Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

[SG-701] Updated controller to not send notification if request was denied (#2375)

Browse Source 
* Updated controller to not send response if request was denied.

* Linting
This commit is contained in:
Todd Martin 2022-10-31 21:31:07 -04:00 committed by GitHub
parent 52b50ef0e9
commit 14074e1e33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Api/Controllers/AuthRequestsController.cs
View File

@ -142,7 +142,13 @@ public class AuthRequestsController : Controller
authRequest.ResponseDate = DateTime.UtcNow;
authRequest.Approved = model.RequestApproved;
await _authRequestRepository.ReplaceAsync(authRequest);
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
// We only want to send an approval notification if the request is approved (or null),
// to not leak that it was denied to the originating client if it was originated by a malicious actor.
if (authRequest.Approved ?? true)
{
await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
}
return new AuthRequestResponseModel(authRequest, _globalSettings.BaseServiceUri.Vault);
}