1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-04 14:13:28 +01:00
bitwarden-server/src/Core/Utilities/ServiceCollectionExtensions.cs

476 lines
22 KiB
C#
Raw Normal View History

using Bit.Core.Enums;
using Bit.Core.Identity;
using Bit.Core.IdentityServer;
using Bit.Core.Models.Table;
using Bit.Core.Repositories;
using Bit.Core.Services;
using IdentityModel;
2017-07-21 18:53:26 +02:00
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
2017-08-25 14:57:43 +02:00
using Microsoft.AspNetCore.Http;
2017-06-23 16:08:29 +02:00
using System;
using System.IO;
using SqlServerRepos = Bit.Core.Repositories.SqlServer;
2020-01-09 02:28:16 +01:00
using EntityFrameworkRepos = Bit.Core.Repositories.EntityFramework;
2019-03-19 05:39:03 +01:00
using NoopRepos = Bit.Core.Repositories.Noop;
2017-08-25 14:57:43 +02:00
using System.Threading.Tasks;
2017-12-08 22:03:20 +01:00
using TableStorageRepos = Bit.Core.Repositories.TableStorage;
2018-03-21 19:26:49 +01:00
using Microsoft.Extensions.DependencyInjection.Extensions;
using IdentityServer4.AccessTokenValidation;
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
2019-04-26 15:52:54 +02:00
using Microsoft.AspNetCore.HttpOverrides;
using System.Linq;
2019-07-11 02:05:07 +02:00
using System.Security.Cryptography.X509Certificates;
2019-09-03 20:44:22 +02:00
using Bit.Core.Utilities;
using Serilog.Context;
2020-01-09 02:28:16 +01:00
using AutoMapper;
2020-01-10 14:33:13 +01:00
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Hosting;
using Microsoft.Azure.Storage;
namespace Bit.Core.Utilities
{
public static class ServiceCollectionExtensions
{
public static void AddSqlServerRepositories(this IServiceCollection services, GlobalSettings globalSettings)
{
2020-03-19 16:10:23 +01:00
var usePostgreSql = CoreHelpers.SettingHasValue(globalSettings.PostgreSql?.ConnectionString);
2020-01-10 14:33:13 +01:00
var useEf = usePostgreSql;
if (useEf)
2019-01-16 04:07:13 +01:00
{
2020-01-09 02:28:16 +01:00
services.AddAutoMapper(typeof(EntityFrameworkRepos.UserRepository));
2020-01-10 14:33:13 +01:00
services.AddDbContext<EntityFrameworkRepos.DatabaseContext>(options =>
{
if (usePostgreSql)
2020-01-10 14:33:13 +01:00
{
options.UseNpgsql(globalSettings.PostgreSql.ConnectionString);
}
});
2020-01-09 02:28:16 +01:00
services.AddSingleton<IUserRepository, EntityFrameworkRepos.UserRepository>();
2020-01-10 14:33:13 +01:00
//services.AddSingleton<ICipherRepository, EntityFrameworkRepos.CipherRepository>();
//services.AddSingleton<IOrganizationRepository, EntityFrameworkRepos.OrganizationRepository>();
2019-01-16 04:07:13 +01:00
}
else
{
services.AddSingleton<IUserRepository, SqlServerRepos.UserRepository>();
services.AddSingleton<ICipherRepository, SqlServerRepos.CipherRepository>();
services.AddSingleton<IDeviceRepository, SqlServerRepos.DeviceRepository>();
services.AddSingleton<IGrantRepository, SqlServerRepos.GrantRepository>();
services.AddSingleton<IOrganizationRepository, SqlServerRepos.OrganizationRepository>();
services.AddSingleton<IOrganizationUserRepository, SqlServerRepos.OrganizationUserRepository>();
services.AddSingleton<ICollectionRepository, SqlServerRepos.CollectionRepository>();
services.AddSingleton<IFolderRepository, SqlServerRepos.FolderRepository>();
services.AddSingleton<ICollectionCipherRepository, SqlServerRepos.CollectionCipherRepository>();
services.AddSingleton<IGroupRepository, SqlServerRepos.GroupRepository>();
services.AddSingleton<IU2fRepository, SqlServerRepos.U2fRepository>();
services.AddSingleton<IInstallationRepository, SqlServerRepos.InstallationRepository>();
services.AddSingleton<IMaintenanceRepository, SqlServerRepos.MaintenanceRepository>();
2019-01-31 22:45:01 +01:00
services.AddSingleton<ITransactionRepository, SqlServerRepos.TransactionRepository>();
2020-01-15 21:00:54 +01:00
services.AddSingleton<IPolicyRepository, SqlServerRepos.PolicyRepository>();
services.AddSingleton<ISsoConfigRepository, SqlServerRepos.SsoConfigRepository>();
services.AddSingleton<ISsoUserRepository, SqlServerRepos.SsoUserRepository>();
2019-01-16 04:07:13 +01:00
}
if (globalSettings.SelfHosted)
{
if (useEf)
2020-01-10 14:33:13 +01:00
{
// TODO
}
else
{
services.AddSingleton<IEventRepository, SqlServerRepos.EventRepository>();
}
2019-03-19 05:39:03 +01:00
services.AddSingleton<IInstallationDeviceRepository, NoopRepos.InstallationDeviceRepository>();
2019-09-18 15:47:25 +02:00
services.AddSingleton<IMetaDataRepository, NoopRepos.MetaDataRepository>();
}
else
{
services.AddSingleton<IEventRepository, TableStorageRepos.EventRepository>();
2019-03-19 05:39:03 +01:00
services.AddSingleton<IInstallationDeviceRepository, TableStorageRepos.InstallationDeviceRepository>();
2019-09-18 15:47:25 +02:00
services.AddSingleton<IMetaDataRepository, TableStorageRepos.MetaDataRepository>();
}
}
public static void AddBaseServices(this IServiceCollection services)
{
2017-12-01 20:06:16 +01:00
services.AddScoped<ICipherService, CipherService>();
services.AddScoped<IUserService, UserService>();
services.AddScoped<IOrganizationService, OrganizationService>();
services.AddScoped<ICollectionService, CollectionService>();
services.AddScoped<IGroupService, GroupService>();
2020-01-15 21:00:54 +01:00
services.AddScoped<IPolicyService, PolicyService>();
2017-12-08 22:03:20 +01:00
services.AddScoped<Services.IEventService, EventService>();
2017-12-04 15:32:42 +01:00
services.AddSingleton<IDeviceService, DeviceService>();
2019-09-18 15:46:26 +02:00
services.AddSingleton<IAppleIapService, AppleIapService>();
}
2017-08-07 22:31:00 +02:00
public static void AddDefaultServices(this IServiceCollection services, GlobalSettings globalSettings)
{
2019-02-09 05:53:09 +01:00
services.AddSingleton<IPaymentService, StripePaymentService>();
2018-08-04 05:04:47 +02:00
services.AddSingleton<IMailService, HandlebarsMailService>();
2017-08-22 21:27:29 +02:00
services.AddSingleton<ILicensingService, LicensingService>();
if (CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ApplicationCacheTopicName))
{
services.AddSingleton<IApplicationCacheService, InMemoryServiceBusApplicationCacheService>();
}
else
{
services.AddSingleton<IApplicationCacheService, InMemoryApplicationCacheService>();
}
2017-08-07 22:31:00 +02:00
if (CoreHelpers.SettingHasValue(globalSettings.Amazon?.AccessKeySecret))
2019-03-13 21:19:00 +01:00
{
services.AddSingleton<IMailDeliveryService, AmazonSesMailDeliveryService>();
}
else if (CoreHelpers.SettingHasValue(globalSettings.Mail?.Smtp?.Host))
{
services.AddSingleton<IMailDeliveryService, MailKitSmtpMailDeliveryService>();
}
2017-08-07 22:31:00 +02:00
else
{
services.AddSingleton<IMailDeliveryService, NoopMailDeliveryService>();
}
2018-08-02 23:23:37 +02:00
services.AddSingleton<IPushNotificationService, MultiServicePushNotificationService>();
if (globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.PushRelayBaseUri) &&
globalSettings.Installation?.Id != null &&
CoreHelpers.SettingHasValue(globalSettings.Installation?.Key))
{
services.AddSingleton<IPushRegistrationService, RelayPushRegistrationService>();
}
else if (!globalSettings.SelfHosted)
{
services.AddSingleton<IPushRegistrationService, NotificationHubPushRegistrationService>();
}
else
{
services.AddSingleton<IPushRegistrationService, NoopPushRegistrationService>();
}
if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString))
2017-08-07 22:31:00 +02:00
{
services.AddSingleton<IBlockIpService, AzureQueueBlockIpService>();
}
else if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Amazon?.AccessKeySecret))
2019-03-18 21:23:37 +01:00
{
services.AddSingleton<IBlockIpService, AmazonSqsBlockIpService>();
}
2017-08-07 22:31:00 +02:00
else
{
services.AddSingleton<IBlockIpService, NoopBlockIpService>();
}
if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Events.ConnectionString))
2017-12-08 22:03:20 +01:00
{
services.AddSingleton<IEventWriteService, AzureQueueEventWriteService>();
}
else if (globalSettings.SelfHosted)
2017-12-08 22:03:20 +01:00
{
services.AddSingleton<IEventWriteService, RepositoryEventWriteService>();
}
else
{
services.AddSingleton<IEventWriteService, NoopEventWriteService>();
}
2017-12-04 18:17:26 +01:00
if (CoreHelpers.SettingHasValue(globalSettings.Attachment.ConnectionString))
2017-08-07 22:31:00 +02:00
{
services.AddSingleton<IAttachmentStorageService, AzureAttachmentStorageService>();
}
else if (CoreHelpers.SettingHasValue(globalSettings.Attachment.BaseDirectory))
{
services.AddSingleton<IAttachmentStorageService, LocalAttachmentStorageService>();
}
2017-08-07 22:31:00 +02:00
else
{
services.AddSingleton<IAttachmentStorageService, NoopAttachmentStorageService>();
}
if (globalSettings.SelfHosted)
{
services.AddSingleton<IReferenceEventService, NoopReferenceEventService>();
}
else
{
services.AddSingleton<IReferenceEventService, AzureQueueReferenceEventService>();
}
}
public static void AddNoopServices(this IServiceCollection services)
{
services.AddSingleton<IMailService, NoopMailService>();
services.AddSingleton<IMailDeliveryService, NoopMailDeliveryService>();
2017-05-26 15:44:54 +02:00
services.AddSingleton<IPushNotificationService, NoopPushNotificationService>();
services.AddSingleton<IBlockIpService, NoopBlockIpService>();
services.AddSingleton<IPushRegistrationService, NoopPushRegistrationService>();
services.AddSingleton<IAttachmentStorageService, NoopAttachmentStorageService>();
2017-08-12 04:55:25 +02:00
services.AddSingleton<ILicensingService, NoopLicensingService>();
2017-12-04 18:17:26 +01:00
services.AddSingleton<IEventWriteService, NoopEventWriteService>();
}
public static IdentityBuilder AddCustomIdentityServices(
this IServiceCollection services, GlobalSettings globalSettings)
{
2018-04-03 20:31:33 +02:00
services.AddSingleton<IOrganizationDuoWebTokenProvider, OrganizationDuoWebTokenProvider>();
services.Configure<PasswordHasherOptions>(options => options.IterationCount = 100000);
2017-06-23 16:08:29 +02:00
services.Configure<TwoFactorRememberTokenProviderOptions>(options =>
{
options.TokenLifespan = TimeSpan.FromDays(30);
});
var identityBuilder = services.AddIdentityWithoutCookieAuth<User, Role>(options =>
{
options.User = new UserOptions
{
RequireUniqueEmail = true,
AllowedUserNameCharacters = null // all
};
options.Password = new PasswordOptions
{
RequireDigit = false,
RequireLowercase = false,
RequiredLength = 8,
RequireNonAlphanumeric = false,
RequireUppercase = false
};
options.ClaimsIdentity = new ClaimsIdentityOptions
{
SecurityStampClaimType = "sstamp",
UserNameClaimType = JwtClaimTypes.Email,
UserIdClaimType = JwtClaimTypes.Subject
};
options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider;
});
identityBuilder
.AddUserStore<UserStore>()
.AddRoleStore<RoleStore>()
.AddTokenProvider<DataProtectorTokenProvider<User>>(TokenOptions.DefaultProvider)
2018-12-20 04:27:45 +01:00
.AddTokenProvider<AuthenticatorTokenProvider>(
CoreHelpers.CustomProviderName(TwoFactorProviderType.Authenticator))
.AddTokenProvider<EmailTokenProvider>(
CoreHelpers.CustomProviderName(TwoFactorProviderType.Email))
.AddTokenProvider<YubicoOtpTokenProvider>(
CoreHelpers.CustomProviderName(TwoFactorProviderType.YubiKey))
.AddTokenProvider<DuoWebTokenProvider>(
CoreHelpers.CustomProviderName(TwoFactorProviderType.Duo))
.AddTokenProvider<U2fTokenProvider>(
CoreHelpers.CustomProviderName(TwoFactorProviderType.U2f))
.AddTokenProvider<TwoFactorRememberTokenProvider>(
CoreHelpers.CustomProviderName(TwoFactorProviderType.Remember))
.AddTokenProvider<EmailTokenProvider<User>>(TokenOptions.DefaultEmailProvider);
return identityBuilder;
}
public static Tuple<IdentityBuilder, IdentityBuilder> AddPasswordlessIdentityServices<TUserStore>(
this IServiceCollection services, GlobalSettings globalSettings) where TUserStore : class
2018-08-28 23:40:08 +02:00
{
services.TryAddTransient<ILookupNormalizer, LowerInvariantLookupNormalizer>();
2018-03-21 19:26:49 +01:00
services.Configure<DataProtectionTokenProviderOptions>(options =>
{
options.TokenLifespan = TimeSpan.FromMinutes(15);
});
var passwordlessIdentityBuilder = services.AddIdentity<IdentityUser, Role>()
2018-03-21 19:26:49 +01:00
.AddUserStore<TUserStore>()
.AddRoleStore<RoleStore>()
.AddDefaultTokenProviders();
var regularIdentityBuilder = services.AddIdentityCore<User>()
.AddUserStore<UserStore>();
2018-03-21 19:26:49 +01:00
services.TryAddScoped<PasswordlessSignInManager<IdentityUser>, PasswordlessSignInManager<IdentityUser>>();
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/login";
options.LogoutPath = "/";
2018-03-28 16:38:01 +02:00
options.AccessDeniedPath = "/login?accessDenied=true";
2018-03-21 19:26:49 +01:00
options.Cookie.Name = $"Bitwarden_{globalSettings.ProjectName}";
options.Cookie.HttpOnly = true;
2020-01-13 18:03:10 +01:00
options.ExpireTimeSpan = TimeSpan.FromDays(2);
2018-03-21 19:26:49 +01:00
options.ReturnUrlParameter = "returnUrl";
options.SlidingExpiration = true;
});
return new Tuple<IdentityBuilder, IdentityBuilder>(passwordlessIdentityBuilder, regularIdentityBuilder);
2018-03-21 19:26:49 +01:00
}
public static void AddIdentityAuthenticationServices(
2020-01-10 14:33:13 +01:00
this IServiceCollection services, GlobalSettings globalSettings, IWebHostEnvironment environment,
2018-08-16 00:43:26 +02:00
Action<AuthorizationOptions> addAuthorization)
{
services
.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
options.RequireHttpsMetadata = !environment.IsDevelopment() &&
globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
options.NameClaimType = ClaimTypes.Email;
options.SupportedTokens = SupportedTokens.Jwt;
});
if (addAuthorization != null)
{
2018-08-16 00:43:26 +02:00
services.AddAuthorization(config =>
{
2018-08-16 00:43:26 +02:00
addAuthorization.Invoke(config);
});
}
2019-02-26 23:01:06 +01:00
if (environment.IsDevelopment())
2019-02-26 23:01:06 +01:00
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
}
}
public static void AddCustomDataProtectionServices(
2020-01-10 14:33:13 +01:00
this IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings)
{
var builder = services.AddDataProtection().SetApplicationName("Bitwarden");
if (env.IsDevelopment())
{
return;
}
if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.DataProtection.Directory))
{
builder.PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory));
}
if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
X509Certificate2 dataProtectionCert = null;
if (CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificateThumbprint))
{
dataProtectionCert = CoreHelpers.GetCertificate(
globalSettings.DataProtection.CertificateThumbprint);
}
else if (CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificatePassword))
{
dataProtectionCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"dataprotection.pfx", globalSettings.DataProtection.CertificatePassword)
.GetAwaiter().GetResult();
}
builder
.PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml")
.ProtectKeysWithCertificate(dataProtectionCert);
}
}
public static IIdentityServerBuilder AddIdentityServerCertificate(
this IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings)
{
if (env.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential(false);
}
else if (globalSettings.SelfHosted &&
2020-03-19 16:10:23 +01:00
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword)
&& File.Exists("identity.pfx"))
2017-08-07 17:24:16 +02:00
{
2017-08-07 22:31:00 +02:00
var identityServerCert = CoreHelpers.GetCertificate("identity.pfx",
2017-08-07 17:24:16 +02:00
globalSettings.IdentityServer.CertificatePassword);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint))
{
2020-03-19 16:10:23 +01:00
var identityServerCert = CoreHelpers.GetCertificate(
globalSettings.IdentityServer.CertificateThumbprint);
2017-07-14 19:29:52 +02:00
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (!globalSettings.SelfHosted &&
2019-07-11 02:05:07 +02:00
CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult();
identityServerBuilder.AddSigningCredential(identityServerCert);
}
2017-08-07 22:31:00 +02:00
else
{
throw new Exception("No identity certificate to use.");
}
return identityServerBuilder;
}
public static GlobalSettings AddGlobalSettingsServices(this IServiceCollection services,
IConfiguration configuration)
{
var globalSettings = new GlobalSettings();
ConfigurationBinder.Bind(configuration.GetSection("GlobalSettings"), globalSettings);
services.AddSingleton(s => globalSettings);
return globalSettings;
}
2017-07-21 18:53:26 +02:00
2019-09-03 20:44:22 +02:00
public static void UseDefaultMiddleware(this IApplicationBuilder app,
2020-01-10 14:33:13 +01:00
IWebHostEnvironment env, GlobalSettings globalSettings)
2017-07-21 18:53:26 +02:00
{
2019-09-03 20:44:22 +02:00
string GetHeaderValue(HttpContext httpContext, string header)
{
if (httpContext.Request.Headers.ContainsKey(header))
2019-09-03 20:44:22 +02:00
{
return httpContext.Request.Headers[header];
}
return null;
}
2017-08-25 14:57:43 +02:00
// Add version information to response headers
app.Use(async (httpContext, next) =>
{
using (LogContext.PushProperty("IPAddress", httpContext.GetIpAddress(globalSettings)))
using (LogContext.PushProperty("UserAgent", GetHeaderValue(httpContext, "user-agent")))
using (LogContext.PushProperty("DeviceType", GetHeaderValue(httpContext, "device-type")))
using (LogContext.PushProperty("Origin", GetHeaderValue(httpContext, "origin")))
2017-08-25 14:57:43 +02:00
{
2019-09-03 20:44:22 +02:00
httpContext.Response.OnStarting((state) =>
{
httpContext.Response.Headers.Append("Server-Version", CoreHelpers.GetVersion());
return Task.FromResult(0);
}, null);
await next.Invoke();
}
2017-08-25 14:57:43 +02:00
});
2017-07-21 18:53:26 +02:00
}
2019-04-26 15:52:54 +02:00
public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
if (!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
2019-04-26 15:52:54 +02:00
{
var proxies = globalSettings.KnownProxies.Split(',');
foreach (var proxy in proxies)
2019-04-26 15:52:54 +02:00
{
if (System.Net.IPAddress.TryParse(proxy.Trim(), out var ip))
2019-04-26 15:52:54 +02:00
{
options.KnownProxies.Add(ip);
}
}
}
if (options.KnownProxies.Count > 1)
2019-04-26 15:52:54 +02:00
{
options.ForwardLimit = null;
}
app.UseForwardedHeaders(options);
}
}
}