mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
[SM-579] Prevent creating secrets not attached to projects (#2754)
* Prevent creating secrets not attached to projects, and prevent updating secrets to remove project relation * Fix test
This commit is contained in:
parent
14c8edfcb7
commit
2c8f23ec9b
@ -26,10 +26,15 @@ public class CreateSecretCommand : ICreateSecretCommand
|
|||||||
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
|
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
|
||||||
var project = secret.Projects?.FirstOrDefault();
|
var project = secret.Projects?.FirstOrDefault();
|
||||||
|
|
||||||
|
if (project == null)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
var hasAccess = accessClient switch
|
var hasAccess = accessClient switch
|
||||||
{
|
{
|
||||||
AccessClientType.NoAccessCheck => true,
|
AccessClientType.NoAccessCheck => true,
|
||||||
AccessClientType.User => project != null && await _projectRepository.UserHasWriteAccessToProject(project.Id, userId),
|
AccessClientType.User => await _projectRepository.UserHasWriteAccessToProject(project.Id, userId),
|
||||||
_ => false,
|
_ => false,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -33,6 +33,11 @@ public class UpdateSecretCommand : IUpdateSecretCommand
|
|||||||
|
|
||||||
var project = updatedSecret.Projects?.FirstOrDefault();
|
var project = updatedSecret.Projects?.FirstOrDefault();
|
||||||
|
|
||||||
|
if (secret.Projects != null && secret.Projects.Any() && project == null)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
var hasAccess = accessClient switch
|
var hasAccess = accessClient switch
|
||||||
{
|
{
|
||||||
AccessClientType.NoAccessCheck => true,
|
AccessClientType.NoAccessCheck => true,
|
||||||
|
@ -148,11 +148,14 @@ public class SecretsControllerTest : IClassFixture<ApiApplicationFactory>, IAsyn
|
|||||||
var (org, _) = await _organizationHelper.Initialize(true, true);
|
var (org, _) = await _organizationHelper.Initialize(true, true);
|
||||||
await LoginAsync(_email);
|
await LoginAsync(_email);
|
||||||
|
|
||||||
|
var project = await _projectRepository.CreateAsync(new Project { Name = "123" });
|
||||||
|
|
||||||
var request = new SecretCreateRequestModel
|
var request = new SecretCreateRequestModel
|
||||||
{
|
{
|
||||||
|
ProjectIds = new Guid[] { project.Id },
|
||||||
Key = _mockEncryptedString,
|
Key = _mockEncryptedString,
|
||||||
Value = _mockEncryptedString,
|
Value = _mockEncryptedString,
|
||||||
Note = _mockEncryptedString
|
Note = _mockEncryptedString,
|
||||||
};
|
};
|
||||||
|
|
||||||
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
|
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
|
||||||
|
Loading…
Reference in New Issue
Block a user