bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-02-16 08:34:15 +00:00
Code Issues Releases Wiki Activity

Initial refactor

Browse Source
This commit is contained in:
Anders Åberg
2025-09-25 10:28:48 +02:00
parent d2c2ae5b4d
commit ba0723c0ed
6 changed files with 39 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Identity/IdentityServer/IUserDecryptionOptionsBuilder.cs
View File

@@ -11,6 +11,6 @@ public interface IUserDecryptionOptionsBuilder
IUserDecryptionOptionsBuilder ForUser(User user);
IUserDecryptionOptionsBuilder WithDevice(Device device);
IUserDecryptionOptionsBuilder WithSso(SsoConfig ssoConfig);
IUserDecryptionOptionsBuilder WithWebAuthnLoginCredential(WebAuthnCredential credential);
IUserDecryptionOptionsBuilder WithWebAuthnLoginCredentials(IEnumerable<WebAuthnCredential> credentials);
Task<UserDecryptionOptions> BuildAsync();
}

8
src/Identity/IdentityServer/RequestValidators/WebAuthnGrantValidator.cs
View File

@@ -30,6 +30,7 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
private readonly IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> _assertionOptionsDataProtector;
private readonly IAssertWebAuthnLoginCredentialCommand _assertWebAuthnLoginCredentialCommand;
private readonly IDeviceValidator _deviceValidator;
private readonly IWebAuthnCredentialRepository _webAuthnCredentialRepository;
public WebAuthnGrantValidator(
UserManager<User> userManager,
@@ -50,7 +51,8 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
IAssertWebAuthnLoginCredentialCommand assertWebAuthnLoginCredentialCommand,
IPolicyRequirementQuery policyRequirementQuery,
IAuthRequestRepository authRequestRepository,
IMailService mailService)
IMailService mailService,
IWebAuthnCredentialRepository webAuthnCredentialRepository)
: base(
userManager,
userService,
@@ -73,6 +75,7 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
_assertionOptionsDataProtector = assertionOptionsDataProtector;
_assertWebAuthnLoginCredentialCommand = assertWebAuthnLoginCredentialCommand;
_deviceValidator = deviceValidator;
_webAuthnCredentialRepository = webAuthnCredentialRepository;
}
string IExtensionGrantValidator.GrantType => "webauthn";
@@ -98,7 +101,8 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
}
var (user, credential) = await _assertWebAuthnLoginCredentialCommand.AssertWebAuthnLoginCredential(token.Options, deviceResponse);
UserDecryptionOptionsBuilder.WithWebAuthnLoginCredential(credential);
var allCredentials = await _webAuthnCredentialRepository.GetManyByUserIdAsync(user.Id);
UserDecryptionOptionsBuilder.WithWebAuthnLoginCredentials(allCredentials);
await ValidateAsync(context, context.Request, new CustomValidatorRequestContext { User = user });
}

18
src/Identity/IdentityServer/UserDecryptionOptionsBuilder.cs
View File

@@ -57,15 +57,25 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
public IUserDecryptionOptionsBuilder WithDevice(Device device)
{
_device = device;
_device = device;>
return this;
}
public IUserDecryptionOptionsBuilder WithWebAuthnLoginCredential(WebAuthnCredential credential)
public IUserDecryptionOptionsBuilder WithWebAuthnLoginCredentials(IEnumerable<WebAuthnCredential> credentials)
{
if (credential.GetPrfStatus() == WebAuthnPrfStatus.Enabled)
var prfEnabledCredentials = credentials
.Where(c => c.GetPrfStatus() == WebAuthnPrfStatus.Enabled)
.Select(c => new WebAuthnPrfDecryptionOption(
c.EncryptedPrivateKey,
c.EncryptedUserKey,
c.CredentialId,
[] // Stored credentials currently lack Transports, just send an empty array for now
))
.ToArray();
if (prfEnabledCredentials.Length > 0)
{
_options.WebAuthnPrfOption = new WebAuthnPrfDecryptionOption(credential.EncryptedPrivateKey, credential.EncryptedUserKey);
_options.WebAuthnPrfOptions = prfEnabledCredentials;
}
return this;
}