Skip to content

Commit

Permalink
[PM-3808] feat: add fido2 compatibility check before saving ciphers
Browse files Browse the repository at this point in the history
  • Loading branch information
coroiu committed Sep 12, 2023
1 parent 938d380 commit 0847a18
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/Api/Vault/Controllers/CiphersController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ namespace Bit.Api.Vault.Controllers;
[Authorize("Application")]
public class CiphersController : Controller
{
private static readonly Version _fido2KeyCipherMinimumVersion = new Version(Constants.Fido2KeyCipherMinimumVersion);

private readonly ICipherRepository _cipherRepository;
private readonly ICollectionCipherRepository _collectionCipherRepository;
private readonly ICipherService _cipherService;
Expand Down Expand Up @@ -186,6 +188,14 @@ public async Task<CipherResponseModel> Put(Guid id, [FromBody] CipherRequestMode
"then try again.");
}

// Temporary protection against old clients overwriting and deleting Fido2Keys
// Response model used to re-use logic for parsing 'data' property
var cipherModel = new CipherResponseModel(cipher, _globalSettings);
if (cipherModel.Login?.Fido2Key != null && _currentContext.ClientVersion < _fido2KeyCipherMinimumVersion)
{
throw new BadRequestException("Please update your client to edit this item.");
}

await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate, collectionIds);

var response = new CipherResponseModel(cipher, _globalSettings);
Expand Down
1 change: 1 addition & 0 deletions src/Core/Constants.cs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ public static class Constants
/// their subscription has expired.
/// </summary>
public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60;
public const string Fido2KeyCipherMinimumVersion = "2023.9.0";
}

public static class TokenPurposes
Expand Down

0 comments on commit 0847a18

Please sign in to comment.