[SG-763] Store the fact that a Passwordless request was denied in the AuthRequest table (#2363)

* Added migrations for sqlserver and mysql

* Added migrations for postgres

* renamed mysql migration script to make naming uniform

* introduced approved field to the update auth request controller;This change would keep track of denied passwordless requests

* Recreated the authRequestView, introduced the approved field to the create procedure and updated the response model

* Formatted code

* fixed incorrect syntax in the AuthRequest_Create.sql SP

src/Api/Controllers/AuthRequestsController.cs

@@ -131,15 +131,13 @@ public class AuthRequestsController : Controller
             throw new BadRequestException("Invalid device.");
         }
 
-        if (model.RequestApproved)
+        authRequest.Key = model.Key;
-        {
+        authRequest.MasterPasswordHash = model.MasterPasswordHash;
-            authRequest.Key = model.Key;
+        authRequest.ResponseDeviceId = device.Id;
-            authRequest.MasterPasswordHash = model.MasterPasswordHash;
+        authRequest.ResponseDate = DateTime.UtcNow;
-            authRequest.ResponseDeviceId = device.Id;
+        authRequest.Approved = model.RequestApproved;
-            authRequest.ResponseDate = DateTime.UtcNow;
+        await _authRequestRepository.ReplaceAsync(authRequest);
-            await _authRequestRepository.ReplaceAsync(authRequest);
+        await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
-            await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
-        }
 
         return new AuthRequestResponseModel(authRequest, _globalSettings.BaseServiceUri.Vault);
     }

src/Api/Models/Response/AuthRequestResponseModel.cs

@@ -1,7 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 using System.Reflection;
 using Bit.Core.Entities;
-using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 
 namespace Bit.Api.Models.Response;
@@ -25,8 +24,7 @@ public class AuthRequestResponseModel : ResponseModel
         Key = authRequest.Key;
         MasterPasswordHash = authRequest.MasterPasswordHash;
         CreationDate = authRequest.CreationDate;
-        RequestApproved = !string.IsNullOrWhiteSpace(Key) &&
+        RequestApproved = authRequest.Approved ?? false;
-            (authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash));
         Origin = new Uri(vaultUri).Host;
     }
 

src/Core/Entities/AuthRequest.cs

@@ -20,6 +20,7 @@ public class AuthRequest : ITableObject<Guid>
     public string PublicKey { get; set; }
     public string Key { get; set; }
     public string MasterPasswordHash { get; set; }
+    public bool? Approved { get; set; }
     public DateTime CreationDate { get; set; } = DateTime.UtcNow;
     public DateTime? ResponseDate { get; set; }
     public DateTime? AuthenticationDate { get; set; }

src/Sql/dbo/Stored Procedures/AuthRequest_Create.sql

@@ -11,6 +11,7 @@
     @PublicKey VARCHAR(MAX),
     @Key VARCHAR(MAX),
     @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
     @CreationDate DATETIME2(7),
     @ResponseDate DATETIME2(7),
     @AuthenticationDate DATETIME2(7)
@@ -32,6 +33,7 @@ BEGIN
         [PublicKey],
         [Key],
         [MasterPasswordHash],
+        [Approved],
         [CreationDate],
         [ResponseDate],
         [AuthenticationDate]
@@ -50,6 +52,7 @@ BEGIN
         @PublicKey,
         @Key,
         @MasterPasswordHash,
+        @Approved,
         @CreationDate,
         @ResponseDate,
         @AuthenticationDate

src/Sql/dbo/Stored Procedures/AuthRequest_Update.sql

@@ -11,6 +11,7 @@
     @PublicKey VARCHAR(MAX),
     @Key VARCHAR(MAX),
     @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
     @CreationDate DATETIME2 (7),
     @ResponseDate DATETIME2 (7),
     @AuthenticationDate DATETIME2 (7)    
@@ -32,6 +33,7 @@ BEGIN
         [PublicKey] = @PublicKey,
         [Key] = @Key,
         [MasterPasswordHash] = @MasterPasswordHash,
+        [Approved] = @Approved,
         [CreationDate] = @CreationDate,
         [ResponseDate] = @ResponseDate,
         [AuthenticationDate] = @AuthenticationDate

src/Sql/dbo/Tables/AuthRequest.sql

@@ -11,6 +11,7 @@
     [PublicKey]                 VARCHAR(MAX)     NOT NULL,
     [Key]                       VARCHAR(MAX)     NULL,
     [MasterPasswordHash]        VARCHAR(MAX)     NULL,
+    [Approved]                  BIT              NULL,
     [CreationDate]              DATETIME2 (7)    NOT NULL,
     [ResponseDate]              DATETIME2 (7)    NULL,
     [AuthenticationDate]        DATETIME2 (7)    NULL,

util/Migrator/DbScripts/2022-10-24_00_AuthRequestAddApprovedColumn.sql

@@ -0,0 +1,145 @@
+--Add Column
+IF COL_LENGTH('[dbo].[AuthRequest]', 'Approved') IS NULL
+    BEGIN
+        ALTER TABLE
+            [dbo].[AuthRequest]
+        ADD
+            [Approved] BIT NULL
+    END
+GO
+
+-- Drop and recreate view
+IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
+    BEGIN
+        DROP VIEW [dbo].[AuthRequestView]
+    END
+GO
+
+CREATE VIEW [dbo].[AuthRequestView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[AuthRequest]
+GO
+
+--Drop existing SPROC
+IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[AuthRequest_Update]
+    END
+GO
+
+--Create SPROC with new column
+CREATE PROCEDURE [dbo].[AuthRequest_Update]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @Type SMALLINT, 
+    @RequestDeviceIdentifier NVARCHAR(50),
+    @RequestDeviceType SMALLINT,
+    @RequestIpAddress VARCHAR(50),
+    @RequestFingerprint VARCHAR(MAX),
+    @ResponseDeviceId UNIQUEIDENTIFIER,
+    @AccessCode VARCHAR(25),
+    @PublicKey VARCHAR(MAX),
+    @Key VARCHAR(MAX),
+    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
+    @CreationDate DATETIME2 (7),
+    @ResponseDate DATETIME2 (7),
+    @AuthenticationDate DATETIME2 (7)    
+AS
+BEGIN
+    SET NOCOUNT ON
+
+UPDATE
+    [dbo].[AuthRequest]
+SET
+    [UserId] = @UserId,
+    [Type] = @Type,
+    [RequestDeviceIdentifier] = @RequestDeviceIdentifier,
+    [RequestDeviceType] = @RequestDeviceType,
+    [RequestIpAddress] = @RequestIpAddress,
+    [RequestFingerprint] = @RequestFingerprint,
+    [ResponseDeviceId] = @ResponseDeviceId,
+    [AccessCode] = @AccessCode,
+    [PublicKey] = @PublicKey,
+    [Key] = @Key,
+    [MasterPasswordHash] = @MasterPasswordHash,
+    [Approved] = @Approved,
+    [CreationDate] = @CreationDate,
+    [ResponseDate] = @ResponseDate,
+    [AuthenticationDate] = @AuthenticationDate
+WHERE
+    [Id] = @Id
+END
+GO
+
+--Drop existing SPROC
+IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
+BEGIN
+        DROP PROCEDURE [dbo].[AuthRequest_Create]
+END
+GO
+
+--Create SPROC with new column
+CREATE PROCEDURE [dbo].[AuthRequest_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @Type TINYINT,
+    @RequestDeviceIdentifier NVARCHAR(50),
+    @RequestDeviceType TINYINT,
+    @RequestIpAddress VARCHAR(50),
+    @RequestFingerprint VARCHAR(MAX),
+    @ResponseDeviceId UNIQUEIDENTIFIER,
+    @AccessCode VARCHAR(25),
+    @PublicKey VARCHAR(MAX),
+    @Key VARCHAR(MAX),
+    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
+    @CreationDate DATETIME2(7),
+    @ResponseDate DATETIME2(7),
+    @AuthenticationDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[AuthRequest]
+    (
+        [Id],
+        [UserId],
+        [Type],
+        [RequestDeviceIdentifier],
+        [RequestDeviceType],
+        [RequestIpAddress],
+        [RequestFingerprint],
+        [ResponseDeviceId],
+        [AccessCode],
+        [PublicKey],
+        [Key],
+        [MasterPasswordHash],
+        [Approved],
+        [CreationDate],
+        [ResponseDate],
+        [AuthenticationDate]
+    )
+    VALUES
+    (
+        @Id,
+        @UserId,
+        @Type,
+        @RequestDeviceIdentifier,
+        @RequestDeviceType,
+        @RequestIpAddress,
+        @RequestFingerprint,
+        @ResponseDeviceId,
+        @AccessCode,
+        @PublicKey,
+        @Key,
+        @MasterPasswordHash,
+        @Approved,
+        @CreationDate,
+        @ResponseDate,
+        @AuthenticationDate
+    )
+END

util/MySqlMigrations/Migrations/20221024210500_PasswordlessAuthRequestAddApprovedColumn.cs

@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.MySqlMigrations.Migrations;
+
+public partial class PasswordlessAuthRequestAddApprovedColumn : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "Approved",
+            table: "AuthRequest",
+            type: "tinyint(1)",
+            nullable: true);
+    }
+
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropColumn(
+            name: "Approved",
+            table: "AuthRequest");
+    }
+}

util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs

@@ -28,6 +28,9 @@ namespace Bit.MySqlMigrations.Migrations
                         .HasMaxLength(25)
                         .HasColumnType("varchar(25)");
 
+                    b.Property<bool?>("Approved")
+                        .HasColumnType("tinyint(1)");
+
                     b.Property<DateTime?>("AuthenticationDate")
                         .HasColumnType("datetime(6)");
 

util/MySqlMigrations/Scripts/2022-10-24_00_PasswordlessAuthRequestAddApprovedColumn.sql

@@ -0,0 +1,8 @@
+START TRANSACTION;
+
+ALTER TABLE `AuthRequest` ADD `Approved` tinyint(1) NULL;
+
+INSERT INTO `__EFMigrationsHistory` (`MigrationId`, `ProductVersion`)
+VALUES ('20221024210500_PasswordlessAuthRequestAddApprovedColumn', '6.0.4');
+
+COMMIT;

util/PostgresMigrations/Migrations/20221025033204_PasswordlessAuthRequestAddApprovedColumn.cs

@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.PostgresMigrations.Migrations;
+
+public partial class PasswordlessAuthRequestAddApprovedColumn : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "Approved",
+            table: "AuthRequest",
+            type: "boolean",
+            nullable: true);
+    }
+
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropColumn(
+            name: "Approved",
+            table: "AuthRequest");
+    }
+}

util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs

@@ -30,6 +30,9 @@ namespace Bit.PostgresMigrations.Migrations
 
                     b.Property<string>("AccessCode")
                         .HasColumnType("text");
+                    
+                    b.Property<bool?>("Approved")
+                        .HasColumnType("boolean");
 
                     b.Property<DateTime?>("AuthenticationDate")
                         .HasColumnType("timestamp with time zone");

util/PostgresMigrations/Scripts/2022-10-24_00_PasswordlessAuthRequestAddApprovedColumn.psql

@@ -0,0 +1,8 @@
+START TRANSACTION;
+
+ALTER TABLE "AuthRequest" ADD "Approved" boolean NULL;
+
+INSERT INTO "__EFMigrationsHistory" ("MigrationId", "ProductVersion")
+VALUES ('20221025033204_PasswordlessAuthRequestAddApprovedColumn', '6.0.4');
+
+COMMIT;