Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-22 21:51:22 +01:00
Code Issues Projects Releases Wiki Activity

helper methods for multiple auth schemes

Browse Source
This commit is contained in:
Kyle Spearrin 2017-05-05 21:39:30 -04:00
parent 3daf0bcd18
commit 66c5a9b25d
1 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/Api/Startup.cs
View File

@ -89,14 +89,14 @@ namespace Bit.Api
{
config.AddPolicy("Application", policy =>
{
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2");
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2", "Bearer3");
policy.RequireAuthenticatedUser();
policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod);
});
config.AddPolicy("TwoFactor", policy =>
{
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2");
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2", "Bearer3");
policy.RequireAuthenticatedUser();
policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod);
});
@ -172,7 +172,10 @@ namespace Bit.Api
// Add IdentityServer to the request pipeline.
app.UseIdentityServer();
app.UseIdentityServerAuthentication(GetIdentityOptions(env));
app.UseIdentityServerAuthentication(
GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2"));
app.UseIdentityServerAuthentication(
GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "33656"), "3"));
// Add Jwt authentication to the request pipeline.
app.UseJwtBearerIdentity();
@ -184,35 +187,40 @@ namespace Bit.Api
app.UseMvc();
}
private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env)
private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env,
string authority, string suffix)
{
var options = new IdentityServerAuthenticationOptions
{
Authority = authority,
AllowedScopes = new string[] { "api" },
RequireHttpsMetadata = env.IsProduction(),
ApiName = "api",
NameClaimType = ClaimTypes.Email,
// Version "2" until we retire the old jwt scheme and replace it with this one.
AuthenticationScheme = "Bearer2",
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2")
// Suffix until we retire the old jwt schemes.
AuthenticationScheme = $"Bearer{suffix}",
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(
$"Bearer{suffix}", $"access_token{suffix}")
};
if(env.IsProduction())
{
options.Authority = "https://api.bitwarden.com";
}
else if(env.IsEnvironment("Preview"))
{
options.Authority = "https://preview-api.bitwarden.com";
}
else
{
options.Authority = "http://localhost:4000";
//options.Authority = "http://169.254.80.80:4000"; // for VS Android Emulator
//options.Authority = "http://192.168.1.8:4000"; // Desktop external
}
return options;
}
private string IdentityServerAuthority(IHostingEnvironment env, string subdomain, string port)
{
if(env.IsProduction())
{
return $"https://{subdomain}.bitwarden.com";
}
else if(env.IsEnvironment("Preview"))
{
return $"https://preview-{subdomain}.bitwarden.com";
}
else
{
return $"http://localhost:{port}";
//return $"http://192.168.1.8:{port}"; // Desktop external
}
}
}
}