[PM-4619] Rewrite UserService methods as commands (#3432)

* [PM-4619] feat: scaffold new create options command * [PM-4169] feat: implement credential create options command * [PM-4619] feat: create command for credential creation * [PM-4619] feat: create assertion options command * [PM-4619] chore: clean-up unused argument * [PM-4619] feat: implement assertion command * [PM-4619] feat: migrate to commands * [PM-4619] fix: lint * [PM-4169] fix: use constant * [PM-4619] fix: lint I have no idea what this commit acutally changes, but the file seems to have some character encoding issues. This fix was generated by `dotnet format`
2026-01-02 08:33:48 +00:00 · 2023-12-14 09:35:52 +01:00
parent 27d7d823a7
commit d63c917c95
20 changed files with 500 additions and 245 deletions
--- a/src/Identity/Controllers/AccountsController.cs
+++ b/src/Identity/Controllers/AccountsController.cs
@@ -4,6 +4,7 @@ using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Auth.Models.Api.Response.Accounts;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.Services;
+using Bit.Core.Auth.UserFeatures.WebAuthnLogin;
 using Bit.Core.Auth.Utilities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -26,20 +27,22 @@ public class AccountsController : Controller
    private readonly IUserService _userService;
    private readonly ICaptchaValidationService _captchaValidationService;
    private readonly IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> _assertionOptionsDataProtector;
-
+    private readonly IGetWebAuthnLoginCredentialAssertionOptionsCommand _getWebAuthnLoginCredentialAssertionOptionsCommand;

    public AccountsController(
        ILogger<AccountsController> logger,
        IUserRepository userRepository,
        IUserService userService,
        ICaptchaValidationService captchaValidationService,
-        IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> assertionOptionsDataProtector)
+        IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> assertionOptionsDataProtector,
+        IGetWebAuthnLoginCredentialAssertionOptionsCommand getWebAuthnLoginCredentialAssertionOptionsCommand)
    {
        _logger = logger;
        _userRepository = userRepository;
        _userService = userService;
        _captchaValidationService = captchaValidationService;
        _assertionOptionsDataProtector = assertionOptionsDataProtector;
+        _getWebAuthnLoginCredentialAssertionOptionsCommand = getWebAuthnLoginCredentialAssertionOptionsCommand;
    }

    // Moved from API, If you modify this endpoint, please update API as well. Self hosted installs still use the API endpoints.
@@ -85,7 +88,7 @@ public class AccountsController : Controller
    [RequireFeature(FeatureFlagKeys.PasswordlessLogin)]
    public WebAuthnLoginAssertionOptionsResponseModel GetWebAuthnLoginAssertionOptions()
    {
-        var options = _userService.StartWebAuthnLoginAssertion();
+        var options = _getWebAuthnLoginCredentialAssertionOptionsCommand.GetWebAuthnLoginCredentialAssertionOptions();

        var tokenable = new WebAuthnLoginAssertionOptionsTokenable(WebAuthnLoginAssertionOptionsScope.Authentication, options);
        var token = _assertionOptionsDataProtector.Protect(tokenable);
--- a/src/Identity/IdentityServer/WebAuthnGrantValidator.cs
+++ b/src/Identity/IdentityServer/WebAuthnGrantValidator.cs
@@ -7,6 +7,7 @@ using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Identity;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.Repositories;
+using Bit.Core.Auth.UserFeatures.WebAuthnLogin;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Repositories;
@@ -26,6 +27,7 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
    public const string GrantType = "webauthn";

    private readonly IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> _assertionOptionsDataProtector;
+    private readonly IAssertWebAuthnLoginCredentialCommand _assertWebAuthnLoginCredentialCommand;

    public WebAuthnGrantValidator(
        UserManager<User> userManager,
@@ -48,7 +50,8 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
        IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> assertionOptionsDataProtector,
        IFeatureService featureService,
        IDistributedCache distributedCache,
-        IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder
+        IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder,
+        IAssertWebAuthnLoginCredentialCommand assertWebAuthnLoginCredentialCommand
        )
        : base(userManager, deviceRepository, deviceService, userService, eventService,
            organizationDuoWebTokenProvider, organizationRepository, organizationUserRepository,
@@ -56,6 +59,7 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
            userRepository, policyService, tokenDataFactory, featureService, ssoConfigRepository, distributedCache, userDecryptionOptionsBuilder)
    {
        _assertionOptionsDataProtector = assertionOptionsDataProtector;
+        _assertWebAuthnLoginCredentialCommand = assertWebAuthnLoginCredentialCommand;
    }

    string IExtensionGrantValidator.GrantType => "webauthn";
@@ -86,7 +90,7 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
            return;
        }

-        var (user, credential) = await _userService.CompleteWebAuthLoginAssertionAsync(token.Options, deviceResponse);
+        var (user, credential) = await _assertWebAuthnLoginCredentialCommand.AssertWebAuthnLoginCredential(token.Options, deviceResponse);
        var validatorContext = new CustomValidatorRequestContext
        {
            User = user,