From d2b97bb3e8cdbc3af566bbcad05853cde2a38354 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Mon, 16 Jan 2017 22:02:12 -0500 Subject: [PATCH] fire up events for identityserver validation scheme --- src/Api/Controllers/AccountsController.cs | 23 +++++++------- src/Api/Startup.cs | 10 +++++-- .../Identity/JwtBearerEventImplementations.cs | 3 +- src/Core/Identity/TokenRetrieval.cs | 30 +++++++++++++++++++ 4 files changed, 50 insertions(+), 16 deletions(-) create mode 100644 src/Core/Identity/TokenRetrieval.cs diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs index 8da02bcdf..83f1cc17e 100644 --- a/src/Api/Controllers/AccountsController.cs +++ b/src/Api/Controllers/AccountsController.cs @@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Identity; using Bit.Core.Domains; using Bit.Core.Enums; using Bit.Core; -using System.Security.Claims; using System.Linq; namespace Bit.Api.Controllers @@ -64,7 +63,6 @@ namespace Bit.Api.Controllers [HttpPost("email-token")] public async Task PostEmailToken([FromBody]EmailTokenRequestModel model) { - _currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User)); if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash)) { await Task.Delay(2000); @@ -152,9 +150,8 @@ namespace Bit.Api.Controllers } [HttpGet("profile")] - public async Task GetProfile() + public ProfileResponseModel GetProfile() { - _currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User)); var response = new ProfileResponseModel(_currentContext.User); return response; } @@ -170,17 +167,17 @@ namespace Bit.Api.Controllers } [HttpGet("revision-date")] - public async Task GetAccountRevisionDate() + public long? GetAccountRevisionDate() { - var userId = _userService.GetProperUserId(User); - long? revisionDate = null; - if(userId.HasValue) - { - var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value); - revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date); - } + //var userId = _userService.GetProperUserId(User); + //long? revisionDate = null; + //if(userId.HasValue) + //{ + // var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value); + // revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date); + //} - return revisionDate; + return Core.Utilities.CoreHelpers.EpocMilliseconds(_currentContext.User.AccountRevisionDate); } [HttpGet("two-factor")] diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index ef870d056..f5a598da4 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -25,7 +25,6 @@ using AspNetCoreRateLimit; using Bit.Api.Middleware; using IdentityServer4.Validation; using IdentityServer4.Services; -using IdentityModel.AspNetCore.OAuth2Introspection; using IdentityServer4.Stores; using Bit.Core.Utilities; using Serilog; @@ -254,8 +253,15 @@ namespace Bit.Api Authority = env.IsProduction() ? "https://api.bitwarden.com" : "http://localhost:4000", RequireHttpsMetadata = env.IsProduction(), ApiName = "Vault API", + NameClaimType = ClaimTypes.Email, + // Version "2" until we retire the old jwt scheme and replace it with this one. AuthenticationScheme = "Bearer2", - TokenRetriever = TokenRetrieval.FromAuthorizationHeader("Bearer2") + TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2"), + JwtBearerEvents = new JwtBearerEvents + { + OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync, + OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync + } }); // Add Jwt authentication to the request pipeline. diff --git a/src/Core/Identity/JwtBearerEventImplementations.cs b/src/Core/Identity/JwtBearerEventImplementations.cs index ccd5f7a0a..beebe465c 100644 --- a/src/Core/Identity/JwtBearerEventImplementations.cs +++ b/src/Core/Identity/JwtBearerEventImplementations.cs @@ -47,7 +47,8 @@ namespace Bit.Core.Identity if(!context.HttpContext.User.Identity.IsAuthenticated) { context.State = EventResultState.HandledResponse; - context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(), context.Options.AuthenticationScheme); + context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(), + context.Options.AuthenticationScheme); } return Task.FromResult(0); diff --git a/src/Core/Identity/TokenRetrieval.cs b/src/Core/Identity/TokenRetrieval.cs new file mode 100644 index 000000000..da55cb7fe --- /dev/null +++ b/src/Core/Identity/TokenRetrieval.cs @@ -0,0 +1,30 @@ +using Microsoft.AspNetCore.Http; +using System; +using System.Linq; + +namespace Bit.Core.Identity +{ + public static class TokenRetrieval + { + public static Func FromAuthorizationHeaderOrQueryString(string headerScheme = "Bearer", + string qsName = "account_token") + { + return (request) => + { + string authorization = request.Headers["Authorization"].FirstOrDefault(); + + if(string.IsNullOrWhiteSpace(authorization)) + { + return request.Query[qsName].FirstOrDefault(); + } + + if(authorization.StartsWith(headerScheme + " ", StringComparison.OrdinalIgnoreCase)) + { + return authorization.Substring(headerScheme.Length + 1).Trim(); + } + + return null; + }; + } + } +}