using Bit.Core.AdminConsole.Entities; using Bit.Core.Auth.Enums; using Bit.Core.Entities; using Duende.IdentityServer.Validation; namespace Bit.Identity.IdentityServer.RequestValidators; public interface ITwoFactorAuthenticationValidator { ///

/// Check if the user is required to use two-factor authentication to login. This is based on the user's /// enabled two-factor providers, the user's organizations enabled two-factor providers, and the grant type. /// Client credentials and webauthn grant types do not require two-factor authentication. ///

/// the active user for the request /// the request that contains the grant types /// boolean Task> RequiresTwoFactorAsync(User user, ValidatedTokenRequest request); ///

/// Builds the two-factor authentication result for the user based on the available two-factor providers /// from either their user account or Organization. ///

/// user trying to login /// organization associated with the user; Can be null /// Dictionary with the TwoFactorProviderType as the Key and the Provider Metadata as the Value Task> BuildTwoFactorResultAsync(User user, Organization organization); ///

/// Uses the built in userManager methods to verify the two-factor token for the user. If the organization uses /// organization duo, it will use the organization duo token provider to verify the token. ///

/// the active User /// organization of user; can be null /// Two Factor Provider to use to verify the token /// secret passed from the user and consumed by the two-factor provider's verify method /// boolean Task VerifyTwoFactorAsync(User user, Organization organization, TwoFactorProviderType twoFactorProviderType, string token); }