mirror of
https://github.com/bitwarden/server.git
synced 2025-04-18 03:28:15 -05:00
added installation id to current context.
This commit is contained in:
Kyle Spearrin
parent
e538817eb6
commit
0ad76a5487
@ -2,6 +2,8 @@
|
|||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using Bit.Core.Services;
|
using Bit.Core.Services;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using Bit.Core;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
|
|
||||||
namespace Bit.Api.Controllers
|
namespace Bit.Api.Controllers
|
||||||
{
|
{
|
||||||
@ -10,16 +12,24 @@ namespace Bit.Api.Controllers
|
|||||||
public class PushController : Controller
|
public class PushController : Controller
|
||||||
{
|
{
|
||||||
private readonly IPushRegistrationService _pushRegistrationService;
|
private readonly IPushRegistrationService _pushRegistrationService;
|
||||||
|
private readonly CurrentContext _currentContext;
|
||||||
|
|
||||||
public PushController(
|
public PushController(
|
||||||
IPushRegistrationService pushRegistrationService)
|
IPushRegistrationService pushRegistrationService,
|
||||||
|
CurrentContext currentContext)
|
||||||
{
|
{
|
||||||
|
_currentContext = currentContext;
|
||||||
_pushRegistrationService = pushRegistrationService;
|
_pushRegistrationService = pushRegistrationService;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("register")]
|
[HttpGet("register")]
|
||||||
public Object Register()
|
public Object Register()
|
||||||
{
|
{
|
||||||
|
if(!_currentContext.InstallationId.HasValue)
|
||||||
|
{
|
||||||
|
throw new BadRequestException("bad request.");
|
||||||
|
}
|
||||||
|
|
||||||
return new { Foo = "bar" };
|
return new { Foo = "bar" };
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
using Bit.Core;
|
using Bit.Core;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
using System.Security.Claims;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
|
||||||
namespace Bit.Api.Middleware
|
namespace Bit.Api.Middleware
|
||||||
@ -18,38 +21,49 @@ namespace Bit.Api.Middleware
|
|||||||
{
|
{
|
||||||
if(httpContext.User != null)
|
if(httpContext.User != null)
|
||||||
{
|
{
|
||||||
var securityStampClaim = httpContext.User.Claims.FirstOrDefault(c => c.Type == "device");
|
var claimsDict = httpContext.User.Claims
|
||||||
currentContext.DeviceIdentifier = securityStampClaim?.Value;
|
.GroupBy(c => c.Type)
|
||||||
|
.ToDictionary(c => c.Key, c => c.Select(v => v));
|
||||||
|
|
||||||
var orgOwnerClaims = httpContext.User.Claims.Where(c => c.Type == "orgowner");
|
var clientId = GetClaimValue(claimsDict, "client_id");
|
||||||
if(orgOwnerClaims.Any())
|
var clientSubject = GetClaimValue(claimsDict, "client_sub");
|
||||||
|
if((clientId?.StartsWith("installation.") ?? false) && clientSubject != null)
|
||||||
{
|
{
|
||||||
currentContext.Organizations.AddRange(orgOwnerClaims.Select(c =>
|
Guid idGuid;
|
||||||
|
if(Guid.TryParse(clientSubject, out idGuid))
|
||||||
|
{
|
||||||
|
currentContext.InstallationId = idGuid;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
currentContext.DeviceIdentifier = GetClaimValue(claimsDict, "device");
|
||||||
|
|
||||||
|
if(claimsDict.ContainsKey("orgowner"))
|
||||||
|
{
|
||||||
|
currentContext.Organizations.AddRange(claimsDict["orgowner"].Select(c =>
|
||||||
new CurrentContext.CurrentContentOrganization
|
new CurrentContext.CurrentContentOrganization
|
||||||
{
|
{
|
||||||
Id = new System.Guid(c.Value),
|
Id = new Guid(c.Value),
|
||||||
Type = Core.Enums.OrganizationUserType.Owner
|
Type = Core.Enums.OrganizationUserType.Owner
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
var orgAdminClaims = httpContext.User.Claims.Where(c => c.Type == "orgadmin");
|
if(claimsDict.ContainsKey("orgadmin"))
|
||||||
if(orgAdminClaims.Any())
|
|
||||||
{
|
{
|
||||||
currentContext.Organizations.AddRange(orgAdminClaims.Select(c =>
|
currentContext.Organizations.AddRange(claimsDict["orgadmin"].Select(c =>
|
||||||
new CurrentContext.CurrentContentOrganization
|
new CurrentContext.CurrentContentOrganization
|
||||||
{
|
{
|
||||||
Id = new System.Guid(c.Value),
|
Id = new Guid(c.Value),
|
||||||
Type = Core.Enums.OrganizationUserType.Admin
|
Type = Core.Enums.OrganizationUserType.Admin
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
var orgUserClaims = httpContext.User.Claims.Where(c => c.Type == "orguser");
|
if(claimsDict.ContainsKey("orguser"))
|
||||||
if(orgUserClaims.Any())
|
|
||||||
{
|
{
|
||||||
currentContext.Organizations.AddRange(orgUserClaims.Select(c =>
|
currentContext.Organizations.AddRange(claimsDict["orguser"].Select(c =>
|
||||||
new CurrentContext.CurrentContentOrganization
|
new CurrentContext.CurrentContentOrganization
|
||||||
{
|
{
|
||||||
Id = new System.Guid(c.Value),
|
Id = new Guid(c.Value),
|
||||||
Type = Core.Enums.OrganizationUserType.User
|
Type = Core.Enums.OrganizationUserType.User
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
@ -62,5 +76,15 @@ namespace Bit.Api.Middleware
|
|||||||
|
|
||||||
await _next.Invoke(httpContext);
|
await _next.Invoke(httpContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private string GetClaimValue(Dictionary<string, IEnumerable<Claim>> claims, string type)
|
||||||
|
{
|
||||||
|
if(!claims.ContainsKey(type))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return claims[type].FirstOrDefault()?.Value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -11,6 +11,7 @@ namespace Bit.Core
|
|||||||
public virtual User User { get; set; }
|
public virtual User User { get; set; }
|
||||||
public virtual string DeviceIdentifier { get; set; }
|
public virtual string DeviceIdentifier { get; set; }
|
||||||
public virtual List<CurrentContentOrganization> Organizations { get; set; } = new List<CurrentContentOrganization>();
|
public virtual List<CurrentContentOrganization> Organizations { get; set; } = new List<CurrentContentOrganization>();
|
||||||
|
public virtual Guid? InstallationId { get; set; }
|
||||||
|
|
||||||
public bool OrganizationUser(Guid orgId)
|
public bool OrganizationUser(Guid orgId)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -21,7 +21,7 @@ namespace Bit.Core.IdentityServer
|
|||||||
"orgadmin",
|
"orgadmin",
|
||||||
"orguser"
|
"orguser"
|
||||||
}),
|
}),
|
||||||
new ApiResource("api.push")
|
new ApiResource("api.push", new string[] { JwtClaimTypes.Subject })
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,6 +4,8 @@ using IdentityServer4.Models;
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using System;
|
using System;
|
||||||
|
using System.Security.Claims;
|
||||||
|
using IdentityModel;
|
||||||
|
|
||||||
namespace Bit.Core.IdentityServer
|
namespace Bit.Core.IdentityServer
|
||||||
{
|
{
|
||||||
@ -37,7 +39,8 @@ namespace Bit.Core.IdentityServer
|
|||||||
AllowedScopes = new string[] { "api.push" },
|
AllowedScopes = new string[] { "api.push" },
|
||||||
AllowedGrantTypes = GrantTypes.ClientCredentials,
|
AllowedGrantTypes = GrantTypes.ClientCredentials,
|
||||||
AccessTokenLifetime = 3600 * 24,
|
AccessTokenLifetime = 3600 * 24,
|
||||||
Enabled = installation.Enabled
|
Enabled = installation.Enabled,
|
||||||
|
Claims = new List<Claim> { new Claim(JwtClaimTypes.Subject, installation.Id.ToString()) }
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user