kgess-mirror/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-11 19:57:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Allow mobile clients to create passkeys (#6383) [PM-26177]
Some checks are pending
Collect code references / Check for secret access (push) Waiting to run
Details
Collect code references / Code reference collection (push) Blocked by required conditions
Details
Scan / Sonar (push) Blocked by required conditions
Details
Scan / Check PR run (push) Waiting to run
Details
Scan / Checkmarx (push) Blocked by required conditions
Details
Testing / Run tests (push) Waiting to run
Details

Browse source 
* Allow mobile clients to create vault passkeys

* Document uses for authorization policies
This commit is contained in:
Isaiah Inuwa 2025-12-30 07:31:26 -06:00 committed by GitHub
parent 34b4dc3985
commit 9a340c0fdd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 95 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/Api/Auth/Controllers/WebAuthnController.cs
View file

@ -21,7 +21,6 @@ using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.Auth.Controllers;
[Route("webauthn")]
[Authorize(Policies.Web)]
public class WebAuthnController : Controller
{
private readonly IUserService _userService;
@ -62,6 +61,7 @@ public class WebAuthnController : Controller
_featureService = featureService;
}
[Authorize(Policies.Web)]
[HttpGet("")]
public async Task<ListResponseModel<WebAuthnCredentialResponseModel>> Get()
{
@ -71,6 +71,7 @@ public class WebAuthnController : Controller
return new ListResponseModel<WebAuthnCredentialResponseModel>(credentials.Select(c => new WebAuthnCredentialResponseModel(c)));
}
[Authorize(Policies.Application)]
[HttpPost("attestation-options")]
public async Task<WebAuthnCredentialCreateOptionsResponseModel> AttestationOptions([FromBody] SecretVerificationRequestModel model)
{
@ -88,6 +89,7 @@ public class WebAuthnController : Controller
};
}
[Authorize(Policies.Web)]
[HttpPost("assertion-options")]
public async Task<WebAuthnLoginAssertionOptionsResponseModel> AssertionOptions([FromBody] SecretVerificationRequestModel model)
{
@ -104,6 +106,7 @@ public class WebAuthnController : Controller
};
}
[Authorize(Policies.Application)]
[HttpPost("")]
public async Task Post([FromBody] WebAuthnLoginCredentialCreateRequestModel model)
{
@ -149,6 +152,7 @@ public class WebAuthnController : Controller
}
}
[Authorize(Policies.Application)]
[HttpPut()]
public async Task UpdateCredential([FromBody] WebAuthnLoginCredentialUpdateRequestModel model)
{
@ -172,6 +176,7 @@ public class WebAuthnController : Controller
await _credentialRepository.UpdateAsync(credential);
}
[Authorize(Policies.Web)]
[HttpPost("{id}/delete")]
public async Task Delete(Guid id, [FromBody] SecretVerificationRequestModel model)
{

96
src/Core/Auth/Identity/Policies.cs
View file

@ -5,12 +5,94 @@ public static class Policies
/// <summary>
/// Policy for managing access to the Send feature.
/// </summary>
public const string Send = "Send"; // [Authorize(Policy = Policies.Send)]
public const string Application = "Application"; // [Authorize(Policy = Policies.Application)]
public const string Web = "Web"; // [Authorize(Policy = Policies.Web)]
public const string Push = "Push"; // [Authorize(Policy = Policies.Push)]
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Send)]
/// </code>
/// </example>
/// </remarks>
public const string Send = "Send";
/// <summary>
/// Policy to manage access to general API endpoints.
/// </summary>
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Application)]
/// </code>
/// </example>
/// </remarks>
public const string Application = "Application";
/// <summary>
/// Policy to manage access to API endpoints intended for use by the Web Vault and browser extension only.
/// </summary>
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Web)]
/// </code>
/// </example>
/// </remarks>
public const string Web = "Web";
/// <summary>
/// Policy to restrict access to API endpoints for the Push feature.
/// </summary>
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Push)]
/// </code>
/// </example>
/// </remarks>
public const string Push = "Push";
// TODO: This is unused
public const string Licensing = "Licensing"; // [Authorize(Policy = Policies.Licensing)]
public const string Organization = "Organization"; // [Authorize(Policy = Policies.Organization)]
public const string Installation = "Installation"; // [Authorize(Policy = Policies.Installation)]
public const string Secrets = "Secrets"; // [Authorize(Policy = Policies.Secrets)]
/// <summary>
/// Policy to restrict access to API endpoints related to the Organization features.
/// </summary>
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Licensing)]
/// </code>
/// </example>
/// </remarks>
public const string Organization = "Organization";
/// <summary>
/// Policy to restrict access to API endpoints related to the setting up new installations.
/// </summary>
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Installation)]
/// </code>
/// </example>
/// </remarks>
public const string Installation = "Installation";
/// <summary>
/// Policy to restrict access to API endpoints for Secrets Manager features.
/// </summary>
/// <remarks>
/// <example>
/// Can be used with the <c>Authorize</c> attribute, for example:
/// <code>
/// [Authorize(Policy = Policies.Secrets)]
/// </code>
/// </example>
/// </remarks>
public const string Secrets = "Secrets";
}