Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-22 21:51:22 +01:00
Code Issues Projects Releases Wiki Activity

Handle name == null in Emergency Access (#1100)

Browse Source
This commit is contained in:
Oscar Hinton 2021-01-20 19:50:07 +01:00 committed by GitHub
parent 001bbf2f2b
commit 48d14e8521
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Controllers/EmergencyAccessController.cs
View File

@ -87,14 +87,14 @@ namespace Bit.Api.Controllers
public async Task Invite([FromBody] EmergencyAccessInviteRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.InviteAsync(user, user.Name, model.Email, model.Type.Value, model.WaitTimeDays);
await _emergencyAccessService.InviteAsync(user, model.Email, model.Type.Value, model.WaitTimeDays);
}
[HttpPost("{id}/reinvite")]
public async Task Reinvite(string id)
{
var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.ResendInviteAsync(user.Id, new Guid(id), user.Name);
await _emergencyAccessService.ResendInviteAsync(user, new Guid(id));
}
[HttpPost("{id}/accept")]

4
src/Core/Services/IEmergencyAccessService.cs
View File

@ -9,8 +9,8 @@ namespace Bit.Core.Services
{
public interface IEmergencyAccessService
{
Task<EmergencyAccess> InviteAsync(User invitingUser, string invitingUsersName, string email, EmergencyAccessType type, int waitTime);
Task ResendInviteAsync(Guid invitingUserId, Guid emergencyAccessId, string invitingUsersName);
Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime);
Task ResendInviteAsync(User invitingUser, Guid emergencyAccessId);
Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService);
Task DeleteAsync(Guid emergencyAccessId, Guid grantorId);
Task<EmergencyAccess> ConfirmUserAsync(Guid emergencyAccessId, string key, Guid grantorId);

23
src/Core/Services/Implementations/EmergencyAccessService.cs
View File

@ -45,7 +45,7 @@ namespace Bit.Core.Services
_globalSettings = globalSettings;
}
public async Task<EmergencyAccess> InviteAsync(User invitingUser, string invitingUsersName, string email, EmergencyAccessType type, int waitTime)
public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime)
{
if (! await _userService.CanAccessPremium(invitingUser))
{
@ -64,7 +64,7 @@ namespace Bit.Core.Services
};
await _emergencyAccessRepository.CreateAsync(emergencyAccess);
await SendInviteAsync(emergencyAccess, invitingUsersName);
await SendInviteAsync(emergencyAccess, NameOrEmail(invitingUser));
return emergencyAccess;
}
@ -80,16 +80,16 @@ namespace Bit.Core.Services
return emergencyAccess;
}
public async Task ResendInviteAsync(Guid invitingUserId, Guid emergencyAccessId, string invitingUsersName)
public async Task ResendInviteAsync(User invitingUser, Guid emergencyAccessId)
{
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(emergencyAccessId);
if (emergencyAccess == null || emergencyAccess.GrantorId != invitingUserId ||
if (emergencyAccess == null || emergencyAccess.GrantorId != invitingUser.Id ||
emergencyAccess.Status != EmergencyAccessStatusType.Invited)
{
throw new BadRequestException("Emergency Access not valid.");
}
await SendInviteAsync(emergencyAccess, invitingUsersName);
await SendInviteAsync(emergencyAccess, NameOrEmail(invitingUser));
}
public async Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService)
@ -157,7 +157,7 @@ namespace Bit.Core.Services
emergencyAccess.KeyEncrypted = key;
emergencyAccess.Email = null;
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
await _mailService.SendEmergencyAccessConfirmedEmailAsync(grantor.Name, grantee.Email);
await _mailService.SendEmergencyAccessConfirmedEmailAsync(NameOrEmail(grantor), grantee.Email);
return emergencyAccess;
}
@ -191,7 +191,7 @@ namespace Bit.Core.Services
var grantor = await _userRepository.GetByIdAsync(emergencyAccess.GrantorId);
await _mailService.SendEmergencyAccessRecoveryInitiated(emergencyAccess, initiatingUser.Name, grantor.Email);
await _mailService.SendEmergencyAccessRecoveryInitiated(emergencyAccess, NameOrEmail(initiatingUser), grantor.Email);
}
public async Task ApproveAsync(Guid id, User approvingUser)
@ -208,7 +208,7 @@ namespace Bit.Core.Services
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value);
await _mailService.SendEmergencyAccessRecoveryApproved(emergencyAccess, approvingUser.Name, grantee.Email);
await _mailService.SendEmergencyAccessRecoveryApproved(emergencyAccess, NameOrEmail(approvingUser), grantee.Email);
}
public async Task RejectAsync(Guid id, User rejectingUser)
@ -226,7 +226,7 @@ namespace Bit.Core.Services
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value);
await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, rejectingUser.Name, grantee.Email);
await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, NameOrEmail(rejectingUser), grantee.Email);
}
public async Task<(EmergencyAccess, User)> TakeoverAsync(Guid id, User requestingUser)
@ -313,5 +313,10 @@ namespace Bit.Core.Services
var token = _dataProtector.Protect($"EmergencyAccessInvite {emergencyAccess.Id} {emergencyAccess.Email} {nowMillis}");
await _mailService.SendEmergencyAccessInviteEmailAsync(emergencyAccess, invitingUsersName, token);
}
private string NameOrEmail(User user)
{
return string.IsNullOrWhiteSpace(user.Name) ? user.Email : user.Name;
}
}
}