mirror of
https://github.com/bitwarden/server
synced 2025-12-26 05:03:18 +00:00
c028c68d9c
* initial device removal * Unit Testing * Finalized tests * initial commit refactoring two factor * initial tests * Unit Tests * initial device removal * Unit Testing * Finalized tests * initial commit refactoring two factor * initial tests * Unit Tests * Fixing some tests * renaming and reorganizing * refactored two factor flows * fixed a possible issue with object mapping. * Update TwoFactorAuthenticationValidator.cs removed unused code
75 lines
3.5 KiB
C#
75 lines
3.5 KiB
C#
using Bit.Core.Auth.Repositories;
|
|
using Bit.Core.IdentityServer;
|
|
using Bit.Core.Settings;
|
|
using Bit.Core.Utilities;
|
|
using Bit.Identity.IdentityServer;
|
|
using Bit.Identity.IdentityServer.RequestValidators;
|
|
using Bit.SharedWeb.Utilities;
|
|
using Duende.IdentityServer.ResponseHandling;
|
|
using Duende.IdentityServer.Services;
|
|
using Duende.IdentityServer.Stores;
|
|
|
|
namespace Bit.Identity.Utilities;
|
|
|
|
public static class ServiceCollectionExtensions
|
|
{
|
|
public static IIdentityServerBuilder AddCustomIdentityServerServices(this IServiceCollection services,
|
|
IWebHostEnvironment env, GlobalSettings globalSettings)
|
|
{
|
|
services.AddTransient<IDiscoveryResponseGenerator, DiscoveryResponseGenerator>();
|
|
|
|
services.AddSingleton<StaticClientStore>();
|
|
services.AddTransient<IAuthorizationCodeStore, AuthorizationCodeStore>();
|
|
services.AddTransient<IUserDecryptionOptionsBuilder, UserDecryptionOptionsBuilder>();
|
|
services.AddTransient<IDeviceValidator, DeviceValidator>();
|
|
services.AddTransient<ITwoFactorAuthenticationValidator, TwoFactorAuthenticationValidator>();
|
|
|
|
var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
|
|
var identityServerBuilder = services
|
|
.AddIdentityServer(options =>
|
|
{
|
|
options.LicenseKey = globalSettings.IdentityServer.LicenseKey;
|
|
options.Endpoints.EnableIntrospectionEndpoint = false;
|
|
options.Endpoints.EnableEndSessionEndpoint = false;
|
|
options.Endpoints.EnableUserInfoEndpoint = false;
|
|
options.Endpoints.EnableCheckSessionEndpoint = false;
|
|
options.Endpoints.EnableTokenRevocationEndpoint = false;
|
|
options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
|
|
options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
|
|
if (env.IsDevelopment())
|
|
{
|
|
options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
|
|
}
|
|
options.InputLengthRestrictions.UserName = 256;
|
|
options.KeyManagement.Enabled = false;
|
|
options.UserInteraction.LoginUrl = "/sso/Login";
|
|
})
|
|
.AddInMemoryCaching()
|
|
.AddInMemoryApiResources(ApiResources.GetApiResources())
|
|
.AddInMemoryApiScopes(ApiScopes.GetApiScopes())
|
|
.AddClientStoreCache<ClientStore>()
|
|
.AddCustomTokenRequestValidator<CustomTokenRequestValidator>()
|
|
.AddProfileService<ProfileService>()
|
|
.AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
|
|
.AddClientStore<ClientStore>()
|
|
.AddIdentityServerCertificate(env, globalSettings)
|
|
.AddExtensionGrantValidator<WebAuthnGrantValidator>();
|
|
|
|
if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
|
|
{
|
|
services.AddSingleton<IPersistedGrantStore>(sp =>
|
|
new PersistedGrantStore(sp.GetRequiredKeyedService<IGrantRepository>("cosmos"),
|
|
g => new Core.Auth.Models.Data.GrantItem(g)));
|
|
}
|
|
else
|
|
{
|
|
services.AddTransient<IPersistedGrantStore>(sp =>
|
|
new PersistedGrantStore(sp.GetRequiredService<IGrantRepository>(),
|
|
g => new Core.Auth.Entities.Grant(g)));
|
|
}
|
|
|
|
services.AddTransient<ICorsPolicyService, CustomCorsPolicyService>();
|
|
return identityServerBuilder;
|
|
}
|
|
}
|