mirror of
https://github.com/bitwarden/server.git
synced 2025-07-24 11:00:43 -05:00
Create sso user api (#886)
* facilitate linking/unlinking existing users from an sso enabled org * added user_identifier to identity methods for sso * moved sso user delete method to account controller * fixed a broken test * Update AccountsController.cs * facilitate linking/unlinking existing users from an sso enabled org * added user_identifier to identity methods for sso * moved sso user delete method to account controller * fixed a broken test * added a token to the existing user sso link flow * added a token to the existing user sso link flow * fixed a typo * added an event log for unlink ssoUser records * fixed a merge issue * fixed a busted test * fixed a busted test * ran a formatter over everything & changed .vscode settings in .gitignore * chagned a variable to use string interpolation * removed a blank line * Changed TokenPurpose enum to a static class of strings * code review cleanups * formatting fix * Changed parameters & logging for delete sso user * changed th method used to get organization user for deleting sso user records Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
This commit is contained in:
@ -1,62 +1,75 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using Bit.Core.Models.Table;
|
||||
using Bit.Core.Models.Table;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Identity.Models;
|
||||
using IdentityModel;
|
||||
using IdentityServer4;
|
||||
using IdentityServer4.Services;
|
||||
using IdentityServer4.Stores;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Bit.Identity.Controllers
|
||||
{
|
||||
public class AccountController : Controller
|
||||
{
|
||||
private readonly IIdentityServerInteractionService _interaction;
|
||||
private readonly IUserRepository _userRepository;
|
||||
private readonly ISsoConfigRepository _ssoConfigRepository;
|
||||
private readonly IClientStore _clientStore;
|
||||
private readonly IIdentityServerInteractionService _interaction;
|
||||
private readonly ILogger<AccountController> _logger;
|
||||
private readonly ISsoConfigRepository _ssoConfigRepository;
|
||||
private readonly IUserRepository _userRepository;
|
||||
|
||||
public AccountController(
|
||||
IIdentityServerInteractionService interaction,
|
||||
IUserRepository userRepository,
|
||||
ISsoConfigRepository ssoConfigRepository,
|
||||
IClientStore clientStore,
|
||||
ILogger<AccountController> logger)
|
||||
IIdentityServerInteractionService interaction,
|
||||
ILogger<AccountController> logger,
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
ISsoConfigRepository ssoConfigRepository,
|
||||
IUserRepository userRepository,
|
||||
IUserService userService)
|
||||
{
|
||||
_interaction = interaction;
|
||||
_userRepository = userRepository;
|
||||
_ssoConfigRepository = ssoConfigRepository;
|
||||
_clientStore = clientStore;
|
||||
_interaction = interaction;
|
||||
_logger = logger;
|
||||
_ssoConfigRepository = ssoConfigRepository;
|
||||
_userRepository = userRepository;
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
public async Task<IActionResult> Login(string returnUrl)
|
||||
{
|
||||
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
|
||||
if (context.Parameters.AllKeys.Contains("domain_hint") &&
|
||||
!string.IsNullOrWhiteSpace(context.Parameters["domain_hint"]))
|
||||
|
||||
var domainHint = context.Parameters.AllKeys.Contains("domain_hint") ?
|
||||
context.Parameters["domain_hint"] : null;
|
||||
|
||||
if (string.IsNullOrWhiteSpace(domainHint))
|
||||
{
|
||||
return RedirectToAction(nameof(ExternalChallenge),
|
||||
new { organizationIdentifier = context.Parameters["domain_hint"], returnUrl = returnUrl });
|
||||
throw new Exception("No domain_hint provided");
|
||||
}
|
||||
else
|
||||
|
||||
var userIdentifier = context.Parameters.AllKeys.Contains("user_identifier") ?
|
||||
context.Parameters["user_identifier"] : null;
|
||||
|
||||
return RedirectToAction(nameof(ExternalChallenge), new
|
||||
{
|
||||
throw new Exception("No domain_hint provided.");
|
||||
}
|
||||
organizationIdentifier = domainHint,
|
||||
returnUrl,
|
||||
userIdentifier
|
||||
});
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
public async Task<IActionResult> ExternalChallenge(string organizationIdentifier, string returnUrl)
|
||||
public async Task<IActionResult> ExternalChallenge(string organizationIdentifier, string returnUrl,
|
||||
string userIdentifier)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(organizationIdentifier))
|
||||
{
|
||||
@ -82,6 +95,11 @@ namespace Bit.Identity.Controllers
|
||||
},
|
||||
};
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(userIdentifier))
|
||||
{
|
||||
props.Items.Add("user_identifier", userIdentifier);
|
||||
}
|
||||
|
||||
return Challenge(props, scheme);
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user