Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00
Code Issues Projects Releases Wiki Activity

validate organization licenses

Browse Source
This commit is contained in:
Kyle Spearrin 2017-08-17 00:12:11 -04:00
parent 127ff2d361
commit 4585af5a85
9 changed files with 64 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Core/IdentityServer/ProfileService.cs
View File

@ -37,13 +37,15 @@ namespace Bit.Core.IdentityServer
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
await _licensingService.ValidateOrganizationsAsync();
var existingClaims = context.Subject.Claims;
var newClaims = new List<Claim>();
var user = await _userService.GetUserByPrincipalAsync(context.Subject);
if(user != null)
{
var isPremium = await _licensingService.VerifyUserPremiumAsync(user);
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
newClaims.AddRange(new List<Claim>
{
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),

10
src/Core/Models/Business/OrganizationLicense.cs
View File

@ -140,7 +140,7 @@ namespace Bit.Core.Models.Business
}
}
public bool CanUse(Guid installationId)
public bool CanUse(GlobalSettings globalSettings)
{
if(!Enabled || Issued > DateTime.UtcNow || Expires < DateTime.UtcNow)
{
@ -149,7 +149,7 @@ namespace Bit.Core.Models.Business
if(Version == 1)
{
return InstallationId == installationId && SelfHost;
return InstallationId == globalSettings.Installation.Id && SelfHost;
}
else
{
@ -157,7 +157,7 @@ namespace Bit.Core.Models.Business
}
}
public bool VerifyData(Organization organization)
public bool VerifyData(Organization organization, GlobalSettings globalSettings)
{
if(Issued > DateTime.UtcNow || Expires < DateTime.UtcNow)
{
@ -167,6 +167,7 @@ namespace Bit.Core.Models.Business
if(Version == 1)
{
return
globalSettings.Installation.Id == InstallationId &&
organization.LicenseKey.Equals(LicenseKey) &&
organization.Enabled == Enabled &&
organization.PlanType == PlanType &&
@ -175,7 +176,8 @@ namespace Bit.Core.Models.Business
organization.UseGroups == UseGroups &&
organization.UseDirectory == UseDirectory &&
organization.UseTotp == UseTotp &&
organization.SelfHost == SelfHost;
organization.SelfHost == SelfHost &&
organization.Name.Equals(Name);
}
else
{

1
src/Core/Repositories/IOrganizationRepository.cs
View File

@ -7,6 +7,7 @@ namespace Bit.Core.Repositories
{
public interface IOrganizationRepository : IRepository<Organization, Guid>
{
Task<ICollection<Organization>> GetManyAsync();
Task<ICollection<Organization>> GetManyByUserIdAsync(Guid userId);
Task UpdateStorageAsync(Guid id);
}

12
src/Core/Repositories/SqlServer/OrganizationRepository.cs
View File

@ -19,6 +19,18 @@ namespace Bit.Core.Repositories.SqlServer
: base(connectionString)
{ }
public async Task<ICollection<Organization>> GetManyAsync()
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<Organization>(
"[dbo].[Organization_Read]",
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<ICollection<Organization>> GetManyByUserIdAsync(Guid userId)
{
using(var connection = new SqlConnection(ConnectionString))

4
src/Core/Services/ILicensingService.cs
View File

@ -6,8 +6,8 @@ namespace Bit.Core.Services
{
public interface ILicensingService
{
bool VerifyOrganizationPlan(Organization organization);
Task<bool> VerifyUserPremiumAsync(User user);
Task ValidateOrganizationsAsync();
Task<bool> ValidateUserPremiumAsync(User user);
bool VerifyLicense(ILicense license);
byte[] SignLicense(ILicense license);
}

4
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -548,7 +548,7 @@ namespace Bit.Core.Services
throw new BadRequestException("Invalid license.");
}
if(!license.CanUse(_globalSettings.Installation.Id))
if(!license.CanUse(_globalSettings))
{
throw new BadRequestException("Invalid license. Make sure your license allows for on-premise " +
"hosting of organizations and that the installation id matches your current installation.");
@ -655,7 +655,7 @@ namespace Bit.Core.Services
throw new BadRequestException("Invalid license.");
}
if(!license.CanUse(_globalSettings.Installation.Id))
if(!license.CanUse(_globalSettings))
{
throw new BadRequestException("Invalid license. Make sure your license allows for on-premise " +
"hosting of organizations and that the installation id matches your current installation.");

35
src/Core/Services/Implementations/RsaLicensingService.cs
View File

@ -7,6 +7,7 @@ using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
@ -17,16 +18,20 @@ namespace Bit.Core.Services
{
private readonly X509Certificate2 _certificate;
private readonly GlobalSettings _globalSettings;
private IDictionary<Guid, DateTime> _userCheckCache = new Dictionary<Guid, DateTime>();
private IDictionary<Guid, DateTime> _organizationCheckCache = new Dictionary<Guid, DateTime>();
private readonly IUserRepository _userRepository;
private readonly IOrganizationRepository _organizationRepository;
private IDictionary<Guid, DateTime> _userCheckCache = new Dictionary<Guid, DateTime>();
private DateTime? _organizationCheckCache = null;
public RsaLicensingService(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IHostingEnvironment environment,
GlobalSettings globalSettings)
{
_userRepository = userRepository;
_organizationRepository = organizationRepository;
var certThumbprint = "207e64a231e8aa32aaf68a61037c075ebebd553f";
_globalSettings = globalSettings;
@ -44,23 +49,35 @@ namespace Bit.Core.Services
}
}
public bool VerifyOrganizationPlan(Organization organization)
public async Task ValidateOrganizationsAsync()
{
if(!_globalSettings.SelfHosted)
{
return true;
return;
}
if(!organization.SelfHost)
var now = DateTime.UtcNow;
if(_organizationCheckCache.HasValue && now - _organizationCheckCache.Value < TimeSpan.FromDays(1))
{
return false;
return;
}
_organizationCheckCache = now;
var license = ReadOrganiztionLicense(organization);
return license != null && license.VerifyData(organization) && license.VerifySignature(_certificate);
var orgs = await _organizationRepository.GetManyAsync();
foreach(var org in orgs.Where(o => o.Enabled))
{
var license = ReadOrganiztionLicense(org);
if(license == null || !license.VerifyData(org, _globalSettings) || !license.VerifySignature(_certificate))
{
org.Enabled = false;
org.ExpirationDate = license.Expires;
org.RevisionDate = DateTime.UtcNow;
await _organizationRepository.ReplaceAsync(org);
}
}
}
public async Task<bool> VerifyUserPremiumAsync(User user)
public async Task<bool> ValidateUserPremiumAsync(User user)
{
if(!_globalSettings.SelfHosted)
{

2
src/Core/Services/NoopImplementations/NoopLicensingService.cs
View File

@ -28,7 +28,7 @@ namespace Bit.Core.Services
return true;
}
public Task<bool> VerifyUserPremiumAsync(User user)
public Task<bool> ValidateUserPremiumAsync(User user)
{
return Task.FromResult(user.Premium);
}

11
src/Sql/dbo/Stored Procedures/Organization_Read.sql Normal file
View File

@ -0,0 +1,11 @@
CREATE PROCEDURE [dbo].[Organization_Read]
@Id UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
*
FROM
[dbo].[OrganizationView]
END