Make WebAuthn a Free Method (#3217)

* make webauthn method free

* flip premium params

* remove premium checks

src/Api/Auth/Controllers/TwoFactorController.cs

@@ -236,7 +236,7 @@ public class TwoFactorController : Controller
     [HttpPost("get-webauthn")]
     public async Task<TwoFactorWebAuthnResponseModel> GetWebAuthn([FromBody] SecretVerificationRequestModel model)
     {
-        var user = await CheckAsync(model, true);
+        var user = await CheckAsync(model, false);
         var response = new TwoFactorWebAuthnResponseModel(user);
         return response;
     }
@@ -245,7 +245,7 @@ public class TwoFactorController : Controller
     [ApiExplorerSettings(IgnoreApi = true)] // Disable Swagger due to CredentialCreateOptions not converting properly
     public async Task<CredentialCreateOptions> GetWebAuthnChallenge([FromBody] SecretVerificationRequestModel model)
     {
-        var user = await CheckAsync(model, true);
+        var user = await CheckAsync(model, false);
         var reg = await _userService.StartWebAuthnRegistrationAsync(user);
         return reg;
     }
@@ -254,7 +254,7 @@ public class TwoFactorController : Controller
     [HttpPost("webauthn")]
     public async Task<TwoFactorWebAuthnResponseModel> PutWebAuthn([FromBody] TwoFactorWebAuthnRequestModel model)
     {
-        var user = await CheckAsync(model, true);
+        var user = await CheckAsync(model, false);
 
         var success = await _userService.CompleteWebAuthRegistrationAsync(
             user, model.Id.Value, model.Name, model.DeviceResponse);
@@ -271,7 +271,7 @@ public class TwoFactorController : Controller
     public async Task<TwoFactorWebAuthnResponseModel> DeleteWebAuthn(
         [FromBody] TwoFactorWebAuthnDeleteRequestModel model)
     {
-        var user = await CheckAsync(model, true);
+        var user = await CheckAsync(model, false);
         await _userService.DeleteWebAuthnKeyAsync(user, model.Id.Value);
         var response = new TwoFactorWebAuthnResponseModel(user);
         return response;

src/Core/Auth/Identity/WebAuthnTokenProvider.cs

@@ -28,10 +28,6 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
     public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
     {
         var userService = _serviceProvider.GetRequiredService<IUserService>();
-        if (!(await userService.CanAccessPremium(user)))
-        {
-            return false;
-        }
 
         var webAuthnProvider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
         if (!HasProperMetaData(webAuthnProvider))
@@ -45,10 +41,6 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
     public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
     {
         var userService = _serviceProvider.GetRequiredService<IUserService>();
-        if (!(await userService.CanAccessPremium(user)))
-        {
-            return null;
-        }
 
         var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
         var keys = LoadKeys(provider);
@@ -81,7 +73,7 @@ public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
     public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
     {
         var userService = _serviceProvider.GetRequiredService<IUserService>();
-        if (!(await userService.CanAccessPremium(user)) || string.IsNullOrWhiteSpace(token))
+        if (string.IsNullOrWhiteSpace(token))
         {
             return false;
         }

src/Core/Auth/Models/TwoFactorProvider.cs

@@ -57,7 +57,6 @@ public class TwoFactorProvider
             case TwoFactorProviderType.Duo:
             case TwoFactorProviderType.YubiKey:
             case TwoFactorProviderType.U2f: // Keep to ensure old U2f keys are considered premium
-            case TwoFactorProviderType.WebAuthn:
                 return true;
             default:
                 return false;