using Bit.Core.Enums; using Bit.Core.Identity; using Bit.Core.IdentityServer; using Bit.Core.Models.Table; using Bit.Core.Repositories; using Bit.Core.Services; using IdentityModel; using IdentityServer4.Services; using IdentityServer4.Stores; using IdentityServer4.Validation; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.AspNetCore.Http; using Microsoft.WindowsAzure.Storage; using System; using System.IO; using SqlServerRepos = Bit.Core.Repositories.SqlServer; using System.Threading.Tasks; using TableStorageRepos = Bit.Core.Repositories.TableStorage; namespace Bit.Core.Utilities { public static class ServiceCollectionExtensions { public static void AddSqlServerRepositories(this IServiceCollection services, GlobalSettings globalSettings) { services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); if(globalSettings.SelfHosted) { services.AddSingleton(); } else { services.AddSingleton(); } } public static void AddBaseServices(this IServiceCollection services) { services.AddScoped(); services.AddScoped(); services.AddScoped(); services.AddScoped(); services.AddScoped(); services.AddScoped(); services.AddSingleton(); } public static void AddDefaultServices(this IServiceCollection services, GlobalSettings globalSettings) { services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); if(CoreHelpers.SettingHasValue(globalSettings.Mail.SendGridApiKey)) { services.AddSingleton(); } else if(CoreHelpers.SettingHasValue(globalSettings.Mail?.Smtp?.Host)) { services.AddSingleton(); } else { services.AddSingleton(); } if(globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.PushRelayBaseUri) && globalSettings.Installation?.Id != null && CoreHelpers.SettingHasValue(globalSettings.Installation?.Key)) { services.AddSingleton(); services.AddSingleton(); } #if NET47 else if(!globalSettings.SelfHosted) { services.AddSingleton(); services.AddSingleton(); } #endif else { services.AddSingleton(); services.AddSingleton(); } if(!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage.ConnectionString)) { services.AddSingleton(); } else { services.AddSingleton(); } if(!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage.ConnectionString)) { services.AddSingleton(); } else if(globalSettings.SelfHosted) { services.AddSingleton(); } else { services.AddSingleton(); } if(CoreHelpers.SettingHasValue(globalSettings.Attachment.ConnectionString)) { services.AddSingleton(); } else if(CoreHelpers.SettingHasValue(globalSettings.Attachment.BaseDirectory)) { services.AddSingleton(); } else { services.AddSingleton(); } } public static void AddNoopServices(this IServiceCollection services) { services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); services.AddSingleton(); } public static IdentityBuilder AddCustomIdentityServices( this IServiceCollection services, GlobalSettings globalSettings) { services.AddTransient(); services.Configure(options => { options.TokenLifespan = TimeSpan.FromDays(30); }); var identityBuilder = services.AddIdentityWithoutCookieAuth(options => { options.User = new UserOptions { RequireUniqueEmail = true, AllowedUserNameCharacters = null // all }; options.Password = new PasswordOptions { RequireDigit = false, RequireLowercase = false, RequiredLength = 8, RequireNonAlphanumeric = false, RequireUppercase = false }; options.ClaimsIdentity = new ClaimsIdentityOptions { SecurityStampClaimType = "sstamp", UserNameClaimType = JwtClaimTypes.Email, UserIdClaimType = JwtClaimTypes.Subject }; options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider; }); identityBuilder .AddUserStore() .AddRoleStore() .AddTokenProvider>(TokenOptions.DefaultProvider) .AddTokenProvider(TwoFactorProviderType.Authenticator.ToString()) .AddTokenProvider(TwoFactorProviderType.YubiKey.ToString()) .AddTokenProvider(TwoFactorProviderType.Duo.ToString()) .AddTokenProvider(TwoFactorProviderType.U2f.ToString()) .AddTokenProvider(TwoFactorProviderType.Remember.ToString()) .AddTokenProvider>(TokenOptions.DefaultEmailProvider); return identityBuilder; } public static IIdentityServerBuilder AddCustomIdentityServerServices( this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings) { var identityServerBuilder = services .AddIdentityServer(options => { options.Endpoints.EnableAuthorizeEndpoint = false; options.Endpoints.EnableIntrospectionEndpoint = false; options.Endpoints.EnableEndSessionEndpoint = false; options.Endpoints.EnableUserInfoEndpoint = false; options.Endpoints.EnableCheckSessionEndpoint = false; options.Endpoints.EnableTokenRevocationEndpoint = false; options.IssuerUri = globalSettings.BaseServiceUri.InternalIdentity; options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0); }) .AddInMemoryCaching() .AddInMemoryApiResources(ApiResources.GetApiResources()) .AddClientStoreCache(); if(env.IsDevelopment()) { identityServerBuilder.AddDeveloperSigningCredential(false); } else if(!string.IsNullOrWhiteSpace(globalSettings.IdentityServer.CertificatePassword) && File.Exists("identity.pfx")) { var identityServerCert = CoreHelpers.GetCertificate("identity.pfx", globalSettings.IdentityServer.CertificatePassword); identityServerBuilder.AddSigningCredential(identityServerCert); } else if(!string.IsNullOrWhiteSpace(globalSettings.IdentityServer.CertificateThumbprint)) { var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint); identityServerBuilder.AddSigningCredential(identityServerCert); } else { throw new Exception("No identity certificate to use."); } services.AddTransient(); services.AddTransient(); services.AddScoped(); services.AddScoped(); services.AddSingleton(); return identityServerBuilder; } public static void AddCustomDataProtectionServices( this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings) { if(env.IsDevelopment()) { return; } if(globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.DataProtection.Directory)) { services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory)); } if(!globalSettings.SelfHosted) { var dataProtectionCert = CoreHelpers.GetCertificate(globalSettings.DataProtection.CertificateThumbprint); var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString); services.AddDataProtection() .PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml") .ProtectKeysWithCertificate(dataProtectionCert); } } public static GlobalSettings AddGlobalSettingsServices(this IServiceCollection services, IConfiguration configuration) { var globalSettings = new GlobalSettings(); ConfigurationBinder.Bind(configuration.GetSection("GlobalSettings"), globalSettings); services.AddSingleton(s => globalSettings); return globalSettings; } public static void UseDefaultMiddleware(this IApplicationBuilder app, IHostingEnvironment env) { if(!env.IsDevelopment()) { // Adjust headers for proxy. // ref: https://github.com/aspnet/Docs/issues/2384 var forwardOptions = new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto, RequireHeaderSymmetry = false }; forwardOptions.KnownNetworks.Clear(); forwardOptions.KnownProxies.Clear(); app.UseForwardedHeaders(forwardOptions); } // Add version information to response headers app.Use(async (httpContext, next) => { httpContext.Response.OnStarting((state) => { httpContext.Response.Headers.Append("Server-Version", CoreHelpers.GetVersion()); return Task.FromResult(0); }, null); await next.Invoke(); }); } } }