From 54711e634b609e2de4c0ddaad617bf500c832f3c Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Wed, 11 Jan 2017 18:48:16 -0500 Subject: [PATCH] added correct backwards compat claims --- src/Core/Identity/ProfileService.cs | 4 +--- .../Identity/ResourceOwnerPasswordValidator.cs | 17 +++++++++-------- src/Core/Identity/Resources.cs | 8 ++++++-- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/Core/Identity/ProfileService.cs b/src/Core/Identity/ProfileService.cs index 600fa1420..0dc9aafe2 100644 --- a/src/Core/Identity/ProfileService.cs +++ b/src/Core/Identity/ProfileService.cs @@ -3,7 +3,6 @@ using System.Threading.Tasks; using IdentityServer4.Models; using Bit.Core.Repositories; using Bit.Core.Services; -using System.Security.Claims; namespace Bit.Core.Identity { @@ -22,8 +21,7 @@ namespace Bit.Core.Identity public Task GetProfileDataAsync(ProfileDataRequestContext context) { - // TODO: load proper claims for user - context.AddFilteredClaims(new Claim[] { new Claim(ClaimTypes.AuthenticationMethod, "Application") }); + context.AddFilteredClaims(context.IssuedClaims); return Task.FromResult(0); } diff --git a/src/Core/Identity/ResourceOwnerPasswordValidator.cs b/src/Core/Identity/ResourceOwnerPasswordValidator.cs index e121cb5d8..74f26e246 100644 --- a/src/Core/Identity/ResourceOwnerPasswordValidator.cs +++ b/src/Core/Identity/ResourceOwnerPasswordValidator.cs @@ -1,5 +1,4 @@ using Bit.Core.Domains; -using Bit.Core.Repositories; using IdentityServer4.Models; using IdentityServer4.Validation; using Microsoft.AspNetCore.Identity; @@ -10,27 +9,29 @@ namespace Bit.Core.Identity { public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator { - private readonly IUserRepository _userRepository; private readonly UserManager _userManager; public ResourceOwnerPasswordValidator( - IUserRepository userRepository, UserManager userManager) { - _userRepository = userRepository; _userManager = userManager; } public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context) { - var user = await _userRepository.GetByEmailAsync(context.UserName.ToLowerInvariant()); + var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant()); if(user != null) { if(await _userManager.CheckPasswordAsync(user, context.Password)) { - // TODO: proper claims and auth method - context.Result = new GrantValidationResult(subject: user.Id.ToString(), authenticationMethod: "Application", - identityProvider: "bitwarden", claims: new Claim[] { new Claim(ClaimTypes.AuthenticationMethod, "Application") }); + context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden", + claims: new Claim[] { + // Deprecated claims for backwards compatability + new Claim("authmethod", "Application"), + new Claim("nameid", user.Id.ToString()), + new Claim("email", user.Email.ToString()), + new Claim("securitystamp", user.SecurityStamp) + }); return; } } diff --git a/src/Core/Identity/Resources.cs b/src/Core/Identity/Resources.cs index 0ed65914b..01a999e54 100644 --- a/src/Core/Identity/Resources.cs +++ b/src/Core/Identity/Resources.cs @@ -1,6 +1,5 @@ using IdentityServer4.Models; using System.Collections.Generic; -using System.Security.Claims; namespace Bit.Core.Identity { @@ -10,7 +9,12 @@ namespace Bit.Core.Identity { return new List { - new ApiResource("api", "Vault API", new string[] { ClaimTypes.AuthenticationMethod }) + new ApiResource("api", "Vault API", new string[] { + "authmethod", + "nameid", + "email", + "securitystamp" + }) }; } }