1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 08:32:50 -05:00

Implement User-based API Keys (#981)

* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
This commit is contained in:
Addison Beck
2020-11-10 15:15:29 -05:00
committed by GitHub
parent d9cd7551fe
commit 25a9991908
14 changed files with 540 additions and 59 deletions

View File

@ -18,6 +18,8 @@ using Bit.Core.Enums;
using System.Threading.Tasks;
using Microsoft.Azure.Storage;
using Microsoft.Azure.Storage.Blob;
using Bit.Core.Models.Table;
using IdentityModel;
namespace Bit.Core.Utilities
{
@ -670,5 +672,59 @@ namespace Bit.Core.Utilities
}
return configDict;
}
public static Dictionary<string, string> BuildIdentityClaims(User user, ICollection<CurrentContext.CurrentContentOrganization> orgs, bool isPremium)
{
var claims = new Dictionary<string, string>()
{
{"premium", isPremium ? "true" : "false"},
{JwtClaimTypes.Email, user.Email},
{JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"},
{"sstamp", user.SecurityStamp}
};
if (!string.IsNullOrWhiteSpace(user.Name))
{
claims.Add(JwtClaimTypes.Name, user.Name);
}
// Orgs that this user belongs to
if (orgs.Any())
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
claims.Add("orgowner", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
claims.Add("orgadmin", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
claims.Add("orgmanager", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
claims.Add("orguser", org.Id.ToString());
}
break;
default:
break;
}
}
}
return claims;
}
}
}