[KeyConnector] Add support for key connector OTP (#1633)

* initial commit - add UsesKeyConnector to UserService - add models - begin work on authentication * finish auth workflow for key connector sso login - finish api call for get user key - start api calls for posts to key connector * Bypass lock page if already unlocked * Move logic to KeyConnectorService, log out if no pin or biometric is set * Disable password reprompt when using key connector * hide password reprompt checkbox when editing or adding cipher * add PostUserKey and PostSetKeyConnector calls * add ConvertMasterPasswordPage * add functionality to RemoveMasterPasswordPage - rename Convert to Remove * Hide Change Master Password button if using key connector * Add OTP verification for export component * Update src/App/Pages/Vault/AddEditPage.xaml.cs Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * remove toolbar item "close" * Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * remove new line in resource string - format warning as two labels - set label in code behind for loading simultaneously * implement GetAndSetKey in KeyConnectorService - ignore EnvironmentService call * remove unnecesary orgIdentifier * move RemoveMasterPasswordPage call to LockPage * add spacing to export vault page * log out if no PIN or bio on lock page with key connector * Delete excessive whitespace * Delete excessive whitespace * Change capitalisation of OTP * add default value to models for backwards compatibility * remove this keyword * actually handle exceptions * move RemoveMasterPasswordPage to TabPage using messaging service * add minor improvements * remove 'this.' Co-authored-by: Hinton <oscar@oscarhinton.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2025-12-17 08:43:21 +00:00 · 2021-11-10 20:46:48 -05:00
parent 90b62d61ae
commit 13869b5a1b
40 changed files with 869 additions and 74 deletions
--- a/src/Core/Services/KeyConnectorService.cs
+++ b/src/Core/Services/KeyConnectorService.cs
@@ -0,0 +1,98 @@
+using System;
+using System.Threading.Tasks;
+using Bit.Core.Abstractions;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Domain;
+using Bit.Core.Models.Request;
+
+namespace Bit.Core.Services
+{
+    public class KeyConnectorService : IKeyConnectorService
+    {
+        private const string Keys_UsesKeyConnector = "usesKeyConnector";
+
+        private readonly IUserService _userService;
+        private readonly ICryptoService _cryptoService;
+        private readonly IStorageService _storageService;
+        private readonly ITokenService _tokenService;
+        private readonly IApiService _apiService;
+
+        private bool? _usesKeyConnector;
+
+        public KeyConnectorService(IUserService userService, ICryptoService cryptoService,
+            IStorageService storageService, ITokenService tokenService, IApiService apiService)
+        {
+            _userService = userService;
+            _cryptoService = cryptoService;
+            _storageService = storageService;
+            _tokenService = tokenService;
+            _apiService = apiService;
+        }
+
+        public async Task GetAndSetKey(string url)
+        {
+            try
+            {
+                var userKeyResponse = await _apiService.GetUserKeyFromKeyConnector(url);
+                var keyArr = Convert.FromBase64String(userKeyResponse.Key);
+                var k = new SymmetricCryptoKey(keyArr);
+                await _cryptoService.SetKeyAsync(k);
+            }
+            catch (Exception e)
+            {
+                throw new Exception("Unable to reach Key Connector", e);
+            }            
+        }
+
+        public async Task SetUsesKeyConnector(bool usesKeyConnector)
+        {
+            _usesKeyConnector = usesKeyConnector;
+            await _storageService.SaveAsync(Keys_UsesKeyConnector, usesKeyConnector);
+        }
+
+        public async Task<bool> GetUsesKeyConnector()
+        {
+            if (!_usesKeyConnector.HasValue)
+            {
+                _usesKeyConnector = await _storageService.GetAsync<bool>(Keys_UsesKeyConnector);
+            }
+
+            return _usesKeyConnector.Value;
+        }
+
+        public async Task<Organization> GetManagingOrganization()
+        {
+            var orgs = await _userService.GetAllOrganizationAsync();
+            return orgs.Find(o =>
+                o.UsesKeyConnector &&
+                !o.IsAdmin);
+        }
+
+        public async Task MigrateUser()
+        {
+            var organization = await GetManagingOrganization();
+            var key = await _cryptoService.GetKeyAsync();
+
+            try
+            {
+                var keyConnectorRequest = new KeyConnectorUserKeyRequest(key.EncKeyB64);
+                await _apiService.PostUserKeyToKeyConnector(organization.KeyConnectorUrl, keyConnectorRequest);
+            }
+            catch (Exception e)
+            {
+                throw new Exception("Unable to reach Key Connector", e);
+            }
+
+            await _apiService.PostConvertToKeyConnector();
+        }
+
+        public async Task<bool> UserNeedsMigration()
+        {
+            var loggedInUsingSso = _tokenService.GetIsExternal();
+            var requiredByOrganization = await GetManagingOrganization() != null;
+            var userIsNotUsingKeyConnector = !await GetUsesKeyConnector();
+
+            return loggedInUsingSso && requiredByOrganization && userIsNotUsingKeyConnector;
+        }
+    }
+}