1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-26 17:37:36 +01:00

fire up events for identityserver validation scheme

This commit is contained in:
Kyle Spearrin 2017-01-16 22:02:12 -05:00
parent 49f7857d2e
commit d2b97bb3e8
4 changed files with 50 additions and 16 deletions

View File

@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Identity;
using Bit.Core.Domains;
using Bit.Core.Enums;
using Bit.Core;
using System.Security.Claims;
using System.Linq;
namespace Bit.Api.Controllers
@ -64,7 +63,6 @@ namespace Bit.Api.Controllers
[HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
{
await Task.Delay(2000);
@ -152,9 +150,8 @@ namespace Bit.Api.Controllers
}
[HttpGet("profile")]
public async Task<ProfileResponseModel> GetProfile()
public ProfileResponseModel GetProfile()
{
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
var response = new ProfileResponseModel(_currentContext.User);
return response;
}
@ -170,17 +167,17 @@ namespace Bit.Api.Controllers
}
[HttpGet("revision-date")]
public async Task<long?> GetAccountRevisionDate()
public long? GetAccountRevisionDate()
{
var userId = _userService.GetProperUserId(User);
long? revisionDate = null;
if(userId.HasValue)
{
var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
}
//var userId = _userService.GetProperUserId(User);
//long? revisionDate = null;
//if(userId.HasValue)
//{
// var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
// revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
//}
return revisionDate;
return Core.Utilities.CoreHelpers.EpocMilliseconds(_currentContext.User.AccountRevisionDate);
}
[HttpGet("two-factor")]

View File

@ -25,7 +25,6 @@ using AspNetCoreRateLimit;
using Bit.Api.Middleware;
using IdentityServer4.Validation;
using IdentityServer4.Services;
using IdentityModel.AspNetCore.OAuth2Introspection;
using IdentityServer4.Stores;
using Bit.Core.Utilities;
using Serilog;
@ -254,8 +253,15 @@ namespace Bit.Api
Authority = env.IsProduction() ? "https://api.bitwarden.com" : "http://localhost:4000",
RequireHttpsMetadata = env.IsProduction(),
ApiName = "Vault API",
NameClaimType = ClaimTypes.Email,
// Version "2" until we retire the old jwt scheme and replace it with this one.
AuthenticationScheme = "Bearer2",
TokenRetriever = TokenRetrieval.FromAuthorizationHeader("Bearer2")
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2"),
JwtBearerEvents = new JwtBearerEvents
{
OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync,
OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync
}
});
// Add Jwt authentication to the request pipeline.

View File

@ -47,7 +47,8 @@ namespace Bit.Core.Identity
if(!context.HttpContext.User.Identity.IsAuthenticated)
{
context.State = EventResultState.HandledResponse;
context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(), context.Options.AuthenticationScheme);
context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(),
context.Options.AuthenticationScheme);
}
return Task.FromResult(0);

View File

@ -0,0 +1,30 @@
using Microsoft.AspNetCore.Http;
using System;
using System.Linq;
namespace Bit.Core.Identity
{
public static class TokenRetrieval
{
public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString(string headerScheme = "Bearer",
string qsName = "account_token")
{
return (request) =>
{
string authorization = request.Headers["Authorization"].FirstOrDefault();
if(string.IsNullOrWhiteSpace(authorization))
{
return request.Query[qsName].FirstOrDefault();
}
if(authorization.StartsWith(headerScheme + " ", StringComparison.OrdinalIgnoreCase))
{
return authorization.Substring(headerScheme.Length + 1).Trim();
}
return null;
};
}
}
}