nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-08 06:28:14 -05:00
Code

helper methods for multiple auth schemes

Browse Source
This commit is contained in:
Kyle Spearrin 2017-05-05 21:39:30 -04:00
parent 3daf0bcd18
commit 66c5a9b25d
1 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/Api/Startup.cs
View File

@ -89,14 +89,14 @@ namespace Bit.Api
{ {
config.AddPolicy("Application", policy => config.AddPolicy("Application", policy =>
{ {
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2"); policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2", "Bearer3");
policy.RequireAuthenticatedUser(); policy.RequireAuthenticatedUser();
policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod); policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod);
}); });
config.AddPolicy("TwoFactor", policy => config.AddPolicy("TwoFactor", policy =>
{ {
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2"); policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2", "Bearer3");
policy.RequireAuthenticatedUser(); policy.RequireAuthenticatedUser();
policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod); policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod);
}); });
@ -172,7 +172,10 @@ namespace Bit.Api
// Add IdentityServer to the request pipeline. // Add IdentityServer to the request pipeline.
app.UseIdentityServer(); app.UseIdentityServer();
app.UseIdentityServerAuthentication(GetIdentityOptions(env)); app.UseIdentityServerAuthentication(
GetIdentityOptions(env, IdentityServerAuthority(env, "api", "4000"), "2"));
app.UseIdentityServerAuthentication(
GetIdentityOptions(env, IdentityServerAuthority(env, "identity", "33656"), "3"));
// Add Jwt authentication to the request pipeline. // Add Jwt authentication to the request pipeline.
app.UseJwtBearerIdentity(); app.UseJwtBearerIdentity();
@ -184,35 +187,40 @@ namespace Bit.Api
app.UseMvc(); app.UseMvc();
} }
private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env) private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env,
string authority, string suffix)
{ {
var options = new IdentityServerAuthenticationOptions var options = new IdentityServerAuthenticationOptions
{ {
Authority = authority,
AllowedScopes = new string[] { "api" }, AllowedScopes = new string[] { "api" },
RequireHttpsMetadata = env.IsProduction(), RequireHttpsMetadata = env.IsProduction(),
ApiName = "api", ApiName = "api",
NameClaimType = ClaimTypes.Email, NameClaimType = ClaimTypes.Email,
// Version "2" until we retire the old jwt scheme and replace it with this one. // Suffix until we retire the old jwt schemes.
AuthenticationScheme = "Bearer2", AuthenticationScheme = $"Bearer{suffix}",
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2") TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(
$"Bearer{suffix}", $"access_token{suffix}")
}; };
if(env.IsProduction())
{
options.Authority = "https://api.bitwarden.com";
}
else if(env.IsEnvironment("Preview"))
{
options.Authority = "https://preview-api.bitwarden.com";
}
else
{
options.Authority = "http://localhost:4000";
//options.Authority = "http://169.254.80.80:4000"; // for VS Android Emulator
//options.Authority = "http://192.168.1.8:4000"; // Desktop external
}
return options; return options;
} }
private string IdentityServerAuthority(IHostingEnvironment env, string subdomain, string port)
{
if(env.IsProduction())
{
return $"https://{subdomain}.bitwarden.com";
}
else if(env.IsEnvironment("Preview"))
{
return $"https://preview-{subdomain}.bitwarden.com";
}
else
{
return $"http://localhost:{port}";
//return $"http://192.168.1.8:{port}"; // Desktop external
}
}
} }
} }