mirror of
https://github.com/bitwarden/server
synced 2025-12-22 11:13:27 +00:00
0d0c6c7167
* stub out hybrid sso * support for PKCE authorization_code clients * sso service urls * sso client key * abstract request validator * support for verifying password * custom AuthorizationCodeStore that does not remove codes * cleanup * comment * created master password * ResetMasterPassword * rename Sso client to OidcIdentity * update env builder * bitwarden sso project in docker-compose * sso path in nginx config
87 lines
3.5 KiB
C#
87 lines
3.5 KiB
C#
using Bit.Core.Models.Table;
|
|
using Bit.Core.Repositories;
|
|
using IdentityServer4.Models;
|
|
using IdentityServer4.Validation;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using System.Collections.Generic;
|
|
using System.Security.Claims;
|
|
using System.Threading.Tasks;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Identity;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
namespace Bit.Core.IdentityServer
|
|
{
|
|
public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwnerPasswordValidationContext>,
|
|
IResourceOwnerPasswordValidator
|
|
{
|
|
private UserManager<User> _userManager;
|
|
private readonly IUserService _userService;
|
|
|
|
public ResourceOwnerPasswordValidator(
|
|
UserManager<User> userManager,
|
|
IDeviceRepository deviceRepository,
|
|
IDeviceService deviceService,
|
|
IUserService userService,
|
|
IEventService eventService,
|
|
IOrganizationDuoWebTokenProvider organizationDuoWebTokenProvider,
|
|
IOrganizationRepository organizationRepository,
|
|
IOrganizationUserRepository organizationUserRepository,
|
|
IApplicationCacheService applicationCacheService,
|
|
IMailService mailService,
|
|
ILogger<ResourceOwnerPasswordValidator> logger,
|
|
CurrentContext currentContext,
|
|
GlobalSettings globalSettings)
|
|
: base(userManager, deviceRepository, deviceService, userService, eventService,
|
|
organizationDuoWebTokenProvider, organizationRepository, organizationUserRepository,
|
|
applicationCacheService, mailService, logger, currentContext, globalSettings)
|
|
{
|
|
_userManager = userManager;
|
|
_userService = userService;
|
|
}
|
|
|
|
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
|
|
{
|
|
await ValidateAsync(context, context.Request);
|
|
}
|
|
|
|
protected async override Task<(User, bool)> ValidateContextAsync(ResourceOwnerPasswordValidationContext context)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(context.UserName))
|
|
{
|
|
return (null, false);
|
|
}
|
|
|
|
var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
|
|
if (user == null || !await _userService.CheckPasswordAsync(user, context.Password))
|
|
{
|
|
return (user, false);
|
|
}
|
|
|
|
return (user, true);
|
|
}
|
|
|
|
protected override void SetSuccessResult(ResourceOwnerPasswordValidationContext context, User user,
|
|
List<Claim> claims, Dictionary<string, object> customResponse)
|
|
{
|
|
context.Result = new GrantValidationResult(user.Id.ToString(), "Application",
|
|
identityProvider: "bitwarden",
|
|
claims: claims.Count > 0 ? claims : null,
|
|
customResponse: customResponse);
|
|
}
|
|
|
|
protected override void SetTwoFactorResult(ResourceOwnerPasswordValidationContext context,
|
|
Dictionary<string, object> customResponse)
|
|
{
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Two factor required.",
|
|
customResponse);
|
|
}
|
|
|
|
protected override void SetErrorResult(ResourceOwnerPasswordValidationContext context,
|
|
Dictionary<string, object> customResponse)
|
|
{
|
|
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, customResponse: customResponse);
|
|
}
|
|
}
|
|
}
|