bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-30 15:14:02 +00:00
Code Issues Releases Wiki Activity

[PM-8220] New Device Verification (#5084)

Browse Source 
* feat(BaseRequestValidator): 
Add global setting for new device verification.
Refactor BaseRequestValidator enabling better self-documenting code and better single responsibility principle for validators.
Updated DeviceValidator to handle new device verification, behind a feature flag.
Moved IDeviceValidator interface to separate file.
Updated CustomRequestValidator to act as the conduit by which *Validators communicate authentication context between themselves and the RequestValidators.
Adding new test for DeviceValidator class.
Updated tests for BaseRequestValidator as some functionality was moved to the DeviceValidator class.
This commit is contained in:
Ike
2024-12-12 09:08:11 -08:00
committed by GitHub
parent a76a9cb800
commit 867fa848dd
15 changed files with 1112 additions and 473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Identity/IdentityServer/CustomValidatorRequestContext.cs
View File

@@ -1,11 +1,43 @@
using Bit.Core.Auth.Models.Business;
using Bit.Core.Entities;
using Duende.IdentityServer.Validation;
namespace Bit.Identity.IdentityServer;
public class CustomValidatorRequestContext
{
public User User { get; set; }
/// <summary>
/// This is the device that the user is using to authenticate. It can be either known or unknown.
/// We set it here since the ResourceOwnerPasswordValidator needs the device to know if CAPTCHA is required.
/// The option to set it here saves a trip to the database.
/// </summary>
public Device Device { get; set; }
/// <summary>
/// Communicates whether or not the device in the request is known to the user.
/// KnownDevice is set in the child classes of the BaseRequestValidator using the DeviceValidator.KnownDeviceAsync method.
/// Except in the CustomTokenRequestValidator, where it is hardcoded to true.
/// </summary>
public bool KnownDevice { get; set; }
/// <summary>
/// This communicates whether or not two factor is required for the user to authenticate.
/// </summary>
public bool TwoFactorRequired { get; set; } = false;
/// <summary>
/// This communicates whether or not SSO is required for the user to authenticate.
/// </summary>
public bool SsoRequired { get; set; } = false;
/// <summary>
/// We use the parent class for both GrantValidationResult and TokenRequestValidationResult here for
/// flexibility when building an error response.
/// This will be null if the authentication request is successful.
/// </summary>
public ValidationResult ValidationErrorResult { get; set; }
/// <summary>
/// This dictionary should contain relevant information for the clients to act on.
/// This will contain the information used to guide a user to successful authentication, such as TwoFactorProviders.
/// This will be null if the authentication request is successful.
/// </summary>
public Dictionary<string, object> CustomResponse { get; set; }
public CaptchaResponse CaptchaResponse { get; set; }
}