1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-13 05:38:25 -05:00

[PM-3569] Upgrade to Duende.Identity (#3185)

* Upgrade to Duende.Identity

* Linting

* Get rid of last IdentityServer4 package

* Fix identity test since Duende returns additional configuration

* Use Configure

PostConfigure is ran after ASP.NET's PostConfigure
so ConfigurationManager was already configured and our HttpHandler wasn't
being respected.

* Regenerate lockfiles

* Move to 6.0.4 for patches

* fixes with testing

* Add additional grant type supported in 6.0.4 and beautify

* Lockfile refresh

* Reapply lockfiles

* Apply change to new WebAuthn logic

* When automated merging fails me

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
This commit is contained in:
Matt Bishop
2023-11-20 16:32:23 -05:00
committed by GitHub
parent 03b9136623
commit 87fd4ad97d
73 changed files with 1104 additions and 1987 deletions

View File

@ -5,9 +5,9 @@ using Bit.Core.Entities;
using Bit.Core.Models.Api;
using Bit.Core.Repositories;
using Bit.Identity.Models;
using Duende.IdentityServer;
using Duende.IdentityServer.Services;
using IdentityModel;
using IdentityServer4;
using IdentityServer4.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Localization;
using Microsoft.AspNetCore.Mvc;
@ -267,7 +267,7 @@ public class SsoController : Controller
}
}
private bool IsNativeClient(IdentityServer4.Models.AuthorizationRequest context)
private bool IsNativeClient(Duende.IdentityServer.Models.AuthorizationRequest context)
{
return !context.RedirectUri.StartsWith("https", StringComparison.Ordinal)
&& !context.RedirectUri.StartsWith("http", StringComparison.Ordinal);

View File

@ -1,5 +1,5 @@
using Bit.Core.Settings;
using IdentityServer4.Models;
using Duende.IdentityServer.Models;
namespace Bit.Identity.IdentityServer;

View File

@ -1,7 +1,7 @@
using Bit.Core.Identity;
using Bit.Core.IdentityServer;
using Duende.IdentityServer.Models;
using IdentityModel;
using IdentityServer4.Models;
namespace Bit.Identity.IdentityServer;

View File

@ -1,13 +1,12 @@
using IdentityServer4;
using IdentityServer4.Extensions;
using IdentityServer4.Models;
using IdentityServer4.Services;
using IdentityServer4.Stores;
using IdentityServer4.Stores.Serialization;
using Duende.IdentityServer;
using Duende.IdentityServer.Extensions;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Services;
using Duende.IdentityServer.Stores;
using Duende.IdentityServer.Stores.Serialization;
namespace Bit.Identity.IdentityServer;
// ref: https://raw.githubusercontent.com/IdentityServer/IdentityServer4/3.1.3/src/IdentityServer4/src/Stores/Default/DefaultAuthorizationCodeStore.cs
public class AuthorizationCodeStore : DefaultGrantStore<AuthorizationCode>, IAuthorizationCodeStore
{
public AuthorizationCodeStore(

View File

@ -22,7 +22,7 @@ using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Tokens;
using Bit.Core.Utilities;
using IdentityServer4.Validation;
using Duende.IdentityServer.Validation;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Caching.Distributed;

View File

@ -11,9 +11,9 @@ using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Stores;
using IdentityModel;
using IdentityServer4.Models;
using IdentityServer4.Stores;
namespace Bit.Identity.IdentityServer;

View File

@ -10,9 +10,9 @@ using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Tokens;
using Duende.IdentityServer.Extensions;
using Duende.IdentityServer.Validation;
using IdentityModel;
using IdentityServer4.Extensions;
using IdentityServer4.Validation;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Caching.Distributed;

View File

@ -1,6 +1,6 @@
using Bit.Core.Auth.Repositories;
using IdentityServer4.Models;
using IdentityServer4.Stores;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Stores;
using Grant = Bit.Core.Auth.Entities.Grant;
namespace Bit.Identity.IdentityServer;

View File

@ -5,8 +5,8 @@ using Bit.Core.Identity;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using IdentityServer4.Models;
using IdentityServer4.Services;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Services;
namespace Bit.Identity.IdentityServer;

View File

@ -11,8 +11,8 @@ using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Tokens;
using Bit.Core.Utilities;
using IdentityServer4.Models;
using IdentityServer4.Validation;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Validation;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Caching.Distributed;

View File

@ -1,6 +1,6 @@
using Bit.Core.Enums;
using Bit.Core.Settings;
using IdentityServer4.Models;
using Duende.IdentityServer.Models;
namespace Bit.Identity.IdentityServer;

View File

@ -1,6 +1,6 @@
using Bit.Core.Settings;
using Bit.Core.Utilities;
using IdentityServer4.Services;
using Duende.IdentityServer.Services;
namespace Bit.Identity.IdentityServer;

View File

@ -11,9 +11,9 @@ using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Tokens;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Validation;
using Fido2NetLib;
using IdentityServer4.Models;
using IdentityServer4.Validation;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Caching.Distributed;

View File

@ -29,8 +29,8 @@ public class Program
return e.Level >= globalSettings.MinLogLevel.IdentitySettings.IpRateLimit;
}
if (context.Contains("IdentityServer4.Validation.TokenValidator") ||
context.Contains("IdentityServer4.Validation.TokenRequestValidator"))
if (context.Contains("Duende.IdentityServer.Validation.TokenValidator") ||
context.Contains("Duende.IdentityServer.Validation.TokenRequestValidator"))
{
return e.Level >= globalSettings.MinLogLevel.IdentitySettings.IdentityToken;
}

View File

@ -10,7 +10,7 @@ using Bit.Core.Settings;
using Bit.Core.Utilities;
using Bit.Identity.Utilities;
using Bit.SharedWeb.Utilities;
using IdentityServer4.Extensions;
using Duende.IdentityServer.Extensions;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.IdentityModel.Logging;
using Microsoft.OpenApi.Models;

View File

@ -1,13 +1,13 @@
using Bit.Core.Settings;
using Bit.Core.Utilities;
using IdentityServer4.Configuration;
using IdentityServer4.Services;
using IdentityServer4.Stores;
using IdentityServer4.Validation;
using Duende.IdentityServer.Configuration;
using Duende.IdentityServer.Services;
using Duende.IdentityServer.Stores;
using Duende.IdentityServer.Validation;
namespace Bit.Identity.Utilities;
public class DiscoveryResponseGenerator : IdentityServer4.ResponseHandling.DiscoveryResponseGenerator
public class DiscoveryResponseGenerator : Duende.IdentityServer.ResponseHandling.DiscoveryResponseGenerator
{
private readonly GlobalSettings _globalSettings;

View File

@ -2,9 +2,9 @@
using Bit.Core.Settings;
using Bit.Identity.IdentityServer;
using Bit.SharedWeb.Utilities;
using IdentityServer4.ResponseHandling;
using IdentityServer4.Services;
using IdentityServer4.Stores;
using Duende.IdentityServer.ResponseHandling;
using Duende.IdentityServer.Services;
using Duende.IdentityServer.Stores;
namespace Bit.Identity.Utilities;
@ -35,6 +35,7 @@ public static class ServiceCollectionExtensions
options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
}
options.InputLengthRestrictions.UserName = 256;
options.KeyManagement.Enabled = false;
})
.AddInMemoryCaching()
.AddInMemoryApiResources(ApiResources.GetApiResources())

View File

@ -193,6 +193,24 @@
"Microsoft.Win32.Registry": "5.0.0"
}
},
"Duende.IdentityServer": {
"type": "Transitive",
"resolved": "6.0.4",
"contentHash": "4HVjzx1F8v5J+U7oa8RGAQGj2QzmzNSu87r18Sh+dlh10uyZZL8teAaT/FaVLDObnfItGdPFvN8mwpF/HkI3Xw==",
"dependencies": {
"Duende.IdentityServer.Storage": "6.0.4",
"Microsoft.AspNetCore.Authentication.OpenIdConnect": "6.0.0"
}
},
"Duende.IdentityServer.Storage": {
"type": "Transitive",
"resolved": "6.0.4",
"contentHash": "s5gAjfbpr2IMgI+fU2Nx+2AZdzstmbt9gpo13iX7GwvqSeSaBVqj9ZskAN0R2KF1OemPdZuGnfaTcevdXMUrrw==",
"dependencies": {
"IdentityModel": "6.0.0",
"Microsoft.AspNetCore.DataProtection.Abstractions": "6.0.0"
}
},
"Fido2": {
"type": "Transitive",
"resolved": "3.0.1",
@ -229,49 +247,8 @@
},
"IdentityModel": {
"type": "Transitive",
"resolved": "4.4.0",
"contentHash": "b18wrIx5wnZlMxAX7oVsE+nDtAJ4hajYlH0xPlaRvo4r/fz08K6pPeZvbiqS9nfNbzfIgLFmNX+FL9qR9ZR5PA==",
"dependencies": {
"Newtonsoft.Json": "11.0.2",
"System.Text.Encodings.Web": "4.7.0"
}
},
"IdentityModel.AspNetCore.OAuth2Introspection": {
"type": "Transitive",
"resolved": "4.0.1",
"contentHash": "ZNdMZMaj9fqR3j50vYsu+1U3QGd6n8+fqwf+a8mCTcmXGor+HgFDfdq0mM34bsmD6uEgAQup7sv2ZW5kR36dbA==",
"dependencies": {
"IdentityModel": "4.0.0"
}
},
"IdentityServer4": {
"type": "Transitive",
"resolved": "4.1.2",
"contentHash": "blaxxGuOA7v/w1q+fxn97wZ+x2ecG1ZD4mc/N/ZOXMNeFZZhqv+4LF26Gecyik3nWrJPmbMEtQbLmRsKG8k61w==",
"dependencies": {
"IdentityModel": "4.4.0",
"IdentityServer4.Storage": "4.1.2",
"Microsoft.AspNetCore.Authentication.OpenIdConnect": "3.1.0",
"Microsoft.IdentityModel.Protocols.OpenIdConnect": "5.6.0",
"Newtonsoft.Json": "12.0.2"
}
},
"IdentityServer4.AccessTokenValidation": {
"type": "Transitive",
"resolved": "3.0.1",
"contentHash": "qu/M6UyN4o9NVep7q545Ms7hYAnsQqSdLbN1Fjjrn4m35lyBfeQPSSNzDryAKHbodyWOQfHaOqKEyMEJQ5Rpgw==",
"dependencies": {
"IdentityModel.AspNetCore.OAuth2Introspection": "4.0.1",
"Microsoft.AspNetCore.Authentication.JwtBearer": "3.0.0"
}
},
"IdentityServer4.Storage": {
"type": "Transitive",
"resolved": "4.1.2",
"contentHash": "KoSffyZyyeCNTIyJiZnCuPakJ1QbCHlpty6gbWUj/7yl+w0PXIchgmmJnJSvddzBb8iZ2xew/vGlxWUIP17P2g==",
"dependencies": {
"IdentityModel": "4.4.0"
}
"resolved": "6.0.0",
"contentHash": "eVHCR7a6m/dm5RFcBzE3qs/Jg5j9R5Rjpu8aTOv9e4AFvaQtBXb5ah7kmwU+YwA0ufRwz4wf1hnIvsD2hSnI4g=="
},
"LaunchDarkly.Cache": {
"type": "Transitive",
@ -363,10 +340,10 @@
},
"Microsoft.AspNetCore.Authentication.OpenIdConnect": {
"type": "Transitive",
"resolved": "3.1.0",
"contentHash": "O1cAQYUTU8EfRqwc5/rfTns4E4hKlFlg59fuKRrST+PzsxI6H07KqRN/JjdYhAuVYxF8jPnIGbj+zuc5paOWUw==",
"resolved": "6.0.0",
"contentHash": "cJxdro36spFzk/K2OFCddM6vZ+yoj6ug8mTFRH3Gdv1Pul/buSuCtfb/FSCp31UmS5S4C1315dU7wX3ErLFuDg==",
"dependencies": {
"Microsoft.IdentityModel.Protocols.OpenIdConnect": "5.5.0"
"Microsoft.IdentityModel.Protocols.OpenIdConnect": "6.10.0"
}
},
"Microsoft.AspNetCore.Cryptography.Internal": {
@ -399,8 +376,8 @@
},
"Microsoft.AspNetCore.DataProtection.Abstractions": {
"type": "Transitive",
"resolved": "3.1.32",
"contentHash": "MPL4iVyiaRxnOUY5VATHjvhDWaAEFb77KFiUxVRklv3Z3v+STofUr1UG/aCt1O9cgN7FVTDaC5A7U+zsLub8Xg=="
"resolved": "6.0.0",
"contentHash": "Z/UU4NEBm5UgNufJmw+j5baW26ytCOIZ0G7sZocPaOzsUeBon1bkM3lSMNZQG2GmDjAIVP2XMSODf2jzSGbibw=="
},
"Microsoft.Azure.Amqp": {
"type": "Transitive",
@ -2639,10 +2616,9 @@
"BitPay.Light": "[1.0.1907, )",
"Braintree": "[5.19.0, )",
"DnsClient": "[1.7.0, )",
"Duende.IdentityServer": "[6.0.4, )",
"Fido2.AspNet": "[3.0.1, )",
"Handlebars.Net": "[2.1.2, )",
"IdentityServer4": "[4.1.2, )",
"IdentityServer4.AccessTokenValidation": "[3.0.1, )",
"LaunchDarkly.ServerSdk": "[8.0.0, )",
"MailKit": "[4.2.0, )",
"Microsoft.AspNetCore.Authentication.JwtBearer": "[6.0.4, )",