nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-21 13:05:11 -05:00
Code

security stamp validation for passwordless login

Browse Source
This commit is contained in:
Kyle Spearrin 2019-01-17 16:07:24 -05:00
parent 82ba3e4c30
commit e7e0d17ac6
2 changed files with 32 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Admin/Startup.cs
View File

@ -5,6 +5,7 @@ using Bit.Core.Utilities;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Routing; using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
@ -48,6 +49,10 @@ namespace Bit.Admin
// Identity // Identity
services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings); services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings);
services.Configure<SecurityStampValidatorOptions>(options =>
{
options.ValidationInterval = TimeSpan.FromMinutes(5);
});
if(globalSettings.SelfHosted) if(globalSettings.SelfHosted)
{ {
services.ConfigureApplicationCookie(options => services.ConfigureApplicationCookie(options =>

36
src/Core/Identity/ReadOnlyEnvIdentityUserStore.cs
View File

@ -1,4 +1,4 @@
using System.Linq; using System.Collections.Generic;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Bit.Core.Utilities; using Bit.Core.Utilities;
@ -26,22 +26,38 @@ namespace Bit.Core.Identity
} }
var users = usersCsv.ToLowerInvariant().Split(','); var users = usersCsv.ToLowerInvariant().Split(',');
var user = users.Where(a => a.Trim() == normalizedEmail).FirstOrDefault(); var usersDict = new Dictionary<string, string>();
if(user == null || !user.Contains("@")) foreach(var u in users)
{
var parts = u.Split(':');
if(parts.Length == 2)
{
var email = parts[0].Trim();
var stamp = parts[1].Trim();
usersDict.Add(email, stamp);
}
else
{
var email = parts[0].Trim();
usersDict.Add(email, email);
}
}
var userStamp = usersDict.ContainsKey(normalizedEmail) ? usersDict[normalizedEmail] : null;
if(userStamp == null)
{ {
return Task.FromResult<IdentityUser>(null); return Task.FromResult<IdentityUser>(null);
} }
user = user.Trim();
return Task.FromResult(new IdentityUser return Task.FromResult(new IdentityUser
{ {
Id = user, Id = normalizedEmail,
Email = user, Email = normalizedEmail,
NormalizedEmail = user, NormalizedEmail = normalizedEmail,
EmailConfirmed = true, EmailConfirmed = true,
UserName = user, UserName = normalizedEmail,
NormalizedUserName = user, NormalizedUserName = normalizedEmail,
SecurityStamp = user SecurityStamp = userStamp
}); });
} }