mirror of
https://github.com/bitwarden/server.git
synced 2026-01-31 14:13:18 +08:00
Moved some claim finding logic to a helper method
This commit is contained in:
Addison Beck
@@ -9,6 +9,7 @@ using IdentityModel;
|
||||
using Bit.Core.Utilities;
|
||||
using System.Security.Claims;
|
||||
using Bit.Core.Services;
|
||||
using System.Collections.ObjectModel;
|
||||
|
||||
namespace Bit.Core.IdentityServer
|
||||
{
|
||||
@@ -129,60 +130,21 @@ namespace Bit.Core.IdentityServer
|
||||
var user = await _userRepository.GetByIdAsync(id);
|
||||
if (user != null)
|
||||
{
|
||||
var claims = new List<ClientClaim>();
|
||||
claims.Add(new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()));
|
||||
claims.Add(new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external"));
|
||||
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
|
||||
claims.AddRange(new List<ClientClaim>
|
||||
var claims = new Collection<ClientClaim>()
|
||||
{
|
||||
new ClientClaim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
|
||||
new ClientClaim(JwtClaimTypes.Email, user.Email),
|
||||
new ClientClaim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
|
||||
ClaimValueTypes.Boolean),
|
||||
new ClientClaim("sstamp", user.SecurityStamp)
|
||||
});
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(user.Name))
|
||||
{
|
||||
claims.Add(new ClientClaim(JwtClaimTypes.Name, user.Name));
|
||||
}
|
||||
|
||||
// Orgs that this user belongs to
|
||||
new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()),
|
||||
new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")
|
||||
};
|
||||
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
|
||||
if (orgs.Any())
|
||||
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
|
||||
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
|
||||
{
|
||||
foreach (var group in orgs.GroupBy(o => o.Type))
|
||||
{
|
||||
switch (group.Key)
|
||||
{
|
||||
case Enums.OrganizationUserType.Owner:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add(new ClientClaim("orgowner", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Admin:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add(new ClientClaim("orgadmin", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Manager:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add(new ClientClaim("orgmanager", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.User:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add(new ClientClaim("orguser", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
var upperValue = claim.Value.ToUpperInvariant();
|
||||
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
|
||||
claims.Add(isBool ?
|
||||
new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
|
||||
new ClientClaim(claim.Key, claim.Value)
|
||||
);
|
||||
}
|
||||
|
||||
return new Client
|
||||
|
||||
@@ -8,6 +8,7 @@ using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System;
|
||||
using IdentityModel;
|
||||
using Bit.Core.Utilities;
|
||||
|
||||
namespace Bit.Core.IdentityServer
|
||||
{
|
||||
@@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer
|
||||
if (user != null)
|
||||
{
|
||||
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
|
||||
newClaims.AddRange(new List<Claim>
|
||||
{
|
||||
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
|
||||
new Claim(JwtClaimTypes.Email, user.Email),
|
||||
new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
|
||||
ClaimValueTypes.Boolean),
|
||||
new Claim("sstamp", user.SecurityStamp)
|
||||
});
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(user.Name))
|
||||
{
|
||||
newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name));
|
||||
}
|
||||
|
||||
// Orgs that this user belongs to
|
||||
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
|
||||
if (orgs.Any())
|
||||
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
|
||||
{
|
||||
foreach (var group in orgs.GroupBy(o => o.Type))
|
||||
{
|
||||
switch (group.Key)
|
||||
{
|
||||
case Enums.OrganizationUserType.Owner:
|
||||
foreach (var org in group)
|
||||
{
|
||||
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Admin:
|
||||
foreach (var org in group)
|
||||
{
|
||||
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Manager:
|
||||
foreach (var org in group)
|
||||
{
|
||||
newClaims.Add(new Claim("orgmanager", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.User:
|
||||
foreach (var org in group)
|
||||
{
|
||||
newClaims.Add(new Claim("orguser", org.Id.ToString()));
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
var upperValue = claim.Value.ToUpperInvariant();
|
||||
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
|
||||
newClaims.Add(isBool ?
|
||||
new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
|
||||
new Claim(claim.Key, claim.Value)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -18,6 +18,8 @@ using Bit.Core.Enums;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Azure.Storage;
|
||||
using Microsoft.Azure.Storage.Blob;
|
||||
using Bit.Core.Models.Table;
|
||||
using IdentityModel;
|
||||
|
||||
namespace Bit.Core.Utilities
|
||||
{
|
||||
@@ -670,5 +672,59 @@ namespace Bit.Core.Utilities
|
||||
}
|
||||
return configDict;
|
||||
}
|
||||
|
||||
public static Dictionary<string, string> BuildIdentityClaims(User user, ICollection<CurrentContext.CurrentContentOrganization> orgs, bool isPremium)
|
||||
{
|
||||
var claims = new Dictionary<string, string>()
|
||||
{
|
||||
{"premium", isPremium ? "true" : "false"},
|
||||
{JwtClaimTypes.Email, user.Email},
|
||||
{JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"},
|
||||
{"sstamp", user.SecurityStamp}
|
||||
};
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(user.Name))
|
||||
{
|
||||
claims.Add(JwtClaimTypes.Name, user.Name);
|
||||
}
|
||||
|
||||
// Orgs that this user belongs to
|
||||
if (orgs.Any())
|
||||
{
|
||||
foreach (var group in orgs.GroupBy(o => o.Type))
|
||||
{
|
||||
switch (group.Key)
|
||||
{
|
||||
case Enums.OrganizationUserType.Owner:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orgowner", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Admin:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orgadmin", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.Manager:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orgmanager", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
case Enums.OrganizationUserType.User:
|
||||
foreach (var org in group)
|
||||
{
|
||||
claims.Add("orguser", org.Id.ToString());
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return claims;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user