Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity

re-working claims for aspnet core identity integration and backwards compat

Browse Source
This commit is contained in:
Kyle Spearrin 2017-01-11 21:46:36 -05:00
parent 54711e634b
commit 038c98cfaf
8 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Api/Controllers/AccountsController.cs
View File

@ -64,6 +64,7 @@ namespace Bit.Api.Controllers
[HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
{
await Task.Delay(2000);
@ -151,10 +152,11 @@ namespace Bit.Api.Controllers
}
[HttpGet("profile")]
public Task<ProfileResponseModel> GetProfile()
public async Task<ProfileResponseModel> GetProfile()
{
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
var response = new ProfileResponseModel(_currentContext.User);
return Task.FromResult(response);
return response;
}
[HttpPut("profile")]
@ -165,7 +167,7 @@ namespace Bit.Api.Controllers
var response = new ProfileResponseModel(_currentContext.User);
return response;
}
}
[HttpGet("two-factor")]
public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider)

2
src/Api/Controllers/AliveController.cs
View File

@ -16,7 +16,7 @@ namespace Bit.Api.Controllers
[HttpGet("claims")]
public IActionResult Claims()
{
return new JsonResult(User.Claims.Select(c => new { c.Type, c.Value }));
return new JsonResult(User?.Claims?.Select(c => new { c.Type, c.Value }));
}
}
}

3
src/Api/Startup.cs
View File

@ -28,7 +28,6 @@ using Bit.Api.Middleware;
using IdentityServer4.Validation;
using IdentityServer4.Services;
using IdentityModel.AspNetCore.OAuth2Introspection;
using Microsoft.AspNetCore.Authorization.Infrastructure;
namespace Bit.Api
{
@ -89,7 +88,7 @@ namespace Bit.Api
services.AddIdentityServer()
// TODO: Add proper signing creds
.AddTemporarySigningCredential()
.AddInMemoryApiResources(Resources.GetApiResources())
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients());
services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddSingleton<IProfileService, ProfileService>();

9
src/Core/Identity/Resources.cs → src/Core/Identity/ApiResources.cs
View File

@ -1,18 +1,19 @@
using IdentityServer4.Models;
using System.Collections.Generic;
using System.Security.Claims;
namespace Bit.Core.Identity
{
public class Resources
public class ApiResources
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api", "Vault API", new string[] {
"authmethod",
"nameid",
"email",
ClaimTypes.AuthenticationMethod,
ClaimTypes.NameIdentifier,
ClaimTypes.Email,
"securitystamp"
})
};

2
src/Core/Identity/ProfileService.cs
View File

@ -21,7 +21,7 @@ namespace Bit.Core.Identity
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.AddFilteredClaims(context.IssuedClaims);
context.AddFilteredClaims(context.Subject.Claims);
return Task.FromResult(0);
}

15
src/Core/Identity/ResourceOwnerPasswordValidator.cs
View File

@ -1,7 +1,9 @@
using Bit.Core.Domains;
using IdentityServer4.Models;
using IdentityServer4.Validation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using System.Security.Claims;
using System.Threading.Tasks;
@ -10,11 +12,14 @@ namespace Bit.Core.Identity
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
private readonly UserManager<User> _userManager;
private readonly IdentityOptions _identityOptions;
public ResourceOwnerPasswordValidator(
UserManager<User> userManager)
UserManager<User> userManager,
IOptions<IdentityOptions> optionsAccessor)
{
_userManager = userManager;
_identityOptions = optionsAccessor?.Value ?? new IdentityOptions();
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
@ -27,10 +32,10 @@ namespace Bit.Core.Identity
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
claims: new Claim[] {
// Deprecated claims for backwards compatability
new Claim("authmethod", "Application"),
new Claim("nameid", user.Id.ToString()),
new Claim("email", user.Email.ToString()),
new Claim("securitystamp", user.SecurityStamp)
new Claim(ClaimTypes.AuthenticationMethod, "Application"),
new Claim(_identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()),
new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email.ToString()),
new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp)
});
return;
}

1
src/Core/Services/IUserService.cs
View File

@ -8,6 +8,7 @@ namespace Bit.Core.Services
{
public interface IUserService
{
Task<User> GetUserByIdAsync(string userId);
Task<User> GetUserByIdAsync(Guid userId);
Task SaveUserAsync(User user);
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);

11
src/Core/Services/Implementations/UserService.cs
View File

@ -57,6 +57,17 @@ namespace Bit.Core.Services
_passwordValidators = passwordValidators;
}
public async Task<User> GetUserByIdAsync(string userId)
{
Guid userIdGuid;
if(!Guid.TryParse(userId, out userIdGuid))
{
return null;
}
return await _userRepository.GetByIdAsync(userIdGuid);
}
public async Task<User> GetUserByIdAsync(Guid userId)
{
return await _userRepository.GetByIdAsync(userId);