GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

validate organization licenses

pull/95/head
Kyle Spearrin 8 years ago
parent
127ff2d361
commit
4585af5a85
9 changed files with 64 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/Core/IdentityServer/ProfileService.cs
  2. 10
      src/Core/Models/Business/OrganizationLicense.cs
  3. 1
      src/Core/Repositories/IOrganizationRepository.cs
  4. 12
      src/Core/Repositories/SqlServer/OrganizationRepository.cs
  5. 4
      src/Core/Services/ILicensingService.cs
  6. 4
      src/Core/Services/Implementations/OrganizationService.cs
  7. 35
      src/Core/Services/Implementations/RsaLicensingService.cs
  8. 2
      src/Core/Services/NoopImplementations/NoopLicensingService.cs
  9. 11
      src/Sql/dbo/Stored Procedures/Organization_Read.sql

4
src/Core/IdentityServer/ProfileService.cs
Unescape View File

@ -37,13 +37,15 @@ namespace Bit.Core.IdentityServer @@ -37,13 +37,15 @@ namespace Bit.Core.IdentityServer
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
await _licensingService.ValidateOrganizationsAsync();
var existingClaims = context.Subject.Claims;
var newClaims = new List<Claim>();
var user = await _userService.GetUserByPrincipalAsync(context.Subject);
if(user != null)
{
var isPremium = await _licensingService.VerifyUserPremiumAsync(user);
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
newClaims.AddRange(new List<Claim>
{
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),

10
src/Core/Models/Business/OrganizationLicense.cs
Unescape View File

@ -140,7 +140,7 @@ namespace Bit.Core.Models.Business @@ -140,7 +140,7 @@ namespace Bit.Core.Models.Business
}
}
public bool CanUse(Guid installationId)
public bool CanUse(GlobalSettings globalSettings)
{
if(!Enabled || Issued > DateTime.UtcNow || Expires < DateTime.UtcNow)
{
@ -149,7 +149,7 @@ namespace Bit.Core.Models.Business @@ -149,7 +149,7 @@ namespace Bit.Core.Models.Business
if(Version == 1)
{
return InstallationId == installationId && SelfHost;
return InstallationId == globalSettings.Installation.Id && SelfHost;
}
else
{
@ -157,7 +157,7 @@ namespace Bit.Core.Models.Business @@ -157,7 +157,7 @@ namespace Bit.Core.Models.Business
}
}
public bool VerifyData(Organization organization)
public bool VerifyData(Organization organization, GlobalSettings globalSettings)
{
if(Issued > DateTime.UtcNow || Expires < DateTime.UtcNow)
{
@ -167,6 +167,7 @@ namespace Bit.Core.Models.Business @@ -167,6 +167,7 @@ namespace Bit.Core.Models.Business
if(Version == 1)
{
return
globalSettings.Installation.Id == InstallationId &&
organization.LicenseKey.Equals(LicenseKey) &&
organization.Enabled == Enabled &&
organization.PlanType == PlanType &&
@ -175,7 +176,8 @@ namespace Bit.Core.Models.Business @@ -175,7 +176,8 @@ namespace Bit.Core.Models.Business
organization.UseGroups == UseGroups &&
organization.UseDirectory == UseDirectory &&
organization.UseTotp == UseTotp &&
organization.SelfHost == SelfHost;
organization.SelfHost == SelfHost &&
organization.Name.Equals(Name);
}
else
{

1
src/Core/Repositories/IOrganizationRepository.cs
Unescape View File

@ -7,6 +7,7 @@ namespace Bit.Core.Repositories @@ -7,6 +7,7 @@ namespace Bit.Core.Repositories
{
public interface IOrganizationRepository : IRepository<Organization, Guid>
{
Task<ICollection<Organization>> GetManyAsync();
Task<ICollection<Organization>> GetManyByUserIdAsync(Guid userId);
Task UpdateStorageAsync(Guid id);
}

12
src/Core/Repositories/SqlServer/OrganizationRepository.cs
Unescape View File

@ -19,6 +19,18 @@ namespace Bit.Core.Repositories.SqlServer @@ -19,6 +19,18 @@ namespace Bit.Core.Repositories.SqlServer
: base(connectionString)
{ }
public async Task<ICollection<Organization>> GetManyAsync()
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<Organization>(
"[dbo].[Organization_Read]",
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<ICollection<Organization>> GetManyByUserIdAsync(Guid userId)
{
using(var connection = new SqlConnection(ConnectionString))

4
src/Core/Services/ILicensingService.cs
Unescape View File

@ -6,8 +6,8 @@ namespace Bit.Core.Services @@ -6,8 +6,8 @@ namespace Bit.Core.Services
{
public interface ILicensingService
{
bool VerifyOrganizationPlan(Organization organization);
Task<bool> VerifyUserPremiumAsync(User user);
Task ValidateOrganizationsAsync();
Task<bool> ValidateUserPremiumAsync(User user);
bool VerifyLicense(ILicense license);
byte[] SignLicense(ILicense license);
}

4
src/Core/Services/Implementations/OrganizationService.cs
Unescape View File

@ -548,7 +548,7 @@ namespace Bit.Core.Services @@ -548,7 +548,7 @@ namespace Bit.Core.Services
throw new BadRequestException("Invalid license.");
}
if(!license.CanUse(_globalSettings.Installation.Id))
if(!license.CanUse(_globalSettings))
{
throw new BadRequestException("Invalid license. Make sure your license allows for on-premise " +
"hosting of organizations and that the installation id matches your current installation.");
@ -655,7 +655,7 @@ namespace Bit.Core.Services @@ -655,7 +655,7 @@ namespace Bit.Core.Services
throw new BadRequestException("Invalid license.");
}
if(!license.CanUse(_globalSettings.Installation.Id))
if(!license.CanUse(_globalSettings))
{
throw new BadRequestException("Invalid license. Make sure your license allows for on-premise " +
"hosting of organizations and that the installation id matches your current installation.");

35
src/Core/Services/Implementations/RsaLicensingService.cs
Unescape View File

@ -7,6 +7,7 @@ using Newtonsoft.Json; @@ -7,6 +7,7 @@ using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
@ -17,16 +18,20 @@ namespace Bit.Core.Services @@ -17,16 +18,20 @@ namespace Bit.Core.Services
{
private readonly X509Certificate2 _certificate;
private readonly GlobalSettings _globalSettings;
private IDictionary<Guid, DateTime> _userCheckCache = new Dictionary<Guid, DateTime>();
private IDictionary<Guid, DateTime> _organizationCheckCache = new Dictionary<Guid, DateTime>();
private readonly IUserRepository _userRepository;
private readonly IOrganizationRepository _organizationRepository;
private IDictionary<Guid, DateTime> _userCheckCache = new Dictionary<Guid, DateTime>();
private DateTime? _organizationCheckCache = null;
public RsaLicensingService(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IHostingEnvironment environment,
GlobalSettings globalSettings)
{
_userRepository = userRepository;
_organizationRepository = organizationRepository;
var certThumbprint = "207e64a231e8aa32aaf68a61037c075ebebd553f";
_globalSettings = globalSettings;
@ -44,23 +49,35 @@ namespace Bit.Core.Services @@ -44,23 +49,35 @@ namespace Bit.Core.Services
}
}
public bool VerifyOrganizationPlan(Organization organization)
public async Task ValidateOrganizationsAsync()
{
if(!_globalSettings.SelfHosted)
{
return true;
return;
}
if(!organization.SelfHost)
var now = DateTime.UtcNow;
if(_organizationCheckCache.HasValue && now - _organizationCheckCache.Value < TimeSpan.FromDays(1))
{
return false;
return;
}
_organizationCheckCache = now;
var license = ReadOrganiztionLicense(organization);
return license != null && license.VerifyData(organization) && license.VerifySignature(_certificate);
var orgs = await _organizationRepository.GetManyAsync();
foreach(var org in orgs.Where(o => o.Enabled))
{
var license = ReadOrganiztionLicense(org);
if(license == null || !license.VerifyData(org, _globalSettings) || !license.VerifySignature(_certificate))
{
org.Enabled = false;
org.ExpirationDate = license.Expires;
org.RevisionDate = DateTime.UtcNow;
await _organizationRepository.ReplaceAsync(org);
}
}
}
public async Task<bool> VerifyUserPremiumAsync(User user)
public async Task<bool> ValidateUserPremiumAsync(User user)
{
if(!_globalSettings.SelfHosted)
{

2
src/Core/Services/NoopImplementations/NoopLicensingService.cs
Unescape View File

@ -28,7 +28,7 @@ namespace Bit.Core.Services @@ -28,7 +28,7 @@ namespace Bit.Core.Services
return true;
}
public Task<bool> VerifyUserPremiumAsync(User user)
public Task<bool> ValidateUserPremiumAsync(User user)
{
return Task.FromResult(user.Premium);
}

11
src/Sql/dbo/Stored Procedures/Organization_Read.sql
Unescape View File

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
CREATE PROCEDURE [dbo].[Organization_Read]
@Id UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
*
FROM
[dbo].[OrganizationView]
END
Write Preview
Loading…
Cancel
Save