Fix delete account SSO with CME that the OTP parameter was being sent incorrectly to the server (#1751)

This commit is contained in:
Federico Maccaroni 2022-02-03 17:46:45 -03:00 committed by GitHub
parent 4373cee636
commit 31cdf401f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 26 additions and 18 deletions

View file

@ -52,14 +52,14 @@ namespace Bit.Droid
var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner(
ServiceContainer.Resolve<IApiService>("apiService"),
ServiceContainer.Resolve<IMessagingService>("messagingService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"),
ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
ServiceContainer.Resolve<IDeviceActionService>("deviceActionService"));
ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"));
ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"));
ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
}
#if !FDROID

View file

@ -58,19 +58,16 @@ namespace Bit.App.Pages
{
readonly IApiService _apiService;
readonly IMessagingService _messagingService;
readonly ICryptoService _cryptoService;
readonly IPlatformUtilsService _platformUtilsService;
readonly IDeviceActionService _deviceActionService;
public DeleteAccountActionFlowExecutioner(IApiService apiService,
IMessagingService messagingService,
ICryptoService cryptoService,
IPlatformUtilsService platformUtilsService,
IDeviceActionService deviceActionService)
{
_apiService = apiService;
_messagingService = messagingService;
_cryptoService = cryptoService;
_platformUtilsService = platformUtilsService;
_deviceActionService = deviceActionService;
}
@ -81,10 +78,10 @@ namespace Bit.App.Pages
{
await _deviceActionService.ShowLoadingAsync(AppResources.DeletingYourAccount);
var masterPasswordHashKey = await _cryptoService.HashPasswordAsync(parameters.Secret, null);
await _apiService.DeleteAccountAsync(new Core.Models.Request.DeleteAccountRequest
{
MasterPasswordHash = masterPasswordHashKey
MasterPasswordHash = parameters.VerificationType == Core.Enums.VerificationType.MasterPassword ? parameters.Secret : (string)null,
OTP = parameters.VerificationType == Core.Enums.VerificationType.OTP ? parameters.Secret : (string)null
});
await _deviceActionService.HideLoadingAsync();

View file

@ -10,6 +10,7 @@ using Xamarin.CommunityToolkit.ObjectModel;
using System.Windows.Input;
using Bit.App.Utilities;
using Bit.Core;
using Bit.Core.Enums;
#if !FDROID
using Microsoft.AppCenter.Crashes;
#endif
@ -144,7 +145,7 @@ namespace Bit.App.Pages
await _deviceActionService.ShowLoadingAsync(AppResources.Verifying);
if (!await _userVerificationService.VerifyUser(Secret, Core.Enums.VerificationType.OTP))
if (!await _userVerificationService.VerifyUser(Secret, VerificationType.OTP))
{
await _deviceActionService.HideLoadingAsync();
return;
@ -154,6 +155,7 @@ namespace Bit.App.Pages
var parameters = _verificationActionsFlowHelper.GetParameters();
parameters.Secret = Secret;
parameters.VerificationType = VerificationType.OTP;
await _verificationActionsFlowHelper.ExecuteAsync(parameters);
Secret = string.Empty;

View file

@ -24,11 +24,15 @@ namespace Bit.App.Utilities
public interface IActionFlowParmeters
{
VerificationType VerificationType { get; set; }
string Secret { get; set; }
}
public class DefaultActionFlowParameters : IActionFlowParmeters
{
public VerificationType VerificationType { get; set; }
public string Secret { get; set; }
}
@ -58,6 +62,7 @@ namespace Bit.App.Utilities
{
private readonly IKeyConnectorService _keyConnectorService;
private readonly IPasswordRepromptService _passwordRepromptService;
private readonly ICryptoService _cryptoService;
private VerificationFlowAction? _action;
private IActionFlowParmeters _parameters;
@ -67,10 +72,12 @@ namespace Bit.App.Utilities
private readonly Dictionary<VerificationFlowAction, IActionFlowExecutioner> _actionExecutionerDictionary = new Dictionary<VerificationFlowAction, IActionFlowExecutioner>();
public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService,
IPasswordRepromptService passwordRepromptService)
IPasswordRepromptService passwordRepromptService,
ICryptoService cryptoService)
{
_keyConnectorService = keyConnectorService;
_passwordRepromptService = passwordRepromptService;
_cryptoService = cryptoService;
_actionExecutionerDictionary.Add(VerificationFlowAction.DeleteAccount, ServiceContainer.Resolve<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner"));
}
@ -113,8 +120,10 @@ namespace Bit.App.Utilities
return;
}
GetParameters().Secret = password;
await ExecuteAsync(_parameters);
var parameters = GetParameters();
parameters.Secret = await _cryptoService.HashPasswordAsync(password, null);
parameters.VerificationType = VerificationType.MasterPassword;
await ExecuteAsync(parameters);
break;
case VerificationType.OTP:
await Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(

View file

@ -3,5 +3,7 @@
public class DeleteAccountRequest
{
public string MasterPasswordHash { get; set; }
public string OTP { get; set; }
}
}

View file

@ -1,9 +1,7 @@
using System;
using System.Threading.Tasks;
using Bit.Core.Abstractions;
using Bit.Core.Enums;
using Bit.Core.Models.Request;
using Bit.Core.Services;
using Bit.Core.Abstractions;
using System.Threading.Tasks;
namespace Bit.Core.Services
{

View file

@ -154,14 +154,14 @@ namespace Bit.iOS.Core.Utilities
var deleteAccountActionFlowExecutioner = new DeleteAccountActionFlowExecutioner(
ServiceContainer.Resolve<IApiService>("apiService"),
ServiceContainer.Resolve<IMessagingService>("messagingService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"),
ServiceContainer.Resolve<IPlatformUtilsService>("platformUtilsService"),
ServiceContainer.Resolve<IDeviceActionService>("deviceActionService"));
ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"));
ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
ServiceContainer.Resolve<ICryptoService>("cryptoService"));
ServiceContainer.Register<IVerificationActionsFlowHelper>("verificationActionsFlowHelper", verificationActionsFlowHelper);
if (postBootstrapFunc != null)