using Bit.Core.Enums; using Bit.Core.Identity; using Bit.Core.IdentityServer; using Bit.Core.Models.Table; using Bit.Core.Repositories; using Bit.Core.Services; using IdentityModel; using IdentityServer4.Services; using IdentityServer4.Stores; using IdentityServer4.Validation; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.WindowsAzure.Storage; using System; using SqlServerRepos = Bit.Core.Repositories.SqlServer; namespace Bit.Core.Utilities { public static class ServiceCollectionExtensions { public static void AddSqlServerRepositories(this IServiceCollection services) { services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); } public static void AddBaseServices(this IServiceCollection services) { services.AddSingleton(); services.AddScoped(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); } public static void AddDefaultServices(this IServiceCollection services) { services.AddSingleton(); services.AddSingleton(); #if NET461 services.AddSingleton(); services.AddSingleton(); #else services.AddSingleton(); services.AddSingleton(); #endif services.AddSingleton(); services.AddSingleton(); } public static void AddNoopServices(this IServiceCollection services) { services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); } public static IdentityBuilder AddCustomIdentityServices( this IServiceCollection services, GlobalSettings globalSettings) { services.AddTransient(); services.Configure(options => { options.TokenLifespan = TimeSpan.FromDays(30); }); var identityBuilder = services.AddIdentity(options => { options.User = new UserOptions { RequireUniqueEmail = true, AllowedUserNameCharacters = null // all }; options.Password = new PasswordOptions { RequireDigit = false, RequireLowercase = false, RequiredLength = 8, RequireNonAlphanumeric = false, RequireUppercase = false }; options.ClaimsIdentity = new ClaimsIdentityOptions { SecurityStampClaimType = "sstamp", UserNameClaimType = JwtClaimTypes.Email, UserIdClaimType = JwtClaimTypes.Subject, }; options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider; }); identityBuilder .AddUserStore() .AddRoleStore() .AddTokenProvider>(TokenOptions.DefaultProvider) .AddTokenProvider(TwoFactorProviderType.Authenticator.ToString()) .AddTokenProvider(TwoFactorProviderType.YubiKey.ToString()) .AddTokenProvider(TwoFactorProviderType.Duo.ToString()) .AddTokenProvider(TwoFactorProviderType.U2f.ToString()) .AddTokenProvider(TwoFactorProviderType.Remember.ToString()) .AddTokenProvider>(TokenOptions.DefaultEmailProvider); return identityBuilder; } public static IIdentityServerBuilder AddCustomIdentityServerServices( this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings) { var identityServerBuilder = services .AddIdentityServer(options => { options.Endpoints.EnableAuthorizeEndpoint = false; options.Endpoints.EnableIntrospectionEndpoint = false; options.Endpoints.EnableEndSessionEndpoint = false; options.Endpoints.EnableUserInfoEndpoint = false; options.Endpoints.EnableCheckSessionEndpoint = false; options.Endpoints.EnableTokenRevocationEndpoint = false; options.IssuerUri = globalSettings.BaseServiceUri.InternalIdentity; }) .AddInMemoryApiResources(ApiResources.GetApiResources()) .AddInMemoryClients(Clients.GetClients()); services.AddTransient(); if(env.IsDevelopment()) { identityServerBuilder.AddTemporarySigningCredential(); } else { var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint); identityServerBuilder.AddSigningCredential(identityServerCert); } services.AddScoped(); services.AddScoped(); services.AddSingleton(); return identityServerBuilder; } public static void AddCustomDataProtectionServices( this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings) { #if NET461 if(!env.IsDevelopment()) { var dataProtectionCert = CoreHelpers.GetCertificate(globalSettings.DataProtection.CertificateThumbprint); var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString); services.AddDataProtection() .PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml") .ProtectKeysWithCertificate(dataProtectionCert); } #endif } public static GlobalSettings AddGlobalSettingsServices(this IServiceCollection services, IConfigurationRoot root) { var globalSettings = new GlobalSettings(); ConfigurationBinder.Bind(root.GetSection("GlobalSettings"), globalSettings); services.AddSingleton(s => globalSettings); return globalSettings; } public static void UseForwardedHeadersForAzure(this IApplicationBuilder app) { // ref: https://github.com/aspnet/Docs/issues/2384 var forwardOptions = new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto, RequireHeaderSymmetry = false }; forwardOptions.KnownNetworks.Clear(); forwardOptions.KnownProxies.Clear(); app.UseForwardedHeaders(forwardOptions); } } }