bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2025-12-05 23:53:21 +00:00
Code Issues Releases Wiki Activity

auth with service account user

Browse Source
This commit is contained in:
Kyle Spearrin
2017-05-18 22:11:22 -04:00
parent 5bdafbced8
commit a48aedf7da
3 changed files with 39 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Console/Program.cs
View File

@@ -324,6 +324,11 @@ namespace Bit.Console
config.GSuite.SecretFile = parameters["f"];
}
if(parameters.ContainsKey("u"))
{
config.GSuite.AdminUser = parameters["u"];
}
if(parameters.ContainsKey("d"))
{
config.GSuite.Domain = parameters["d"];
@@ -460,6 +465,12 @@ namespace Bit.Console
config.GSuite.Domain = input.Trim();
config.GSuite.Customer = null;
}
Con.Write("Admin user [{0}]: ", config.GSuite.AdminUser);
input = Con.ReadLine();
if(!string.IsNullOrEmpty(input))
{
config.GSuite.AdminUser = input.Trim();
}
}
else
{

1
src/Core/Models/GSuiteConfiguration.cs
View File

@@ -5,5 +5,6 @@
public string SecretFile { get; set; } = "client_secret.json";
public string Customer { get; set; }
public string Domain { get; set; } = "yourcompany.com";
public string AdminUser { get; set; } = "adminuser@yourcompany.com";
}
}

46
src/Core/Services/GSuiteDirectoryService.cs
View File

@@ -9,9 +9,8 @@ using System.IO;
using Bit.Core.Utilities;
using System.Linq;
using Google.Apis.Admin.Directory.directory_v1.Data;
using System.Threading;
using Google.Apis.Util.Store;
using Google.Apis.Requests;
using Google.Apis.Json;
namespace Bit.Core.Services
{
@@ -22,28 +21,14 @@ namespace Bit.Core.Services
private GSuiteDirectoryService()
{
//GoogleCredential creds;
UserCredential creds;
ICredential creds;
var secretFilePath = Path.Combine(Constants.BaseStoragePath, SettingsService.Instance.Server.GSuite.SecretFile);
using(var stream = new FileStream(secretFilePath, FileMode.Open, FileAccess.Read))
{
var scopes = new List<string>
{
DirectoryService.Scope.AdminDirectoryUserReadonly,
DirectoryService.Scope.AdminDirectoryGroupReadonly,
DirectoryService.Scope.AdminDirectoryGroupMemberReadonly
};
//creds = GoogleCredential.FromStream(stream).CreateScoped(scopes);
var credsPath = Path.Combine(Constants.BaseStoragePath, "gsuite_credentials");
creds = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
scopes,
"user",
CancellationToken.None,
new FileDataStore(credsPath, true)).Result;
var credParams = NewtonsoftJsonSerializer.Instance.Deserialize<JsonCredentialParameters>(stream);
creds = CreateServiceAccountCredential(credParams);
}
_service = new DirectoryService(new BaseClientService.Initializer
@@ -222,5 +207,28 @@ namespace Bit.Core.Services
return entry;
}
private ServiceAccountCredential CreateServiceAccountCredential(JsonCredentialParameters credParams)
{
var scopes = new List<string>
{
DirectoryService.Scope.AdminDirectoryUserReadonly,
DirectoryService.Scope.AdminDirectoryGroupReadonly,
DirectoryService.Scope.AdminDirectoryGroupMemberReadonly
};
if(credParams.Type != JsonCredentialParameters.ServiceAccountCredentialType ||
string.IsNullOrEmpty(credParams.ClientEmail) ||
string.IsNullOrEmpty(credParams.PrivateKey))
{
throw new InvalidOperationException("JSON data does not represent a valid service account credential.");
}
var initializer = new ServiceAccountCredential.Initializer(credParams.ClientEmail);
initializer.User = SettingsService.Instance.Server.GSuite.AdminUser;
initializer.Scopes = scopes;
return new ServiceAccountCredential(initializer.FromPrivateKey(credParams.PrivateKey));
}
}
}