mirror of
https://github.com/bitwarden/server.git
synced 2024-12-26 17:37:36 +01:00
fire up events for identityserver validation scheme
This commit is contained in:
parent
49f7857d2e
commit
d2b97bb3e8
@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Identity;
|
||||
using Bit.Core.Domains;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core;
|
||||
using System.Security.Claims;
|
||||
using System.Linq;
|
||||
|
||||
namespace Bit.Api.Controllers
|
||||
@ -64,7 +63,6 @@ namespace Bit.Api.Controllers
|
||||
[HttpPost("email-token")]
|
||||
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
|
||||
{
|
||||
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
|
||||
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
|
||||
{
|
||||
await Task.Delay(2000);
|
||||
@ -152,9 +150,8 @@ namespace Bit.Api.Controllers
|
||||
}
|
||||
|
||||
[HttpGet("profile")]
|
||||
public async Task<ProfileResponseModel> GetProfile()
|
||||
public ProfileResponseModel GetProfile()
|
||||
{
|
||||
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
|
||||
var response = new ProfileResponseModel(_currentContext.User);
|
||||
return response;
|
||||
}
|
||||
@ -170,17 +167,17 @@ namespace Bit.Api.Controllers
|
||||
}
|
||||
|
||||
[HttpGet("revision-date")]
|
||||
public async Task<long?> GetAccountRevisionDate()
|
||||
public long? GetAccountRevisionDate()
|
||||
{
|
||||
var userId = _userService.GetProperUserId(User);
|
||||
long? revisionDate = null;
|
||||
if(userId.HasValue)
|
||||
{
|
||||
var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
|
||||
revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
|
||||
}
|
||||
//var userId = _userService.GetProperUserId(User);
|
||||
//long? revisionDate = null;
|
||||
//if(userId.HasValue)
|
||||
//{
|
||||
// var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
|
||||
// revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
|
||||
//}
|
||||
|
||||
return revisionDate;
|
||||
return Core.Utilities.CoreHelpers.EpocMilliseconds(_currentContext.User.AccountRevisionDate);
|
||||
}
|
||||
|
||||
[HttpGet("two-factor")]
|
||||
|
@ -25,7 +25,6 @@ using AspNetCoreRateLimit;
|
||||
using Bit.Api.Middleware;
|
||||
using IdentityServer4.Validation;
|
||||
using IdentityServer4.Services;
|
||||
using IdentityModel.AspNetCore.OAuth2Introspection;
|
||||
using IdentityServer4.Stores;
|
||||
using Bit.Core.Utilities;
|
||||
using Serilog;
|
||||
@ -254,8 +253,15 @@ namespace Bit.Api
|
||||
Authority = env.IsProduction() ? "https://api.bitwarden.com" : "http://localhost:4000",
|
||||
RequireHttpsMetadata = env.IsProduction(),
|
||||
ApiName = "Vault API",
|
||||
NameClaimType = ClaimTypes.Email,
|
||||
// Version "2" until we retire the old jwt scheme and replace it with this one.
|
||||
AuthenticationScheme = "Bearer2",
|
||||
TokenRetriever = TokenRetrieval.FromAuthorizationHeader("Bearer2")
|
||||
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2"),
|
||||
JwtBearerEvents = new JwtBearerEvents
|
||||
{
|
||||
OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync,
|
||||
OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync
|
||||
}
|
||||
});
|
||||
|
||||
// Add Jwt authentication to the request pipeline.
|
||||
|
@ -47,7 +47,8 @@ namespace Bit.Core.Identity
|
||||
if(!context.HttpContext.User.Identity.IsAuthenticated)
|
||||
{
|
||||
context.State = EventResultState.HandledResponse;
|
||||
context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(), context.Options.AuthenticationScheme);
|
||||
context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(),
|
||||
context.Options.AuthenticationScheme);
|
||||
}
|
||||
|
||||
return Task.FromResult(0);
|
||||
|
30
src/Core/Identity/TokenRetrieval.cs
Normal file
30
src/Core/Identity/TokenRetrieval.cs
Normal file
@ -0,0 +1,30 @@
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using System;
|
||||
using System.Linq;
|
||||
|
||||
namespace Bit.Core.Identity
|
||||
{
|
||||
public static class TokenRetrieval
|
||||
{
|
||||
public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString(string headerScheme = "Bearer",
|
||||
string qsName = "account_token")
|
||||
{
|
||||
return (request) =>
|
||||
{
|
||||
string authorization = request.Headers["Authorization"].FirstOrDefault();
|
||||
|
||||
if(string.IsNullOrWhiteSpace(authorization))
|
||||
{
|
||||
return request.Query[qsName].FirstOrDefault();
|
||||
}
|
||||
|
||||
if(authorization.StartsWith(headerScheme + " ", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
return authorization.Substring(headerScheme.Length + 1).Trim();
|
||||
}
|
||||
|
||||
return null;
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user