Implement User-based API Keys (#981)

* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method

test/Api.Test/Controllers/AccountsControllerTests.cs

@@ -304,6 +304,66 @@ namespace Bit.Api.Test.Controllers
             );
         }
 
+        [Fact]
+        public async Task GetApiKey_ShouldReturnApiKeyResponse()
+        {
+            var user = GenerateExampleUser();
+            ConfigureUserServiceToReturnValidPrincipalFor(user);
+            ConfigureUserServiceToAcceptPasswordFor(user);
+            await _sut.ApiKey(new ApiKeyRequestModel());
+        }
+
+        [Fact]
+        public async Task GetApiKey_WhenUserDoesNotExist_ShouldThrowUnauthorizedAccessException()
+        {
+            ConfigureUserServiceToReturnNullPrincipal();
+
+            await Assert.ThrowsAsync<UnauthorizedAccessException>(
+                () => _sut.ApiKey(new ApiKeyRequestModel())
+            );
+        }
+
+        [Fact]
+        public async Task GetApiKey_WhenPasswordCheckFails_ShouldThrowBadRequestException()
+        {
+            var user = GenerateExampleUser();
+            ConfigureUserServiceToReturnValidPrincipalFor(user);
+            ConfigureUserServiceToRejectPasswordFor(user);
+            await Assert.ThrowsAsync<BadRequestException>(
+                () => _sut.ApiKey(new ApiKeyRequestModel())
+            );
+        }
+
+        [Fact]
+        public async Task PostRotateApiKey_ShouldRotateApiKey()
+        {
+            var user = GenerateExampleUser();
+            ConfigureUserServiceToReturnValidPrincipalFor(user);
+            ConfigureUserServiceToAcceptPasswordFor(user);
+            await _sut.RotateApiKey(new ApiKeyRequestModel());
+        }
+
+        [Fact]
+        public async Task PostRotateApiKey_WhenUserDoesNotExist_ShouldThrowUnauthorizedAccessException()
+        {
+            ConfigureUserServiceToReturnNullPrincipal();
+
+            await Assert.ThrowsAsync<UnauthorizedAccessException>(
+                () => _sut.ApiKey(new ApiKeyRequestModel())
+            );
+        }
+
+        [Fact]
+        public async Task PostRotateApiKey_WhenPasswordCheckFails_ShouldThrowBadRequestException()
+        {
+            var user = GenerateExampleUser();
+            ConfigureUserServiceToReturnValidPrincipalFor(user);
+            ConfigureUserServiceToRejectPasswordFor(user);
+            await Assert.ThrowsAsync<BadRequestException>(
+                () => _sut.ApiKey(new ApiKeyRequestModel())
+            );
+        }
+
         // Below are helper functions that currently belong to this
         // test class, but ultimately may need to be split out into
         // something greater in order to share common test steps with