mirror of
https://github.com/bitwarden/server.git
synced 2024-11-29 13:25:17 +01:00
re-working claims for aspnet core identity integration and backwards compat
This commit is contained in:
parent
54711e634b
commit
038c98cfaf
@ -64,6 +64,7 @@ namespace Bit.Api.Controllers
|
|||||||
[HttpPost("email-token")]
|
[HttpPost("email-token")]
|
||||||
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
|
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
|
||||||
{
|
{
|
||||||
|
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
|
||||||
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
|
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
|
||||||
{
|
{
|
||||||
await Task.Delay(2000);
|
await Task.Delay(2000);
|
||||||
@ -151,10 +152,11 @@ namespace Bit.Api.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("profile")]
|
[HttpGet("profile")]
|
||||||
public Task<ProfileResponseModel> GetProfile()
|
public async Task<ProfileResponseModel> GetProfile()
|
||||||
{
|
{
|
||||||
|
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
|
||||||
var response = new ProfileResponseModel(_currentContext.User);
|
var response = new ProfileResponseModel(_currentContext.User);
|
||||||
return Task.FromResult(response);
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPut("profile")]
|
[HttpPut("profile")]
|
||||||
|
@ -16,7 +16,7 @@ namespace Bit.Api.Controllers
|
|||||||
[HttpGet("claims")]
|
[HttpGet("claims")]
|
||||||
public IActionResult Claims()
|
public IActionResult Claims()
|
||||||
{
|
{
|
||||||
return new JsonResult(User.Claims.Select(c => new { c.Type, c.Value }));
|
return new JsonResult(User?.Claims?.Select(c => new { c.Type, c.Value }));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,6 @@ using Bit.Api.Middleware;
|
|||||||
using IdentityServer4.Validation;
|
using IdentityServer4.Validation;
|
||||||
using IdentityServer4.Services;
|
using IdentityServer4.Services;
|
||||||
using IdentityModel.AspNetCore.OAuth2Introspection;
|
using IdentityModel.AspNetCore.OAuth2Introspection;
|
||||||
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
|
||||||
|
|
||||||
namespace Bit.Api
|
namespace Bit.Api
|
||||||
{
|
{
|
||||||
@ -89,7 +88,7 @@ namespace Bit.Api
|
|||||||
services.AddIdentityServer()
|
services.AddIdentityServer()
|
||||||
// TODO: Add proper signing creds
|
// TODO: Add proper signing creds
|
||||||
.AddTemporarySigningCredential()
|
.AddTemporarySigningCredential()
|
||||||
.AddInMemoryApiResources(Resources.GetApiResources())
|
.AddInMemoryApiResources(ApiResources.GetApiResources())
|
||||||
.AddInMemoryClients(Clients.GetClients());
|
.AddInMemoryClients(Clients.GetClients());
|
||||||
services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
|
services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
|
||||||
services.AddSingleton<IProfileService, ProfileService>();
|
services.AddSingleton<IProfileService, ProfileService>();
|
||||||
|
@ -1,18 +1,19 @@
|
|||||||
using IdentityServer4.Models;
|
using IdentityServer4.Models;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.Security.Claims;
|
||||||
|
|
||||||
namespace Bit.Core.Identity
|
namespace Bit.Core.Identity
|
||||||
{
|
{
|
||||||
public class Resources
|
public class ApiResources
|
||||||
{
|
{
|
||||||
public static IEnumerable<ApiResource> GetApiResources()
|
public static IEnumerable<ApiResource> GetApiResources()
|
||||||
{
|
{
|
||||||
return new List<ApiResource>
|
return new List<ApiResource>
|
||||||
{
|
{
|
||||||
new ApiResource("api", "Vault API", new string[] {
|
new ApiResource("api", "Vault API", new string[] {
|
||||||
"authmethod",
|
ClaimTypes.AuthenticationMethod,
|
||||||
"nameid",
|
ClaimTypes.NameIdentifier,
|
||||||
"email",
|
ClaimTypes.Email,
|
||||||
"securitystamp"
|
"securitystamp"
|
||||||
})
|
})
|
||||||
};
|
};
|
@ -21,7 +21,7 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
public Task GetProfileDataAsync(ProfileDataRequestContext context)
|
public Task GetProfileDataAsync(ProfileDataRequestContext context)
|
||||||
{
|
{
|
||||||
context.AddFilteredClaims(context.IssuedClaims);
|
context.AddFilteredClaims(context.Subject.Claims);
|
||||||
return Task.FromResult(0);
|
return Task.FromResult(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
using Bit.Core.Domains;
|
using Bit.Core.Domains;
|
||||||
using IdentityServer4.Models;
|
using IdentityServer4.Models;
|
||||||
using IdentityServer4.Validation;
|
using IdentityServer4.Validation;
|
||||||
|
using Microsoft.AspNetCore.Builder;
|
||||||
using Microsoft.AspNetCore.Identity;
|
using Microsoft.AspNetCore.Identity;
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
|
||||||
@ -10,11 +12,14 @@ namespace Bit.Core.Identity
|
|||||||
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
|
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
|
||||||
{
|
{
|
||||||
private readonly UserManager<User> _userManager;
|
private readonly UserManager<User> _userManager;
|
||||||
|
private readonly IdentityOptions _identityOptions;
|
||||||
|
|
||||||
public ResourceOwnerPasswordValidator(
|
public ResourceOwnerPasswordValidator(
|
||||||
UserManager<User> userManager)
|
UserManager<User> userManager,
|
||||||
|
IOptions<IdentityOptions> optionsAccessor)
|
||||||
{
|
{
|
||||||
_userManager = userManager;
|
_userManager = userManager;
|
||||||
|
_identityOptions = optionsAccessor?.Value ?? new IdentityOptions();
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
|
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
|
||||||
@ -27,10 +32,10 @@ namespace Bit.Core.Identity
|
|||||||
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
|
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
|
||||||
claims: new Claim[] {
|
claims: new Claim[] {
|
||||||
// Deprecated claims for backwards compatability
|
// Deprecated claims for backwards compatability
|
||||||
new Claim("authmethod", "Application"),
|
new Claim(ClaimTypes.AuthenticationMethod, "Application"),
|
||||||
new Claim("nameid", user.Id.ToString()),
|
new Claim(_identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()),
|
||||||
new Claim("email", user.Email.ToString()),
|
new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email.ToString()),
|
||||||
new Claim("securitystamp", user.SecurityStamp)
|
new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp)
|
||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -8,6 +8,7 @@ namespace Bit.Core.Services
|
|||||||
{
|
{
|
||||||
public interface IUserService
|
public interface IUserService
|
||||||
{
|
{
|
||||||
|
Task<User> GetUserByIdAsync(string userId);
|
||||||
Task<User> GetUserByIdAsync(Guid userId);
|
Task<User> GetUserByIdAsync(Guid userId);
|
||||||
Task SaveUserAsync(User user);
|
Task SaveUserAsync(User user);
|
||||||
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
|
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
|
||||||
|
@ -57,6 +57,17 @@ namespace Bit.Core.Services
|
|||||||
_passwordValidators = passwordValidators;
|
_passwordValidators = passwordValidators;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<User> GetUserByIdAsync(string userId)
|
||||||
|
{
|
||||||
|
Guid userIdGuid;
|
||||||
|
if(!Guid.TryParse(userId, out userIdGuid))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return await _userRepository.GetByIdAsync(userIdGuid);
|
||||||
|
}
|
||||||
|
|
||||||
public async Task<User> GetUserByIdAsync(Guid userId)
|
public async Task<User> GetUserByIdAsync(Guid userId)
|
||||||
{
|
{
|
||||||
return await _userRepository.GetByIdAsync(userId);
|
return await _userRepository.GetByIdAsync(userId);
|
||||||
|
Loading…
Reference in New Issue
Block a user