added correct backwards compat claims

2024-11-25 12:45:18 +01:00 · 2017-01-11 18:48:16 -05:00 · 2017-01-11 18:48:16 -05:00 · 54711e634b
commit 54711e634b
parent 77ca47a266
3 changed files with 16 additions and 13 deletions
--- a/src/Core/Identity/ProfileService.cs
+++ b/src/Core/Identity/ProfileService.cs
@ -3,7 +3,6 @@ using System.Threading.Tasks;
 using IdentityServer4.Models;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
-using System.Security.Claims;

 namespace Bit.Core.Identity
 {
@ -22,8 +21,7 @@ namespace Bit.Core.Identity

        public Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
-            // TODO: load proper claims for user
-            context.AddFilteredClaims(new Claim[] { new Claim(ClaimTypes.AuthenticationMethod, "Application") });
+            context.AddFilteredClaims(context.IssuedClaims);
            return Task.FromResult(0);
        }

--- a/src/Core/Identity/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/Identity/ResourceOwnerPasswordValidator.cs
@ -1,5 +1,4 @@
 using Bit.Core.Domains;
-using Bit.Core.Repositories;
 using IdentityServer4.Models;
 using IdentityServer4.Validation;
 using Microsoft.AspNetCore.Identity;
@ -10,27 +9,29 @@ namespace Bit.Core.Identity
 {
    public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
    {
-        private readonly IUserRepository _userRepository;
        private readonly UserManager<User> _userManager;

        public ResourceOwnerPasswordValidator(
-            IUserRepository userRepository,
            UserManager<User> userManager)
        {
-            _userRepository = userRepository;
            _userManager = userManager;
        }

        public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
-            var user = await _userRepository.GetByEmailAsync(context.UserName.ToLowerInvariant());
+            var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
            if(user != null)
            {
                if(await _userManager.CheckPasswordAsync(user, context.Password))
                {
-                    // TODO: proper claims and auth method
-                    context.Result = new GrantValidationResult(subject: user.Id.ToString(), authenticationMethod: "Application",
-                         identityProvider: "bitwarden", claims: new Claim[] { new Claim(ClaimTypes.AuthenticationMethod, "Application") });
+                    context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
+                        claims: new Claim[] {
+                            // Deprecated claims for backwards compatability
+                            new Claim("authmethod", "Application"),
+                            new Claim("nameid", user.Id.ToString()),
+                            new Claim("email", user.Email.ToString()),
+                            new Claim("securitystamp", user.SecurityStamp)
+                        });
                    return;
                }
            }
--- a/src/Core/Identity/Resources.cs
+++ b/src/Core/Identity/Resources.cs
@ -1,6 +1,5 @@
 using IdentityServer4.Models;
 using System.Collections.Generic;
-using System.Security.Claims;

 namespace Bit.Core.Identity
 {
@ -10,7 +9,12 @@ namespace Bit.Core.Identity
        {
            return new List<ApiResource>
            {
-                new ApiResource("api", "Vault API", new string[] { ClaimTypes.AuthenticationMethod })
+                new ApiResource("api", "Vault API", new string[] {
+                    "authmethod",
+                    "nameid",
+                    "email",
+                    "securitystamp"
+                })
            };
        }
    }