From e09c79192436fac889e587a438ecf4a8479d09ab Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Wed, 4 Oct 2023 14:04:45 +0200 Subject: [PATCH 01/11] [PM-4167] feat: add support for `SupportsPrf` --- src/Api/Auth/Controllers/WebAuthnController.cs | 2 +- .../Request/WebAuthn/WebAuthnCredentialRequestModel.cs | 3 +++ .../Response/WebAuthn/WebAuthnCredentialResponseModel.cs | 4 ++-- src/Api/Properties/launchSettings.json | 2 +- src/Core/Services/IUserService.cs | 2 +- src/Core/Services/Implementations/UserService.cs | 5 +++-- test/Core.Test/Services/UserServiceTests.cs | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/Api/Auth/Controllers/WebAuthnController.cs b/src/Api/Auth/Controllers/WebAuthnController.cs index b7e9c5bb8b11..94b7ce85b522 100644 --- a/src/Api/Auth/Controllers/WebAuthnController.cs +++ b/src/Api/Auth/Controllers/WebAuthnController.cs @@ -68,7 +68,7 @@ public async Task Post([FromBody] WebAuthnCredentialRequestModel model) throw new BadRequestException("The token associated with your request is expired. A valid token is required to continue."); } - var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, tokenable.Options, model.DeviceResponse); + var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, model.SupportsPrf, tokenable.Options, model.DeviceResponse); if (!success) { throw new BadRequestException("Unable to complete WebAuthn registration."); diff --git a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs index 8f16fe7f5065..fea6df6b0670 100644 --- a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs +++ b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs @@ -13,5 +13,8 @@ public class WebAuthnCredentialRequestModel [Required] public string Token { get; set; } + + [Required] + public bool SupportsPrf { get; set; } } diff --git a/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs b/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs index 0e358c751d32..d4aef567538c 100644 --- a/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs +++ b/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs @@ -11,10 +11,10 @@ public WebAuthnCredentialResponseModel(WebAuthnCredential credential) : base(Res { Id = credential.Id.ToString(); Name = credential.Name; - PrfSupport = false; + SupportsPrf = credential.SupportsPrf; } public string Id { get; set; } public string Name { get; set; } - public bool PrfSupport { get; set; } + public bool SupportsPrf { get; set; } } diff --git a/src/Api/Properties/launchSettings.json b/src/Api/Properties/launchSettings.json index f40c28ea99d4..b67505b0fc8c 100644 --- a/src/Api/Properties/launchSettings.json +++ b/src/Api/Properties/launchSettings.json @@ -30,4 +30,4 @@ } } } -} +} \ No newline at end of file diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs index e27668946638..d30ab8723031 100644 --- a/src/Core/Services/IUserService.cs +++ b/src/Core/Services/IUserService.cs @@ -28,7 +28,7 @@ public interface IUserService Task DeleteWebAuthnKeyAsync(User user, int id); Task CompleteWebAuthRegistrationAsync(User user, int value, string name, AuthenticatorAttestationRawResponse attestationResponse); Task StartWebAuthnLoginRegistrationAsync(User user); - Task CompleteWebAuthLoginRegistrationAsync(User user, string name, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse); + Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse); Task StartWebAuthnLoginAssertionAsync(User user); Task CompleteWebAuthLoginAssertionAsync(AuthenticatorAssertionRawResponse assertionResponse, User user); Task SendEmailVerificationAsync(User user); diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs index 3f29d14afb0f..f2471261473c 100644 --- a/src/Core/Services/Implementations/UserService.cs +++ b/src/Core/Services/Implementations/UserService.cs @@ -543,7 +543,7 @@ public async Task StartWebAuthnLoginRegistrationAsync(U return options; } - public async Task CompleteWebAuthLoginRegistrationAsync(User user, string name, + public async Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse) { @@ -566,7 +566,8 @@ public async Task CompleteWebAuthLoginRegistrationAsync(User user, string Type = success.Result.CredType, AaGuid = success.Result.Aaguid, Counter = (int)success.Result.Counter, - UserId = user.Id + UserId = user.Id, + SupportsPrf = supportsPrf }; await _webAuthnCredentialRepository.CreateAsync(credential); diff --git a/test/Core.Test/Services/UserServiceTests.cs b/test/Core.Test/Services/UserServiceTests.cs index 7df36855a7ca..0bc0f08fb8f5 100644 --- a/test/Core.Test/Services/UserServiceTests.cs +++ b/test/Core.Test/Services/UserServiceTests.cs @@ -193,7 +193,7 @@ public async void CompleteWebAuthLoginRegistrationAsync_ExceedsExistingCredentia sutProvider.GetDependency().GetManyByUserIdAsync(user.Id).Returns(existingCredentials); // Act - var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", options, response); + var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", false, options, response); // Assert Assert.False(result); From 2e8722a329ff8f68107bae66206621f37bcf4758 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Thu, 5 Oct 2023 15:38:08 +0200 Subject: [PATCH 02/11] [PM-4167] feat: add `prfStatus` property --- .../WebAuthn/WebAuthnCredentialResponseModel.cs | 5 +++-- src/Core/Auth/Entities/WebAuthnCredential.cs | 16 ++++++++++++++++ src/Core/Auth/Enums/WebAuthnPrfStatus.cs | 8 ++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 src/Core/Auth/Enums/WebAuthnPrfStatus.cs diff --git a/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs b/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs index d4aef567538c..01cf2559a6e5 100644 --- a/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs +++ b/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs @@ -1,4 +1,5 @@ using Bit.Core.Auth.Entities; +using Bit.Core.Auth.Enums; using Bit.Core.Models.Api; namespace Bit.Api.Auth.Models.Response.WebAuthn; @@ -11,10 +12,10 @@ public WebAuthnCredentialResponseModel(WebAuthnCredential credential) : base(Res { Id = credential.Id.ToString(); Name = credential.Name; - SupportsPrf = credential.SupportsPrf; + PrfStatus = credential.GetPrfStatus(); } public string Id { get; set; } public string Name { get; set; } - public bool SupportsPrf { get; set; } + public WebAuthnPrfStatus PrfStatus { get; set; } } diff --git a/src/Core/Auth/Entities/WebAuthnCredential.cs b/src/Core/Auth/Entities/WebAuthnCredential.cs index b4b80ff65481..5cc86fc84e7b 100644 --- a/src/Core/Auth/Entities/WebAuthnCredential.cs +++ b/src/Core/Auth/Entities/WebAuthnCredential.cs @@ -1,4 +1,5 @@ using System.ComponentModel.DataAnnotations; +using Bit.Core.Auth.Enums; using Bit.Core.Entities; using Bit.Core.Utilities; @@ -29,4 +30,19 @@ public void SetNewId() { Id = CoreHelpers.GenerateComb(); } + + + public WebAuthnPrfStatus GetPrfStatus() + { + if (SupportsPrf && EncryptedUserKey != null && EncryptedPrivateKey != null && EncryptedPublicKey != null) + { + return WebAuthnPrfStatus.Enabled; + } + else if (SupportsPrf) + { + return WebAuthnPrfStatus.Supported; + } + + return WebAuthnPrfStatus.Unsupported; + } } diff --git a/src/Core/Auth/Enums/WebAuthnPrfStatus.cs b/src/Core/Auth/Enums/WebAuthnPrfStatus.cs new file mode 100644 index 000000000000..4977aacf71ac --- /dev/null +++ b/src/Core/Auth/Enums/WebAuthnPrfStatus.cs @@ -0,0 +1,8 @@ +namespace Bit.Core.Auth.Enums; + +public enum WebAuthnPrfStatus +{ + Enabled = 0, + Supported = 1, + Unsupported = 2 +} From 3e04eddab8561e2fed37b2d5302eee98b8704d0d Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Fri, 6 Oct 2023 15:09:33 +0200 Subject: [PATCH 03/11] [PM-4167] feat: add support for storing PRF keys --- src/Api/Auth/Controllers/WebAuthnController.cs | 2 +- .../WebAuthn/WebAuthnCredentialRequestModel.cs | 16 ++++++++++++++++ src/Core/Auth/Entities/WebAuthnCredential.cs | 3 +++ src/Core/Services/IUserService.cs | 2 +- src/Core/Services/Implementations/UserService.cs | 6 +++++- 5 files changed, 26 insertions(+), 3 deletions(-) diff --git a/src/Api/Auth/Controllers/WebAuthnController.cs b/src/Api/Auth/Controllers/WebAuthnController.cs index 94b7ce85b522..e4c165b7d856 100644 --- a/src/Api/Auth/Controllers/WebAuthnController.cs +++ b/src/Api/Auth/Controllers/WebAuthnController.cs @@ -68,7 +68,7 @@ public async Task Post([FromBody] WebAuthnCredentialRequestModel model) throw new BadRequestException("The token associated with your request is expired. A valid token is required to continue."); } - var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, model.SupportsPrf, tokenable.Options, model.DeviceResponse); + var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, model.SupportsPrf, model.EncryptedUserKey, model.EncryptedPublicKey, model.EncryptedPrivateKey, tokenable.Options, model.DeviceResponse); if (!success) { throw new BadRequestException("Unable to complete WebAuthn registration."); diff --git a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs index fea6df6b0670..7b2abd207d8c 100644 --- a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs +++ b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs @@ -1,4 +1,5 @@ using System.ComponentModel.DataAnnotations; +using Bit.Core.Utilities; using Fido2NetLib; namespace Bit.Api.Auth.Models.Request.Webauthn; @@ -16,5 +17,20 @@ public class WebAuthnCredentialRequestModel [Required] public bool SupportsPrf { get; set; } + + [Required] + [EncryptedString] + [EncryptedStringLength(2000)] + public string EncryptedUserKey { get; set; } + + [Required] + [EncryptedString] + [EncryptedStringLength(2000)] + public string EncryptedPublicKey { get; set; } + + [Required] + [EncryptedString] + [EncryptedStringLength(2000)] + public string EncryptedPrivateKey { get; set; } } diff --git a/src/Core/Auth/Entities/WebAuthnCredential.cs b/src/Core/Auth/Entities/WebAuthnCredential.cs index 5cc86fc84e7b..99dae0da7075 100644 --- a/src/Core/Auth/Entities/WebAuthnCredential.cs +++ b/src/Core/Auth/Entities/WebAuthnCredential.cs @@ -19,8 +19,11 @@ public class WebAuthnCredential : ITableObject [MaxLength(20)] public string Type { get; set; } public Guid AaGuid { get; set; } + [MaxLength(2000)] public string EncryptedUserKey { get; set; } + [MaxLength(2000)] public string EncryptedPrivateKey { get; set; } + [MaxLength(2000)] public string EncryptedPublicKey { get; set; } public bool SupportsPrf { get; set; } public DateTime CreationDate { get; internal set; } = DateTime.UtcNow; diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs index d30ab8723031..1883c6e65591 100644 --- a/src/Core/Services/IUserService.cs +++ b/src/Core/Services/IUserService.cs @@ -28,7 +28,7 @@ public interface IUserService Task DeleteWebAuthnKeyAsync(User user, int id); Task CompleteWebAuthRegistrationAsync(User user, int value, string name, AuthenticatorAttestationRawResponse attestationResponse); Task StartWebAuthnLoginRegistrationAsync(User user); - Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse); + Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, string encryptedUserKey, string encryptedPublicKey, string encryptedPrivateKey, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse); Task StartWebAuthnLoginAssertionAsync(User user); Task CompleteWebAuthLoginAssertionAsync(AuthenticatorAssertionRawResponse assertionResponse, User user); Task SendEmailVerificationAsync(User user); diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs index f2471261473c..7fc6c12e6578 100644 --- a/src/Core/Services/Implementations/UserService.cs +++ b/src/Core/Services/Implementations/UserService.cs @@ -544,6 +544,7 @@ public async Task StartWebAuthnLoginRegistrationAsync(U } public async Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, + string encryptedUserKey, string encryptedPublicKey, string encryptedPrivateKey, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse) { @@ -567,7 +568,10 @@ public async Task CompleteWebAuthLoginRegistrationAsync(User user, string AaGuid = success.Result.Aaguid, Counter = (int)success.Result.Counter, UserId = user.Id, - SupportsPrf = supportsPrf + SupportsPrf = supportsPrf, + EncryptedUserKey = encryptedUserKey, + EncryptedPublicKey = encryptedPublicKey, + EncryptedPrivateKey = encryptedPrivateKey }; await _webAuthnCredentialRepository.CreateAsync(credential); From 73606a2f53057a83dffe4dd1fa57a853d3545d1e Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Thu, 12 Oct 2023 11:32:20 +0200 Subject: [PATCH 04/11] [PM-4167] fix: allow credentials to be created without encryption support --- .../Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs | 3 --- src/Api/Properties/launchSettings.json | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs index 7b2abd207d8c..43eae3a805c0 100644 --- a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs +++ b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs @@ -18,17 +18,14 @@ public class WebAuthnCredentialRequestModel [Required] public bool SupportsPrf { get; set; } - [Required] [EncryptedString] [EncryptedStringLength(2000)] public string EncryptedUserKey { get; set; } - [Required] [EncryptedString] [EncryptedStringLength(2000)] public string EncryptedPublicKey { get; set; } - [Required] [EncryptedString] [EncryptedStringLength(2000)] public string EncryptedPrivateKey { get; set; } diff --git a/src/Api/Properties/launchSettings.json b/src/Api/Properties/launchSettings.json index b67505b0fc8c..f40c28ea99d4 100644 --- a/src/Api/Properties/launchSettings.json +++ b/src/Api/Properties/launchSettings.json @@ -30,4 +30,4 @@ } } } -} \ No newline at end of file +} From 0b679d29d13ff9824c8f43a8ee33393e1e085344 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Thu, 12 Oct 2023 14:59:31 +0200 Subject: [PATCH 05/11] [PM-4167] fix: broken test --- test/Core.Test/Services/UserServiceTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Core.Test/Services/UserServiceTests.cs b/test/Core.Test/Services/UserServiceTests.cs index 0bc0f08fb8f5..9b95387f529d 100644 --- a/test/Core.Test/Services/UserServiceTests.cs +++ b/test/Core.Test/Services/UserServiceTests.cs @@ -193,7 +193,7 @@ public async void CompleteWebAuthLoginRegistrationAsync_ExceedsExistingCredentia sutProvider.GetDependency().GetManyByUserIdAsync(user.Id).Returns(existingCredentials); // Act - var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", false, options, response); + var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", false, null, null, null, options, response); // Assert Assert.False(result); From 1d908fe952d7a68b4b54aaf9d0bebc9244e3ca79 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Thu, 12 Oct 2023 15:03:17 +0200 Subject: [PATCH 06/11] [PM-4167] chore: remove whitespace --- src/Core/Auth/Entities/WebAuthnCredential.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Core/Auth/Entities/WebAuthnCredential.cs b/src/Core/Auth/Entities/WebAuthnCredential.cs index 99dae0da7075..dcde686bd0a9 100644 --- a/src/Core/Auth/Entities/WebAuthnCredential.cs +++ b/src/Core/Auth/Entities/WebAuthnCredential.cs @@ -34,7 +34,6 @@ public void SetNewId() Id = CoreHelpers.GenerateComb(); } - public WebAuthnPrfStatus GetPrfStatus() { if (SupportsPrf && EncryptedUserKey != null && EncryptedPrivateKey != null && EncryptedPublicKey != null) From 5e589ae215a44be0ca2c39eddbb515cfd91a1f88 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Fri, 13 Oct 2023 14:03:23 +0200 Subject: [PATCH 07/11] [PM-4167] fix: controller test --- test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs b/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs index 32f2d5d49177..01fe69010adb 100644 --- a/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs +++ b/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs @@ -100,7 +100,7 @@ public async Task Post_ValidInput_Returns(WebAuthnCredentialRequestModel request .GetUserByPrincipalAsync(default) .ReturnsForAnyArgs(user); sutProvider.GetDependency() - .CompleteWebAuthLoginRegistrationAsync(user, requestModel.Name, createOptions, Arg.Any()) + .CompleteWebAuthLoginRegistrationAsync(user, requestModel.Name, requestModel.SupportsPrf, requestModel.EncryptedUserKey, requestModel.EncryptedPublicKey, requestModel.EncryptedPrivateKey, createOptions, Arg.Any()) .Returns(true); sutProvider.GetDependency>() .Unprotect(requestModel.Token) From ee3fad2ba5d9cb8014db41b3681fccaee4ffc0c8 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Mon, 6 Nov 2023 14:57:15 +0100 Subject: [PATCH 08/11] [PM-4167] chore: improve readability of `GetPrfStatus` --- src/Core/Auth/Entities/WebAuthnCredential.cs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/Core/Auth/Entities/WebAuthnCredential.cs b/src/Core/Auth/Entities/WebAuthnCredential.cs index dcde686bd0a9..486fd41e3f3b 100644 --- a/src/Core/Auth/Entities/WebAuthnCredential.cs +++ b/src/Core/Auth/Entities/WebAuthnCredential.cs @@ -36,15 +36,16 @@ public void SetNewId() public WebAuthnPrfStatus GetPrfStatus() { - if (SupportsPrf && EncryptedUserKey != null && EncryptedPrivateKey != null && EncryptedPublicKey != null) + if (!SupportsPrf) { - return WebAuthnPrfStatus.Enabled; + return WebAuthnPrfStatus.Unsupported; } - else if (SupportsPrf) + + if (EncryptedUserKey != null && EncryptedPrivateKey != null && EncryptedPublicKey != null) { - return WebAuthnPrfStatus.Supported; + return WebAuthnPrfStatus.Enabled; } - return WebAuthnPrfStatus.Unsupported; + return WebAuthnPrfStatus.Supported; } } From 71e67e5aa5c65d278765bbdaac31193ae697bd16 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Tue, 7 Nov 2023 15:56:23 +0100 Subject: [PATCH 09/11] [PM-4167] fix: make prf optional --- src/Core/Services/IUserService.cs | 2 +- src/Core/Services/Implementations/UserService.cs | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs index 1883c6e65591..736c730e6053 100644 --- a/src/Core/Services/IUserService.cs +++ b/src/Core/Services/IUserService.cs @@ -28,7 +28,7 @@ public interface IUserService Task DeleteWebAuthnKeyAsync(User user, int id); Task CompleteWebAuthRegistrationAsync(User user, int value, string name, AuthenticatorAttestationRawResponse attestationResponse); Task StartWebAuthnLoginRegistrationAsync(User user); - Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, string encryptedUserKey, string encryptedPublicKey, string encryptedPrivateKey, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse); + Task CompleteWebAuthLoginRegistrationAsync(User user, string name, CredentialCreateOptions options, AuthenticatorAttestationRawResponse attestationResponse, bool supportsPrf, string encryptedUserKey = null, string encryptedPublicKey = null, string encryptedPrivateKey = null); Task StartWebAuthnLoginAssertionAsync(User user); Task CompleteWebAuthLoginAssertionAsync(AuthenticatorAssertionRawResponse assertionResponse, User user); Task SendEmailVerificationAsync(User user); diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs index 7fc6c12e6578..e0d2e6aad5a0 100644 --- a/src/Core/Services/Implementations/UserService.cs +++ b/src/Core/Services/Implementations/UserService.cs @@ -543,10 +543,9 @@ public async Task StartWebAuthnLoginRegistrationAsync(U return options; } - public async Task CompleteWebAuthLoginRegistrationAsync(User user, string name, bool supportsPrf, - string encryptedUserKey, string encryptedPublicKey, string encryptedPrivateKey, - CredentialCreateOptions options, - AuthenticatorAttestationRawResponse attestationResponse) + public async Task CompleteWebAuthLoginRegistrationAsync(User user, string name, CredentialCreateOptions options, + AuthenticatorAttestationRawResponse attestationResponse, bool supportsPrf, + string encryptedUserKey = null, string encryptedPublicKey = null, string encryptedPrivateKey = null) { var existingCredentials = await _webAuthnCredentialRepository.GetManyByUserIdAsync(user.Id); if (existingCredentials.Count >= 5) From 52ac09cea4f5db90f4c120b344ad458324658cce Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Tue, 7 Nov 2023 16:02:35 +0100 Subject: [PATCH 10/11] [PM-4167] fix: commit missing controller change --- src/Api/Auth/Controllers/WebAuthnController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Api/Auth/Controllers/WebAuthnController.cs b/src/Api/Auth/Controllers/WebAuthnController.cs index e4c165b7d856..2102756e6e63 100644 --- a/src/Api/Auth/Controllers/WebAuthnController.cs +++ b/src/Api/Auth/Controllers/WebAuthnController.cs @@ -68,7 +68,7 @@ public async Task Post([FromBody] WebAuthnCredentialRequestModel model) throw new BadRequestException("The token associated with your request is expired. A valid token is required to continue."); } - var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, model.SupportsPrf, model.EncryptedUserKey, model.EncryptedPublicKey, model.EncryptedPrivateKey, tokenable.Options, model.DeviceResponse); + var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, tokenable.Options, model.DeviceResponse, model.SupportsPrf, model.EncryptedUserKey, model.EncryptedPublicKey, model.EncryptedPrivateKey); if (!success) { throw new BadRequestException("Unable to complete WebAuthn registration."); From 378b51d9daf2d8d9daefbec46a8fc727f8484ca5 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Tue, 7 Nov 2023 16:06:50 +0100 Subject: [PATCH 11/11] [PM-4167] fix: tests --- .../Auth/Controllers/WebAuthnControllerTests.cs | 10 +++++----- test/Core.Test/Services/UserServiceTests.cs | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs b/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs index 01fe69010adb..c9a7c0049d33 100644 --- a/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs +++ b/test/Api.Test/Auth/Controllers/WebAuthnControllerTests.cs @@ -22,7 +22,7 @@ public class WebAuthnControllerTests [Theory, BitAutoData] public async Task Get_UserNotFound_ThrowsUnauthorizedAccessException(SutProvider sutProvider) { - // Arrange + // Arrange sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsNullForAnyArgs(); // Act @@ -35,7 +35,7 @@ public async Task Get_UserNotFound_ThrowsUnauthorizedAccessException(SutProvider [Theory, BitAutoData] public async Task PostOptions_UserNotFound_ThrowsUnauthorizedAccessException(SecretVerificationRequestModel requestModel, SutProvider sutProvider) { - // Arrange + // Arrange sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsNullForAnyArgs(); // Act @@ -62,7 +62,7 @@ public async Task PostOptions_UserVerificationFailed_ThrowsBadRequestException(S [Theory, BitAutoData] public async Task Post_UserNotFound_ThrowsUnauthorizedAccessException(WebAuthnCredentialRequestModel requestModel, SutProvider sutProvider) { - // Arrange + // Arrange sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsNullForAnyArgs(); // Act @@ -100,7 +100,7 @@ public async Task Post_ValidInput_Returns(WebAuthnCredentialRequestModel request .GetUserByPrincipalAsync(default) .ReturnsForAnyArgs(user); sutProvider.GetDependency() - .CompleteWebAuthLoginRegistrationAsync(user, requestModel.Name, requestModel.SupportsPrf, requestModel.EncryptedUserKey, requestModel.EncryptedPublicKey, requestModel.EncryptedPrivateKey, createOptions, Arg.Any()) + .CompleteWebAuthLoginRegistrationAsync(user, requestModel.Name, createOptions, Arg.Any(), requestModel.SupportsPrf, requestModel.EncryptedUserKey, requestModel.EncryptedPublicKey, requestModel.EncryptedPrivateKey) .Returns(true); sutProvider.GetDependency>() .Unprotect(requestModel.Token) @@ -116,7 +116,7 @@ public async Task Post_ValidInput_Returns(WebAuthnCredentialRequestModel request [Theory, BitAutoData] public async Task Delete_UserNotFound_ThrowsUnauthorizedAccessException(Guid credentialId, SecretVerificationRequestModel requestModel, SutProvider sutProvider) { - // Arrange + // Arrange sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsNullForAnyArgs(); // Act diff --git a/test/Core.Test/Services/UserServiceTests.cs b/test/Core.Test/Services/UserServiceTests.cs index 9b95387f529d..1438272e4a2c 100644 --- a/test/Core.Test/Services/UserServiceTests.cs +++ b/test/Core.Test/Services/UserServiceTests.cs @@ -193,7 +193,7 @@ public async void CompleteWebAuthLoginRegistrationAsync_ExceedsExistingCredentia sutProvider.GetDependency().GetManyByUserIdAsync(user.Id).Returns(existingCredentials); // Act - var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", false, null, null, null, options, response); + var result = await sutProvider.Sut.CompleteWebAuthLoginRegistrationAsync(user, "name", options, response, false, null, null, null); // Assert Assert.False(result);