nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

added user orgs to claims

Browse Source
This commit is contained in:
Kyle Spearrin
2017-04-05 15:31:33 -04:00
parent fee9bde12f
commit a474449354
7 changed files with 81 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/IdentityServer/ApiResources.cs
View File

@ -20,7 +20,10 @@ namespace Bit.Api.IdentityServer
"email",
"sstamp", // security stamp
"plan",
"device"
"device",
"orgowner",
"orgadmin",
"orguser"
})
};
}

10
src/Api/IdentityServer/Clients.cs
View File

@ -18,7 +18,7 @@ namespace Bit.Api.IdentityServer
public class ApiClient : Client
{
public ApiClient(string id)
public ApiClient(string id, string[] additionalScopes = null)
{
ClientId = id;
RequireClientSecret = false;
@ -26,7 +26,13 @@ namespace Bit.Api.IdentityServer
UpdateAccessTokenClaimsOnRefresh = true;
AccessTokenLifetime = 60 * 60; // 1 hour
AllowOfflineAccess = true;
AllowedScopes = new string[] { "api" };
var scopes = new List<string> { "api" };
if(additionalScopes != null)
{
scopes.AddRange(additionalScopes);
}
AllowedScopes = scopes;
}
}
}

43
src/Api/IdentityServer/ProfileService.cs
View File

@ -16,15 +16,18 @@ namespace Bit.Api.IdentityServer
{
private readonly IUserService _userService;
private readonly IUserRepository _userRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private IdentityOptions _identityOptions;
public ProfileService(
IUserRepository userRepository,
IUserService userService,
IOrganizationUserRepository organizationUserRepository,
IOptions<IdentityOptions> identityOptionsAccessor)
{
_userRepository = userRepository;
_userService = userService;
_organizationUserRepository = organizationUserRepository;
_identityOptions = identityOptionsAccessor?.Value ?? new IdentityOptions();
}
@ -42,7 +45,7 @@ namespace Bit.Api.IdentityServer
new Claim("sstamp", user.SecurityStamp),
new Claim("email", user.Email),
// Deprecated claims for backwards compatability,
// Deprecated claims for backwards compatability
new Claim(_identityOptions.ClaimsIdentity.UserNameClaimType, user.Email),
new Claim(_identityOptions.ClaimsIdentity.SecurityStampClaimType, user.SecurityStamp)
});
@ -51,11 +54,47 @@ namespace Bit.Api.IdentityServer
{
newClaims.Add(new Claim("name", user.Name));
}
// Orgs that this user belongs to
var orgs = await _organizationUserRepository.GetManyByUserAsync(user.Id);
if(orgs.Any())
{
var groupedOrgs = orgs.Where(o => o.Status == Core.Enums.OrganizationUserStatusType.Confirmed)
.GroupBy(o => o.Type);
foreach(var group in groupedOrgs)
{
switch(group.Key)
{
case Core.Enums.OrganizationUserType.Owner:
foreach(var org in group)
{
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
}
break;
case Core.Enums.OrganizationUserType.Admin:
foreach(var org in group)
{
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
}
break;
case Core.Enums.OrganizationUserType.User:
foreach(var org in group)
{
newClaims.Add(new Claim("orguser", org.Id.ToString()));
}
break;
default:
break;
}
}
}
}
// filter out any of the new claims
var existingClaimsToKeep = existingClaims
.Where(c => newClaims.Count == 0 || !newClaims.Any(nc => nc.Type == c.Type)).ToList();
.Where(c => !c.Type.StartsWith("org") && (newClaims.Count == 0 || !newClaims.Any(nc => nc.Type == c.Type)))
.ToList();
newClaims.AddRange(existingClaimsToKeep);
if(newClaims.Any())