VerificationType VerificationType { get; set; } + public string Secret { get; set; } } @@ -58,6 +62,7 @@ namespace Bit.App.Utilities { private readonly IKeyConnectorService _keyConnectorService; private readonly IPasswordRepromptService _passwordRepromptService; + private readonly ICryptoService _cryptoService; private VerificationFlowAction? _action; private IActionFlowParmeters _parameters; @@ -67,10 +72,12 @@ namespace Bit.App.Utilities private readonly Dictionary _actionExecutionerDictionary = new Dictionary(); public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService, - IPasswordRepromptService passwordRepromptService) + IPasswordRepromptService passwordRepromptService, + ICryptoService cryptoService) { _keyConnectorService = keyConnectorService; _passwordRepromptService = passwordRepromptService; + _cryptoService = cryptoService; _actionExecutionerDictionary.Add(VerificationFlowAction.DeleteAccount, ServiceContainer.Resolve("deleteAccountActionFlowExecutioner")); } @@ -113,8 +120,10 @@ namespace Bit.App.Utilities return; } - GetParameters().Secret = password; - await ExecuteAsync(_parameters); + var parameters = GetParameters(); + parameters.Secret = await _cryptoService.HashPasswordAsync(password, null); + parameters.VerificationType = VerificationType.MasterPassword; + await ExecuteAsync(parameters); break; case VerificationType.OTP: await Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage( diff --git a/src/Core/Models/Request/DeleteAccountRequest.cs b/src/Core/Models/Request/DeleteAccountRequest.cs index 7776d890e..8eb38d347 100644 --- a/src/Core/Models/Request/DeleteAccountRequest.cs +++ b/src/Core/Models/Request/DeleteAccountRequest.cs @@ -3,5 +3,7 @@ public class DeleteAccountRequest { public string MasterPasswordHash { get; set; } + + public string OTP { get; set; } } } diff --git a/src/Core/Services/UserVerificationService.cs b/src/Core/Services/UserVerificationService.cs index ae65d7f7b..74031b55c 100644 --- a/src/Core/Services/UserVerificationService.cs +++ b/src/Core/Services/UserVerificationService.cs @@ -1,9 +1,7 @@ -using System; +using System.Threading.Tasks; +using Bit.Core.Abstractions; using Bit.Core.Enums; using Bit.Core.Models.Request; -using Bit.Core.Services; -using Bit.Core.Abstractions; -using System.Threading.Tasks; namespace Bit.Core.Services { diff --git a/src/iOS.Core/Utilities/iOSCoreHelpers.cs b/src/iOS.Core/Utilities/iOSCoreHelpers.cs index 633803c81..1bac23f65 100644 --- a/src/iOS.Core/Utilities/iOSCoreHelpers.cs +++ b/src/iOS.Core/Utilities/iOSCoreHelpers.cs @@ -154,14 +154,14 @@ namespace Bit.iOS.Core.Utilities var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner( ServiceContainer.Resolve("apiService"), ServiceContainer.Resolve("messagingService"), - ServiceContainer.Resolve("cryptoService"), ServiceContainer.Resolve("platformUtilsService"), ServiceContainer.Resolve("deviceActionService")); ServiceContainer.Register("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner); var verificationActionsFlowHelper = new VerificationActionsFlowHelper( - ServiceContainer.Resolve("keyConnectorService"), - ServiceContainer.Resolve("passwordRepromptService")); + ServiceContainer.Resolve("keyConnectorService"), + ServiceContainer.Resolve("passwordRepromptService"), + ServiceContainer.Resolve("cryptoService")); ServiceContainer.Register("verificationActionsFlowHelper", verificationActionsFlowHelper); if (postBootstrapFunc != null)