Added PreValidate endpoint on Account controller (#896)

* Added PreValidate endpoint on Account controller * Fixed IHttpClientFactory implementation * Core localization and org sproc fix * Pass culture, fixed sso middleware bug
2025-07-12 13:19:01 -05:00 · 2020-08-28 12:14:23 -04:00
parent 303b9a7875
commit db7d05b52f
15 changed files with 629 additions and 8 deletions
--- a/src/Identity/Controllers/AccountController.cs
+++ b/src/Identity/Controllers/AccountController.cs
@ -1,4 +1,5 @@
-using Bit.Core.Models.Table;
+using Bit.Core.Models.Api;
+using Bit.Core.Models.Table;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Identity.Models;
@ -7,13 +8,15 @@ using IdentityServer4;
 using IdentityServer4.Services;
 using IdentityServer4.Stores;
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Localization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net.Http;
 using System.Security.Claims;
 using System.Threading.Tasks;

@ -26,21 +29,63 @@ namespace Bit.Identity.Controllers
        private readonly ILogger<AccountController> _logger;
        private readonly ISsoConfigRepository _ssoConfigRepository;
        private readonly IUserRepository _userRepository;
+        private readonly IOrganizationRepository _organizationRepository;
+        private readonly IHttpClientFactory _clientFactory;

        public AccountController(
            IClientStore clientStore,
            IIdentityServerInteractionService interaction,
            ILogger<AccountController> logger,
-            IOrganizationUserRepository organizationUserRepository,
            ISsoConfigRepository ssoConfigRepository,
            IUserRepository userRepository,
-            IUserService userService)
+            IOrganizationRepository organizationRepository,
+            IHttpClientFactory clientFactory)
        {
            _clientStore = clientStore;
            _interaction = interaction;
            _logger = logger;
            _ssoConfigRepository = ssoConfigRepository;
            _userRepository = userRepository;
+            _organizationRepository = organizationRepository;
+            _clientFactory = clientFactory;
+        }
+        
+        [HttpGet]
+        public async Task<IActionResult> PreValidate(string domainHint)
+        {
+            if (string.IsNullOrWhiteSpace(domainHint))
+            {
+                Response.StatusCode = 400;
+                return Json(new ErrorResponseModel("No domain hint was provided"));
+            }
+            try
+            {
+                // Calls Sso Pre-Validate, assumes baseUri set
+                var requestCultureFeature = Request.HttpContext.Features.Get<IRequestCultureFeature>();
+                var culture = requestCultureFeature.RequestCulture.Culture.Name;
+                var requestPath = $"/Account/PreValidate?domainHint={domainHint}&culture={culture}";
+                var httpClient = _clientFactory.CreateClient("InternalSso");
+                using var responseMessage = await httpClient.GetAsync(requestPath);
+                if (responseMessage.IsSuccessStatusCode)
+                {
+                    // All is good!
+                    return new EmptyResult();
+                }
+                Response.StatusCode = (int)responseMessage.StatusCode;
+                var responseJson = await responseMessage.Content.ReadAsStringAsync();
+                return Content(responseJson, "application/json");
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "Error pre-validating against SSO service");
+                Response.StatusCode = 500;
+                return Json(new ErrorResponseModel("Error pre-validating SSO authentication")
+                {
+                    ExceptionMessage = ex.Message,
+                    ExceptionStackTrace = ex.StackTrace,
+                    InnerExceptionMessage = ex.InnerException?.Message,
+                });
+            }
        }

        [HttpGet]
--- a/src/Identity/Startup.cs
+++ b/src/Identity/Startup.cs
@ -100,7 +100,10 @@ namespace Bit.Identity
                        {
                            // Pass domain_hint onto the sso idp
                            context.ProtocolMessage.DomainHint = context.Properties.Items["domain_hint"];
-                            context.ProtocolMessage.SessionState = context.Properties.Items["user_identifier"];
+                            if (context.Properties.Items.ContainsKey("user_identifier"))
+                            {
+                                context.ProtocolMessage.SessionState = context.Properties.Items["user_identifier"];
+                            }
                            return Task.FromResult(0);
                        }
                    };
@ -115,12 +118,19 @@ namespace Bit.Identity
            // Services
            services.AddBaseServices();
            services.AddDefaultServices(globalSettings);
+            services.AddCoreLocalizationServices();

            if (CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ConnectionString) &&
                CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ApplicationCacheTopicName))
            {
                services.AddHostedService<Core.HostedServices.ApplicationCacheHostedService>();
            }
+
+            // HttpClients
+            services.AddHttpClient("InternalSso", client =>
+            {
+                client.BaseAddress = new Uri(globalSettings.BaseServiceUri.InternalSso);
+            });
        }

        public void Configure(
@ -153,6 +163,9 @@ namespace Bit.Identity
                app.UseCookiePolicy();
            }

+            // Add localization
+            app.UseCoreLocalization();
+
            // Add static files to the request pipeline.
            app.UseStaticFiles();