mirror of
https://github.com/bitwarden/server.git
synced 2025-07-04 09:32:48 -05:00
internal identity authorization
This commit is contained in:
Kyle Spearrin
@ -12,35 +12,44 @@ using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Bit.Core.Services
|
||||
{
|
||||
public abstract class BaseRelayPushNotificationService
|
||||
public abstract class BaseIdentityClientService
|
||||
{
|
||||
private readonly string _identityScope;
|
||||
private readonly string _identityClientId;
|
||||
private readonly string _identityClientSecret;
|
||||
private readonly ILogger<BaseIdentityClientService> _logger;
|
||||
|
||||
private dynamic _decodedToken;
|
||||
private DateTime? _nextAuthAttempt = null;
|
||||
private readonly ILogger<BaseRelayPushNotificationService> _logger;
|
||||
|
||||
public BaseRelayPushNotificationService(
|
||||
GlobalSettings globalSettings,
|
||||
ILogger<BaseRelayPushNotificationService> logger)
|
||||
public BaseIdentityClientService(
|
||||
string baseClientServerUri,
|
||||
string baseIdentityServerUri,
|
||||
string identityScope,
|
||||
string identityClientId,
|
||||
string identityClientSecret,
|
||||
ILogger<BaseIdentityClientService> logger)
|
||||
{
|
||||
_identityScope = identityScope;
|
||||
_identityClientId = identityClientId;
|
||||
_identityClientSecret = identityClientSecret;
|
||||
_logger = logger;
|
||||
GlobalSettings = globalSettings;
|
||||
|
||||
PushClient = new HttpClient
|
||||
Client = new HttpClient
|
||||
{
|
||||
BaseAddress = new Uri(globalSettings.PushRelayBaseUri)
|
||||
BaseAddress = new Uri(baseClientServerUri)
|
||||
};
|
||||
PushClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
|
||||
IdentityClient = new HttpClient
|
||||
{
|
||||
BaseAddress = new Uri(globalSettings.Installation.IdentityUri)
|
||||
BaseAddress = new Uri(baseIdentityServerUri)
|
||||
};
|
||||
IdentityClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
}
|
||||
|
||||
protected HttpClient PushClient { get; private set; }
|
||||
protected HttpClient Client { get; private set; }
|
||||
protected HttpClient IdentityClient { get; private set; }
|
||||
protected GlobalSettings GlobalSettings { get; private set; }
|
||||
protected string AccessToken { get; private set; }
|
||||
|
||||
protected async Task<bool> HandleTokenStateAsync()
|
||||
@ -63,9 +72,9 @@ namespace Bit.Core.Services
|
||||
Content = new FormUrlEncodedContent(new Dictionary<string, string>
|
||||
{
|
||||
{ "grant_type", "client_credentials" },
|
||||
{ "scope", "api.push" },
|
||||
{ "client_id", $"installation.{GlobalSettings.Installation.Id}" },
|
||||
{ "client_secret", $"{GlobalSettings.Installation.Key}" }
|
||||
{ "scope", _identityScope },
|
||||
{ "client_id", _identityClientId },
|
||||
{ "client_secret", _identityClientSecret }
|
||||
})
|
||||
};
|
||||
|
||||
@ -76,7 +85,7 @@ namespace Bit.Core.Services
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
_logger.LogError(12339, e, "Unable to auth for push.");
|
||||
_logger.LogError(12339, e, "Unable to authenticate with identity server.");
|
||||
}
|
||||
|
||||
if(response == null)
|
||||
@ -10,7 +10,7 @@ using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Bit.Core.Services
|
||||
{
|
||||
public class RelayPushNotificationService : BaseRelayPushNotificationService, IPushNotificationService
|
||||
public class RelayPushNotificationService : BaseIdentityClientService, IPushNotificationService
|
||||
{
|
||||
private readonly IHttpContextAccessor _httpContextAccessor;
|
||||
private readonly ILogger<RelayPushNotificationService> _logger;
|
||||
@ -19,7 +19,13 @@ namespace Bit.Core.Services
|
||||
GlobalSettings globalSettings,
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
ILogger<RelayPushNotificationService> logger)
|
||||
: base(globalSettings, logger)
|
||||
: base(
|
||||
globalSettings.PushRelayBaseUri,
|
||||
globalSettings.Installation.IdentityUri,
|
||||
"api.push",
|
||||
$"installation.{globalSettings.Installation.Id}",
|
||||
globalSettings.Installation.Key,
|
||||
logger)
|
||||
{
|
||||
_httpContextAccessor = httpContextAccessor;
|
||||
_logger = logger;
|
||||
@ -168,12 +174,12 @@ namespace Bit.Core.Services
|
||||
var message = new TokenHttpRequestMessage(requestModel, AccessToken)
|
||||
{
|
||||
Method = HttpMethod.Post,
|
||||
RequestUri = new Uri(string.Concat(PushClient.BaseAddress, "/push/send"))
|
||||
RequestUri = new Uri(string.Concat(Client.BaseAddress, "/push/send"))
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
await PushClient.SendAsync(message);
|
||||
await Client.SendAsync(message);
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
|
||||
@ -9,14 +9,20 @@ using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Bit.Core.Services
|
||||
{
|
||||
public class RelayPushRegistrationService : BaseRelayPushNotificationService, IPushRegistrationService
|
||||
public class RelayPushRegistrationService : BaseIdentityClientService, IPushRegistrationService
|
||||
{
|
||||
private readonly ILogger<RelayPushRegistrationService> _logger;
|
||||
|
||||
public RelayPushRegistrationService(
|
||||
GlobalSettings globalSettings,
|
||||
ILogger<RelayPushRegistrationService> logger)
|
||||
: base(globalSettings, logger)
|
||||
: base(
|
||||
globalSettings.PushRelayBaseUri,
|
||||
globalSettings.Installation.IdentityUri,
|
||||
"api.push",
|
||||
$"installation.{globalSettings.Installation.Id}",
|
||||
globalSettings.Installation.Key,
|
||||
logger)
|
||||
{
|
||||
_logger = logger;
|
||||
}
|
||||
@ -42,12 +48,12 @@ namespace Bit.Core.Services
|
||||
var message = new TokenHttpRequestMessage(requestModel, AccessToken)
|
||||
{
|
||||
Method = HttpMethod.Post,
|
||||
RequestUri = new Uri(string.Concat(PushClient.BaseAddress, "/push/register"))
|
||||
RequestUri = new Uri(string.Concat(Client.BaseAddress, "/push/register"))
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
await PushClient.SendAsync(message);
|
||||
await Client.SendAsync(message);
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
@ -66,12 +72,12 @@ namespace Bit.Core.Services
|
||||
var message = new TokenHttpRequestMessage(AccessToken)
|
||||
{
|
||||
Method = HttpMethod.Delete,
|
||||
RequestUri = new Uri(string.Concat(PushClient.BaseAddress, "/push/", deviceId))
|
||||
RequestUri = new Uri(string.Concat(Client.BaseAddress, "/push/", deviceId))
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
await PushClient.SendAsync(message);
|
||||
await Client.SendAsync(message);
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
@ -96,12 +102,12 @@ namespace Bit.Core.Services
|
||||
var message = new TokenHttpRequestMessage(requestModel, AccessToken)
|
||||
{
|
||||
Method = HttpMethod.Put,
|
||||
RequestUri = new Uri(string.Concat(PushClient.BaseAddress, "/push/add-organization"))
|
||||
RequestUri = new Uri(string.Concat(Client.BaseAddress, "/push/add-organization"))
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
await PushClient.SendAsync(message);
|
||||
await Client.SendAsync(message);
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
@ -126,12 +132,12 @@ namespace Bit.Core.Services
|
||||
var message = new TokenHttpRequestMessage(requestModel, AccessToken)
|
||||
{
|
||||
Method = HttpMethod.Put,
|
||||
RequestUri = new Uri(string.Concat(PushClient.BaseAddress, "/push/delete-organization"))
|
||||
RequestUri = new Uri(string.Concat(Client.BaseAddress, "/push/delete-organization"))
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
await PushClient.SendAsync(message);
|
||||
await Client.SendAsync(message);
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user