nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 21:48:12 -05:00
Code

adjusted claims

Browse Source
This commit is contained in:
Kyle Spearrin 2017-01-24 00:54:09 -05:00
parent 97c14100d2
commit 2b14dd320e
2 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Api/IdentityServer/ApiResources.cs
View File

@ -14,7 +14,14 @@ namespace Bit.Api.IdentityServer
ClaimTypes.AuthenticationMethod, ClaimTypes.AuthenticationMethod,
ClaimTypes.NameIdentifier, ClaimTypes.NameIdentifier,
ClaimTypes.Email, ClaimTypes.Email,
"securitystamp" "securitystamp",
"nam", // name
"eml", // email
"sst", // security stamp
"pln", // plan
"tex", // trial expiration
"dev" // device identifier
}) })
}; };
} }

37
src/Api/IdentityServer/ResourceOwnerPasswordValidator.cs
View File

@ -61,7 +61,7 @@ namespace Bit.Api.IdentityServer
var user = await _userManager.FindByIdAsync(idClaim.Value); var user = await _userManager.FindByIdAsync(idClaim.Value);
if(user != null && user.SecurityStamp == securityTokenClaim.Value) if(user != null && user.SecurityStamp == securityTokenClaim.Value)
{ {
BuildSuccessResult(user, context); BuildSuccessResult(user, context, null);
return; return;
} }
} }
@ -83,8 +83,8 @@ namespace Bit.Api.IdentityServer
if(!twoFactorRequest || await _userManager.VerifyTwoFactorTokenAsync(user, twoFactorProvider, twoFactorCode)) if(!twoFactorRequest || await _userManager.VerifyTwoFactorTokenAsync(user, twoFactorProvider, twoFactorCode))
{ {
await SaveDeviceAsync(user, context); var device = await SaveDeviceAsync(user, context);
BuildSuccessResult(user, context); BuildSuccessResult(user, context, device);
return; return;
} }
} }
@ -108,16 +108,32 @@ namespace Bit.Api.IdentityServer
_jwtBearerOptions = Core.Identity.JwtBearerAppBuilderExtensions.BuildJwtBearerOptions(_jwtBearerIdentityOptions); _jwtBearerOptions = Core.Identity.JwtBearerAppBuilderExtensions.BuildJwtBearerOptions(_jwtBearerIdentityOptions);
} }
private void BuildSuccessResult(User user, ResourceOwnerPasswordValidationContext context) private void BuildSuccessResult(User user, ResourceOwnerPasswordValidationContext context, Device device)
{ {
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden", var claims = new List<Claim> {
claims: new Claim[] { new Claim("pln", "0"), // free plan
new Claim("sst", user.SecurityStamp),
new Claim("eml", user.Email),
// Deprecated claims for backwards compatability // Deprecated claims for backwards compatability
new Claim(ClaimTypes.AuthenticationMethod, "Application"), new Claim(ClaimTypes.AuthenticationMethod, "Application"),
new Claim(_identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()), new Claim(_identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()),
new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email.ToString()), new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email),
new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp) new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp)
}); };
if(device != null)
{
claims.Add(new Claim("dev", device.Identifier));
}
if(!string.IsNullOrWhiteSpace(user.Name))
{
claims.Add(new Claim("nam", user.Name));
}
context.Result = new GrantValidationResult(user.Id.ToString(), "Application", identityProvider: "bitwarden",
claims: claims);
} }
private AuthenticationTicket ValidateOldAuthBearer(string token) private AuthenticationTicket ValidateOldAuthBearer(string token)
@ -178,7 +194,7 @@ namespace Bit.Api.IdentityServer
}; };
} }
private async Task SaveDeviceAsync(User user, ResourceOwnerPasswordValidationContext context) private async Task<Device> SaveDeviceAsync(User user, ResourceOwnerPasswordValidationContext context)
{ {
var device = GetDeviceFromRequest(context); var device = GetDeviceFromRequest(context);
if(device != null) if(device != null)
@ -188,8 +204,11 @@ namespace Bit.Api.IdentityServer
{ {
device.UserId = user.Id; device.UserId = user.Id;
await _deviceRepository.CreateAsync(device); await _deviceRepository.CreateAsync(device);
return device;
} }
} }
return null;
} }
} }
} }