Exemple #1
0
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();

            services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryIdentityResources(IdentResources.GetIdentityResources())
            .AddInMemoryApiResources(ApiResources.GetApiResources())
            .AddInMemoryClients(Clients.GetClients())
            .AddTestUsers(Users.GetUsers());

            services.AddCors(options =>
            {
                // this defines a CORS policy called "default"
                options.AddPolicy("default", policy =>
                {
                    policy.WithOrigins("http://localhost:5504")
                    .AllowAnyHeader()
                    .AllowAnyMethod();
                });
            });
        }
Exemple #2
0
        public static IIdentityServerBuilder AddCustomIdentityServerServices(this IServiceCollection services,
                                                                             IWebHostEnvironment env, GlobalSettings globalSettings)
        {
            services.AddTransient <IDiscoveryResponseGenerator, DiscoveryResponseGenerator>();

            services.AddSingleton <StaticClientStore>();
            services.AddTransient <IAuthorizationCodeStore, AuthorizationCodeStore>();

            var issuerUri             = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
            var identityServerBuilder = services
                                        .AddIdentityServer(options =>
            {
                options.Endpoints.EnableIntrospectionEndpoint   = false;
                options.Endpoints.EnableEndSessionEndpoint      = false;
                options.Endpoints.EnableUserInfoEndpoint        = false;
                options.Endpoints.EnableCheckSessionEndpoint    = false;
                options.Endpoints.EnableTokenRevocationEndpoint = false;
                options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
                options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
                if (env.IsDevelopment())
                {
                    options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
                }
            })
                                        .AddInMemoryCaching()
                                        .AddInMemoryApiResources(ApiResources.GetApiResources())
                                        .AddInMemoryApiScopes(ApiScopes.GetApiScopes())
                                        .AddClientStoreCache <ClientStore>()
                                        .AddCustomTokenRequestValidator <CustomTokenRequestValidator>()
                                        .AddProfileService <ProfileService>()
                                        .AddResourceOwnerValidator <ResourceOwnerPasswordValidator>()
                                        .AddPersistedGrantStore <PersistedGrantStore>()
                                        .AddClientStore <ClientStore>()
                                        .AddIdentityServerCertificate(env, globalSettings);

            services.AddTransient <ICorsPolicyService, CustomCorsPolicyService>();
            return(identityServerBuilder);
        }
Exemple #3
0
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            ConfigureDatabaseServices(services);

            services.AddSingleton <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
            services.AddSingleton <IProfileService, ProfileService>();

            services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryIdentityResources(new IdentityResource[]
            {
                new IdentityResources.OpenId()
            })
            .AddInMemoryApiResources(ApiResources.GetApiResources())
            .AddInMemoryClients(Clients.Get())
            .AddJwtBearerClientAuthentication()
            .AddProfileService <ProfileService>();

            // local api endpoint
            services.AddLocalApiAuthentication();
        }
        private object GetResult(ApiResources resource)
        {
            try
            {
                return(EbApiHelper.GetResult(resource, this.Api, MessageProducer3, this, this.FileClient));
            }
            catch (Exception ex)
            {
                if (ex is ExplicitExitException)
                {
                    this.Api.ApiResponse.Message.Status      = "Success";
                    this.Api.ApiResponse.Message.Description = ex.Message;
                    this.Api.ApiResponse.Message.ErrorCode   = ApiErrorCode.ExplicitExit;
                }
                else
                {
                    this.Api.ApiResponse.Message.Status      = "Error";
                    this.Api.ApiResponse.Message.Description = $"Failed to execute Resource '{resource.Name}' " + ex.Message;
                }

                throw new ApiException("[GetResult] ," + ex.Message);
            }
        }
Exemple #5
0
        public static int Seed(ConfigurationDbContext context)
        {
            var missingClients = Clients.Where(x => !context.Clients.Any(y => y.ClientId == x.ClientId));

            context.Clients.AddRange(missingClients.Select(x => x.ToEntity()));
            var missingApiResources = ApiResources.Where(x => !context.ApiResources.Any(y => y.Name == x.Name));

            context.ApiResources.AddRange(missingApiResources.Select(x => x.ToEntity()));
            var missingApiScopes = ApiScopes.Where(x => !context.ApiScopes.Any(y => y.Name == x.Name));

            context.ApiScopes.AddRange(missingApiScopes.Select(x => x.ToEntity()));

            var missingIdentityResources = IdentityResources.Where(x => !context.IdentityResources.Any(y => y.Name == x.Name));

            foreach (var idr in missingIdentityResources)
            {
                var idrToEntity = idr.ToEntity();

                if (idrToEntity.Name == IdentityServerConstants.StandardScopes.OpenId ||
                    idrToEntity.Name == IdentityServerConstants.StandardScopes.Profile)
                {
                    idrToEntity.NonEditable = true;
                }

                context.IdentityResources.Add(idrToEntity);
            }

            try
            {
                context.SaveChanges();
            }
            catch (Exception)
            {
                return(1);
            }
            return(0);
        }
        // the below code is how the setup for the sessions
        /// <summary>
        /// retrieves the name
        /// </summary>
        /// <param name="id"></param>
        /// <returns>the display name at id "x"</returns>
        public string FetchName(int id)
        {
            ApiResources Name = _context.ApiResources.Find(id);

            return(Name.DisplayName);
        }
Exemple #7
0
        public void ConfigureServices(IServiceCollection services)
        {
            var provider = services.BuildServiceProvider();

            // Options
            services.AddOptions();

            // Settings
            var globalSettings = new GlobalSettings();

            ConfigurationBinder.Bind(Configuration.GetSection("GlobalSettings"), globalSettings);
            services.AddSingleton(s => globalSettings);
            services.Configure <IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
            services.Configure <IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));

            // Repositories
            services.AddSingleton <IUserRepository, SqlServerRepos.UserRepository>();
            services.AddSingleton <ICipherRepository, SqlServerRepos.CipherRepository>();
            services.AddSingleton <IDeviceRepository, SqlServerRepos.DeviceRepository>();
            services.AddSingleton <IGrantRepository, SqlServerRepos.GrantRepository>();
            services.AddSingleton <IOrganizationRepository, SqlServerRepos.OrganizationRepository>();
            services.AddSingleton <IOrganizationUserRepository, SqlServerRepos.OrganizationUserRepository>();
            services.AddSingleton <ISubvaultRepository, SqlServerRepos.SubvaultRepository>();
            services.AddSingleton <ISubvaultUserRepository, SqlServerRepos.SubvaultUserRepository>();
            services.AddSingleton <IFolderRepository, SqlServerRepos.FolderRepository>();

            // Context
            services.AddScoped <CurrentContext>();

            // Caching
            services.AddMemoryCache();

            // Rate limiting
            services.AddSingleton <IIpPolicyStore, MemoryCacheIpPolicyStore>();
            services.AddSingleton <IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();

            // IdentityServer
            var identityServerBuilder = services.AddIdentityServer(options =>
            {
                options.Endpoints.EnableAuthorizeEndpoint       = false;
                options.Endpoints.EnableIntrospectionEndpoint   = false;
                options.Endpoints.EnableEndSessionEndpoint      = false;
                options.Endpoints.EnableUserInfoEndpoint        = false;
                options.Endpoints.EnableCheckSessionEndpoint    = false;
                options.Endpoints.EnableTokenRevocationEndpoint = false;
            })
                                        .AddInMemoryApiResources(ApiResources.GetApiResources())
                                        .AddInMemoryClients(Clients.GetClients());

            services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>();

            if (Environment.IsProduction())
            {
                var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
                identityServerBuilder.AddSigningCredential(identityServerCert);
            }
            else
            {
                identityServerBuilder.AddTemporarySigningCredential();
            }

            services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
            services.AddScoped <IProfileService, ProfileService>();
            services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>();

            // Identity
            services.AddTransient <ILookupNormalizer, LowerInvariantLookupNormalizer>();
            services.AddJwtBearerIdentity(options =>
            {
                options.User = new UserOptions
                {
                    RequireUniqueEmail        = true,
                    AllowedUserNameCharacters = null // all
                };
                options.Password = new PasswordOptions
                {
                    RequireDigit           = false,
                    RequireLowercase       = false,
                    RequiredLength         = 8,
                    RequireNonAlphanumeric = false,
                    RequireUppercase       = false
                };
                options.ClaimsIdentity = new ClaimsIdentityOptions
                {
                    SecurityStampClaimType = "securitystamp",
                    UserNameClaimType      = ClaimTypes.Email
                };
                options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider;
            }, jwtBearerOptions =>
            {
                jwtBearerOptions.Audience               = "bitwarden";
                jwtBearerOptions.Issuer                 = "bitwarden";
                jwtBearerOptions.TokenLifetime          = TimeSpan.FromDays(10 * 365);
                jwtBearerOptions.TwoFactorTokenLifetime = TimeSpan.FromMinutes(10);
                var keyBytes = Encoding.ASCII.GetBytes(globalSettings.JwtSigningKey);
                jwtBearerOptions.SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(keyBytes), SecurityAlgorithms.HmacSha256);
            })
            .AddUserStore <UserStore>()
            .AddRoleStore <RoleStore>()
            .AddTokenProvider <AuthenticatorTokenProvider>(TwoFactorProviderType.Authenticator.ToString())
            .AddTokenProvider <EmailTokenProvider <User> >(TokenOptions.DefaultEmailProvider);

            var jwtIdentityOptions = provider.GetRequiredService <IOptions <JwtBearerIdentityOptions> >().Value;

            services.AddAuthorization(config =>
            {
                config.AddPolicy("Application", policy =>
                {
                    policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2");
                    policy.RequireAuthenticatedUser();
                    policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod);
                });

                config.AddPolicy("TwoFactor", policy =>
                {
                    policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2");
                    policy.RequireAuthenticatedUser();
                    policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod);
                });
            });

            services.AddScoped <AuthenticatorTokenProvider>();

            // Services
            services.AddSingleton <IMailService, SendGridMailService>();
            services.AddSingleton <ICipherService, CipherService>();
            services.AddScoped <IUserService, UserService>();
            services.AddScoped <IPushService, PushSharpPushService>();
            services.AddScoped <IDeviceService, DeviceService>();
            services.AddScoped <IBlockIpService, AzureQueueBlockIpService>();
            services.AddScoped <IOrganizationService, OrganizationService>();

            // Cors
            services.AddCors(config =>
            {
                config.AddPolicy("All", policy =>
                                 policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().SetPreflightMaxAge(TimeSpan.FromDays(1)));
            });

            // MVC
            services.AddMvc(config =>
            {
                config.Filters.Add(new ExceptionHandlerFilterAttribute());
                config.Filters.Add(new ModelStateValidationFilterAttribute());

                // Allow JSON of content type "text/plain" to avoid cors preflight
                var textPlainMediaType = MediaTypeHeaderValue.Parse("text/plain");
                foreach (var jsonFormatter in config.InputFormatters.OfType <JsonInputFormatter>())
                {
                    jsonFormatter.SupportedMediaTypes.Add(textPlainMediaType);
                }
            }).AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
        }
        private async Task UpdateScopesByApiResourceId(IEnumerable <string> apiScopes, ApiResources apiResource,
                                                       IDbConnection con, IDbTransaction t)
        {
            if (apiScopes.IsNullOrEmpty())
            {
                await RemoveApiScopeByApiResourceId(apiResource.Id, con, t);
            }
            else
            {
                var dbItems = await GetScopesByApiResourceId(apiResource.Id, con, t);

                var existingItems = dbItems.ToList();
                var updatedItems  = apiScopes.ToList();

                if (existingItems.IsNullOrEmpty())
                {
                    await InsertApiScopeByApiResourceId(updatedItems, apiResource, con, t);
                }
                else
                {
                    var newItems = updatedItems.Where(c => !existingItems.Exists(d => d.Scope == c));
                    await InsertApiScopeByApiResourceId(newItems, apiResource, con, t);
                }

                var deleteItems = existingItems.Where(c => !updatedItems.Exists(d => d == c.Scope));
                await RemoveApiScopes(deleteItems, con, t);

                //find updated
                var itemsToUpdate = existingItems.Where(c => updatedItems.Exists(d => d == c.Scope));
                if (itemsToUpdate.IsNullOrEmpty())
                {
                    return;
                }

                foreach (var dbItem in itemsToUpdate)
                {
                    var newItem    = updatedItems.SingleOrDefault(c => c == dbItem.Scope);
                    var updateItem = newItem.MapApiScopes();
                    updateItem.Id = dbItem.Id;
                    //update detail
                    con.Execute(
                        $"update {_options.DbSchema}.ApiResourceScopes set [Scope]=@Scope where id=@id;",
                        updateItem, commandType: CommandType.Text, transaction: t);
                }
            }
        }
 private async Task InsertApiScopeByApiResourceId(IEnumerable <string> apiScopes, ApiResources apiResource, IDbConnection con, IDbTransaction t)
 {
     if (!apiScopes.Any())
     {
         return;
     }
     foreach (var scope in apiScopes)
     {
         var item = new ApiResourceScopes()
         {
             Scope = scope, ApiResourceId = apiResource.Id
         };
         var scopeId = await con.ExecuteScalarAsync <int>($"insert into {_options.DbSchema}.ApiResourceScopes " +
                                                          $"(ApiResourceId,[Scope]) " +
                                                          $"values (@ApiResourceId,@Scope);{_options.GetLastInsertID}",
                                                          item, commandType : CommandType.Text, transaction : t);
     }
 }
Exemple #10
0
 public async Task AddApiResource(ApiResource entity)
 {
     await ApiResources.InsertOneAsync(entity);
 }
 public async Task <IEnumerable <ApiResource> > FindApiResourcesByScopeAsync(IEnumerable <string> scopeNames)
 => await Task.FromResult(ApiResources.Where(e => scopeNames.Contains(e.Name)));
 public async Task <ApiResource> FindApiResourceAsync(string name)
 => await Task.FromResult(
     ApiResources.FirstOrDefault(e => e.Name.Equals(name, StringComparison.Ordinal)));