diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs index b060482384..7e235e3456 100644 --- a/src/Api/Controllers/AccountsController.cs +++ b/src/Api/Controllers/AccountsController.cs @@ -599,5 +599,24 @@ namespace Bit.Api.Controllers await _userService.ReinstatePremiumAsync(user); } + + [HttpGet("enterprise-portal-signin-token")] + [Authorize("Web")] + public async Task GetEnterprisePortalSignInToken() + { + var user = await _userService.GetUserByPrincipalAsync(User); + if (user == null) + { + throw new UnauthorizedAccessException(); + } + + var token = await _userService.GenerateEnterprisePortalSignInTokenAsync(user); + if (token == null) + { + throw new BadRequestException("Cannot generate sign in token."); + } + + return token; + } } } diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs index 822f8e9de9..5f62c4d4a0 100644 --- a/src/Core/Services/IUserService.cs +++ b/src/Core/Services/IUserService.cs @@ -63,5 +63,6 @@ namespace Bit.Core.Services Task CanAccessPremium(ITwoFactorProvidersUser user); Task TwoFactorIsEnabledAsync(ITwoFactorProvidersUser user); Task TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, ITwoFactorProvidersUser user); + Task GenerateEnterprisePortalSignInTokenAsync(User user); } } diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs index bdf008d81f..c666b3b18c 100644 --- a/src/Core/Services/Implementations/UserService.cs +++ b/src/Core/Services/Implementations/UserService.cs @@ -1020,6 +1020,13 @@ namespace Bit.Core.Services return await CanAccessPremium(user); } + public async Task GenerateEnterprisePortalSignInTokenAsync(User user) + { + var token = await GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider, + "EnterprisePortalTokenSignIn"); + return token; + } + private async Task UpdatePasswordHash(User user, string newPassword, bool validatePassword = true, bool refreshStamp = true) { diff --git a/src/Core/Utilities/ServiceCollectionExtensions.cs b/src/Core/Utilities/ServiceCollectionExtensions.cs index 98a20daeeb..2080f2f921 100644 --- a/src/Core/Utilities/ServiceCollectionExtensions.cs +++ b/src/Core/Utilities/ServiceCollectionExtensions.cs @@ -393,6 +393,7 @@ namespace Bit.Core.Utilities public static void AddCustomDataProtectionServices( this IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) { + var builder = services.AddDataProtection().SetApplicationName("Bitwarden"); if (env.IsDevelopment()) { return; @@ -400,8 +401,7 @@ namespace Bit.Core.Utilities if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.DataProtection.Directory)) { - services.AddDataProtection() - .PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory)); + builder.PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory)); } if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString)) @@ -419,7 +419,7 @@ namespace Bit.Core.Utilities "dataprotection.pfx", globalSettings.DataProtection.CertificatePassword) .GetAwaiter().GetResult(); } - services.AddDataProtection() + builder .PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml") .ProtectKeysWithCertificate(dataProtectionCert); }