bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-12-10 00:42:07 -06:00
Code Issues Packages Projects Releases 211 Wiki Activity

fix(auth-validator): [PM-22975] Client Version Validator - Reorder of client version validation.

Browse Source
This commit is contained in:
Patrick Pimentel 2025-12-08 15:00:14 -05:00
parent 79256d73ee
commit 865e76f620
No known key found for this signature in database
GPG Key ID: 4B27FC74C6422186
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Identity/IdentityServer/RequestValidators/ClientVersionValidator.cs
View File

@ -41,10 +41,6 @@ public class ClientVersionValidator(
Version? clientVersion = currentContext.ClientVersion;
// Determine the minimum version client that a user needs. If no V2 encryption detected then
// no validation needs to occur, which is why min version number can be null.
Version? minVersion = user.HasV2Encryption() ? Constants.MinimumClientVersionForV2Encryption : null;
// Deny access if the client version headers are missing.
// We want to establish a strict contract with clients that if they omit this header,
// then the server cannot guarantee that a client won't do harm to a user's data
@ -55,6 +51,10 @@ public class ClientVersionValidator(
return false;
}
// Determine the minimum version client that a user needs. If no V2 encryption detected then
// no validation needs to occur, which is why min version number can be null.
Version? minVersion = user.HasV2Encryption() ? Constants.MinimumClientVersionForV2Encryption : null;
// If min version is null then we know that the user had an encryption
// configuration that doesn't require a minimum version. Allowing through.
if (minVersion == null)