GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Moved some claim finding logic to a helper method

ApiKeyAuthInTheCli
Addison Beck 5 years ago
parent
3e86813bcb
commit
5fa25c4d7e
3 changed files with 77 additions and 99 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 64
      src/Core/IdentityServer/ClientStore.cs
  2. 56
      src/Core/IdentityServer/ProfileService.cs
  3. 56
      src/Core/Utilities/CoreHelpers.cs

64
src/Core/IdentityServer/ClientStore.cs
Unescape View File

@ -9,6 +9,7 @@ using IdentityModel; @@ -9,6 +9,7 @@ using IdentityModel;
using Bit.Core.Utilities;
using System.Security.Claims;
using Bit.Core.Services;
using System.Collections.ObjectModel;
namespace Bit.Core.IdentityServer
{
@ -129,60 +130,21 @@ namespace Bit.Core.IdentityServer @@ -129,60 +130,21 @@ namespace Bit.Core.IdentityServer
var user = await _userRepository.GetByIdAsync(id);
if (user != null)
{
var claims = new List<ClientClaim>();
claims.Add(new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()));
claims.Add(new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external"));
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
claims.AddRange(new List<ClientClaim>
{
new ClientClaim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
new ClientClaim(JwtClaimTypes.Email, user.Email),
new ClientClaim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
ClaimValueTypes.Boolean),
new ClientClaim("sstamp", user.SecurityStamp)
});
if (!string.IsNullOrWhiteSpace(user.Name))
var claims = new Collection<ClientClaim>()
{
claims.Add(new ClientClaim(JwtClaimTypes.Name, user.Name));
}
// Orgs that this user belongs to
new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()),
new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")
};
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
if (orgs.Any())
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
claims.Add(new ClientClaim("orgowner", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
claims.Add(new ClientClaim("orgadmin", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
claims.Add(new ClientClaim("orgmanager", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
claims.Add(new ClientClaim("orguser", org.Id.ToString()));
}
break;
default:
break;
}
}
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
claims.Add(isBool ?
new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new ClientClaim(claim.Key, claim.Value)
);
}
return new Client

56
src/Core/IdentityServer/ProfileService.cs
Unescape View File

@ -8,6 +8,7 @@ using System.Collections.Generic; @@ -8,6 +8,7 @@ using System.Collections.Generic;
using System.Linq;
using System;
using IdentityModel;
using Bit.Core.Utilities;
namespace Bit.Core.IdentityServer
{
@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer @@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer
if (user != null)
{
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
newClaims.AddRange(new List<Claim>
{
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.Email, user.Email),
new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
ClaimValueTypes.Boolean),
new Claim("sstamp", user.SecurityStamp)
});
if (!string.IsNullOrWhiteSpace(user.Name))
{
newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name));
}
// Orgs that this user belongs to
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
if (orgs.Any())
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
newClaims.Add(new Claim("orgmanager", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
newClaims.Add(new Claim("orguser", org.Id.ToString()));
}
break;
default:
break;
}
}
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
newClaims.Add(isBool ?
new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new Claim(claim.Key, claim.Value)
);
}
}

56
src/Core/Utilities/CoreHelpers.cs
Unescape View File

@ -18,6 +18,8 @@ using Bit.Core.Enums; @@ -18,6 +18,8 @@ using Bit.Core.Enums;
using System.Threading.Tasks;
using Microsoft.Azure.Storage;
using Microsoft.Azure.Storage.Blob;
using Bit.Core.Models.Table;
using IdentityModel;
namespace Bit.Core.Utilities
{
@ -670,5 +672,59 @@ namespace Bit.Core.Utilities @@ -670,5 +672,59 @@ namespace Bit.Core.Utilities
}
return configDict;
}
public static Dictionary<string, string> BuildIdentityClaims(User user, ICollection<CurrentContext.CurrentContentOrganization> orgs, bool isPremium)
{
var claims = new Dictionary<string, string>()
{
{"premium", isPremium ? "true" : "false"},
{JwtClaimTypes.Email, user.Email},
{JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"},
{"sstamp", user.SecurityStamp}
};
if (!string.IsNullOrWhiteSpace(user.Name))
{
claims.Add(JwtClaimTypes.Name, user.Name);
}
// Orgs that this user belongs to
if (orgs.Any())
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
claims.Add("orgowner", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
claims.Add("orgadmin", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
claims.Add("orgmanager", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
claims.Add("orguser", org.Id.ToString());
}
break;
default:
break;
}
}
}
return claims;
}
}
}

Write Preview
Loading…
Cancel
Save