nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

Implement User-based API Keys (#981)

Browse Source 
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
This commit is contained in:
Addison Beck
2020-11-10 15:15:29 -05:00
committed by GitHub
parent d9cd7551fe
commit 25a9991908
14 changed files with 540 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/Core/IdentityServer/ProfileService.cs
View File

@ -8,6 +8,7 @@ using System.Collections.Generic;
using System.Linq;
using System;
using IdentityModel;
using Bit.Core.Utilities;
namespace Bit.Core.IdentityServer
{
@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer
if (user != null)
{
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
newClaims.AddRange(new List<Claim>
{
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.Email, user.Email),
new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
ClaimValueTypes.Boolean),
new Claim("sstamp", user.SecurityStamp)
});
if (!string.IsNullOrWhiteSpace(user.Name))
{
newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name));
}
// Orgs that this user belongs to
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
if (orgs.Any())
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
newClaims.Add(new Claim("orgmanager", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
newClaims.Add(new Claim("orguser", org.Id.ToString()));
}
break;
default:
break;
}
}
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
newClaims.Add(isBool ?
new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new Claim(claim.Key, claim.Value)
);
}
}