From 23467b77713e7690144b91f5cecc2fed527ef4ab Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 28 Apr 2017 16:49:40 -0400 Subject: [PATCH] backwards compat issues with change email/password --- src/Api/Controllers/AccountsController.cs | 48 +++++++++++++++---- .../Api/Request/Accounts/EmailRequestModel.cs | 22 ++++++++- .../Request/Accounts/PasswordRequestModel.cs | 16 ++++++- .../Models/Api/Request/CipherRequestModel.cs | 11 +++++ .../SqlServer/CipherRepository.cs | 9 +++- 5 files changed, 95 insertions(+), 11 deletions(-) diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs index 3b291d38f..d756e9253 100644 --- a/src/Api/Controllers/AccountsController.cs +++ b/src/Api/Controllers/AccountsController.cs @@ -76,15 +76,32 @@ namespace Bit.Api.Controllers [HttpPut("email")] [HttpPost("email")] - public async Task PutEmail([FromBody]EmailRequestModel model) + public async Task PutEmail([FromBody]EmailRequestModel_Old model) { var user = await _userService.GetUserByPrincipalAsync(User); // NOTE: It is assumed that the eventual repository call will make sure the updated // ciphers belong to user making this call. Therefore, no check is done here. - var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id)); - var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id)); + //var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id)); + //var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id)); + + //var result = await _userService.ChangeEmailAsync( + // user, + // model.MasterPasswordHash, + // model.NewEmail, + // model.NewMasterPasswordHash, + // model.Token, + // ciphers, + // folders, + // model.Data.PrivateKey); + + // + // NOTE: Temporary backwards compat. Remove the below and uncomment the above whenever web vault v1.10.0 is released + // + + var ciphers = model.Ciphers.Where(c => c.Type == CipherType.Login).Select(c => c.ToCipher(user.Id)); + var folders = model.Ciphers.Where(c => c.Type == CipherType.Folder).Select(c => c.ToFolder(user.Id)); var result = await _userService.ChangeEmailAsync( user, model.MasterPasswordHash, @@ -93,7 +110,7 @@ namespace Bit.Api.Controllers model.Token, ciphers, folders, - model.Data.PrivateKey); + null); if(result.Succeeded) { @@ -111,22 +128,37 @@ namespace Bit.Api.Controllers [HttpPut("password")] [HttpPost("password")] - public async Task PutPassword([FromBody]PasswordRequestModel model) + public async Task PutPassword([FromBody]PasswordRequestModel_Old model) { var user = await _userService.GetUserByPrincipalAsync(User); // NOTE: It is assumed that the eventual repository call will make sure the updated // ciphers belong to user making this call. Therefore, no check is done here. - var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id)); - var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id)); + //var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id)); + //var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id)); + + //var result = await _userService.ChangePasswordAsync( + // user, + // model.MasterPasswordHash, + // model.NewMasterPasswordHash, + // ciphers, + // folders, + // model.Data.PrivateKey); + + // + // NOTE: Temporary backwards compat. Remove the below and uncomment the above whenever web vault v1.10.0 is released + // + + var ciphers = model.Ciphers.Where(c => c.Type == CipherType.Login).Select(c => c.ToCipher(user.Id)); + var folders = model.Ciphers.Where(c => c.Type == CipherType.Folder).Select(c => c.ToFolder(user.Id)); var result = await _userService.ChangePasswordAsync( user, model.MasterPasswordHash, model.NewMasterPasswordHash, ciphers, folders, - model.Data.PrivateKey); + null); if(result.Succeeded) { diff --git a/src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs b/src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs index 000c3a50c..677db91d6 100644 --- a/src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs +++ b/src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs @@ -1,4 +1,5 @@ -using System.ComponentModel.DataAnnotations; +using System; +using System.ComponentModel.DataAnnotations; namespace Bit.Core.Models.Api { @@ -19,4 +20,23 @@ namespace Bit.Core.Models.Api [Required] public DataReloadRequestModel Data { get; set; } } + + [Obsolete] + public class EmailRequestModel_Old + { + [Required] + [EmailAddress] + [StringLength(50)] + public string NewEmail { get; set; } + [Required] + [StringLength(300)] + public string MasterPasswordHash { get; set; } + [Required] + [StringLength(300)] + public string NewMasterPasswordHash { get; set; } + [Required] + public string Token { get; set; } + [Required] + public CipherRequestModel[] Ciphers { get; set; } + } } diff --git a/src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs b/src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs index 1b524863d..a9dc2a59c 100644 --- a/src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs +++ b/src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs @@ -1,4 +1,5 @@ -using System.ComponentModel.DataAnnotations; +using System; +using System.ComponentModel.DataAnnotations; namespace Bit.Core.Models.Api { @@ -13,4 +14,17 @@ namespace Bit.Core.Models.Api [Required] public DataReloadRequestModel Data { get; set; } } + + [Obsolete] + public class PasswordRequestModel_Old + { + [Required] + [StringLength(300)] + public string MasterPasswordHash { get; set; } + [Required] + [StringLength(300)] + public string NewMasterPasswordHash { get; set; } + [Required] + public CipherRequestModel[] Ciphers { get; set; } + } } diff --git a/src/Core/Models/Api/Request/CipherRequestModel.cs b/src/Core/Models/Api/Request/CipherRequestModel.cs index 5e7ee966d..9e258ac55 100644 --- a/src/Core/Models/Api/Request/CipherRequestModel.cs +++ b/src/Core/Models/Api/Request/CipherRequestModel.cs @@ -59,6 +59,17 @@ namespace Bit.Core.Models.Api return existingCipher; } + + [Obsolete] + public Folder ToFolder(Guid userId) + { + return new Folder + { + Id = new Guid(Id), + UserId = userId, + Name = Name + }; + } } public class CipherShareRequestModel : IValidatableObject diff --git a/src/Core/Repositories/SqlServer/CipherRepository.cs b/src/Core/Repositories/SqlServer/CipherRepository.cs index c739ed58a..f2730309d 100644 --- a/src/Core/Repositories/SqlServer/CipherRepository.cs +++ b/src/Core/Repositories/SqlServer/CipherRepository.cs @@ -192,7 +192,14 @@ namespace Bit.Core.Repositories.SqlServer cmd.Parameters.Add("@EmailVerified", SqlDbType.NVarChar).Value = user.EmailVerified; cmd.Parameters.Add("@MasterPassword", SqlDbType.NVarChar).Value = user.MasterPassword; cmd.Parameters.Add("@SecurityStamp", SqlDbType.NVarChar).Value = user.SecurityStamp; - cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey; + if(string.IsNullOrWhiteSpace(user.PrivateKey)) + { + cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = DBNull.Value; + } + else + { + cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey; + } cmd.Parameters.Add("@RevisionDate", SqlDbType.DateTime2).Value = user.RevisionDate; cmd.ExecuteNonQuery(); }