From 0847a18eda1ff5a41a7c045cc1bdbc9a1aa3f689 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Mon, 11 Sep 2023 16:22:41 +0200 Subject: [PATCH] [PM-3808] feat: add fido2 compatibility check before saving ciphers --- src/Api/Vault/Controllers/CiphersController.cs | 10 ++++++++++ src/Core/Constants.cs | 1 + 2 files changed, 11 insertions(+) diff --git a/src/Api/Vault/Controllers/CiphersController.cs b/src/Api/Vault/Controllers/CiphersController.cs index 8bcd6038927d..e687feae7627 100644 --- a/src/Api/Vault/Controllers/CiphersController.cs +++ b/src/Api/Vault/Controllers/CiphersController.cs @@ -27,6 +27,8 @@ namespace Bit.Api.Vault.Controllers; [Authorize("Application")] public class CiphersController : Controller { + private static readonly Version _fido2KeyCipherMinimumVersion = new Version(Constants.Fido2KeyCipherMinimumVersion); + private readonly ICipherRepository _cipherRepository; private readonly ICollectionCipherRepository _collectionCipherRepository; private readonly ICipherService _cipherService; @@ -186,6 +188,14 @@ public async Task Put(Guid id, [FromBody] CipherRequestMode "then try again."); } + // Temporary protection against old clients overwriting and deleting Fido2Keys + // Response model used to re-use logic for parsing 'data' property + var cipherModel = new CipherResponseModel(cipher, _globalSettings); + if (cipherModel.Login?.Fido2Key != null && _currentContext.ClientVersion < _fido2KeyCipherMinimumVersion) + { + throw new BadRequestException("Please update your client to edit this item."); + } + await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate, collectionIds); var response = new CipherResponseModel(cipher, _globalSettings); diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index 13273acdfbb9..3f4362dc12cd 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -19,6 +19,7 @@ public static class Constants /// their subscription has expired. /// public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60; + public const string Fido2KeyCipherMinimumVersion = "2023.9.0"; } public static class TokenPurposes