Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00
Code Issues Projects Releases Wiki Activity

org API clients

Browse Source
This commit is contained in:
Kyle Spearrin 2019-02-26 17:01:33 -05:00
parent c1c49fb67e
commit 5923b4c9bd
3 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/Startup.cs
View File

@ -94,6 +94,11 @@ namespace Bit.Api
policy.RequireAuthenticatedUser(); policy.RequireAuthenticatedUser();
policy.RequireClaim(JwtClaimTypes.Scope, "api.licensing"); policy.RequireClaim(JwtClaimTypes.Scope, "api.licensing");
}); });
config.AddPolicy("Organization", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim(JwtClaimTypes.Scope, "api.organization");
});
}); });
services.AddScoped<AuthenticatorTokenProvider>(); services.AddScoped<AuthenticatorTokenProvider>();

3
src/Core/IdentityServer/ApiResources.cs
View File

@ -24,7 +24,8 @@ namespace Bit.Core.IdentityServer
}), }),
new ApiResource("internal", new string[] { JwtClaimTypes.Subject }), new ApiResource("internal", new string[] { JwtClaimTypes.Subject }),
new ApiResource("api.push", new string[] { JwtClaimTypes.Subject }), new ApiResource("api.push", new string[] { JwtClaimTypes.Subject }),
new ApiResource("api.licensing", new string[] { JwtClaimTypes.Subject }) new ApiResource("api.licensing", new string[] { JwtClaimTypes.Subject }),
new ApiResource("api.organization", new string[] { JwtClaimTypes.Subject })
}; };
} }
} }

25
src/Core/IdentityServer/ClientStore.cs
View File

@ -15,13 +15,16 @@ namespace Bit.Core.IdentityServer
private static IDictionary<string, Client> _apiClients = StaticClients.GetApiClients(); private static IDictionary<string, Client> _apiClients = StaticClients.GetApiClients();
private readonly IInstallationRepository _installationRepository; private readonly IInstallationRepository _installationRepository;
private readonly IOrganizationRepository _organizationRepository;
private readonly GlobalSettings _globalSettings; private readonly GlobalSettings _globalSettings;
public ClientStore( public ClientStore(
IInstallationRepository installationRepository, IInstallationRepository installationRepository,
IOrganizationRepository organizationRepository,
GlobalSettings globalSettings) GlobalSettings globalSettings)
{ {
_installationRepository = installationRepository; _installationRepository = installationRepository;
_organizationRepository = organizationRepository;
_globalSettings = globalSettings; _globalSettings = globalSettings;
} }
@ -72,6 +75,28 @@ namespace Bit.Core.IdentityServer
} }
} }
} }
else if(clientId.StartsWith("organization."))
{
var idParts = clientId.Split('.');
if(idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
{
var org = await _organizationRepository.GetByIdAsync(id);
if(org != null)
{
return new Client
{
ClientId = $"organization.{org.Id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(org.Id.ToString().Sha256()) }, // TODO: org.ApiKey
AllowedScopes = new string[] { "api.organization" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 1,
Enabled = org.Enabled, // TODO: && org.UseApi
Claims = new List<Claim> { new Claim(JwtClaimTypes.Subject, org.Id.ToString()) }
};
}
}
}
return _apiClients.ContainsKey(clientId) ? _apiClients[clientId] : null; return _apiClients.ContainsKey(clientId) ? _apiClients[clientId] : null;
} }