Fix delete account SSO with CME that the OTP parameter was being sent incorrectly to the server (#1751)

This commit is contained in:
Federico Maccaroni 2022-02-03 17:46:45 -03:00 committed by GitHub
parent 4373cee636
commit 31cdf401f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 26 additions and 18 deletions

View file

@ -52,14 +52,14 @@ namespace Bit.Droid
var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner( var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner(
ServiceContainer.Resolve<IApiService>("apiService"), ServiceContainer.Resolve<IApiService>("apiService"),
ServiceContainer.Resolve<IMessagingService>("messagingService"), ServiceContainer.Resolve<IMessagingService>("messagingService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"),
ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"), ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
ServiceContainer.Resolve<IDeviceActionService>("deviceActionService")); ServiceContainer.Resolve<IDeviceActionService>("deviceActionService"));
ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner); ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
var verificationActionsFlowHelper = new VerificationActionsFlowHelper( var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"), ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService")); ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"));
ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper); ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
} }
#if !FDROID #if !FDROID

View file

@ -58,19 +58,16 @@ namespace Bit.App.Pages
{ {
readonly IApiService _apiService; readonly IApiService _apiService;
readonly IMessagingService _messagingService; readonly IMessagingService _messagingService;
readonly ICryptoService _cryptoService;
readonly IPlatformUtilsService _platformUtilsService; readonly IPlatformUtilsService _platformUtilsService;
readonly IDeviceActionService _deviceActionService; readonly IDeviceActionService _deviceActionService;
public DeleteAccountActionFlowExecutioner(IApiService apiService, public DeleteAccountActionFlowExecutioner(IApiService apiService,
IMessagingService messagingService, IMessagingService messagingService,
ICryptoService cryptoService,
IPlatformUtilsService platformUtilsService, IPlatformUtilsService platformUtilsService,
IDeviceActionService deviceActionService) IDeviceActionService deviceActionService)
{ {
_apiService = apiService; _apiService = apiService;
_messagingService = messagingService; _messagingService = messagingService;
_cryptoService = cryptoService;
_platformUtilsService = platformUtilsService; _platformUtilsService = platformUtilsService;
_deviceActionService = deviceActionService; _deviceActionService = deviceActionService;
} }
@ -81,10 +78,10 @@ namespace Bit.App.Pages
{ {
await _deviceActionService.ShowLoadingAsync(AppResources.DeletingYourAccount); await _deviceActionService.ShowLoadingAsync(AppResources.DeletingYourAccount);
var masterPasswordHashKey = await _cryptoService.HashPasswordAsync(parameters.Secret, null);
await _apiService.DeleteAccountAsync(new Core.Models.Request.DeleteAccountRequest await _apiService.DeleteAccountAsync(new Core.Models.Request.DeleteAccountRequest
{ {
MasterPasswordHash = masterPasswordHashKey MasterPasswordHash = parameters.VerificationType == Core.Enums.VerificationType.MasterPassword ? parameters.Secret : (string)null,
OTP = parameters.VerificationType == Core.Enums.VerificationType.OTP ? parameters.Secret : (string)null
}); });
await _deviceActionService.HideLoadingAsync(); await _deviceActionService.HideLoadingAsync();

View file

@ -10,6 +10,7 @@ using Xamarin.CommunityToolkit.ObjectModel;
using System.Windows.Input; using System.Windows.Input;
using Bit.App.Utilities; using Bit.App.Utilities;
using Bit.Core; using Bit.Core;
using Bit.Core.Enums;
#if !FDROID #if !FDROID
using Microsoft.AppCenter.Crashes; using Microsoft.AppCenter.Crashes;
#endif #endif
@ -144,7 +145,7 @@ namespace Bit.App.Pages
await _deviceActionService.ShowLoadingAsync(AppResources.Verifying); await _deviceActionService.ShowLoadingAsync(AppResources.Verifying);
if (!await _userVerificationService.VerifyUser(Secret, Core.Enums.VerificationType.OTP)) if (!await _userVerificationService.VerifyUser(Secret, VerificationType.OTP))
{ {
await _deviceActionService.HideLoadingAsync(); await _deviceActionService.HideLoadingAsync();
return; return;
@ -154,6 +155,7 @@ namespace Bit.App.Pages
var parameters = _verificationActionsFlowHelper.GetParameters(); var parameters = _verificationActionsFlowHelper.GetParameters();
parameters.Secret = Secret; parameters.Secret = Secret;
parameters.VerificationType = VerificationType.OTP;
await _verificationActionsFlowHelper.ExecuteAsync(parameters); await _verificationActionsFlowHelper.ExecuteAsync(parameters);
Secret = string.Empty; Secret = string.Empty;

View file

@ -24,11 +24,15 @@ namespace Bit.App.Utilities
public interface IActionFlowParmeters public interface IActionFlowParmeters
{ {
VerificationType VerificationType { get; set; }
string Secret { get; set; } string Secret { get; set; }
} }
public class DefaultActionFlowParameters : IActionFlowParmeters public class DefaultActionFlowParameters : IActionFlowParmeters
{ {
public VerificationType VerificationType { get; set; }
public string Secret { get; set; } public string Secret { get; set; }
} }
@ -58,6 +62,7 @@ namespace Bit.App.Utilities
{ {
private readonly IKeyConnectorService _keyConnectorService; private readonly IKeyConnectorService _keyConnectorService;
private readonly IPasswordRepromptService _passwordRepromptService; private readonly IPasswordRepromptService _passwordRepromptService;
private readonly ICryptoService _cryptoService;
private VerificationFlowAction? _action; private VerificationFlowAction? _action;
private IActionFlowParmeters _parameters; private IActionFlowParmeters _parameters;
@ -67,10 +72,12 @@ namespace Bit.App.Utilities
private readonly Dictionary<VerificationFlowAction, IActionFlowExecutioner> _actionExecutionerDictionary = new Dictionary<VerificationFlowAction, IActionFlowExecutioner>(); private readonly Dictionary<VerificationFlowAction, IActionFlowExecutioner> _actionExecutionerDictionary = new Dictionary<VerificationFlowAction, IActionFlowExecutioner>();
public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService, public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService,
IPasswordRepromptService passwordRepromptService) IPasswordRepromptService passwordRepromptService,
ICryptoService cryptoService)
{ {
_keyConnectorService = keyConnectorService; _keyConnectorService = keyConnectorService;
_passwordRepromptService = passwordRepromptService; _passwordRepromptService = passwordRepromptService;
_cryptoService = cryptoService;
_actionExecutionerDictionary.Add(VerificationFlowAction.DeleteAccount, ServiceContainer.Resolve<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner")); _actionExecutionerDictionary.Add(VerificationFlowAction.DeleteAccount, ServiceContainer.Resolve<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner"));
} }
@ -113,8 +120,10 @@ namespace Bit.App.Utilities
return; return;
} }
GetParameters().Secret = password; var parameters = GetParameters();
await ExecuteAsync(_parameters); parameters.Secret = await _cryptoService.HashPasswordAsync(password, null);
parameters.VerificationType = VerificationType.MasterPassword;
await ExecuteAsync(parameters);
break; break;
case VerificationType.OTP: case VerificationType.OTP:
await Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage( await Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(

View file

@ -3,5 +3,7 @@
public class DeleteAccountRequest public class DeleteAccountRequest
{ {
public string MasterPasswordHash { get; set; } public string MasterPasswordHash { get; set; }
public string OTP { get; set; }
} }
} }

View file

@ -1,9 +1,7 @@
using System; using System.Threading.Tasks;
using Bit.Core.Abstractions;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core.Models.Request; using Bit.Core.Models.Request;
using Bit.Core.Services;
using Bit.Core.Abstractions;
using System.Threading.Tasks;
namespace Bit.Core.Services namespace Bit.Core.Services
{ {

View file

@ -154,14 +154,14 @@ namespace Bit.iOS.Core.Utilities
var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner( var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner(
ServiceContainer.Resolve<IApiService>("apiService"), ServiceContainer.Resolve<IApiService>("apiService"),
ServiceContainer.Resolve<IMessagingService>("messagingService"), ServiceContainer.Resolve<IMessagingService>("messagingService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"),
ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"), ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
ServiceContainer.Resolve<IDeviceActionService>("deviceActionService")); ServiceContainer.Resolve<IDeviceActionService>("deviceActionService"));
ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner); ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
var verificationActionsFlowHelper = new VerificationActionsFlowHelper( var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"), ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService")); ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"));
ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper); ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
if (postBootstrapFunc != null) if (postBootstrapFunc != null)