diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs
index 81a5429d1e..439213da5f 100644
--- a/src/Api/Controllers/AccountsController.cs
+++ b/src/Api/Controllers/AccountsController.cs
@@ -64,6 +64,7 @@ namespace Bit.Api.Controllers
[HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{
+ _currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash))
{
await Task.Delay(2000);
@@ -151,10 +152,11 @@ namespace Bit.Api.Controllers
}
[HttpGet("profile")]
- public Task<ProfileResponseModel> GetProfile()
+ public async Task<ProfileResponseModel> GetProfile()
{
+ _currentContext.User = await _userService.GetUserByIdAsync(_userManager.GetUserId(User));
var response = new ProfileResponseModel(_currentContext.User);
- return Task.FromResult(response);
+ return response;
}
[HttpPut("profile")]
@@ -165,7 +167,7 @@ namespace Bit.Api.Controllers
var response = new ProfileResponseModel(_currentContext.User);
return response;
- }
+ }
[HttpGet("two-factor")]
public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider)
diff --git a/src/Api/Controllers/AliveController.cs b/src/Api/Controllers/AliveController.cs
index 32936e6586..5dce9f8f8a 100644
--- a/src/Api/Controllers/AliveController.cs
+++ b/src/Api/Controllers/AliveController.cs
@@ -16,7 +16,7 @@ namespace Bit.Api.Controllers
[HttpGet("claims")]
public IActionResult Claims()
{
- return new JsonResult(User.Claims.Select(c => new { c.Type, c.Value }));
+ return new JsonResult(User?.Claims?.Select(c => new { c.Type, c.Value }));
}
}
}
diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index 40e4d5ece4..7f954a4328 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -28,7 +28,6 @@ using Bit.Api.Middleware;
using IdentityServer4.Validation;
using IdentityServer4.Services;
using IdentityModel.AspNetCore.OAuth2Introspection;
-using Microsoft.AspNetCore.Authorization.Infrastructure;
namespace Bit.Api
{
@@ -89,7 +88,7 @@ namespace Bit.Api
services.AddIdentityServer()
// TODO: Add proper signing creds
.AddTemporarySigningCredential()
- .AddInMemoryApiResources(Resources.GetApiResources())
+ .AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients());
services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddSingleton<IProfileService, ProfileService>();
diff --git a/src/Core/Identity/Resources.cs b/src/Core/Identity/ApiResources.cs
similarity index 66%
rename from src/Core/Identity/Resources.cs
rename to src/Core/Identity/ApiResources.cs
index 01a999e547..bd8d412b14 100644
--- a/src/Core/Identity/Resources.cs
+++ b/src/Core/Identity/ApiResources.cs
@@ -1,18 +1,19 @@
using IdentityServer4.Models;
using System.Collections.Generic;
+using System.Security.Claims;
namespace Bit.Core.Identity
{
- public class Resources
+ public class ApiResources
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api", "Vault API", new string[] {
- "authmethod",
- "nameid",
- "email",
+ ClaimTypes.AuthenticationMethod,
+ ClaimTypes.NameIdentifier,
+ ClaimTypes.Email,
"securitystamp"
})
};
diff --git a/src/Core/Identity/ProfileService.cs b/src/Core/Identity/ProfileService.cs
index 0dc9aafe2e..b3e2626f89 100644
--- a/src/Core/Identity/ProfileService.cs
+++ b/src/Core/Identity/ProfileService.cs
@@ -21,7 +21,7 @@ namespace Bit.Core.Identity
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
- context.AddFilteredClaims(context.IssuedClaims);
+ context.AddFilteredClaims(context.Subject.Claims);
return Task.FromResult(0);
}
diff --git a/src/Core/Identity/ResourceOwnerPasswordValidator.cs b/src/Core/Identity/ResourceOwnerPasswordValidator.cs
index 74f26e246e..d1cb1a2928 100644
--- a/src/Core/Identity/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/Identity/ResourceOwnerPasswordValidator.cs
@@ -1,7 +1,9 @@
using Bit.Core.Domains;
using IdentityServer4.Models;
using IdentityServer4.Validation;
+using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Options;
using System.Security.Claims;
using System.Threading.Tasks;
@@ -10,11 +12,14 @@ namespace Bit.Core.Identity
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
private readonly UserManager<User> _userManager;
+ private readonly IdentityOptions _identityOptions;
public ResourceOwnerPasswordValidator(
- UserManager<User> userManager)
+ UserManager<User> userManager,
+ IOptions<IdentityOptions> optionsAccessor)
{
_userManager = userManager;
+ _identityOptions = optionsAccessor?.Value ?? new IdentityOptions();
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
@@ -27,10 +32,10 @@ namespace Bit.Core.Identity
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
claims: new Claim[] {
// Deprecated claims for backwards compatability
- new Claim("authmethod", "Application"),
- new Claim("nameid", user.Id.ToString()),
- new Claim("email", user.Email.ToString()),
- new Claim("securitystamp", user.SecurityStamp)
+ new Claim(ClaimTypes.AuthenticationMethod, "Application"),
+ new Claim(_identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()),
+ new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email.ToString()),
+ new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp)
});
return;
}
diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs
index 52196fda5e..9148c94147 100644
--- a/src/Core/Services/IUserService.cs
+++ b/src/Core/Services/IUserService.cs
@@ -8,6 +8,7 @@ namespace Bit.Core.Services
{
public interface IUserService
{
+ Task<User> GetUserByIdAsync(string userId);
Task<User> GetUserByIdAsync(Guid userId);
Task SaveUserAsync(User user);
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs
index 549bef4e00..cf7857d06d 100644
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -57,6 +57,17 @@ namespace Bit.Core.Services
_passwordValidators = passwordValidators;
}
+ public async Task<User> GetUserByIdAsync(string userId)
+ {
+ Guid userIdGuid;
+ if(!Guid.TryParse(userId, out userIdGuid))
+ {
+ return null;
+ }
+
+ return await _userRepository.GetByIdAsync(userIdGuid);
+ }
+
public async Task<User> GetUserByIdAsync(Guid userId)
{
return await _userRepository.GetByIdAsync(userId);