public async Task <Client> FindClientByIdAsync(string clientId)
{
if (clientId.StartsWith("installation."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out Guid id))
{
var installation = await _installationRepository.GetByIdAsync(id);
if (installation != null)
{
return(new Client
{
ClientId = $"installation.{installation.Id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(installation.Key.Sha256()) },
AllowedScopes = new string[] { "api.push", "api.licensing" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 24,
Enabled = installation.Enabled,
Claims = new List <Claim> {
new Claim(JwtClaimTypes.Subject, installation.Id.ToString())
}
});
}
}
}
return(_apiClients.ContainsKey(clientId) ? _apiClients[clientId] : null);
}
public Task <Compte> GetByInstallationIdAsync(int id)
{
Installation installation = installationRepository.GetByIdAsync(id).Result;
return(_SolutionCleanCabloPlusContext.Comptes
.Include(c => c.installations)
.Where(c => c.installations.Contains(installation))
.FirstOrDefaultAsync());
}
public async Task <Client> FindClientByIdAsync(string clientId)
{
if (!_globalSettings.SelfHosted && clientId.StartsWith("installation."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out Guid id))
{
var installation = await _installationRepository.GetByIdAsync(id);
if (installation != null)
{
return(new Client
{
ClientId = $"installation.{installation.Id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(installation.Key.Sha256()) },
AllowedScopes = new string[] { "api.push", "api.licensing" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 24,
Enabled = installation.Enabled,
Claims = new List <Claim> {
new Claim(JwtClaimTypes.Subject, installation.Id.ToString())
}
});
}
}
}
else if (_globalSettings.SelfHosted && clientId.StartsWith("internal.") &&
CoreHelpers.SettingHasValue(_globalSettings.InternalIdentityKey))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1)
{
var id = idParts[1];
if (!string.IsNullOrWhiteSpace(id))
{
return(new Client
{
ClientId = $"internal.{id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(_globalSettings.InternalIdentityKey.Sha256()) },
AllowedScopes = new string[] { "internal" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 24,
Enabled = true,
Claims = new List <Claim> {
new Claim(JwtClaimTypes.Subject, id)
}
});
}
}
}
return(_apiClients.ContainsKey(clientId) ? _apiClients[clientId] : null);
}
public async Task <InstallationResponseModel> Get(Guid id)
{
var installation = await _installationRepository.GetByIdAsync(id);
if (installation == null)
{
throw new NotFoundException();
}
return(new InstallationResponseModel(installation, false));
}
public async Task <IActionResult> GenerateLicense(LicenseModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
User user = null;
Organization organization = null;
if (model.UserId.HasValue)
{
user = await _userService.GetUserByIdAsync(model.UserId.Value);
if (user == null)
{
ModelState.AddModelError(nameof(model.UserId), "User Id not found.");
}
}
else if (model.OrganizationId.HasValue)
{
organization = await _organizationRepository.GetByIdAsync(model.OrganizationId.Value);
if (organization == null)
{
ModelState.AddModelError(nameof(model.OrganizationId), "Organization not found.");
}
else if (!organization.Enabled)
{
ModelState.AddModelError(nameof(model.OrganizationId), "Organization is disabled.");
}
}
if (model.InstallationId.HasValue)
{
var installation = await _installationRepository.GetByIdAsync(model.InstallationId.Value);
if (installation == null)
{
ModelState.AddModelError(nameof(model.InstallationId), "Installation not found.");
}
else if (!installation.Enabled)
{
ModelState.AddModelError(nameof(model.OrganizationId), "Installation is disabled.");
}
}
if (!ModelState.IsValid)
{
return(View(model));
}
if (organization != null)
{
var license = await _organizationService.GenerateLicenseAsync(organization,
model.InstallationId.Value, model.Version);
return(File(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(license, Formatting.Indented)),
"text/plain", "bitwarden_organization_license.json"));
}
else if (user != null)
{
var license = await _userService.GenerateLicenseAsync(user, null, model.Version);
return(File(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(license, Formatting.Indented)),
"text/plain", "bitwarden_premium_license.json"));
}
else
{
throw new Exception("No license to generate.");
}
}
public async Task <Client> FindClientByIdAsync(string clientId)
{
if (!_globalSettings.SelfHosted && clientId.StartsWith("installation."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out Guid id))
{
var installation = await _installationRepository.GetByIdAsync(id);
if (installation != null)
{
return(new Client
{
ClientId = $"installation.{installation.Id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(installation.Key.Sha256()) },
AllowedScopes = new string[] { "api.push", "api.licensing" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 24,
Enabled = installation.Enabled,
Claims = new List <ClientClaim>
{
new ClientClaim(JwtClaimTypes.Subject, installation.Id.ToString())
}
});
}
}
}
else if (_globalSettings.SelfHosted && clientId.StartsWith("internal.") &&
CoreHelpers.SettingHasValue(_globalSettings.InternalIdentityKey))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1)
{
var id = idParts[1];
if (!string.IsNullOrWhiteSpace(id))
{
return(new Client
{
ClientId = $"internal.{id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(_globalSettings.InternalIdentityKey.Sha256()) },
AllowedScopes = new string[] { "internal" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 24,
Enabled = true,
Claims = new List <ClientClaim>
{
new ClientClaim(JwtClaimTypes.Subject, id)
}
});
}
}
}
else if (clientId.StartsWith("organization."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
{
var org = await _organizationRepository.GetByIdAsync(id);
if (org != null)
{
return(new Client
{
ClientId = $"organization.{org.Id}",
RequireClientSecret = true,
ClientSecrets = { new Secret(org.ApiKey.Sha256()) },
AllowedScopes = new string[] { "api.organization" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 1,
Enabled = org.Enabled && org.UseApi,
Claims = new List <ClientClaim>
{
new ClientClaim(JwtClaimTypes.Subject, org.Id.ToString())
}
});
}
}
}
else if (clientId.StartsWith("user."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
{
var user = await _userRepository.GetByIdAsync(id);
if (user != null)
{
var claims = new Collection <ClientClaim>()
{
new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()),
new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")
};
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
claims.Add(isBool ?
new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new ClientClaim(claim.Key, claim.Value)
);
}
return(new Client
{
ClientId = clientId,
RequireClientSecret = true,
ClientSecrets = { new Secret(user.ApiKey.Sha256()) },
AllowedScopes = new string[] { "api" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 1,
ClientClaimsPrefix = null,
Claims = claims
});
}
}
}
return(_staticClientStore.ApiClients.ContainsKey(clientId) ?
_staticClientStore.ApiClients[clientId] : null);
}
public async Task <IActionResult> GenerateLicense(LicenseModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
User user = null;
Organization organization = null;
if (model.UserId.HasValue)
{
user = await _userService.GetUserByIdAsync(model.UserId.Value);
if (user == null)
{
ModelState.AddModelError(nameof(model.UserId), "User Id not found.");
}
}
else if (model.OrganizationId.HasValue)
{
organization = await _organizationRepository.GetByIdAsync(model.OrganizationId.Value);
if (organization == null)
{
ModelState.AddModelError(nameof(model.OrganizationId), "Organization not found.");
}
else if (!organization.Enabled)
{
ModelState.AddModelError(nameof(model.OrganizationId), "Organization is disabled.");
}
}
if (model.InstallationId.HasValue)
{
var installation = await _installationRepository.GetByIdAsync(model.InstallationId.Value);
if (installation == null)
{
ModelState.AddModelError(nameof(model.InstallationId), "Installation not found.");
}
else if (!installation.Enabled)
{
ModelState.AddModelError(nameof(model.OrganizationId), "Installation is disabled.");
}
}
if (!ModelState.IsValid)
{
return(View(model));
}
if (organization != null)
{
var license = await _organizationService.GenerateLicenseAsync(organization,
model.InstallationId.Value, model.Version);
var ms = new MemoryStream();
await JsonSerializer.SerializeAsync(ms, license, JsonHelpers.Indented);
ms.Seek(0, SeekOrigin.Begin);
return(File(ms, "text/plain", "bitwarden_organization_license.json"));
}
else if (user != null)
{
var license = await _userService.GenerateLicenseAsync(user, null, model.Version);
var ms = new MemoryStream();
ms.Seek(0, SeekOrigin.Begin);
await JsonSerializer.SerializeAsync(ms, license, JsonHelpers.Indented);
ms.Seek(0, SeekOrigin.Begin);
return(File(ms, "text/plain", "bitwarden_premium_license.json"));
}
else
{
throw new Exception("No license to generate.");
}
}
