nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 13:38:13 -05:00
Code

remove old token retrieval schemes

Browse Source
This commit is contained in:
Kyle Spearrin 2018-01-03 14:11:56 -05:00
parent 3251c4b574
commit f61acdd3b9
3 changed files with 1 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Api/Startup.cs
View File

@ -9,9 +9,6 @@ using Microsoft.IdentityModel.Tokens;
using Bit.Api.Utilities; using Bit.Api.Utilities;
using Bit.Core; using Bit.Core;
using Bit.Core.Identity; using Bit.Core.Identity;
using System.Linq;
using Microsoft.AspNetCore.Mvc.Formatters;
using Microsoft.Net.Http.Headers;
using Newtonsoft.Json.Serialization; using Newtonsoft.Json.Serialization;
using AspNetCoreRateLimit; using AspNetCoreRateLimit;
using Serilog.Events; using Serilog.Events;
@ -20,7 +17,6 @@ using Bit.Core.Utilities;
using IdentityModel; using IdentityModel;
using IdentityServer4.AccessTokenValidation; using IdentityServer4.AccessTokenValidation;
using jsreport.AspNetCore; using jsreport.AspNetCore;
using Bit.Core.IdentityServer;
namespace Bit.Api namespace Bit.Api
{ {
@ -84,8 +80,6 @@ namespace Bit.Api
options.RequireHttpsMetadata = !Environment.IsDevelopment() && options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https"); globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
options.NameClaimType = ClaimTypes.Email; options.NameClaimType = ClaimTypes.Email;
options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(
new string[] { "Bearer", "Bearer3" });
options.SupportedTokens = SupportedTokens.Jwt; options.SupportedTokens = SupportedTokens.Jwt;
}); });
@ -127,14 +121,7 @@ namespace Bit.Api
{ {
config.Filters.Add(new ExceptionHandlerFilterAttribute()); config.Filters.Add(new ExceptionHandlerFilterAttribute());
config.Filters.Add(new ModelStateValidationFilterAttribute()); config.Filters.Add(new ModelStateValidationFilterAttribute());
}).AddJsonOptions(o => o.SerializerSettings.ContractResolver = new DefaultContractResolver());
// Allow JSON of content type "text/plain" to avoid cors preflight
var textPlainMediaType = MediaTypeHeaderValue.Parse("text/plain");
foreach(var jsonFormatter in config.InputFormatters.OfType<JsonInputFormatter>())
{
jsonFormatter.SupportedMediaTypes.Add(textPlainMediaType);
}
}).AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
// PDF generation // PDF generation
if(!globalSettings.SelfHosted) if(!globalSettings.SelfHosted)

42
src/Core/IdentityServer/TokenRetrieval.cs
View File

@ -1,42 +0,0 @@
using Microsoft.AspNetCore.Http;
using System;
using System.Linq;
namespace Bit.Core.IdentityServer
{
public static class TokenRetrieval
{
public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString(string[] authHeaderSchemes)
{
return (request) =>
{
var authorization = request.Headers["Authorization"].FirstOrDefault();
if(string.IsNullOrWhiteSpace(authorization))
{
// Bearer token could exist in the 'Content-Language' header on clients that want to avoid pre-flights.
var languageAuth = request.Headers["Content-Language"].FirstOrDefault();
if(string.IsNullOrWhiteSpace(languageAuth) ||
!languageAuth.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
return request.Query["access_token"].FirstOrDefault();
}
else
{
authorization = languageAuth.Split(',')[0];
}
}
foreach(var headerScheme in authHeaderSchemes)
{
if(authorization.StartsWith($"{headerScheme} ", StringComparison.OrdinalIgnoreCase))
{
return authorization.Substring(headerScheme.Length + 1).Trim();
}
}
return null;
};
}
}
}

3
src/Events/Startup.cs
View File

@ -1,6 +1,5 @@
using System.Security.Claims; using System.Security.Claims;
using Bit.Core; using Bit.Core;
using Bit.Core.IdentityServer;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using IdentityModel; using IdentityModel;
@ -48,8 +47,6 @@ namespace Bit.Events
options.RequireHttpsMetadata = !Environment.IsDevelopment() && options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https"); globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
options.NameClaimType = ClaimTypes.Email; options.NameClaimType = ClaimTypes.Email;
options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(
new string[] { "Bearer", "Bearer3" });
options.SupportedTokens = SupportedTokens.Jwt; options.SupportedTokens = SupportedTokens.Jwt;
}); });