mirror of
https://github.com/bitwarden/server
synced 2026-01-02 08:33:48 +00:00
bda2bd8ac1
* chore(feature-flag-keys) [PM-21153]: Add feature flag key for BaseRequestValidator changes. * fix(base-request-validator) [PM-21153]: Add validation state model for composable validation scenarios. * fix(base-request-validator) [PM-21153]: Update BaseRequestValidator to allow validation scenarios to be composable. * fix(base-request-validator) [PM-21153]: Remove validation state object in favor of validator context, per team discussion. * feat(base-request-validator) [PM-21153]: Update tests to use issue feature flag, both execution paths. * fix(base-request-validator) [PM-21153]: Fix a null dictionary check. * chore(base-request-validator) [PM-21153]: Add unit tests around behavior addressed in this feature. * chore(base-request-validator) [PM-21153]: Update comments for clarity. * chore(base-request-validator-tests) [PM-21153]: Update verbiage for tests. * fix(base-request-validator) [PM-21153]: Update validators to no longer need completed scheme management, use 2FA flag for recovery scenarios. * fix(base-request-validator-tests) [PM-21153]: Customize CustomValidatorRequestContext fixture to allow for setting of request-specific flags as part of the request validation (not eagerly truthy).
61 lines
2.7 KiB
C#
61 lines
2.7 KiB
C#
// FIXME: Update this file to be null safe and then delete the line below
|
|
#nullable disable
|
|
|
|
using Bit.Core.Auth.Entities;
|
|
using Bit.Core.Entities;
|
|
using Duende.IdentityServer.Validation;
|
|
|
|
namespace Bit.Identity.IdentityServer;
|
|
|
|
public class CustomValidatorRequestContext
|
|
{
|
|
public User User { get; set; }
|
|
/// <summary>
|
|
/// This is the device that the user is using to authenticate. It can be either known or unknown.
|
|
/// We set it here since the ResourceOwnerPasswordValidator needs the device to do device validation.
|
|
/// The option to set it here saves a trip to the database.
|
|
/// </summary>
|
|
public Device Device { get; set; }
|
|
/// <summary>
|
|
/// Communicates whether or not the device in the request is known to the user.
|
|
/// KnownDevice is set in the child classes of the BaseRequestValidator using the DeviceValidator.KnownDeviceAsync method.
|
|
/// Except in the CustomTokenRequestValidator, where it is hardcoded to true.
|
|
/// </summary>
|
|
public bool KnownDevice { get; set; }
|
|
/// <summary>
|
|
/// This communicates whether or not two factor is required for the user to authenticate.
|
|
/// </summary>
|
|
public bool TwoFactorRequired { get; set; } = false;
|
|
/// <summary>
|
|
/// Whether the user has requested recovery of their 2FA methods using their one-time
|
|
/// recovery code.
|
|
/// </summary>
|
|
/// <seealso cref="Bit.Core.Auth.Enums.TwoFactorProviderType"/>
|
|
public bool TwoFactorRecoveryRequested { get; set; } = false;
|
|
/// <summary>
|
|
/// This communicates whether or not SSO is required for the user to authenticate.
|
|
/// </summary>
|
|
public bool SsoRequired { get; set; } = false;
|
|
/// <summary>
|
|
/// We use the parent class for both GrantValidationResult and TokenRequestValidationResult here for
|
|
/// flexibility when building an error response.
|
|
/// This will be null if the authentication request is successful.
|
|
/// </summary>
|
|
public ValidationResult ValidationErrorResult { get; set; }
|
|
/// <summary>
|
|
/// This dictionary should contain relevant information for the clients to act on.
|
|
/// This will contain the information used to guide a user to successful authentication, such as TwoFactorProviders.
|
|
/// This will be null if the authentication request is successful.
|
|
/// </summary>
|
|
public Dictionary<string, object> CustomResponse { get; set; }
|
|
/// <summary>
|
|
/// A validated auth request
|
|
/// <see cref="AuthRequest.IsValidForAuthentication"/>
|
|
/// </summary>
|
|
public AuthRequest ValidatedAuthRequest { get; set; }
|
|
/// <summary>
|
|
/// Whether the user has requested a Remember Me token for their current device.
|
|
/// </summary>
|
|
public bool RememberMeRequested { get; set; } = false;
|
|
}
|