2016-06-08 02:05:27 +02:00
|
|
|
|
using System;
|
|
|
|
|
|
using System.Linq;
|
|
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
using Bit.Core.Repositories;
|
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
2017-03-09 03:55:08 +01:00
|
|
|
|
using Bit.Core.Models.Api;
|
2016-06-08 02:05:27 +02:00
|
|
|
|
using Bit.Core.Exceptions;
|
|
|
|
|
|
using Bit.Core.Services;
|
2017-04-12 18:42:00 +02:00
|
|
|
|
using Bit.Core;
|
2017-06-15 21:34:12 +02:00
|
|
|
|
using Bit.Api.Utilities;
|
2016-06-08 02:05:27 +02:00
|
|
|
|
|
|
|
|
|
|
namespace Bit.Api.Controllers
|
|
|
|
|
|
{
|
|
|
|
|
|
[Route("ciphers")]
|
|
|
|
|
|
[Authorize("Application")]
|
|
|
|
|
|
public class CiphersController : Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly ICipherRepository _cipherRepository;
|
2017-04-27 15:19:30 +02:00
|
|
|
|
private readonly ICollectionCipherRepository _collectionCipherRepository;
|
2016-06-08 02:05:27 +02:00
|
|
|
|
private readonly ICipherService _cipherService;
|
2017-01-25 04:46:54 +01:00
|
|
|
|
private readonly IUserService _userService;
|
2017-06-15 21:34:12 +02:00
|
|
|
|
private readonly IAttachmentStorageService _attachmentStorageService;
|
2017-04-12 18:42:00 +02:00
|
|
|
|
private readonly CurrentContext _currentContext;
|
2016-06-08 02:05:27 +02:00
|
|
|
|
|
|
|
|
|
|
public CiphersController(
|
|
|
|
|
|
ICipherRepository cipherRepository,
|
2017-04-27 15:19:30 +02:00
|
|
|
|
ICollectionCipherRepository collectionCipherRepository,
|
2016-06-08 02:05:27 +02:00
|
|
|
|
ICipherService cipherService,
|
2017-04-12 18:42:00 +02:00
|
|
|
|
IUserService userService,
|
2017-06-15 21:34:12 +02:00
|
|
|
|
IAttachmentStorageService attachmentStorageService,
|
2017-04-12 18:42:00 +02:00
|
|
|
|
CurrentContext currentContext)
|
2016-06-08 02:05:27 +02:00
|
|
|
|
{
|
|
|
|
|
|
_cipherRepository = cipherRepository;
|
2017-04-27 15:19:30 +02:00
|
|
|
|
_collectionCipherRepository = collectionCipherRepository;
|
2016-06-08 02:05:27 +02:00
|
|
|
|
_cipherService = cipherService;
|
2017-01-25 04:46:54 +01:00
|
|
|
|
_userService = userService;
|
2017-06-15 21:34:12 +02:00
|
|
|
|
_attachmentStorageService = attachmentStorageService;
|
2017-04-12 18:42:00 +02:00
|
|
|
|
_currentContext = currentContext;
|
2016-06-08 02:05:27 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("{id}")]
|
2017-03-01 04:51:29 +01:00
|
|
|
|
public async Task<CipherResponseModel> Get(string id)
|
2016-06-08 02:05:27 +02:00
|
|
|
|
{
|
2017-02-18 07:17:09 +01:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-03-01 04:51:29 +01:00
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
2016-06-08 02:05:27 +02:00
|
|
|
|
if(cipher == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-18 16:58:02 +01:00
|
|
|
|
return new CipherResponseModel(cipher);
|
2016-06-08 02:05:27 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-04 23:22:47 +02:00
|
|
|
|
[HttpGet("{id}/full-details")]
|
2017-05-07 05:23:01 +02:00
|
|
|
|
[HttpGet("{id}/details")]
|
|
|
|
|
|
public async Task<CipherDetailsResponseModel> GetDetails(string id)
|
2017-04-04 23:22:47 +02:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipherId = new Guid(id);
|
2017-05-07 05:23:01 +02:00
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(cipherId, userId);
|
2017-04-04 23:22:47 +02:00
|
|
|
|
if(cipher == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
var collectionCiphers = await _collectionCipherRepository.GetManyByUserIdCipherIdAsync(userId, cipherId);
|
2017-05-07 05:23:01 +02:00
|
|
|
|
return new CipherDetailsResponseModel(cipher, collectionCiphers);
|
2017-04-04 23:22:47 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-06-08 02:05:27 +02:00
|
|
|
|
[HttpGet("")]
|
2017-06-13 15:12:00 +02:00
|
|
|
|
public async Task<ListResponseModel<CipherResponseModel>> Get()
|
2016-06-08 02:05:27 +02:00
|
|
|
|
{
|
2017-02-18 07:17:09 +01:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-03-01 04:51:29 +01:00
|
|
|
|
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId);
|
2017-04-19 22:47:12 +02:00
|
|
|
|
var responses = ciphers.Select(c => new CipherResponseModel(c)).ToList();
|
2017-03-01 04:51:29 +01:00
|
|
|
|
return new ListResponseModel<CipherResponseModel>(responses);
|
2016-06-08 02:05:27 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-04 23:22:47 +02:00
|
|
|
|
[HttpGet("details")]
|
2017-04-27 15:19:30 +02:00
|
|
|
|
public async Task<ListResponseModel<CipherDetailsResponseModel>> GetCollections()
|
2017-03-23 22:43:12 +01:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-04-27 15:19:30 +02:00
|
|
|
|
var ciphers = await _cipherRepository.GetManyByUserIdHasCollectionsAsync(userId);
|
2017-03-24 14:42:06 +01:00
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
var collectionCiphers = await _collectionCipherRepository.GetManyByUserIdAsync(userId);
|
2017-04-27 15:39:21 +02:00
|
|
|
|
var collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
|
2017-03-24 14:42:06 +01:00
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
var responses = ciphers.Select(c => new CipherDetailsResponseModel(c, collectionCiphersGroupDict));
|
2017-03-23 22:43:12 +01:00
|
|
|
|
return new ListResponseModel<CipherDetailsResponseModel>(responses);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-17 23:01:23 +02:00
|
|
|
|
[HttpGet("organization-details")]
|
2017-04-27 15:19:30 +02:00
|
|
|
|
public async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganizationCollections(string organizationId)
|
2017-04-17 23:01:23 +02:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var orgIdGuid = new Guid(organizationId);
|
|
|
|
|
|
if(!_currentContext.OrganizationAdmin(orgIdGuid))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var ciphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
|
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
2017-04-27 15:39:21 +02:00
|
|
|
|
var collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
|
2017-04-17 23:01:23 +02:00
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
var responses = ciphers.Select(c => new CipherMiniDetailsResponseModel(c, collectionCiphersGroupDict));
|
2017-04-17 23:01:23 +02:00
|
|
|
|
return new ListResponseModel<CipherMiniDetailsResponseModel>(responses);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-06-08 02:05:27 +02:00
|
|
|
|
[HttpPost("import")]
|
2017-05-13 18:00:40 +02:00
|
|
|
|
public async Task PostImport([FromBody]ImportPasswordsRequestModel model)
|
2016-06-08 02:05:27 +02:00
|
|
|
|
{
|
2017-01-25 04:46:54 +01:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-05-07 05:45:29 +02:00
|
|
|
|
var folders = model.Folders.Select(f => f.ToFolder(userId)).ToList();
|
|
|
|
|
|
var ciphers = model.Logins.Select(l => l.ToCipherDetails(userId)).ToList();
|
2017-06-13 15:12:00 +02:00
|
|
|
|
await _cipherService.ImportCiphersAsync(folders, ciphers, model.FolderRelationships);
|
2017-04-12 20:42:19 +02:00
|
|
|
|
}
|
2016-06-09 04:19:08 +02:00
|
|
|
|
|
2017-03-24 21:15:50 +01:00
|
|
|
|
[HttpPut("{id}/partial")]
|
|
|
|
|
|
[HttpPost("{id}/partial")]
|
|
|
|
|
|
public async Task PutPartial(string id, [FromBody]CipherPartialRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var folderId = string.IsNullOrWhiteSpace(model.FolderId) ? null : (Guid?)new Guid(model.FolderId);
|
2017-04-18 05:16:35 +02:00
|
|
|
|
await _cipherRepository.UpdatePartialAsync(new Guid(id), userId, folderId, model.Favorite);
|
2017-03-24 21:15:50 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-12 18:42:00 +02:00
|
|
|
|
[HttpPut("{id}/share")]
|
|
|
|
|
|
[HttpPost("{id}/share")]
|
|
|
|
|
|
public async Task PutShare(string id, [FromBody]CipherShareRequestModel model)
|
2017-03-21 05:04:39 +01:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-03-22 02:13:20 +01:00
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
2017-04-12 18:42:00 +02:00
|
|
|
|
if(cipher == null || cipher.UserId != userId ||
|
|
|
|
|
|
!_currentContext.OrganizationUser(new Guid(model.Cipher.OrganizationId)))
|
2017-03-21 05:04:39 +01:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-12 18:42:00 +02:00
|
|
|
|
await _cipherService.ShareAsync(model.Cipher.ToCipher(cipher), new Guid(model.Cipher.OrganizationId),
|
2017-04-27 15:39:21 +02:00
|
|
|
|
model.CollectionIds.Select(c => new Guid(c)), userId);
|
2017-03-21 05:04:39 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
[HttpPut("{id}/collections")]
|
|
|
|
|
|
[HttpPost("{id}/collections")]
|
|
|
|
|
|
public async Task PutCollections(string id, [FromBody]CipherCollectionsRequestModel model)
|
2017-04-12 18:42:00 +02:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
|
|
|
|
|
if(cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!_currentContext.OrganizationUser(cipher.OrganizationId.Value))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-27 15:39:21 +02:00
|
|
|
|
await _cipherService.SaveCollectionsAsync(cipher, model.CollectionIds.Select(c => new Guid(c)), userId, false);
|
2017-04-18 05:12:48 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-27 15:19:30 +02:00
|
|
|
|
[HttpPut("{id}/collections-admin")]
|
|
|
|
|
|
[HttpPost("{id}/collections-admin")]
|
|
|
|
|
|
public async Task PutCollectionsAdmin(string id, [FromBody]CipherCollectionsRequestModel model)
|
2017-04-18 05:12:48 +02:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
|
|
|
|
|
if(cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-27 15:39:21 +02:00
|
|
|
|
await _cipherService.SaveCollectionsAsync(cipher, model.CollectionIds.Select(c => new Guid(c)), userId, true);
|
2017-04-12 18:42:00 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-06-08 02:05:27 +02:00
|
|
|
|
[HttpDelete("{id}")]
|
2016-07-14 03:43:48 +02:00
|
|
|
|
[HttpPost("{id}/delete")]
|
2016-06-08 02:05:27 +02:00
|
|
|
|
public async Task Delete(string id)
|
|
|
|
|
|
{
|
2017-03-22 02:13:20 +01:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
2016-06-08 02:05:27 +02:00
|
|
|
|
if(cipher == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-24 14:27:15 +01:00
|
|
|
|
await _cipherService.DeleteAsync(cipher, userId);
|
2016-06-08 02:05:27 +02:00
|
|
|
|
}
|
2017-04-19 22:00:47 +02:00
|
|
|
|
|
|
|
|
|
|
[HttpDelete("{id}/admin")]
|
|
|
|
|
|
[HttpPost("{id}/delete-admin")]
|
|
|
|
|
|
public async Task DeleteAdmin(string id)
|
|
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
|
|
|
|
|
if(cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _cipherService.DeleteAsync(cipher, userId, true);
|
|
|
|
|
|
}
|
2017-06-09 06:30:59 +02:00
|
|
|
|
|
|
|
|
|
|
[HttpDelete("")]
|
|
|
|
|
|
[HttpPost("delete")]
|
|
|
|
|
|
public async Task DeleteMany([FromBody]CipherBulkDeleteRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.DeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("move")]
|
|
|
|
|
|
[HttpPost("move")]
|
|
|
|
|
|
public async Task MoveMany([FromBody]CipherBulkMoveRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-06-09 15:48:44 +02:00
|
|
|
|
await _cipherService.MoveManyAsync(model.Ids.Select(i => new Guid(i)),
|
|
|
|
|
|
string.IsNullOrWhiteSpace(model.FolderId) ? (Guid?)null : new Guid(model.FolderId), userId);
|
2017-06-09 06:30:59 +02:00
|
|
|
|
}
|
2017-06-15 21:34:12 +02:00
|
|
|
|
|
|
|
|
|
|
[HttpPost("attachment")]
|
|
|
|
|
|
[DisableFormValueModelBinding]
|
|
|
|
|
|
public async Task Post(string id)
|
|
|
|
|
|
{
|
|
|
|
|
|
// throw for now
|
|
|
|
|
|
throw new NotImplementedException();
|
|
|
|
|
|
|
|
|
|
|
|
if(!Request?.ContentType.Contains("multipart/") ?? true)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid content.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var idGuid = new Guid(id);
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(idGuid, userId);
|
|
|
|
|
|
if(cipher == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Request.GetFilesAsync(async (stream, fileName) =>
|
|
|
|
|
|
{
|
|
|
|
|
|
var attachmentId = Guid.NewGuid();
|
|
|
|
|
|
// TODO: store attachmentId + fileName reference in database
|
|
|
|
|
|
var storedFilename = $"{idGuid}_{attachmentId}";
|
|
|
|
|
|
await _attachmentStorageService.UploadAttachmentAsync(stream, storedFilename);
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpDelete("{id}/attachment/{attachmentId}")]
|
|
|
|
|
|
[HttpPost("{id}/attachment/{attachmentId}/delete")]
|
|
|
|
|
|
public async Task Delete(string id, string attachmentId)
|
|
|
|
|
|
{
|
|
|
|
|
|
// throw for now
|
|
|
|
|
|
throw new NotImplementedException();
|
|
|
|
|
|
|
|
|
|
|
|
var idGuid = new Guid(id);
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(idGuid, userId);
|
|
|
|
|
|
if(cipher == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var attachmentIdGuid = new Guid(attachmentId);
|
|
|
|
|
|
|
|
|
|
|
|
// TODO: check and remove attachmentId from cipher in database
|
|
|
|
|
|
|
|
|
|
|
|
var storedFilename = $"{idGuid}_{attachmentId}";
|
|
|
|
|
|
await _attachmentStorageService.DeleteAttachmentAsync(storedFilename);
|
|
|
|
|
|
}
|
2016-06-08 02:05:27 +02:00
|
|
|
|
}
|
|
|
|
|
|
}
|
