mirror of
https://github.com/bitwarden/server.git
synced 2025-07-02 08:32:50 -05:00
Implement User-based API Keys (#981)
* added column ApiKey to dbo.User * added dbo.User.ApiKey to User_Update * added dbo.User.ApiKey to User_Create * wrote migration script for implementing dbo.User.ApiKey * Added ApiKey prop to the User table model * Created AccountsController method for getting a user's API Key * Created AccountsController method for rotating a user API key * Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli * Added a new conditional to ClientStore to account for user API keys * Wrote unit tests for new user API Key methods * Added a refresh of dbo.UserView to new migration script for ApiKey * Let client_credentials grants into the custom token logic * Cleanup for ApiKey auth in the CLI feature * Created user API key on registration * Removed uneeded code for user API keys * Changed a .Contains() to a .StartsWith() in ClientStore * Changed index that an array is searched on * Added more claims to the user apikey clients * Moved some claim finding logic to a helper method
This commit is contained in:
@ -18,6 +18,8 @@ using Bit.Core.Enums;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Azure.Storage;
|
||||
using Microsoft.Azure.Storage.Blob;
|
||||
using Bit.Core.Models.Table;
|
||||
using IdentityModel;
|
||||
|
||||
namespace Bit.Core.Utilities
|
||||
{
|
||||
@ -670,5 +672,59 @@ namespace Bit.Core.Utilities
|
||||
}
|
||||
return configDict;
|
||||
}
|
||||
|
||||
public static Dictionary<string, string> BuildIdentityClaims(User user, ICollection<CurrentContext.CurrentContentOrganization> orgs, bool isPremium)
|
||||
{
|
||||
var claims = new Dictionary<string, string>()
|
||||
{
|
||||
{"premium", isPremium ? "true" : "false"},
|
||||
{JwtClaimTypes.Email, user.Email},
|
||||
{JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"},
|
||||
{"sstamp", user.SecurityStamp}
|
||||
};
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(user.Name))
|
||||
{
|
||||
claims.Add(JwtClaimTypes.Name, user.Name);
|
||||
}
|
||||
|
||||
// Orgs that this user belongs to
|
||||
if (orgs.Any())
|
||||
{
|
||||
foreach (var group in orgs.GroupBy(o => o.Type))
|
||||
{
|
||||
switch (group.Key)
|
||||
{
|
||||
case Enums.OrganizationUserType.Owner:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orgowner", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Admin:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orgadmin", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Manager:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orgmanager", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.User:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orguser", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return claims;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user