nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-07 05:58:13 -05:00
Code

[SM-504] Fix service account not accessing secrets (#2709)

Browse Source
This commit is contained in:
Oscar Hinton 2023-02-22 11:21:07 +01:00 committed by GitHub
parent 7365ca0925
commit 9cddb769fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Core/Context/CurrentContext.cs
View File

@ -35,6 +35,7 @@ public class CurrentContext : ICurrentContext
public virtual string ClientId { get; set; } public virtual string ClientId { get; set; }
public virtual Version ClientVersion { get; set; } public virtual Version ClientVersion { get; set; }
public virtual ClientType ClientType { get; set; } public virtual ClientType ClientType { get; set; }
public virtual Guid? ServiceAccountOrganizationId { get; set; }
public CurrentContext(IProviderUserRepository providerUserRepository) public CurrentContext(IProviderUserRepository providerUserRepository)
{ {
@ -146,6 +147,11 @@ public class CurrentContext : ICurrentContext
ClientType = c; ClientType = c;
} }
if (ClientType == ClientType.ServiceAccount)
{
ServiceAccountOrganizationId = new Guid(GetClaimValue(claimsDict, Claims.Organization));
}
DeviceIdentifier = GetClaimValue(claimsDict, Claims.Device); DeviceIdentifier = GetClaimValue(claimsDict, Claims.Device);
Organizations = GetOrganizations(claimsDict, orgApi); Organizations = GetOrganizations(claimsDict, orgApi);
@ -445,6 +451,11 @@ public class CurrentContext : ICurrentContext
public bool AccessSecretsManager(Guid orgId) public bool AccessSecretsManager(Guid orgId)
{ {
if (ServiceAccountOrganizationId.HasValue && ServiceAccountOrganizationId.Value == orgId)
{
return true;
}
return Organizations?.Any(o => o.Id == orgId && o.AccessSecretsManager) ?? false; return Organizations?.Any(o => o.Id == orgId && o.AccessSecretsManager) ?? false;
} }