[PM-1188] Server owner auth migration (#2825)

* [PM-1188] add sso project to auth * [PM-1188] move sso api models to auth * [PM-1188] fix sso api model namespace & imports * [PM-1188] move core files to auth * [PM-1188] fix core sso namespace & models * [PM-1188] move sso repository files to auth * [PM-1188] fix sso repo files namespace & imports * [PM-1188] move sso sql files to auth folder * [PM-1188] move sso test files to auth folders * [PM-1188] fix sso tests namespace & imports * [PM-1188] move auth api files to auth folder * [PM-1188] fix auth api files namespace & imports * [PM-1188] move auth core files to auth folder * [PM-1188] fix auth core files namespace & imports * [PM-1188] move auth email templates to auth folder * [PM-1188] move auth email folder back into shared directory * [PM-1188] fix auth email names * [PM-1188] move auth core models to auth folder * [PM-1188] fix auth model namespace & imports * [PM-1188] add entire Identity project to auth codeowners * [PM-1188] fix auth orm files namespace & imports * [PM-1188] move auth orm files to auth folder * [PM-1188] move auth sql files to auth folder * [PM-1188] move auth tests to auth folder * [PM-1188] fix auth test files namespace & imports * [PM-1188] move emergency access api files to auth folder * [PM-1188] fix emergencyaccess api files namespace & imports * [PM-1188] move emergency access core files to auth folder * [PM-1188] fix emergency access core files namespace & imports * [PM-1188] move emergency access orm files to auth folder * [PM-1188] fix emergency access orm files namespace & imports * [PM-1188] move emergency access sql files to auth folder * [PM-1188] move emergencyaccess test files to auth folder * [PM-1188] fix emergency access test files namespace & imports * [PM-1188] move captcha files to auth folder * [PM-1188] fix captcha files namespace & imports * [PM-1188] move auth admin files into auth folder * [PM-1188] fix admin auth files namespace & imports - configure mvc to look in auth folders for views * [PM-1188] remove extra imports and formatting * [PM-1188] fix ef auth model imports * [PM-1188] fix DatabaseContextModelSnapshot paths * [PM-1188] fix grant import in ef * [PM-1188] update sqlproj * [PM-1188] move missed sqlproj files * [PM-1188] move auth ef models out of auth folder * [PM-1188] fix auth ef models namespace * [PM-1188] remove auth ef models unused imports * [PM-1188] fix imports for auth ef models * [PM-1188] fix more ef model imports * [PM-1188] fix file encodings
2025-12-25 12:43:14 +00:00 · 2023-04-14 13:25:56 -04:00
parent 2529c5b36f
commit 88dd745070
332 changed files with 704 additions and 522 deletions
--- a/src/Admin/Auth/IdentityServer/PasswordlessSignInManager.cs
+++ b/src/Admin/Auth/IdentityServer/PasswordlessSignInManager.cs
@@ -0,0 +1,87 @@
+using Bit.Core.Services;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Options;
+
+namespace Bit.Admin.Auth.IdentityServer;
+
+public class PasswordlessSignInManager<TUser> : SignInManager<TUser> where TUser : class
+{
+    public const string PasswordlessSignInPurpose = "PasswordlessSignIn";
+
+    private readonly IMailService _mailService;
+
+    public PasswordlessSignInManager(UserManager<TUser> userManager,
+        IHttpContextAccessor contextAccessor,
+        IUserClaimsPrincipalFactory<TUser> claimsFactory,
+        IOptions<IdentityOptions> optionsAccessor,
+        ILogger<SignInManager<TUser>> logger,
+        IAuthenticationSchemeProvider schemes,
+        IUserConfirmation<TUser> confirmation,
+        IMailService mailService)
+        : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
+    {
+        _mailService = mailService;
+    }
+
+    public async Task<SignInResult> PasswordlessSignInAsync(string email, string returnUrl)
+    {
+        var user = await UserManager.FindByEmailAsync(email);
+        if (user == null)
+        {
+            return SignInResult.Failed;
+        }
+
+        var token = await UserManager.GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider,
+            PasswordlessSignInPurpose);
+        await _mailService.SendPasswordlessSignInAsync(returnUrl, token, email);
+        return SignInResult.Success;
+    }
+
+    public async Task<SignInResult> PasswordlessSignInAsync(TUser user, string token, bool isPersistent)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        var attempt = await CheckPasswordlessSignInAsync(user, token);
+        return attempt.Succeeded ?
+            await SignInOrTwoFactorAsync(user, isPersistent, bypassTwoFactor: true) : attempt;
+    }
+
+    public async Task<SignInResult> PasswordlessSignInAsync(string email, string token, bool isPersistent)
+    {
+        var user = await UserManager.FindByEmailAsync(email);
+        if (user == null)
+        {
+            return SignInResult.Failed;
+        }
+
+        return await PasswordlessSignInAsync(user, token, isPersistent);
+    }
+
+    public virtual async Task<SignInResult> CheckPasswordlessSignInAsync(TUser user, string token)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        var error = await PreSignInCheck(user);
+        if (error != null)
+        {
+            return error;
+        }
+
+        if (await UserManager.VerifyUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider,
+            PasswordlessSignInPurpose, token))
+        {
+            return SignInResult.Success;
+        }
+
+        Logger.LogWarning(2, "User {userId} failed to provide the correct token.",
+            await UserManager.GetUserIdAsync(user));
+        return SignInResult.Failed;
+    }
+}