mirror of
https://github.com/bitwarden/server.git
synced 2024-12-28 17:57:37 +01:00
security stamp validation for passwordless login
This commit is contained in:
parent
82ba3e4c30
commit
e7e0d17ac6
@ -5,6 +5,7 @@ using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.AspNetCore.Routing;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
@ -48,6 +49,10 @@ namespace Bit.Admin
|
||||
|
||||
// Identity
|
||||
services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings);
|
||||
services.Configure<SecurityStampValidatorOptions>(options =>
|
||||
{
|
||||
options.ValidationInterval = TimeSpan.FromMinutes(5);
|
||||
});
|
||||
if(globalSettings.SelfHosted)
|
||||
{
|
||||
services.ConfigureApplicationCookie(options =>
|
||||
|
@ -1,4 +1,4 @@
|
||||
using System.Linq;
|
||||
using System.Collections.Generic;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using Bit.Core.Utilities;
|
||||
@ -26,22 +26,38 @@ namespace Bit.Core.Identity
|
||||
}
|
||||
|
||||
var users = usersCsv.ToLowerInvariant().Split(',');
|
||||
var user = users.Where(a => a.Trim() == normalizedEmail).FirstOrDefault();
|
||||
if(user == null || !user.Contains("@"))
|
||||
var usersDict = new Dictionary<string, string>();
|
||||
foreach(var u in users)
|
||||
{
|
||||
var parts = u.Split(':');
|
||||
if(parts.Length == 2)
|
||||
{
|
||||
var email = parts[0].Trim();
|
||||
var stamp = parts[1].Trim();
|
||||
usersDict.Add(email, stamp);
|
||||
}
|
||||
else
|
||||
{
|
||||
var email = parts[0].Trim();
|
||||
usersDict.Add(email, email);
|
||||
}
|
||||
}
|
||||
|
||||
var userStamp = usersDict.ContainsKey(normalizedEmail) ? usersDict[normalizedEmail] : null;
|
||||
if(userStamp == null)
|
||||
{
|
||||
return Task.FromResult<IdentityUser>(null);
|
||||
}
|
||||
|
||||
user = user.Trim();
|
||||
|
||||
return Task.FromResult(new IdentityUser
|
||||
{
|
||||
Id = user,
|
||||
Email = user,
|
||||
NormalizedEmail = user,
|
||||
Id = normalizedEmail,
|
||||
Email = normalizedEmail,
|
||||
NormalizedEmail = normalizedEmail,
|
||||
EmailConfirmed = true,
|
||||
UserName = user,
|
||||
NormalizedUserName = user,
|
||||
SecurityStamp = user
|
||||
UserName = normalizedEmail,
|
||||
NormalizedUserName = normalizedEmail,
|
||||
SecurityStamp = userStamp
|
||||
});
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user