nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-21 11:34:31 -05:00
Code

Remove fixed list of claims, remove double parsing

Browse Source
This commit is contained in:
Thomas Rittson 2025-04-01 19:28:41 +10:00
parent fa9a1b7bb2
commit bead69f788
No known key found for this signature in database
GPG Key ID: CDDDA03861C35E27
1 changed files with 20 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/Api/AdminConsole/Authorization/ClaimsExtensions.cs
View File

@ -15,27 +15,6 @@ public static class ClaimsExtensions
/// </summary> /// </summary>
private delegate bool HasClaim(string claimType); private delegate bool HasClaim(string claimType);
// Relevant claim types required to build a CurrentContextOrganization object.
private static readonly IEnumerable<string> _relevantClaimTypes = new HashSet<string>{
Claims.OrganizationOwner,
Claims.OrganizationAdmin,
Claims.OrganizationCustom,
Claims.OrganizationUser,
Claims.SecretsManagerAccess,
Claims.CustomPermissions.AccessEventLogs,
Claims.CustomPermissions.AccessImportExport,
Claims.CustomPermissions.AccessReports,
Claims.CustomPermissions.CreateNewCollections,
Claims.CustomPermissions.EditAnyCollection,
Claims.CustomPermissions.DeleteAnyCollection,
Claims.CustomPermissions.ManageGroups,
Claims.CustomPermissions.ManagePolicies,
Claims.CustomPermissions.ManageSso,
Claims.CustomPermissions.ManageUsers,
Claims.CustomPermissions.ManageResetPassword,
Claims.CustomPermissions.ManageScim,
};
/// <summary> /// <summary>
/// Parses a user's claims and returns an object representing their claims for the specified organization. /// Parses a user's claims and returns an object representing their claims for the specified organization.
/// </summary> /// </summary>
@ -72,18 +51,36 @@ public static class ClaimsExtensions
/// </summary> /// </summary>
private static HasClaim GetClaimsParser(ClaimsPrincipal user, Guid organizationId) private static HasClaim GetClaimsParser(ClaimsPrincipal user, Guid organizationId)
{ {
// Transform into a dict based on the claim type
var claimsDict = user.Claims var claimsDict = user.Claims
.Where(c => _relevantClaimTypes.Contains(c.Type) && Guid.TryParse(c.Value, out _)) .GetGuidClaims()
.GroupBy(c => c.Type) .GroupBy(c => c.Type)
.ToDictionary( .ToDictionary(
c => c.Key, c => c.Key,
c => c.Select(v => new Guid(v.Value))); c => c.Select(v => v.Value));
return claimType return claimType
=> claimsDict.TryGetValue(claimType, out var claimValue) && => claimsDict.TryGetValue(claimType, out var claimValue) &&
claimValue.Any(v => v == organizationId); claimValue.Any(v => v == organizationId);
} }
/// <summary>
/// Parses all claims into proper Guids, or ignore them if they are not valid guids.
/// </summary>
private static List<(string Type, Guid Value)> GetGuidClaims(this IEnumerable<Claim> claims)
{
List<(string Type, Guid Value)> result = [];
foreach (var claim in claims)
{
if (Guid.TryParse(claim.Value, out var guid))
{
result.Add((claim.Type, guid));
}
}
return result;
}
private static OrganizationUserType? GetRoleFromClaims(HasClaim hasClaim) private static OrganizationUserType? GetRoleFromClaims(HasClaim hasClaim)
{ {
if (hasClaim(Claims.OrganizationOwner)) if (hasClaim(Claims.OrganizationOwner))