mirror of
https://github.com/bitwarden/server
synced 2025-12-20 10:13:39 +00:00
dont cycle security token on re-hash
This commit is contained in:
Kyle Spearrin
@@ -25,7 +25,6 @@ namespace Bit.Api.Controllers
|
||||
private readonly ICipherService _cipherService;
|
||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||
private readonly ILicensingService _licenseService;
|
||||
private readonly UserManager<User> _userManager;
|
||||
private readonly GlobalSettings _globalSettings;
|
||||
|
||||
public AccountsController(
|
||||
@@ -33,13 +32,11 @@ namespace Bit.Api.Controllers
|
||||
ICipherService cipherService,
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
ILicensingService licenseService,
|
||||
UserManager<User> userManager,
|
||||
GlobalSettings globalSettings)
|
||||
{
|
||||
_userService = userService;
|
||||
_cipherService = cipherService;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
_userManager = userManager;
|
||||
_licenseService = licenseService;
|
||||
_globalSettings = globalSettings;
|
||||
}
|
||||
@@ -79,7 +76,7 @@ namespace Bit.Api.Controllers
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
if(!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
@@ -323,7 +320,7 @@ namespace Bit.Api.Controllers
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
if(!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
ModelState.AddModelError("MasterPasswordHash", "Invalid password.");
|
||||
await Task.Delay(2000);
|
||||
|
||||
@@ -25,7 +25,6 @@ namespace Bit.Api.Controllers
|
||||
private readonly ICollectionCipherRepository _collectionCipherRepository;
|
||||
private readonly ICipherService _cipherService;
|
||||
private readonly IUserService _userService;
|
||||
private readonly UserManager<User> _userManager;
|
||||
private readonly CurrentContext _currentContext;
|
||||
private readonly GlobalSettings _globalSettings;
|
||||
|
||||
@@ -34,7 +33,6 @@ namespace Bit.Api.Controllers
|
||||
ICollectionCipherRepository collectionCipherRepository,
|
||||
ICipherService cipherService,
|
||||
IUserService userService,
|
||||
UserManager<User> userManager,
|
||||
CurrentContext currentContext,
|
||||
GlobalSettings globalSettings)
|
||||
{
|
||||
@@ -42,7 +40,6 @@ namespace Bit.Api.Controllers
|
||||
_collectionCipherRepository = collectionCipherRepository;
|
||||
_cipherService = cipherService;
|
||||
_userService = userService;
|
||||
_userManager = userManager;
|
||||
_currentContext = currentContext;
|
||||
_globalSettings = globalSettings;
|
||||
}
|
||||
@@ -381,7 +378,7 @@ namespace Bit.Api.Controllers
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
if(!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
ModelState.AddModelError("MasterPasswordHash", "Invalid password.");
|
||||
await Task.Delay(2000);
|
||||
|
||||
@@ -32,7 +32,6 @@ namespace Bit.Api.Controllers
|
||||
private readonly CurrentContext _currentContext;
|
||||
private readonly GlobalSettings _globalSettings;
|
||||
private readonly ApiSettings _apiSettings;
|
||||
private readonly UserManager<User> _userManager;
|
||||
|
||||
public OrganizationsController(
|
||||
IOrganizationRepository organizationRepository,
|
||||
@@ -41,15 +40,13 @@ namespace Bit.Api.Controllers
|
||||
IUserService userService,
|
||||
CurrentContext currentContext,
|
||||
GlobalSettings globalSettings,
|
||||
IOptions<ApiSettings> apiSettings,
|
||||
UserManager<User> userManager)
|
||||
IOptions<ApiSettings> apiSettings)
|
||||
{
|
||||
_organizationRepository = organizationRepository;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
_organizationService = organizationService;
|
||||
_userService = userService;
|
||||
_currentContext = currentContext;
|
||||
_userManager = userManager;
|
||||
_globalSettings = globalSettings;
|
||||
_apiSettings = apiSettings.Value;
|
||||
}
|
||||
@@ -359,7 +356,7 @@ namespace Bit.Api.Controllers
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
if(!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
|
||||
@@ -246,7 +246,7 @@ namespace Bit.Api.Controllers
|
||||
var user = await _userManager.FindByEmailAsync(model.Email.ToLowerInvariant());
|
||||
if(user != null)
|
||||
{
|
||||
if(await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
if(await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
|
||||
{
|
||||
await _userService.SendTwoFactorEmailAsync(user);
|
||||
return;
|
||||
@@ -336,7 +336,7 @@ namespace Bit.Api.Controllers
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
|
||||
if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
|
||||
if(!await _userService.CheckPasswordAsync(user, masterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
||||
|
||||
Reference in New Issue
Block a user