1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00

backwards compat issues with change email/password

This commit is contained in:
Kyle Spearrin 2017-04-28 16:49:40 -04:00
parent 8d37f1c946
commit 23467b7771
5 changed files with 95 additions and 11 deletions

View File

@ -76,15 +76,32 @@ namespace Bit.Api.Controllers
[HttpPut("email")] [HttpPut("email")]
[HttpPost("email")] [HttpPost("email")]
public async Task PutEmail([FromBody]EmailRequestModel model) public async Task PutEmail([FromBody]EmailRequestModel_Old model)
{ {
var user = await _userService.GetUserByPrincipalAsync(User); var user = await _userService.GetUserByPrincipalAsync(User);
// NOTE: It is assumed that the eventual repository call will make sure the updated // NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here. // ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
//var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
//var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
//var result = await _userService.ChangeEmailAsync(
// user,
// model.MasterPasswordHash,
// model.NewEmail,
// model.NewMasterPasswordHash,
// model.Token,
// ciphers,
// folders,
// model.Data.PrivateKey);
//
// NOTE: Temporary backwards compat. Remove the below and uncomment the above whenever web vault v1.10.0 is released
//
var ciphers = model.Ciphers.Where(c => c.Type == CipherType.Login).Select(c => c.ToCipher(user.Id));
var folders = model.Ciphers.Where(c => c.Type == CipherType.Folder).Select(c => c.ToFolder(user.Id));
var result = await _userService.ChangeEmailAsync( var result = await _userService.ChangeEmailAsync(
user, user,
model.MasterPasswordHash, model.MasterPasswordHash,
@ -93,7 +110,7 @@ namespace Bit.Api.Controllers
model.Token, model.Token,
ciphers, ciphers,
folders, folders,
model.Data.PrivateKey); null);
if(result.Succeeded) if(result.Succeeded)
{ {
@ -111,22 +128,37 @@ namespace Bit.Api.Controllers
[HttpPut("password")] [HttpPut("password")]
[HttpPost("password")] [HttpPost("password")]
public async Task PutPassword([FromBody]PasswordRequestModel model) public async Task PutPassword([FromBody]PasswordRequestModel_Old model)
{ {
var user = await _userService.GetUserByPrincipalAsync(User); var user = await _userService.GetUserByPrincipalAsync(User);
// NOTE: It is assumed that the eventual repository call will make sure the updated // NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here. // ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
//var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
//var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
//var result = await _userService.ChangePasswordAsync(
// user,
// model.MasterPasswordHash,
// model.NewMasterPasswordHash,
// ciphers,
// folders,
// model.Data.PrivateKey);
//
// NOTE: Temporary backwards compat. Remove the below and uncomment the above whenever web vault v1.10.0 is released
//
var ciphers = model.Ciphers.Where(c => c.Type == CipherType.Login).Select(c => c.ToCipher(user.Id));
var folders = model.Ciphers.Where(c => c.Type == CipherType.Folder).Select(c => c.ToFolder(user.Id));
var result = await _userService.ChangePasswordAsync( var result = await _userService.ChangePasswordAsync(
user, user,
model.MasterPasswordHash, model.MasterPasswordHash,
model.NewMasterPasswordHash, model.NewMasterPasswordHash,
ciphers, ciphers,
folders, folders,
model.Data.PrivateKey); null);
if(result.Succeeded) if(result.Succeeded)
{ {

View File

@ -1,4 +1,5 @@
using System.ComponentModel.DataAnnotations; using System;
using System.ComponentModel.DataAnnotations;
namespace Bit.Core.Models.Api namespace Bit.Core.Models.Api
{ {
@ -19,4 +20,23 @@ namespace Bit.Core.Models.Api
[Required] [Required]
public DataReloadRequestModel Data { get; set; } public DataReloadRequestModel Data { get; set; }
} }
[Obsolete]
public class EmailRequestModel_Old
{
[Required]
[EmailAddress]
[StringLength(50)]
public string NewEmail { get; set; }
[Required]
[StringLength(300)]
public string MasterPasswordHash { get; set; }
[Required]
[StringLength(300)]
public string NewMasterPasswordHash { get; set; }
[Required]
public string Token { get; set; }
[Required]
public CipherRequestModel[] Ciphers { get; set; }
}
} }

View File

@ -1,4 +1,5 @@
using System.ComponentModel.DataAnnotations; using System;
using System.ComponentModel.DataAnnotations;
namespace Bit.Core.Models.Api namespace Bit.Core.Models.Api
{ {
@ -13,4 +14,17 @@ namespace Bit.Core.Models.Api
[Required] [Required]
public DataReloadRequestModel Data { get; set; } public DataReloadRequestModel Data { get; set; }
} }
[Obsolete]
public class PasswordRequestModel_Old
{
[Required]
[StringLength(300)]
public string MasterPasswordHash { get; set; }
[Required]
[StringLength(300)]
public string NewMasterPasswordHash { get; set; }
[Required]
public CipherRequestModel[] Ciphers { get; set; }
}
} }

View File

@ -59,6 +59,17 @@ namespace Bit.Core.Models.Api
return existingCipher; return existingCipher;
} }
[Obsolete]
public Folder ToFolder(Guid userId)
{
return new Folder
{
Id = new Guid(Id),
UserId = userId,
Name = Name
};
}
} }
public class CipherShareRequestModel : IValidatableObject public class CipherShareRequestModel : IValidatableObject

View File

@ -192,7 +192,14 @@ namespace Bit.Core.Repositories.SqlServer
cmd.Parameters.Add("@EmailVerified", SqlDbType.NVarChar).Value = user.EmailVerified; cmd.Parameters.Add("@EmailVerified", SqlDbType.NVarChar).Value = user.EmailVerified;
cmd.Parameters.Add("@MasterPassword", SqlDbType.NVarChar).Value = user.MasterPassword; cmd.Parameters.Add("@MasterPassword", SqlDbType.NVarChar).Value = user.MasterPassword;
cmd.Parameters.Add("@SecurityStamp", SqlDbType.NVarChar).Value = user.SecurityStamp; cmd.Parameters.Add("@SecurityStamp", SqlDbType.NVarChar).Value = user.SecurityStamp;
if(string.IsNullOrWhiteSpace(user.PrivateKey))
{
cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = DBNull.Value;
}
else
{
cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey; cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey;
}
cmd.Parameters.Add("@RevisionDate", SqlDbType.DateTime2).Value = user.RevisionDate; cmd.Parameters.Add("@RevisionDate", SqlDbType.DateTime2).Value = user.RevisionDate;
cmd.ExecuteNonQuery(); cmd.ExecuteNonQuery();
} }