nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[SM-394] Secrets Manager (#2164)

Browse Source 
Long lived feature branch for Secrets Manager

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
This commit is contained in:
Oscar Hinton
2023-01-13 15:02:53 +01:00
committed by GitHub
parent 09e524c9a2
commit 1f0fc43278
188 changed files with 21346 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/Core/Context/CurrentContext.cs
View File

@ -2,6 +2,7 @@
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Enums.Provider;
using Bit.Core.Identity;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Core.Settings;
@ -137,7 +138,7 @@ public class CurrentContext : ICurrentContext
}
}
DeviceIdentifier = GetClaimValue(claimsDict, "device");
DeviceIdentifier = GetClaimValue(claimsDict, Claims.Device);
Organizations = GetOrganizations(claimsDict, orgApi);
@ -149,9 +150,9 @@ public class CurrentContext : ICurrentContext
private List<CurrentContentOrganization> GetOrganizations(Dictionary<string, IEnumerable<Claim>> claimsDict, bool orgApi)
{
var organizations = new List<CurrentContentOrganization>();
if (claimsDict.ContainsKey("orgowner"))
if (claimsDict.ContainsKey(Claims.OrganizationOwner))
{
organizations.AddRange(claimsDict["orgowner"].Select(c =>
organizations.AddRange(claimsDict[Claims.OrganizationOwner].Select(c =>
new CurrentContentOrganization
{
Id = new Guid(c.Value),
@ -167,9 +168,9 @@ public class CurrentContext : ICurrentContext
});
}
if (claimsDict.ContainsKey("orgadmin"))
if (claimsDict.ContainsKey(Claims.OrganizationAdmin))
{
organizations.AddRange(claimsDict["orgadmin"].Select(c =>
organizations.AddRange(claimsDict[Claims.OrganizationAdmin].Select(c =>
new CurrentContentOrganization
{
Id = new Guid(c.Value),
@ -177,9 +178,9 @@ public class CurrentContext : ICurrentContext
}));
}
if (claimsDict.ContainsKey("orguser"))
if (claimsDict.ContainsKey(Claims.OrganizationUser))
{
organizations.AddRange(claimsDict["orguser"].Select(c =>
organizations.AddRange(claimsDict[Claims.OrganizationUser].Select(c =>
new CurrentContentOrganization
{
Id = new Guid(c.Value),
@ -187,9 +188,9 @@ public class CurrentContext : ICurrentContext
}));
}
if (claimsDict.ContainsKey("orgmanager"))
if (claimsDict.ContainsKey(Claims.OrganizationManager))
{
organizations.AddRange(claimsDict["orgmanager"].Select(c =>
organizations.AddRange(claimsDict[Claims.OrganizationManager].Select(c =>
new CurrentContentOrganization
{
Id = new Guid(c.Value),
@ -197,9 +198,9 @@ public class CurrentContext : ICurrentContext
}));
}
if (claimsDict.ContainsKey("orgcustom"))
if (claimsDict.ContainsKey(Claims.OrganizationCustom))
{
organizations.AddRange(claimsDict["orgcustom"].Select(c =>
organizations.AddRange(claimsDict[Claims.OrganizationCustom].Select(c =>
new CurrentContentOrganization
{
Id = new Guid(c.Value),
@ -214,9 +215,9 @@ public class CurrentContext : ICurrentContext
private List<CurrentContentProvider> GetProviders(Dictionary<string, IEnumerable<Claim>> claimsDict)
{
var providers = new List<CurrentContentProvider>();
if (claimsDict.ContainsKey("providerprovideradmin"))
if (claimsDict.ContainsKey(Claims.ProviderAdmin))
{
providers.AddRange(claimsDict["providerprovideradmin"].Select(c =>
providers.AddRange(claimsDict[Claims.ProviderAdmin].Select(c =>
new CurrentContentProvider
{
Id = new Guid(c.Value),
@ -224,9 +225,9 @@ public class CurrentContext : ICurrentContext
}));
}
if (claimsDict.ContainsKey("providerserviceuser"))
if (claimsDict.ContainsKey(Claims.ProviderServiceUser))
{
providers.AddRange(claimsDict["providerserviceuser"].Select(c =>
providers.AddRange(claimsDict[Claims.ProviderServiceUser].Select(c =>
new CurrentContentProvider
{
Id = new Guid(c.Value),

76
src/Core/Entities/AccessPolicy.cs Normal file
View File

@ -0,0 +1,76 @@
using Bit.Core.Utilities;
namespace Bit.Core.Entities;
public class AccessPolicy : ITableObject<Guid>
{
public Guid Id { get; set; }
// Object to grant access from
public Guid? OrganizationUserId { get; set; }
public Guid? GroupId { get; set; }
public Guid? ServiceAccountId { get; set; }
// Object to grant access to
public Guid? GrantedProjectId { get; set; }
public Guid? GrantedServiceAccountId { get; set; }
// Access
public bool Read { get; set; }
public bool Write { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
public void SetNewId()
{
Id = CoreHelpers.GenerateComb();
}
}
public abstract class BaseAccessPolicy
{
public Guid Id { get; set; }
// Access
public bool Read { get; set; }
public bool Write { get; set; }
public DateTime CreationDate { get; set; }
public DateTime RevisionDate { get; set; }
public void SetNewId()
{
Id = CoreHelpers.GenerateComb();
}
}
public class UserProjectAccessPolicy : BaseAccessPolicy
{
public Guid? OrganizationUserId { get; set; }
public Guid? GrantedProjectId { get; set; }
}
public class UserServiceAccountAccessPolicy : BaseAccessPolicy
{
public Guid? OrganizationUserId { get; set; }
public Guid? GrantedServiceAccountId { get; set; }
}
public class GroupProjectAccessPolicy : BaseAccessPolicy
{
public Guid? GroupId { get; set; }
public Guid? GrantedProjectId { get; set; }
}
public class GroupServiceAccountAccessPolicy : BaseAccessPolicy
{
public Guid? GroupId { get; set; }
public Guid? GrantedServiceAccountId { get; set; }
}
public class ServiceAccountProjectAccessPolicy : BaseAccessPolicy
{
public Guid? ServiceAccountId { get; set; }
public Guid? GrantedProjectId { get; set; }
}

33
src/Core/Entities/ApiKey.cs Normal file
View File

@ -0,0 +1,33 @@
using System.ComponentModel.DataAnnotations;
using Bit.Core.Utilities;
namespace Bit.Core.Entities;
public class ApiKey : ITableObject<Guid>
{
public Guid Id { get; set; }
public Guid? ServiceAccountId { get; set; }
[MaxLength(200)]
public string Name { get; set; }
[MaxLength(30)]
public string ClientSecret { get; set; }
[MaxLength(4000)]
public string Scope { get; set; }
[MaxLength(4000)]
public string EncryptedPayload { get; set; }
// Key for decrypting `EncryptedPayload`. Encrypted using the organization key.
public string Key { get; set; }
public DateTime? ExpireAt { get; set; }
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
public void SetNewId()
{
Id = CoreHelpers.GenerateComb();
}
public ICollection<string> GetScopes()
{
return CoreHelpers.LoadClassFromJsonData<List<string>>(Scope);
}
}

1
src/Core/Entities/Organization.cs
View File

@ -45,6 +45,7 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
public bool Use2fa { get; set; }
public bool UseApi { get; set; }
public bool UseResetPassword { get; set; }
public bool UseSecretsManager { get; set; }
public bool SelfHost { get; set; }
public bool UsersGetPremium { get; set; }
public bool UseCustomPermissions { get; set; }

29
src/Core/Entities/Project.cs Normal file
View File

@ -0,0 +1,29 @@
#nullable enable
using Bit.Core.Utilities;
namespace Bit.Core.Entities;
public class Project : ITableObject<Guid>
{
public Guid Id { get; set; }
public Guid OrganizationId { get; set; }
public string? Name { get; set; }
public DateTime CreationDate { get; set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
public DateTime? DeletedDate { get; set; }
public virtual ICollection<Secret>? Secrets { get; set; }
public void SetNewId()
{
if (Id == default(Guid))
{
Id = CoreHelpers.GenerateComb();
}
}
}

33
src/Core/Entities/Secret.cs Normal file
View File

@ -0,0 +1,33 @@
#nullable enable
using Bit.Core.Utilities;
namespace Bit.Core.Entities;
public class Secret : ITableObject<Guid>
{
public Guid Id { get; set; }
public Guid OrganizationId { get; set; }
public string? Key { get; set; }
public string? Value { get; set; }
public string? Note { get; set; }
public DateTime CreationDate { get; set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
public DateTime? DeletedDate { get; set; }
public ICollection<Project>? Projects { get; set; }
public void SetNewId()
{
if (Id == default(Guid))
{
Id = CoreHelpers.GenerateComb();
}
}
}

26
src/Core/Entities/ServiceAccount.cs Normal file
View File

@ -0,0 +1,26 @@
#nullable enable
using Bit.Core.Utilities;
namespace Bit.Core.Entities;
public class ServiceAccount : ITableObject<Guid>
{
public Guid Id { get; set; }
public Guid OrganizationId { get; set; }
public string? Name { get; set; }
public DateTime CreationDate { get; set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
public void SetNewId()
{
if (Id == default(Guid))
{
Id = CoreHelpers.GenerateComb();
}
}
}

4
src/Core/Enums/DeviceType.cs
View File

@ -45,5 +45,7 @@ public enum DeviceType : byte
[Display(Name = "Vivaldi Extension")]
VivaldiExtension = 19,
[Display(Name = "Safari Extension")]
SafariExtension = 20
SafariExtension = 20,
[Display(Name = "SDK")]
SDK = 21,
}

19
src/Core/Identity/Claims.cs Normal file
View File

@ -0,0 +1,19 @@
namespace Bit.Core.Identity;
public static class Claims
{
// User
public const string SecurityStamp = "sstamp";
public const string Premium = "premium";
public const string Device = "device";
public const string OrganizationOwner = "orgowner";
public const string OrganizationAdmin = "orgadmin";
public const string OrganizationManager = "orgmanager";
public const string OrganizationUser = "orguser";
public const string OrganizationCustom = "orgcustom";
public const string ProviderAdmin = "providerprovideradmin";
public const string ProviderServiceUser = "providerserviceuser";
// Service Account
public const string Organization = "organization";
}

28
src/Core/IdentityServer/ApiScopes.cs Normal file
View File

@ -0,0 +1,28 @@
using IdentityServer4.Models;
namespace Bit.Core.IdentityServer;
public static class ApiScopes
{
public const string Api = "api";
public const string ApiInstallation = "api.installation";
public const string ApiLicensing = "api.licensing";
public const string ApiOrganization = "api.organization";
public const string ApiPush = "api.push";
public const string ApiSecrets = "api.secrets";
public const string Internal = "internal";
public static IEnumerable<ApiScope> GetApiScopes()
{
return new List<ApiScope>
{
new(Api, "API Access"),
new(ApiPush, "API Push Access"),
new(ApiLicensing, "API Licensing Access"),
new(ApiOrganization, "API Organization Access"),
new(ApiInstallation, "API Installation Access"),
new(Internal, "Internal Access"),
new(ApiSecrets, "Secrets Manager Access"),
};
}
}

37
src/Core/Models/Data/ApiKeyDetails.cs Normal file
View File

@ -0,0 +1,37 @@
using Bit.Core.Entities;
namespace Bit.Core.Models.Data;
public class ApiKeyDetails : ApiKey
{
protected ApiKeyDetails() { }
protected ApiKeyDetails(ApiKey apiKey)
{
Id = apiKey.Id;
ServiceAccountId = apiKey.ServiceAccountId;
Name = apiKey.Name;
ClientSecret = apiKey.ClientSecret;
Scope = apiKey.Scope;
EncryptedPayload = apiKey.EncryptedPayload;
Key = apiKey.Key;
ExpireAt = apiKey.ExpireAt;
CreationDate = apiKey.CreationDate;
RevisionDate = apiKey.RevisionDate;
}
}
public class ServiceAccountApiKeyDetails : ApiKeyDetails
{
public ServiceAccountApiKeyDetails()
{
}
public ServiceAccountApiKeyDetails(ApiKey apiKey, Guid organizationId) : base(apiKey)
{
ServiceAccountOrganizationId = organizationId;
}
public Guid ServiceAccountOrganizationId { get; set; }
}

1
src/Core/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
View File

@ -16,6 +16,7 @@ public class OrganizationUserOrganizationDetails
public bool Use2fa { get; set; }
public bool UseApi { get; set; }
public bool UseResetPassword { get; set; }
public bool UseSecretsManager { get; set; }
public bool SelfHost { get; set; }
public bool UsersGetPremium { get; set; }
public bool UseCustomPermissions { get; set; }

3
src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SelfHosted/SelfHostedSyncSponsorshipsCommand.cs
View File

@ -1,5 +1,6 @@
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.IdentityServer;
using Bit.Core.Models.Api.Request.OrganizationSponsorships;
using Bit.Core.Models.Api.Response.OrganizationSponsorships;
using Bit.Core.Models.Data.Organizations.OrganizationSponsorships;
@ -30,7 +31,7 @@ public class SelfHostedSyncSponsorshipsCommand : BaseIdentityClientService, ISel
httpFactory,
globalSettings.Installation.ApiUri,
globalSettings.Installation.IdentityUri,
"api.installation",
ApiScopes.ApiInstallation,
$"installation.{globalSettings.Installation.Id}",
globalSettings.Installation.Key,
logger)

7
src/Core/Repositories/IAccessPolicyRepository.cs Normal file
View File

@ -0,0 +1,7 @@
using Bit.Core.Entities;
namespace Bit.Core.Repositories;
public interface IAccessPolicyRepository : IRepository<AccessPolicy, Guid>
{
}

10
src/Core/Repositories/IApiKeyRepository.cs Normal file
View File

@ -0,0 +1,10 @@
using Bit.Core.Entities;
using Bit.Core.Models.Data;
namespace Bit.Core.Repositories;
public interface IApiKeyRepository : IRepository<ApiKey, Guid>
{
Task<ApiKeyDetails> GetDetailsByIdAsync(Guid id);
Task<ICollection<ApiKey>> GetManyByServiceAccountIdAsync(Guid id);
}

13
src/Core/Repositories/IProjectRepository.cs Normal file
View File

@ -0,0 +1,13 @@
using Bit.Core.Entities;
namespace Bit.Core.Repositories;
public interface IProjectRepository
{
Task<IEnumerable<Project>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId);
Task<IEnumerable<Project>> GetManyByIds(IEnumerable<Guid> ids);
Task<Project> GetByIdAsync(Guid id);
Task<Project> CreateAsync(Project project);
Task ReplaceAsync(Project project);
Task DeleteManyByIdAsync(IEnumerable<Guid> ids);
}

14
src/Core/Repositories/ISecretRepository.cs Normal file
View File

@ -0,0 +1,14 @@
using Bit.Core.Entities;
namespace Bit.Core.Repositories;
public interface ISecretRepository
{
Task<IEnumerable<Secret>> GetManyByOrganizationIdAsync(Guid organizationId);
Task<IEnumerable<Secret>> GetManyByIds(IEnumerable<Guid> ids);
Task<IEnumerable<Secret>> GetManyByProjectIdAsync(Guid projectId);
Task<Secret> GetByIdAsync(Guid id);
Task<Secret> CreateAsync(Secret secret);
Task<Secret> UpdateAsync(Secret secret);
Task SoftDeleteManyByIdAsync(IEnumerable<Guid> ids);
}

11
src/Core/Repositories/IServiceAccountRepository.cs Normal file
View File

@ -0,0 +1,11 @@
using Bit.Core.Entities;
namespace Bit.Core.Repositories;
public interface IServiceAccountRepository
{
Task<IEnumerable<ServiceAccount>> GetManyByOrganizationIdAsync(Guid organizationId);
Task<ServiceAccount> GetByIdAsync(Guid id);
Task<ServiceAccount> CreateAsync(ServiceAccount serviceAccount);
Task ReplaceAsync(ServiceAccount serviceAccount);
}

8
src/Core/SecretManagerFeatures/AccessTokens/Interfaces/ICreateAccessTokenCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.AccessTokens.Interfaces;
public interface ICreateAccessTokenCommand
{
Task<ApiKey> CreateAsync(ApiKey apiKey);
}

8
src/Core/SecretManagerFeatures/Projects/Interfaces/ICreateProjectCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.Projects.Interfaces;
public interface ICreateProjectCommand
{
Task<Project> CreateAsync(Project project);
}

9
src/Core/SecretManagerFeatures/Projects/Interfaces/IDeleteProjectCommand.cs Normal file
View File

@ -0,0 +1,9 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.Projects.Interfaces;
public interface IDeleteProjectCommand
{
Task<List<Tuple<Project, string>>> DeleteProjects(List<Guid> ids);
}

8
src/Core/SecretManagerFeatures/Projects/Interfaces/IUpdateProjectCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.Projects.Interfaces;
public interface IUpdateProjectCommand
{
Task<Project> UpdateAsync(Project project);
}

8
src/Core/SecretManagerFeatures/Secrets/Interfaces/ICreateSecretCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.Secrets.Interfaces;
public interface ICreateSecretCommand
{
Task<Secret> CreateAsync(Secret secret);
}

9
src/Core/SecretManagerFeatures/Secrets/Interfaces/IDeleteSecretCommand.cs Normal file
View File

@ -0,0 +1,9 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.Secrets.Interfaces;
public interface IDeleteSecretCommand
{
Task<List<Tuple<Secret, string>>> DeleteSecrets(List<Guid> ids);
}

8
src/Core/SecretManagerFeatures/Secrets/Interfaces/IUpdateSecretCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.Secrets.Interfaces;
public interface IUpdateSecretCommand
{
Task<Secret> UpdateAsync(Secret secret);
}

8
src/Core/SecretManagerFeatures/ServiceAccounts/Interfaces/ICreateServiceAccountCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.ServiceAccounts.Interfaces;
public interface ICreateServiceAccountCommand
{
Task<ServiceAccount> CreateAsync(ServiceAccount serviceAccount);
}

8
src/Core/SecretManagerFeatures/ServiceAccounts/Interfaces/IUpdateServiceAccountCommand.cs Normal file
View File

@ -0,0 +1,8 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretManagerFeatures.ServiceAccounts.Interfaces;
public interface IUpdateServiceAccountCommand
{
Task<ServiceAccount> UpdateAsync(ServiceAccount serviceAccount);
}

3
src/Core/Services/Implementations/RelayPushNotificationService.cs
View File

@ -1,6 +1,7 @@
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.IdentityServer;
using Bit.Core.Models;
using Bit.Core.Models.Api;
using Bit.Core.Repositories;
@ -25,7 +26,7 @@ public class RelayPushNotificationService : BaseIdentityClientService, IPushNoti
httpFactory,
globalSettings.PushRelayBaseUri,
globalSettings.Installation.IdentityUri,
"api.push",
ApiScopes.ApiPush,
$"installation.{globalSettings.Installation.Id}",
globalSettings.Installation.Key,
logger)

3
src/Core/Services/Implementations/RelayPushRegistrationService.cs
View File

@ -1,4 +1,5 @@
using Bit.Core.Enums;
using Bit.Core.IdentityServer;
using Bit.Core.Models.Api;
using Bit.Core.Settings;
using Microsoft.Extensions.Logging;
@ -16,7 +17,7 @@ public class RelayPushRegistrationService : BaseIdentityClientService, IPushRegi
httpFactory,
globalSettings.PushRelayBaseUri,
globalSettings.Installation.IdentityUri,
"api.push",
ApiScopes.ApiPush,
$"installation.{globalSettings.Installation.Id}",
globalSettings.Installation.Key,
logger)

23
src/Core/Utilities/CoreHelpers.cs
View File

@ -14,6 +14,7 @@ using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Enums.Provider;
using Bit.Core.Identity;
using Bit.Core.Settings;
using IdentityModel;
using Microsoft.AspNetCore.DataProtection;
@ -631,10 +632,10 @@ public static class CoreHelpers
{
var claims = new List<KeyValuePair<string, string>>()
{
new KeyValuePair<string, string>("premium", isPremium ? "true" : "false"),
new KeyValuePair<string, string>(JwtClaimTypes.Email, user.Email),
new KeyValuePair<string, string>(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"),
new KeyValuePair<string, string>("sstamp", user.SecurityStamp)
new(Claims.Premium, isPremium ? "true" : "false"),
new(JwtClaimTypes.Email, user.Email),
new(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"),
new(Claims.SecurityStamp, user.SecurityStamp),
};
if (!string.IsNullOrWhiteSpace(user.Name))
@ -652,31 +653,31 @@ public static class CoreHelpers
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
claims.Add(new KeyValuePair<string, string>("orgowner", org.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.OrganizationOwner, org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
claims.Add(new KeyValuePair<string, string>("orgadmin", org.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.OrganizationAdmin, org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
claims.Add(new KeyValuePair<string, string>("orgmanager", org.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.OrganizationManager, org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
claims.Add(new KeyValuePair<string, string>("orguser", org.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.OrganizationUser, org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Custom:
foreach (var org in group)
{
claims.Add(new KeyValuePair<string, string>("orgcustom", org.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.OrganizationCustom, org.Id.ToString()));
foreach (var (permission, claimName) in org.Permissions.ClaimsMap)
{
if (!permission)
@ -703,13 +704,13 @@ public static class CoreHelpers
case ProviderUserType.ProviderAdmin:
foreach (var provider in group)
{
claims.Add(new KeyValuePair<string, string>("providerprovideradmin", provider.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.ProviderAdmin, provider.Id.ToString()));
}
break;
case ProviderUserType.ServiceUser:
foreach (var provider in group)
{
claims.Add(new KeyValuePair<string, string>("providerserviceuser", provider.Id.ToString()));
claims.Add(new KeyValuePair<string, string>(Claims.ProviderServiceUser, provider.Id.ToString()));
}
break;
}