Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity

fire up events for identityserver validation scheme

Browse Source
This commit is contained in:
Kyle Spearrin 2017-01-16 22:02:12 -05:00
parent 49f7857d2e
commit d2b97bb3e8
4 changed files with 50 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/Api/Controllers/AccountsController.cs
View File

@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Identity;
using Bit.Core.Domains; using Bit.Core.Domains;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core; using Bit.Core;
using System.Security.Claims;
using System.Linq; using System.Linq;
namespace Bit.Api.Controllers namespace Bit.Api.Controllers
@ -64,7 +63,6 @@ namespace Bit.Api.Controllers
[HttpPost("email-token")] [HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model) public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{ {
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash)) if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
{ {
await Task.Delay(2000); await Task.Delay(2000);
@ -152,9 +150,8 @@ namespace Bit.Api.Controllers
} }
[HttpGet("profile")] [HttpGet("profile")]
public async Task<ProfileResponseModel> GetProfile() public ProfileResponseModel GetProfile()
{ {
_currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
var response = new ProfileResponseModel(_currentContext.User); var response = new ProfileResponseModel(_currentContext.User);
return response; return response;
} }
@ -170,17 +167,17 @@ namespace Bit.Api.Controllers
} }
[HttpGet("revision-date")] [HttpGet("revision-date")]
public async Task<long?> GetAccountRevisionDate() public long? GetAccountRevisionDate()
{ {
var userId = _userService.GetProperUserId(User); //var userId = _userService.GetProperUserId(User);
long? revisionDate = null; //long? revisionDate = null;
if(userId.HasValue) //if(userId.HasValue)
{ //{
var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value); // var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date); // revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
} //}
return revisionDate; return Core.Utilities.CoreHelpers.EpocMilliseconds(_currentContext.User.AccountRevisionDate);
} }
[HttpGet("two-factor")] [HttpGet("two-factor")]

10
src/Api/Startup.cs
View File

@ -25,7 +25,6 @@ using AspNetCoreRateLimit;
using Bit.Api.Middleware; using Bit.Api.Middleware;
using IdentityServer4.Validation; using IdentityServer4.Validation;
using IdentityServer4.Services; using IdentityServer4.Services;
using IdentityModel.AspNetCore.OAuth2Introspection;
using IdentityServer4.Stores; using IdentityServer4.Stores;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using Serilog; using Serilog;
@ -254,8 +253,15 @@ namespace Bit.Api
Authority = env.IsProduction() ? "https://api.bitwarden.com" : "http://localhost:4000", Authority = env.IsProduction() ? "https://api.bitwarden.com" : "http://localhost:4000",
RequireHttpsMetadata = env.IsProduction(), RequireHttpsMetadata = env.IsProduction(),
ApiName = "Vault API", ApiName = "Vault API",
NameClaimType = ClaimTypes.Email,
// Version "2" until we retire the old jwt scheme and replace it with this one.
AuthenticationScheme = "Bearer2", AuthenticationScheme = "Bearer2",
TokenRetriever = TokenRetrieval.FromAuthorizationHeader("Bearer2") TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2"),
JwtBearerEvents = new JwtBearerEvents
{
OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync,
OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync
}
}); });
// Add Jwt authentication to the request pipeline. // Add Jwt authentication to the request pipeline.

3
src/Core/Identity/JwtBearerEventImplementations.cs
View File

@ -47,7 +47,8 @@ namespace Bit.Core.Identity
if(!context.HttpContext.User.Identity.IsAuthenticated) if(!context.HttpContext.User.Identity.IsAuthenticated)
{ {
context.State = EventResultState.HandledResponse; context.State = EventResultState.HandledResponse;
context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(), context.Options.AuthenticationScheme); context.Ticket = new AuthenticationTicket(context.HttpContext.User, new AuthenticationProperties(),
context.Options.AuthenticationScheme);
} }
return Task.FromResult(0); return Task.FromResult(0);

30
src/Core/Identity/TokenRetrieval.cs Normal file
View File

@ -0,0 +1,30 @@
using Microsoft.AspNetCore.Http;
using System;
using System.Linq;
namespace Bit.Core.Identity
{
public static class TokenRetrieval
{
public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString(string headerScheme = "Bearer",
string qsName = "account_token")
{
return (request) =>
{
string authorization = request.Headers["Authorization"].FirstOrDefault();
if(string.IsNullOrWhiteSpace(authorization))
{
return request.Query[qsName].FirstOrDefault();
}
if(authorization.StartsWith(headerScheme + " ", StringComparison.OrdinalIgnoreCase))
{
return authorization.Substring(headerScheme.Length + 1).Trim();
}
return null;
};
}
}
}