1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00

re-working claims for aspnet core identity integration and backwards compat

This commit is contained in:
Kyle Spearrin 2017-01-11 21:46:36 -05:00
parent 54711e634b
commit 038c98cfaf
8 changed files with 35 additions and 16 deletions

View File

@ -64,6 +64,7 @@ namespace Bit.Api.Controllers
[HttpPost("email-token")] [HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model) public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{ {
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash)) if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
{ {
await Task.Delay(2000); await Task.Delay(2000);
@ -151,10 +152,11 @@ namespace Bit.Api.Controllers
} }
[HttpGet("profile")] [HttpGet("profile")]
public Task<ProfileResponseModel> GetProfile() public async Task<ProfileResponseModel> GetProfile()
{ {
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
var response = new ProfileResponseModel(_currentContext.User); var response = new ProfileResponseModel(_currentContext.User);
return Task.FromResult(response); return response;
} }
[HttpPut("profile")] [HttpPut("profile")]

View File

@ -16,7 +16,7 @@ namespace Bit.Api.Controllers
[HttpGet("claims")] [HttpGet("claims")]
public IActionResult Claims() public IActionResult Claims()
{ {
return new JsonResult(User.Claims.Select(c => new { c.Type, c.Value })); return new JsonResult(User?.Claims?.Select(c => new { c.Type, c.Value }));
} }
} }
} }

View File

@ -28,7 +28,6 @@ using Bit.Api.Middleware;
using IdentityServer4.Validation; using IdentityServer4.Validation;
using IdentityServer4.Services; using IdentityServer4.Services;
using IdentityModel.AspNetCore.OAuth2Introspection; using IdentityModel.AspNetCore.OAuth2Introspection;
using Microsoft.AspNetCore.Authorization.Infrastructure;
namespace Bit.Api namespace Bit.Api
{ {
@ -89,7 +88,7 @@ namespace Bit.Api
services.AddIdentityServer() services.AddIdentityServer()
// TODO: Add proper signing creds // TODO: Add proper signing creds
.AddTemporarySigningCredential() .AddTemporarySigningCredential()
.AddInMemoryApiResources(Resources.GetApiResources()) .AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients()); .AddInMemoryClients(Clients.GetClients());
services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>(); services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddSingleton<IProfileService, ProfileService>(); services.AddSingleton<IProfileService, ProfileService>();

View File

@ -1,18 +1,19 @@
using IdentityServer4.Models; using IdentityServer4.Models;
using System.Collections.Generic; using System.Collections.Generic;
using System.Security.Claims;
namespace Bit.Core.Identity namespace Bit.Core.Identity
{ {
public class Resources public class ApiResources
{ {
public static IEnumerable<ApiResource> GetApiResources() public static IEnumerable<ApiResource> GetApiResources()
{ {
return new List<ApiResource> return new List<ApiResource>
{ {
new ApiResource("api", "Vault API", new string[] { new ApiResource("api", "Vault API", new string[] {
"authmethod", ClaimTypes.AuthenticationMethod,
"nameid", ClaimTypes.NameIdentifier,
"email", ClaimTypes.Email,
"securitystamp" "securitystamp"
}) })
}; };

View File

@ -21,7 +21,7 @@ namespace Bit.Core.Identity
public Task GetProfileDataAsync(ProfileDataRequestContext context) public Task GetProfileDataAsync(ProfileDataRequestContext context)
{ {
context.AddFilteredClaims(context.IssuedClaims); context.AddFilteredClaims(context.Subject.Claims);
return Task.FromResult(0); return Task.FromResult(0);
} }

View File

@ -1,7 +1,9 @@
using Bit.Core.Domains; using Bit.Core.Domains;
using IdentityServer4.Models; using IdentityServer4.Models;
using IdentityServer4.Validation; using IdentityServer4.Validation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using System.Security.Claims; using System.Security.Claims;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -10,11 +12,14 @@ namespace Bit.Core.Identity
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{ {
private readonly UserManager<User> _userManager; private readonly UserManager<User> _userManager;
private readonly IdentityOptions _identityOptions;
public ResourceOwnerPasswordValidator( public ResourceOwnerPasswordValidator(
UserManager<User> userManager) UserManager<User> userManager,
IOptions<IdentityOptions> optionsAccessor)
{ {
_userManager = userManager; _userManager = userManager;
_identityOptions = optionsAccessor?.Value ?? new IdentityOptions();
} }
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context) public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
@ -27,10 +32,10 @@ namespace Bit.Core.Identity
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden", context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
claims: new Claim[] { claims: new Claim[] {
// Deprecated claims for backwards compatability // Deprecated claims for backwards compatability
new Claim("authmethod", "Application"), new Claim(ClaimTypes.AuthenticationMethod, "Application"),
new Claim("nameid", user.Id.ToString()), new Claim(_identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()),
new Claim("email", user.Email.ToString()), new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email.ToString()),
new Claim("securitystamp", user.SecurityStamp) new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp)
}); });
return; return;
} }

View File

@ -8,6 +8,7 @@ namespace Bit.Core.Services
{ {
public interface IUserService public interface IUserService
{ {
Task<User> GetUserByIdAsync(string userId);
Task<User> GetUserByIdAsync(Guid userId); Task<User> GetUserByIdAsync(Guid userId);
Task SaveUserAsync(User user); Task SaveUserAsync(User user);
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword); Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);

View File

@ -57,6 +57,17 @@ namespace Bit.Core.Services
_passwordValidators = passwordValidators; _passwordValidators = passwordValidators;
} }
public async Task<User> GetUserByIdAsync(string userId)
{
Guid userIdGuid;
if(!Guid.TryParse(userId, out userIdGuid))
{
return null;
}
return await _userRepository.GetByIdAsync(userIdGuid);
}
public async Task<User> GetUserByIdAsync(Guid userId) public async Task<User> GetUserByIdAsync(Guid userId)
{ {
return await _userRepository.GetByIdAsync(userId); return await _userRepository.GetByIdAsync(userId);