using Bit.Core.Auth.Identity.TokenProviders;
using Duende.IdentityServer.Validation;
namespace Bit.Identity.IdentityServer.RequestValidators.SendAccess;
///
/// String constants for the Send Access user feature
/// Most of these need to be synced with the `bitwarden-auth` crate in the SDK.
/// There is snapshot testing to help ensure this.
///
public static class SendAccessConstants
{
///
/// A catch all error type for send access related errors. Used mainly in the
///
public const string SendAccessError = "send_access_error_type";
public static class TokenRequest
{
///
/// used to fetch Send from database.
///
public const string SendId = "send_id";
///
/// used to validate Send protected passwords
///
public const string ClientB64HashedPassword = "password_hash_b64";
///
/// email used to see if email is associated with the Send
///
public const string Email = "email";
///
/// Otp code sent to email associated with the Send
///
public const string Otp = "otp";
}
public static class GrantValidatorResults
{
///
/// The sendId is valid and the request is well formed. Not returned in any response.
///
public const string ValidSendGuid = "valid_send_guid";
///
/// The sendId is missing from the request.
///
public const string SendIdRequired = "send_id_required";
///
/// The sendId is invalid, does not match a known send.
///
public const string InvalidSendId = "send_id_invalid";
}
public static class PasswordValidatorResults
{
///
/// The passwordHashB64 does not match the send's password hash.
///
public const string RequestPasswordDoesNotMatch = "password_hash_b64_invalid";
///
/// The passwordHashB64 is missing from the request.
///
public const string RequestPasswordIsRequired = "password_hash_b64_required";
}
public static class EmailOtpValidatorResults
{
///
/// Represents the error code indicating that an email address is required.
///
public const string EmailRequired = "email_required";
///
/// Represents the error code indicating that an email address is invalid.
///
public const string EmailInvalid = "email_invalid";
///
/// Represents the status indicating that both email and OTP are required, and the OTP has been sent.
///
public const string EmailOtpSent = "email_and_otp_required_otp_sent";
///
/// Represents the status indicating that both email and OTP are required, and the OTP is invalid.
///
public const string EmailOtpInvalid = "otp_invalid";
///
/// For what ever reason the OTP was not able to be generated
///
public const string OtpGenerationFailed = "otp_generation_failed";
}
///
/// These are the constants for the OTP token that is generated during the email otp authentication process.
/// These items are required by to aid in the creation of a unique lookup key.
/// Look up key format is: {TokenProviderName}_{Purpose}_{TokenUniqueIdentifier}
///
public static class OtpToken
{
public const string TokenProviderName = "send_access";
public const string Purpose = "email_otp";
///
/// This will be send_id {0} and email {1}
///
public const string TokenUniqueIdentifier = "{0}_{1}";
}
public static class OtpEmail
{
public const string Subject = "Your Bitwarden Send verification code is {0}";
}
}