Create sso user api (#886)

* facilitate linking/unlinking existing users from an sso enabled org * added user_identifier to identity methods for sso * moved sso user delete method to account controller * fixed a broken test * Update AccountsController.cs * facilitate linking/unlinking existing users from an sso enabled org * added user_identifier to identity methods for sso * moved sso user delete method to account controller * fixed a broken test * added a token to the existing user sso link flow * added a token to the existing user sso link flow * fixed a typo * added an event log for unlink ssoUser records * fixed a merge issue * fixed a busted test * fixed a busted test * ran a formatter over everything & changed .vscode settings in .gitignore * chagned a variable to use string interpolation * removed a blank line * Changed TokenPurpose enum to a static class of strings * code review cleanups * formatting fix * Changed parameters & logging for delete sso user * changed th method used to get organization user for deleting sso user records Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2025-07-24 11:00:43 -05:00 · 2020-08-26 14:12:04 -04:00
parent 7cc9ce7bd5
commit 59f8467f7c
18 changed files with 214 additions and 64 deletions
--- a/src/Identity/Controllers/AccountController.cs
+++ b/src/Identity/Controllers/AccountController.cs
@ -1,62 +1,75 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using Bit.Core.Models.Table;
+using Bit.Core.Models.Table;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
 using Bit.Identity.Models;
 using IdentityModel;
 using IdentityServer4;
 using IdentityServer4.Services;
 using IdentityServer4.Stores;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;

 namespace Bit.Identity.Controllers
 {
    public class AccountController : Controller
    {
-        private readonly IIdentityServerInteractionService _interaction;
-        private readonly IUserRepository _userRepository;
-        private readonly ISsoConfigRepository _ssoConfigRepository;
        private readonly IClientStore _clientStore;
+        private readonly IIdentityServerInteractionService _interaction;
        private readonly ILogger<AccountController> _logger;
+        private readonly ISsoConfigRepository _ssoConfigRepository;
+        private readonly IUserRepository _userRepository;

        public AccountController(
-            IIdentityServerInteractionService interaction,
-            IUserRepository userRepository,
-            ISsoConfigRepository ssoConfigRepository,
            IClientStore clientStore,
-            ILogger<AccountController> logger)
+            IIdentityServerInteractionService interaction,
+            ILogger<AccountController> logger,
+            IOrganizationUserRepository organizationUserRepository,
+            ISsoConfigRepository ssoConfigRepository,
+            IUserRepository userRepository,
+            IUserService userService)
        {
-            _interaction = interaction;
-            _userRepository = userRepository;
-            _ssoConfigRepository = ssoConfigRepository;
            _clientStore = clientStore;
+            _interaction = interaction;
            _logger = logger;
+            _ssoConfigRepository = ssoConfigRepository;
+            _userRepository = userRepository;
        }

        [HttpGet]
        public async Task<IActionResult> Login(string returnUrl)
        {
            var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
-            if (context.Parameters.AllKeys.Contains("domain_hint") &&
-                !string.IsNullOrWhiteSpace(context.Parameters["domain_hint"]))
+
+            var domainHint = context.Parameters.AllKeys.Contains("domain_hint") ? 
+                context.Parameters["domain_hint"] : null;
+
+            if (string.IsNullOrWhiteSpace(domainHint))
            {
-                return RedirectToAction(nameof(ExternalChallenge),
-                    new { organizationIdentifier = context.Parameters["domain_hint"], returnUrl = returnUrl });
+                throw new Exception("No domain_hint provided");
            }
-            else
+
+            var userIdentifier = context.Parameters.AllKeys.Contains("user_identifier") ? 
+                context.Parameters["user_identifier"] : null;
+
+            return RedirectToAction(nameof(ExternalChallenge), new
            {
-                throw new Exception("No domain_hint provided.");
-            }
+                organizationIdentifier = domainHint,
+                returnUrl,
+                userIdentifier
+            });
        }

        [HttpGet]
-        public async Task<IActionResult> ExternalChallenge(string organizationIdentifier, string returnUrl)
+        public async Task<IActionResult> ExternalChallenge(string organizationIdentifier, string returnUrl,
+            string userIdentifier)
        {
            if (string.IsNullOrWhiteSpace(organizationIdentifier))
            {
@ -82,6 +95,11 @@ namespace Bit.Identity.Controllers
                },
            };

+            if (!string.IsNullOrWhiteSpace(userIdentifier))
+            {
+                props.Items.Add("user_identifier", userIdentifier);
+            }
+
            return Challenge(props, scheme);
        }