1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00

security stamp validation for passwordless login

This commit is contained in:
Kyle Spearrin 2019-01-17 16:07:24 -05:00
parent 82ba3e4c30
commit e7e0d17ac6
2 changed files with 32 additions and 11 deletions

View File

@ -5,6 +5,7 @@ using Bit.Core.Utilities;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
@ -48,6 +49,10 @@ namespace Bit.Admin
// Identity
services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings);
services.Configure<SecurityStampValidatorOptions>(options =>
{
options.ValidationInterval = TimeSpan.FromMinutes(5);
});
if(globalSettings.SelfHosted)
{
services.ConfigureApplicationCookie(options =>

View File

@ -1,4 +1,4 @@
using System.Linq;
using System.Collections.Generic;
using System.Threading;
using System.Threading.Tasks;
using Bit.Core.Utilities;
@ -26,22 +26,38 @@ namespace Bit.Core.Identity
}
var users = usersCsv.ToLowerInvariant().Split(',');
var user = users.Where(a => a.Trim() == normalizedEmail).FirstOrDefault();
if(user == null || !user.Contains("@"))
var usersDict = new Dictionary<string, string>();
foreach(var u in users)
{
var parts = u.Split(':');
if(parts.Length == 2)
{
var email = parts[0].Trim();
var stamp = parts[1].Trim();
usersDict.Add(email, stamp);
}
else
{
var email = parts[0].Trim();
usersDict.Add(email, email);
}
}
var userStamp = usersDict.ContainsKey(normalizedEmail) ? usersDict[normalizedEmail] : null;
if(userStamp == null)
{
return Task.FromResult<IdentityUser>(null);
}
user = user.Trim();
return Task.FromResult(new IdentityUser
{
Id = user,
Email = user,
NormalizedEmail = user,
Id = normalizedEmail,
Email = normalizedEmail,
NormalizedEmail = normalizedEmail,
EmailConfirmed = true,
UserName = user,
NormalizedUserName = user,
SecurityStamp = user
UserName = normalizedEmail,
NormalizedUserName = normalizedEmail,
SecurityStamp = userStamp
});
}