API to get org policies by invite token (#661)

* API to get org policies by invite token * from query attr
2025-01-22 21:51:22 +01:00 · 2020-03-02 10:17:32 -05:00 · 2020-03-02 10:17:32 -05:00 · 57472c9f82
commit 57472c9f82
parent 71d9ffdd9d
1 changed files with 38 additions and 1 deletions
--- a/src/Api/Controllers/PoliciesController.cs
+++ b/src/Api/Controllers/PoliciesController.cs
@ -9,6 +9,8 @@ using Bit.Core.Exceptions;
 using Bit.Core.Services;
 using Bit.Core;
 using Bit.Core.Enums;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.DataProtection;

 namespace Bit.Api.Controllers
 {
@ -19,21 +21,31 @@ namespace Bit.Api.Controllers
        private readonly IPolicyRepository _policyRepository;
        private readonly IPolicyService _policyService;
        private readonly IOrganizationService _organizationService;
+        private readonly IOrganizationUserRepository _organizationUserRepository;
        private readonly IUserService _userService;
        private readonly CurrentContext _currentContext;
+        private readonly GlobalSettings _globalSettings;
+        private readonly IDataProtector _organizationServiceDataProtector;

        public PoliciesController(
            IPolicyRepository policyRepository,
            IPolicyService policyService,
            IOrganizationService organizationService,
+            IOrganizationUserRepository organizationUserRepository,
            IUserService userService,
-            CurrentContext currentContext)
+            CurrentContext currentContext,
+            GlobalSettings globalSettings,
+            IDataProtectionProvider dataProtectionProvider)
        {
            _policyRepository = policyRepository;
            _policyService = policyService;
            _organizationService = organizationService;
+            _organizationUserRepository = organizationUserRepository;
            _userService = userService;
            _currentContext = currentContext;
+            _globalSettings = globalSettings;
+            _organizationServiceDataProtector = dataProtectionProvider.CreateProtector(
+                "OrganizationServiceDataProtector");
        }

        [HttpGet("{type}")]
@ -67,6 +79,31 @@ namespace Bit.Api.Controllers
            return new ListResponseModel<PolicyResponseModel>(responses);
        }

+        [AllowAnonymous]
+        [HttpGet("token")]
+        public async Task<ListResponseModel<PolicyResponseModel>> GetByToken(string orgId, [FromQuery]string email,
+            [FromQuery]string token, [FromQuery]string organizationUserId)
+        {
+            var orgUserId = new Guid(organizationUserId);
+            var tokenValid = CoreHelpers.UserInviteTokenIsValid(_organizationServiceDataProtector, token,
+                email, orgUserId, _globalSettings);
+            if(!tokenValid)
+            {
+                throw new NotFoundException();
+            }
+
+            var orgIdGuid = new Guid(orgId);
+            var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId);
+            if(orgUser == null || orgUser.OrganizationId != orgIdGuid)
+            {
+                throw new NotFoundException();
+            }
+
+            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
+            var responses = policies.Select(p => new PolicyResponseModel(p));
+            return new ListResponseModel<PolicyResponseModel>(responses);
+        }
+
        [HttpPut("{type}")]
        public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody]PolicyRequestModel model)
        {