mirror of
https://github.com/bitwarden/server.git
synced 2025-04-06 05:28:15 -05:00
0bd0910c39
* Auth/pm-48 (#2680) * PM-48 - add user's role as a claim and establish access control service * PM-48 - remove function unrelated to the role claim * PM-48 - fix whitespace issues * PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role * Auth/pm-47 (#2699) * PM-48 - add user's role as a claim and establish access control service * PM-48 - remove function unrelated to the role claim * PM-48 - fix whitespace issues * PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission * PM-47 - remove unneeded service registration, set role to lowercase * PM-47 - fix code style issues * PM-46 - create permission filter attribute (#2753) * Auth/pm-54 add rbac for users (#2758) * PM-54 - add permission gates to User elements * PM-54 - fix formatting * PM-54 - remove unused function * PM-54 - fix variable reference, add permission to billing role * PM-54 - handle Upgrade Premium button functionality and fix spelling * PM-54 - change permission name to be more accurate * PM-49 - update role retrieval (#2779) * Auth/[PM-50] add rbac for logs (#2782) * PM-50 - add rbac for logs * PM-50 - remove unnecessary action filter * PM-51 - add RBAC for tools (#2799) * Auth/[pm-52] add rbac providers (#2818) * PM-52 add rbac for providers * PM-52 - update redirect action * PM-52 - add back edit functionality and permission * PM-52 - reverse changes around removing edit functionality * PM-52 - moved permission check to variable assignement * PM-53 - add rbac for organizations (#2798) * PM-52 - add missed permission to billing role (#2836) * Fixed merge conflicts. * [PM-1846] Updates to add RBAC back after merge conflicts (#2870) * Updates to add RBAC to changes from reseller. * Added back checks for delete and initiating a trial. * Removed extraneous Razor tag. --------- Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com> Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com> Co-authored-by: Jacob Fink <jfink@bitwarden.com>
47 lines
1.8 KiB
C#
47 lines
1.8 KiB
C#
using Bit.Admin.Auth.IdentityServer;
|
|
using Bit.Core.Auth.Identity;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Settings;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
|
|
|
namespace Bit.Admin.IdentityServer;
|
|
|
|
public static class ServiceCollectionExtensions
|
|
{
|
|
public static Tuple<IdentityBuilder, IdentityBuilder> AddPasswordlessIdentityServices<TUserStore>(
|
|
this IServiceCollection services, GlobalSettings globalSettings) where TUserStore : class
|
|
{
|
|
services.TryAddTransient<ILookupNormalizer, LowerInvariantLookupNormalizer>();
|
|
services.Configure<DataProtectionTokenProviderOptions>(options =>
|
|
{
|
|
options.TokenLifespan = TimeSpan.FromMinutes(15);
|
|
});
|
|
|
|
var passwordlessIdentityBuilder = services.AddIdentity<IdentityUser, Role>()
|
|
.AddUserStore<TUserStore>()
|
|
.AddRoleStore<RoleStore>()
|
|
.AddDefaultTokenProviders()
|
|
.AddClaimsPrincipalFactory<CustomClaimsPrincipalFactory>();
|
|
|
|
var regularIdentityBuilder = services.AddIdentityCore<User>()
|
|
.AddUserStore<UserStore>();
|
|
|
|
services.TryAddScoped<PasswordlessSignInManager<IdentityUser>, PasswordlessSignInManager<IdentityUser>>();
|
|
|
|
services.ConfigureApplicationCookie(options =>
|
|
{
|
|
options.LoginPath = "/login";
|
|
options.LogoutPath = "/";
|
|
options.AccessDeniedPath = "/login?accessDenied=true";
|
|
options.Cookie.Name = $"Bitwarden_{globalSettings.ProjectName}";
|
|
options.Cookie.HttpOnly = true;
|
|
options.ExpireTimeSpan = TimeSpan.FromDays(2);
|
|
options.ReturnUrlParameter = "returnUrl";
|
|
options.SlidingExpiration = true;
|
|
});
|
|
|
|
return new Tuple<IdentityBuilder, IdentityBuilder>(passwordlessIdentityBuilder, regularIdentityBuilder);
|
|
}
|
|
}
|