From 5fa25c4d7e3c98d51c11ea37e69d8f56d2699631 Mon Sep 17 00:00:00 2001 From: Addison Beck Date: Tue, 10 Nov 2020 00:27:12 -0500 Subject: [PATCH] Moved some claim finding logic to a helper method --- src/Core/IdentityServer/ClientStore.cs | 64 +++++------------------ src/Core/IdentityServer/ProfileService.cs | 56 +++----------------- src/Core/Utilities/CoreHelpers.cs | 56 ++++++++++++++++++++ 3 files changed, 77 insertions(+), 99 deletions(-) diff --git a/src/Core/IdentityServer/ClientStore.cs b/src/Core/IdentityServer/ClientStore.cs index 228f345c39..9e8e6292c6 100644 --- a/src/Core/IdentityServer/ClientStore.cs +++ b/src/Core/IdentityServer/ClientStore.cs @@ -9,6 +9,7 @@ using IdentityModel; using Bit.Core.Utilities; using System.Security.Claims; using Bit.Core.Services; +using System.Collections.ObjectModel; namespace Bit.Core.IdentityServer { @@ -129,60 +130,21 @@ namespace Bit.Core.IdentityServer var user = await _userRepository.GetByIdAsync(id); if (user != null) { - var claims = new List(); - claims.Add(new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString())); - claims.Add(new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")); - var isPremium = await _licensingService.ValidateUserPremiumAsync(user); - claims.AddRange(new List + var claims = new Collection() { - new ClientClaim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean), - new ClientClaim(JwtClaimTypes.Email, user.Email), - new ClientClaim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false", - ClaimValueTypes.Boolean), - new ClientClaim("sstamp", user.SecurityStamp) - }); - - if (!string.IsNullOrWhiteSpace(user.Name)) - { - claims.Add(new ClientClaim(JwtClaimTypes.Name, user.Name)); - } - - // Orgs that this user belongs to + new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()), + new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external") + }; var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id); - if (orgs.Any()) + var isPremium = await _licensingService.ValidateUserPremiumAsync(user); + foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium)) { - foreach (var group in orgs.GroupBy(o => o.Type)) - { - switch (group.Key) - { - case Enums.OrganizationUserType.Owner: - foreach (var org in group) - { - claims.Add(new ClientClaim("orgowner", org.Id.ToString())); - } - break; - case Enums.OrganizationUserType.Admin: - foreach (var org in group) - { - claims.Add(new ClientClaim("orgadmin", org.Id.ToString())); - } - break; - case Enums.OrganizationUserType.Manager: - foreach (var org in group) - { - claims.Add(new ClientClaim("orgmanager", org.Id.ToString())); - } - break; - case Enums.OrganizationUserType.User: - foreach (var org in group) - { - claims.Add(new ClientClaim("orguser", org.Id.ToString())); - } - break; - default: - break; - } - } + var upperValue = claim.Value.ToUpperInvariant(); + var isBool = upperValue == "TRUE" || upperValue == "FALSE"; + claims.Add(isBool ? + new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) : + new ClientClaim(claim.Key, claim.Value) + ); } return new Client diff --git a/src/Core/IdentityServer/ProfileService.cs b/src/Core/IdentityServer/ProfileService.cs index 4d2affd36b..1e0d3ce19f 100644 --- a/src/Core/IdentityServer/ProfileService.cs +++ b/src/Core/IdentityServer/ProfileService.cs @@ -8,6 +8,7 @@ using System.Collections.Generic; using System.Linq; using System; using IdentityModel; +using Bit.Core.Utilities; namespace Bit.Core.IdentityServer { @@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer if (user != null) { var isPremium = await _licensingService.ValidateUserPremiumAsync(user); - newClaims.AddRange(new List - { - new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean), - new Claim(JwtClaimTypes.Email, user.Email), - new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false", - ClaimValueTypes.Boolean), - new Claim("sstamp", user.SecurityStamp) - }); - - if (!string.IsNullOrWhiteSpace(user.Name)) - { - newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name)); - } - - // Orgs that this user belongs to var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id); - if (orgs.Any()) + foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium)) { - foreach (var group in orgs.GroupBy(o => o.Type)) - { - switch (group.Key) - { - case Enums.OrganizationUserType.Owner: - foreach (var org in group) - { - newClaims.Add(new Claim("orgowner", org.Id.ToString())); - } - break; - case Enums.OrganizationUserType.Admin: - foreach (var org in group) - { - newClaims.Add(new Claim("orgadmin", org.Id.ToString())); - } - break; - case Enums.OrganizationUserType.Manager: - foreach (var org in group) - { - newClaims.Add(new Claim("orgmanager", org.Id.ToString())); - } - break; - case Enums.OrganizationUserType.User: - foreach (var org in group) - { - newClaims.Add(new Claim("orguser", org.Id.ToString())); - } - break; - default: - break; - } - } + var upperValue = claim.Value.ToUpperInvariant(); + var isBool = upperValue == "TRUE" || upperValue == "FALSE"; + newClaims.Add(isBool ? + new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) : + new Claim(claim.Key, claim.Value) + ); } } diff --git a/src/Core/Utilities/CoreHelpers.cs b/src/Core/Utilities/CoreHelpers.cs index 684e49448d..2689d78d4e 100644 --- a/src/Core/Utilities/CoreHelpers.cs +++ b/src/Core/Utilities/CoreHelpers.cs @@ -18,6 +18,8 @@ using Bit.Core.Enums; using System.Threading.Tasks; using Microsoft.Azure.Storage; using Microsoft.Azure.Storage.Blob; +using Bit.Core.Models.Table; +using IdentityModel; namespace Bit.Core.Utilities { @@ -670,5 +672,59 @@ namespace Bit.Core.Utilities } return configDict; } + + public static Dictionary BuildIdentityClaims(User user, ICollection orgs, bool isPremium) + { + var claims = new Dictionary() + { + {"premium", isPremium ? "true" : "false"}, + {JwtClaimTypes.Email, user.Email}, + {JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"}, + {"sstamp", user.SecurityStamp} + }; + + if (!string.IsNullOrWhiteSpace(user.Name)) + { + claims.Add(JwtClaimTypes.Name, user.Name); + } + + // Orgs that this user belongs to + if (orgs.Any()) + { + foreach (var group in orgs.GroupBy(o => o.Type)) + { + switch (group.Key) + { + case Enums.OrganizationUserType.Owner: + foreach (var org in group) + { + claims.Add("orgowner", org.Id.ToString()); + } + break; + case Enums.OrganizationUserType.Admin: + foreach (var org in group) + { + claims.Add("orgadmin", org.Id.ToString()); + } + break; + case Enums.OrganizationUserType.Manager: + foreach (var org in group) + { + claims.Add("orgmanager", org.Id.ToString()); + } + break; + case Enums.OrganizationUserType.User: + foreach (var org in group) + { + claims.Add("orguser", org.Id.ToString()); + } + break; + default: + break; + } + } + } + return claims; + } } }