added installations, push scoped tokens, push api

src/Core/IdentityServer/ApiResources.cs

@@ -1,7 +1,6 @@
 using IdentityModel;
 using IdentityServer4.Models;
 using System.Collections.Generic;
-using System.Security.Claims;
 
 namespace Bit.Core.IdentityServer
 {
@@ -21,7 +20,8 @@ namespace Bit.Core.IdentityServer
                     "orgowner",
                     "orgadmin",
                     "orguser"
-                })
+                }),
+                new ApiResource("api.push")
             };
         }
     }

src/Core/IdentityServer/ClientStore.cs

@@ -0,0 +1,49 @@
+using IdentityServer4.Stores;
+using System.Threading.Tasks;
+using IdentityServer4.Models;
+using System.Collections.Generic;
+using Bit.Core.Repositories;
+using System;
+
+namespace Bit.Core.IdentityServer
+{
+    public class ClientStore : IClientStore
+    {
+        private static IDictionary<string, Client> _apiClients = StaticClients.GetApiClients();
+
+        private readonly IInstallationRepository _installationRepository;
+        public ClientStore(
+            IInstallationRepository installationRepository)
+        {
+            _installationRepository = installationRepository;
+        }
+
+        public async Task<Client> FindClientByIdAsync(string clientId)
+        {
+            if(clientId.StartsWith("installation."))
+            {
+                var idParts = clientId.Split('.');
+                Guid id;
+                if(idParts.Length > 1 && Guid.TryParse(idParts[1], out id))
+                {
+                    var installation = await _installationRepository.GetByIdAsync(id);
+                    if(installation != null)
+                    {
+                        return new Client
+                        {
+                            ClientId = $"installation.{installation.Id}",
+                            RequireClientSecret = true,
+                            ClientSecrets = { new Secret(installation.Key.Sha256()) },
+                            AllowedScopes = new string[] { "api.push" },
+                            AllowedGrantTypes = GrantTypes.ClientCredentials,
+                            AccessTokenLifetime = 3600 * 24,
+                            Enabled = installation.Enabled
+                        };
+                    }
+                }
+            }
+
+            return _apiClients.ContainsKey(clientId) ? _apiClients[clientId] : null;
+        }
+    }
+}

src/Core/IdentityServer/StaticClients.cs

@@ -1,11 +1,12 @@
 using IdentityServer4.Models;
 using System.Collections.Generic;
+using System.Linq;
 
 namespace Bit.Core.IdentityServer
 {
-    public class Clients
+    public class StaticClients
     {
-        public static IEnumerable<Client> GetClients()
+        public static IDictionary<string, Client> GetApiClients()
         {
             return new List<Client>
             {
@@ -14,7 +15,7 @@ namespace Bit.Core.IdentityServer
                 new ApiClient("browser", 30, 1),
                 new ApiClient("desktop", 30, 1),
                 new ApiClient("connector", 30, 24)
-            };
+            }.ToDictionary(c => c.ClientId);
         }
 
         public class ApiClient : Client

src/Core/Models/Table/Installation.cs

@@ -0,0 +1,19 @@
+using Bit.Core.Utilities;
+using System;
+
+namespace Bit.Core.Models.Table
+{
+    public class Installation : ITableObject<Guid>
+    {
+        public Guid Id { get; set; }
+        public string Email { get; set; }
+        public string Key { get; set; }
+        public bool Enabled { get; set; }
+        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
+
+        public void SetNewId()
+        {
+            Id = CoreHelpers.GenerateComb();
+        }
+    }
+}

src/Core/Repositories/IInstallationRepository.cs

@@ -0,0 +1,9 @@
+using System;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Repositories
+{
+    public interface IInstallationRepository : IRepository<Installation, Guid>
+    {
+    }
+}

src/Core/Repositories/SqlServer/InstallationRepository.cs

@@ -0,0 +1,16 @@
+using System;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Repositories.SqlServer
+{
+    public class InstallationRepository : Repository<Installation, Guid>, IInstallationRepository
+    {
+        public InstallationRepository(GlobalSettings globalSettings)
+            : this(globalSettings.SqlServer.ConnectionString)
+        { }
+
+        public InstallationRepository(string connectionString)
+            : base(connectionString)
+        { }
+    }
+}

src/Core/Services/Implementations/NotificationHubPushRegistrationService.cs

@@ -30,7 +30,7 @@ namespace Bit.Core.Services
                 return;
             }
 
-            var installation = new Installation
+            var installation = new Microsoft.Azure.NotificationHubs.Installation
             {
                 InstallationId = device.Id.ToString(),
                 PushChannel = device.PushToken,
@@ -85,8 +85,8 @@ namespace Bit.Core.Services
             await _client.CreateOrUpdateInstallationAsync(installation);
         }
 
-        private void BuildInstallationTemplate(Installation installation, string templateId, string templateBody,
-            Guid userId, string deviceIdentifier)
+        private void BuildInstallationTemplate(Microsoft.Azure.NotificationHubs.Installation installation,
+            string templateId, string templateBody, Guid userId, string deviceIdentifier)
         {
             if(templateBody == null)
             {

src/Core/Utilities/ServiceCollectionExtensions.cs

@@ -39,6 +39,7 @@ namespace Bit.Core.Utilities
             services.AddSingleton<ICollectionCipherRepository, SqlServerRepos.CollectionCipherRepository>();
             services.AddSingleton<IGroupRepository, SqlServerRepos.GroupRepository>();
             services.AddSingleton<IU2fRepository, SqlServerRepos.U2fRepository>();
+            services.AddSingleton<IInstallationRepository, SqlServerRepos.InstallationRepository>();
         }
 
         public static void AddBaseServices(this IServiceCollection services)
@@ -158,7 +159,7 @@ namespace Bit.Core.Utilities
                 {
                     SecurityStampClaimType = "sstamp",
                     UserNameClaimType = JwtClaimTypes.Email,
-                    UserIdClaimType = JwtClaimTypes.Subject,
+                    UserIdClaimType = JwtClaimTypes.Subject
                 };
                 options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider;
             });
@@ -190,11 +191,11 @@ namespace Bit.Core.Utilities
                     options.Endpoints.EnableCheckSessionEndpoint = false;
                     options.Endpoints.EnableTokenRevocationEndpoint = false;
                     options.IssuerUri = globalSettings.BaseServiceUri.InternalIdentity;
+                    options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
                 })
+                .AddInMemoryCaching()
                 .AddInMemoryApiResources(ApiResources.GetApiResources())
-                .AddInMemoryClients(Clients.GetClients());
-
-            services.AddTransient<ICorsPolicyService, AllowAllCorsPolicyService>();
+                .AddClientStoreCache<ClientStore>();
 
             if(env.IsDevelopment())
             {
@@ -217,6 +218,8 @@ namespace Bit.Core.Utilities
                 throw new Exception("No identity certificate to use.");
             }
 
+            services.AddTransient<ClientStore>();
+            services.AddTransient<ICorsPolicyService, AllowAllCorsPolicyService>();
             services.AddScoped<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
             services.AddScoped<IProfileService, ProfileService>();
             services.AddSingleton<IPersistedGrantStore, PersistedGrantStore>();