bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-05 18:13:31 +00:00
Code Issues Releases Wiki Activity

WIP: Added IdentityServer4 to API via Bearer2 auth scheme

Browse Source
This commit is contained in:
Kyle Spearrin
2017-01-11 00:34:16 -05:00
parent c99f8efe79
commit 77ca47a266
7 changed files with 172 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/Core/Identity/Clients.cs Normal file
View File

@@ -0,0 +1,31 @@
using IdentityServer4.Models;
using System.Collections.Generic;
namespace Bit.Core.Identity
{
public class Clients
{
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new ApiClient("mobile"),
new ApiClient("web"),
new ApiClient("browser"),
new ApiClient("desktop")
};
}
public class ApiClient : Client
{
public ApiClient(string id)
{
ClientId = id;
RequireClientSecret = false;
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword;
AllowOfflineAccess = true;
AllowedScopes = new string[] { "api" };
}
}
}
}

36
src/Core/Identity/ProfileService.cs Normal file
View File

@@ -0,0 +1,36 @@
using IdentityServer4.Services;
using System.Threading.Tasks;
using IdentityServer4.Models;
using Bit.Core.Repositories;
using Bit.Core.Services;
using System.Security.Claims;
namespace Bit.Core.Identity
{
public class ProfileService : IProfileService
{
private readonly IUserService _userService;
private readonly IUserRepository _userRepository;
public ProfileService(
IUserRepository userRepository,
IUserService userService)
{
_userRepository = userRepository;
_userService = userService;
}
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
// TODO: load proper claims for user
context.AddFilteredClaims(new Claim[] { new Claim(ClaimTypes.AuthenticationMethod, "Application") });
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
{
context.IsActive = true;
return Task.FromResult(0);
}
}
}

41
src/Core/Identity/ResourceOwnerPasswordValidator.cs Normal file
View File

@@ -0,0 +1,41 @@
using Bit.Core.Domains;
using Bit.Core.Repositories;
using IdentityServer4.Models;
using IdentityServer4.Validation;
using Microsoft.AspNetCore.Identity;
using System.Security.Claims;
using System.Threading.Tasks;
namespace Bit.Core.Identity
{
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
private readonly IUserRepository _userRepository;
private readonly UserManager<User> _userManager;
public ResourceOwnerPasswordValidator(
IUserRepository userRepository,
UserManager<User> userManager)
{
_userRepository = userRepository;
_userManager = userManager;
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var user = await _userRepository.GetByEmailAsync(context.UserName.ToLowerInvariant());
if(user != null)
{
if(await _userManager.CheckPasswordAsync(user, context.Password))
{
// TODO: proper claims and auth method
context.Result = new GrantValidationResult(subject: user.Id.ToString(), authenticationMethod: "Application",
identityProvider: "bitwarden", claims: new Claim[] { new Claim(ClaimTypes.AuthenticationMethod, "Application") });
return;
}
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Username or password is incorrect.");
}
}
}

17
src/Core/Identity/Resources.cs Normal file
View File

@@ -0,0 +1,17 @@
using IdentityServer4.Models;
using System.Collections.Generic;
using System.Security.Claims;
namespace Bit.Core.Identity
{
public class Resources
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api", "Vault API", new string[] { ClaimTypes.AuthenticationMethod })
};
}
}
}