2017-01-11 00:34:16 -05:00
|
|
|
|
using IdentityServer4.Services;
|
|
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
using IdentityServer4.Models;
|
|
|
|
|
|
using Bit.Core.Repositories;
|
|
|
|
|
|
using Bit.Core.Services;
|
2017-01-24 22:15:21 -05:00
|
|
|
|
using System.Security.Claims;
|
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
using System.Linq;
|
|
|
|
|
|
using System;
|
2017-06-06 23:19:42 -04:00
|
|
|
|
using IdentityModel;
|
2017-01-11 00:34:16 -05:00
|
|
|
|
|
2017-05-05 16:11:50 -04:00
|
|
|
|
namespace Bit.Core.IdentityServer
|
2017-01-11 00:34:16 -05:00
|
|
|
|
{
|
|
|
|
|
|
public class ProfileService : IProfileService
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly IUserService _userService;
|
|
|
|
|
|
private readonly IUserRepository _userRepository;
|
2017-04-05 15:31:33 -04:00
|
|
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
2017-08-16 17:08:20 -04:00
|
|
|
|
private readonly ILicensingService _licensingService;
|
2018-04-03 14:31:33 -04:00
|
|
|
|
private readonly CurrentContext _currentContext;
|
2017-01-11 00:34:16 -05:00
|
|
|
|
|
|
|
|
|
|
public ProfileService(
|
|
|
|
|
|
IUserRepository userRepository,
|
2017-01-24 22:15:21 -05:00
|
|
|
|
IUserService userService,
|
2017-04-05 15:31:33 -04:00
|
|
|
|
IOrganizationUserRepository organizationUserRepository,
|
2018-04-03 14:31:33 -04:00
|
|
|
|
ILicensingService licensingService,
|
|
|
|
|
|
CurrentContext currentContext)
|
2017-01-11 00:34:16 -05:00
|
|
|
|
{
|
|
|
|
|
|
_userRepository = userRepository;
|
|
|
|
|
|
_userService = userService;
|
2017-04-05 15:31:33 -04:00
|
|
|
|
_organizationUserRepository = organizationUserRepository;
|
2017-08-16 17:08:20 -04:00
|
|
|
|
_licensingService = licensingService;
|
2018-04-03 14:31:33 -04:00
|
|
|
|
_currentContext = currentContext;
|
2017-01-11 00:34:16 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-24 22:15:21 -05:00
|
|
|
|
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
|
2017-01-11 00:34:16 -05:00
|
|
|
|
{
|
2017-01-25 22:31:14 -05:00
|
|
|
|
var existingClaims = context.Subject.Claims;
|
|
|
|
|
|
var newClaims = new List<Claim>();
|
|
|
|
|
|
|
2017-01-25 00:38:09 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(context.Subject);
|
2017-01-24 22:15:21 -05:00
|
|
|
|
if(user != null)
|
|
|
|
|
|
{
|
2017-08-17 00:12:11 -04:00
|
|
|
|
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
|
2017-01-25 22:31:14 -05:00
|
|
|
|
newClaims.AddRange(new List<Claim>
|
2017-01-24 22:23:11 -05:00
|
|
|
|
{
|
2017-08-16 17:08:20 -04:00
|
|
|
|
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
|
2017-06-06 23:19:42 -04:00
|
|
|
|
new Claim(JwtClaimTypes.Email, user.Email),
|
2017-07-01 23:20:30 -04:00
|
|
|
|
new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false", ClaimValueTypes.Boolean),
|
2017-10-06 11:38:47 -04:00
|
|
|
|
new Claim("sstamp", user.SecurityStamp)
|
2017-01-24 22:15:21 -05:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
if(!string.IsNullOrWhiteSpace(user.Name))
|
|
|
|
|
|
{
|
2017-06-06 23:19:42 -04:00
|
|
|
|
newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name));
|
2017-01-24 22:15:21 -05:00
|
|
|
|
}
|
2017-04-05 15:31:33 -04:00
|
|
|
|
|
|
|
|
|
|
// Orgs that this user belongs to
|
2018-04-03 14:31:33 -04:00
|
|
|
|
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
|
2017-04-05 15:31:33 -04:00
|
|
|
|
if(orgs.Any())
|
|
|
|
|
|
{
|
2018-08-31 17:05:27 -04:00
|
|
|
|
foreach(var group in orgs.GroupBy(o => o.Type))
|
2017-04-05 15:31:33 -04:00
|
|
|
|
{
|
|
|
|
|
|
switch(group.Key)
|
|
|
|
|
|
{
|
2017-06-06 23:19:42 -04:00
|
|
|
|
case Enums.OrganizationUserType.Owner:
|
2017-04-05 15:31:33 -04:00
|
|
|
|
foreach(var org in group)
|
|
|
|
|
|
{
|
2018-08-31 17:05:27 -04:00
|
|
|
|
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
|
2017-04-05 15:31:33 -04:00
|
|
|
|
}
|
|
|
|
|
|
break;
|
2017-06-06 23:19:42 -04:00
|
|
|
|
case Enums.OrganizationUserType.Admin:
|
2017-04-05 15:31:33 -04:00
|
|
|
|
foreach(var org in group)
|
|
|
|
|
|
{
|
2018-08-31 17:05:27 -04:00
|
|
|
|
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
|
2017-04-05 15:31:33 -04:00
|
|
|
|
}
|
|
|
|
|
|
break;
|
2017-06-06 23:19:42 -04:00
|
|
|
|
case Enums.OrganizationUserType.User:
|
2017-04-05 15:31:33 -04:00
|
|
|
|
foreach(var org in group)
|
|
|
|
|
|
{
|
2018-08-31 17:05:27 -04:00
|
|
|
|
newClaims.Add(new Claim("orguser", org.Id.ToString()));
|
2017-04-05 15:31:33 -04:00
|
|
|
|
}
|
|
|
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-01-24 22:15:21 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-25 22:31:14 -05:00
|
|
|
|
// filter out any of the new claims
|
|
|
|
|
|
var existingClaimsToKeep = existingClaims
|
2017-04-05 15:31:33 -04:00
|
|
|
|
.Where(c => !c.Type.StartsWith("org") && (newClaims.Count == 0 || !newClaims.Any(nc => nc.Type == c.Type)))
|
|
|
|
|
|
.ToList();
|
2017-01-25 22:31:14 -05:00
|
|
|
|
|
|
|
|
|
|
newClaims.AddRange(existingClaimsToKeep);
|
|
|
|
|
|
if(newClaims.Any())
|
2017-01-24 22:15:21 -05:00
|
|
|
|
{
|
2017-10-06 11:38:47 -04:00
|
|
|
|
context.AddRequestedClaims(newClaims);
|
2017-01-24 22:15:21 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public async Task IsActiveAsync(IsActiveContext context)
|
|
|
|
|
|
{
|
2017-10-06 11:38:47 -04:00
|
|
|
|
var securityTokenClaim = context.Subject?.Claims.FirstOrDefault(c => c.Type == "sstamp");
|
2017-01-25 00:38:09 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(context.Subject);
|
2017-01-24 22:15:21 -05:00
|
|
|
|
|
|
|
|
|
|
if(user != null && securityTokenClaim != null)
|
|
|
|
|
|
{
|
|
|
|
|
|
context.IsActive = string.Equals(user.SecurityStamp, securityTokenClaim.Value,
|
|
|
|
|
|
StringComparison.InvariantCultureIgnoreCase);
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
context.IsActive = true;
|
|
|
|
|
|
}
|
2017-01-11 00:34:16 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
