Migrate existing U2F to Fido2 (#2484)

* Migrate existing U2F to Fido2 This seamlessly switches all u2f registrations over to the new FIDO2 support. Please note that I have not yet added a way to drop the u2f DB and its UI so that we can test the migration works properly for all. * add testing logic * fix u2f tests * remove duplicate status message * fix test and namespaces * fix test
2026-02-22 14:44:23 +01:00 · 2021-04-28 06:14:15 +02:00
parent c878f63f99
commit 02bf5afe0b
14 changed files with 149 additions and 59 deletions
--- a/BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs
+++ b/BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs
@@ -9,6 +9,7 @@ using BTCPayServer.Client;
 using BTCPayServer.Data;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;

@@ -61,7 +62,16 @@ namespace BTCPayServer.Security.GreenField
            if (!result.Succeeded)
                return AuthenticateResult.Fail(result.ToString());

-            var user = await _userManager.FindByNameAsync(username);
+            var user = await _userManager.Users
+                .Include(applicationUser => applicationUser.U2FDevices)
+                .Include(applicationUser => applicationUser.Fido2Credentials)
+                .FirstOrDefaultAsync(applicationUser =>
+                    applicationUser.NormalizedUserName == _userManager.NormalizeName(username));
+            
+            if (user.U2FDevices.Any() || user.Fido2Credentials.Any())
+            {
+                return AuthenticateResult.Fail("Cannot use Basic authentication with multi-factor is enabled.");
+            }
            var claims = new List<Claim>()
            {
                new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, user.Id),