bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-29 15:53:36 +00:00
Code Issues Releases Wiki Activity

test(register): [PM-27084] Account Register Uses New Data Types - Added new checks from review.

Browse Source
This commit is contained in:
Patrick Pimentel
2025-12-22 21:49:38 -05:00
parent aa8e8cc868
commit 5b2edef736
3 changed files with 54 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/Core/Auth/Models/Api/Request/Accounts/RegisterFinishRequestModel.cs
View File

@@ -63,12 +63,22 @@ public class RegisterFinishRequestModel : IValidatableObject
public User ToUser()
{
// PM-28143 - Remove line below
// When we process this request to a user object, check if the unlock and authentication
// data has been passed through, and if so they should have matching values.
MasterPasswordUnlockData.ThrowIfExistsAndNotMatchingAuthenticationData(MasterPasswordAuthenticationData, MasterPasswordUnlockData);
// PM-28143 - Remove line below
MasterPasswordAuthenticationData.ThrowIfExistsAndHashIsNotEqual(MasterPasswordAuthenticationData, MasterPasswordHash);
var user = new User
{
Email = Email,
MasterPasswordHint = MasterPasswordHint,
Kdf = MasterPasswordUnlockData?.Kdf.KdfType ?? Kdf ?? throw new Exception("KdfType couldn't be found on either the MasterPasswordUnlockData or the Kdf property passed in."),
KdfIterations = MasterPasswordUnlockData?.Kdf.Iterations ?? KdfIterations ?? throw new Exception("KdfIterations couldn't be found on either the MasterPasswordUnlockData or the KdfIterations property passed in."),
Kdf = MasterPasswordUnlockData?.Kdf.KdfType ?? Kdf
?? throw new Exception("KdfType couldn't be found on either the MasterPasswordUnlockData or the Kdf property passed in."),
KdfIterations = MasterPasswordUnlockData?.Kdf.Iterations ?? KdfIterations
?? throw new Exception("KdfIterations couldn't be found on either the MasterPasswordUnlockData or the KdfIterations property passed in."),
// KdfMemory and KdfParallelism are optional (only used for Argon2id)
KdfMemory = MasterPasswordUnlockData?.Kdf.Memory ?? KdfMemory,
KdfParallelism = MasterPasswordUnlockData?.Kdf.Parallelism ?? KdfParallelism,
@@ -111,6 +121,8 @@ public class RegisterFinishRequestModel : IValidatableObject
public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
{
MasterPasswordUnlockData.ThrowIfExistsAndNotMatchingAuthenticationData(MasterPasswordAuthenticationData, MasterPasswordUnlockData);
// PM-28143 - Remove line below
var kdf = MasterPasswordUnlockData?.Kdf.KdfType
?? Kdf

13
src/Core/KeyManagement/Models/Data/MasterPasswordAuthenticationData.cs
View File

@@ -16,4 +16,17 @@ public class MasterPasswordAuthenticationData
throw new BadRequestException("Invalid master password salt.");
}
}
public static void ThrowIfExistsAndHashIsNotEqual(
MasterPasswordAuthenticationData? authenticationData,
string? hash)
{
if (authenticationData != null && hash != null)
{
if (authenticationData.MasterPasswordAuthenticationHash != hash)
{
throw new Exception("Master password hash and hash are not equal.");
}
}
}
}

27
src/Core/KeyManagement/Models/Data/MasterPasswordUnlockData.cs
View File

@@ -16,4 +16,31 @@ public class MasterPasswordUnlockData
throw new BadRequestException("Invalid master password salt.");
}
}
public static void ThrowIfExistsAndNotMatchingAuthenticationData(
MasterPasswordAuthenticationData? authenticationData,
MasterPasswordUnlockData? unlockData)
{
if (unlockData != null && authenticationData != null)
{
var matches = MatchesAuthenticationData(
unlockData,
authenticationData);
if (!matches)
{
throw new Exception("KDF settings and salt must match between authentication and unlock data.");
}
}
}
private static bool MatchesAuthenticationData(
MasterPasswordUnlockData unlockData,
MasterPasswordAuthenticationData authenticationData)
{
var kdfMatches = unlockData.Kdf.Equals(authenticationData.Kdf);
var saltMatches = unlockData.Salt == authenticationData.Salt;
return kdfMatches && saltMatches;
}
}