Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00
Code Issues Projects Releases Wiki Activity

org user management apis

Browse Source
This commit is contained in:
Kyle Spearrin 2017-03-04 21:28:41 -05:00
parent 2f41f260ec
commit 5ac2113cac
20 changed files with 389 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
src/Api/Controllers/OrganizationUsersController.cs Normal file
View File

@ -0,0 +1,90 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.Authorization;
using Bit.Api.Models;
using Bit.Core.Exceptions;
using Bit.Core.Services;
namespace Bit.Api.Controllers
{
[Route("organizations/{orgId}/users")]
[Authorize("Application")]
public class OrganizationUsersController : Controller
{
private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IOrganizationService _organizationService;
private readonly IUserService _userService;
public OrganizationUsersController(
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IOrganizationService organizationService,
IUserService userService)
{
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
_organizationService = organizationService;
_userService = userService;
}
[HttpGet("{id}")]
public async Task<OrganizationUserResponseModel> Get(string orgId, string id)
{
var organizationUser = await _organizationUserRepository.GetDetailsByIdAsync(new Guid(id));
if(organizationUser == null)
{
throw new NotFoundException();
}
return new OrganizationUserResponseModel(organizationUser);
}
[HttpGet("")]
public async Task<ListResponseModel<OrganizationUserResponseModel>> Get(string orgId)
{
var organizationUsers = await _organizationUserRepository.GetManyDetailsByOrganizationsAsync(new Guid(orgId));
var responses = organizationUsers.Select(o => new OrganizationUserResponseModel(o));
return new ListResponseModel<OrganizationUserResponseModel>(responses);
}
[HttpPost("invite")]
public async Task Invite(string orgId, [FromBody]OrganizationUserInviteRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
var result = await _organizationService.InviteUserAsync(new Guid(orgId), model.Email);
}
[HttpPut("accept")]
[HttpPost("{id}/accept")]
public async Task Accept(string orgId, string id, [FromBody]OrganizationUserAcceptRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
var result = await _organizationService.AcceptUserAsync(new Guid(id), user, model.Token);
}
[HttpPost("confirm")]
[HttpPost("{id}/confirm")]
public async Task Confirm(string orgId, string id, [FromBody]OrganizationUserConfirmRequestModel model)
{
var result = await _organizationService.ConfirmUserAsync(new Guid(id), model.Key);
}
[HttpDelete("{id}")]
[HttpPost("{id}/delete")]
public async Task Delete(string orgId, string id)
{
var organization = await _organizationRepository.GetByIdAsync(new Guid(id),
_userService.GetProperUserId(User).Value);
if(organization == null)
{
throw new NotFoundException();
}
await _organizationRepository.DeleteAsync(organization);
}
}
}

36
src/Api/Controllers/UsersController.cs Normal file
View File

@ -0,0 +1,36 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.Authorization;
using Bit.Core.Exceptions;
using Bit.Api.Models;
namespace Bit.Api.Controllers
{
[Route("users")]
[Authorize("Application")]
public class UsersController : Controller
{
private readonly IUserRepository _userRepository;
public UsersController(
IUserRepository userRepository)
{
_userRepository = userRepository;
}
[HttpGet("{id}/public-key")]
public async Task<UserKeyResponseModel> Get(string id)
{
var guidId = new Guid(id);
var key = await _userRepository.GetPublicKeyAsync(guidId);
if(key == null)
{
throw new NotFoundException();
}
return new UserKeyResponseModel(guidId, key);
}
}
}

19
src/Api/Models/Request/Organizations/OrganizationUserCreateRequestModels.cs Normal file
View File

@ -0,0 +1,19 @@
using Bit.Core.Domains;
namespace Bit.Api.Models
{
public class OrganizationUserInviteRequestModel
{
public string Email { get; set; }
}
public class OrganizationUserAcceptRequestModel
{
public string Token { get; set; }
}
public class OrganizationUserConfirmRequestModel
{
public string Key { get; set; }
}
}

32
src/Api/Models/Response/OrganizationUserResponseModel.cs Normal file
View File

@ -0,0 +1,32 @@
using System;
using Bit.Core.Enums;
using Bit.Core.Models.Data;
namespace Bit.Api.Models
{
public class OrganizationUserResponseModel : ResponseModel
{
public OrganizationUserResponseModel(OrganizationUserDetails organizationUser, string obj = "organizationUser")
: base(obj)
{
if(organizationUser == null)
{
throw new ArgumentNullException(nameof(organizationUser));
}
Id = organizationUser.Id.ToString();
UserId = organizationUser.UserId?.ToString();
Name = organizationUser.Name;
Email = organizationUser.Email;
Type = organizationUser.Type;
Status = organizationUser.Status;
}
public string Id { get; set; }
public string UserId { get; set; }
public string Name { get; set; }
public string Email { get; set; }
public OrganizationUserType Type { get; set; }
public OrganizationUserStatusType Status { get; set; }
}
}

19
src/Api/Models/Response/UserKeyResponseModel.cs Normal file
View File

@ -0,0 +1,19 @@
using System;
using Bit.Core.Domains;
using Bit.Core.Enums;
namespace Bit.Api.Models
{
public class UserKeyResponseModel : ResponseModel
{
public UserKeyResponseModel(Guid id, string key)
: base("userKey")
{
UserId = id.ToString();
PublicKey = key;
}
public string UserId { get; set; }
public string PublicKey { get; set; }
}
}

2
src/Core/Domains/OrganizationUser.cs
View File

@ -8,7 +8,7 @@ namespace Bit.Core.Domains
{ {
public Guid Id { get; set; } public Guid Id { get; set; }
public Guid OrganizationId { get; set; } public Guid OrganizationId { get; set; }
public Guid UserId { get; set; } public Guid? UserId { get; set; }
public string Email { get; set; } public string Email { get; set; }
public string Key { get; set; } public string Key { get; set; }
public OrganizationUserStatusType Status { get; set; } public OrganizationUserStatusType Status { get; set; }

5
src/Core/Enums/OrganizationUserStatusType.cs
View File

@ -3,8 +3,7 @@
public enum OrganizationUserStatusType : byte public enum OrganizationUserStatusType : byte
{ {
Invited = 0, Invited = 0,
Pending = 1, Accepted = 1,
Accepted = 2, Confirmed = 2
Confirmed = 3
} }
} }

2
src/Core/Enums/OrganizationUserType.cs
View File

@ -4,6 +4,6 @@
{ {
Owner = 0, Owner = 0,
Admin = 1, Admin = 1,
Regular = 2 User = 2
} }
} }

14
src/Core/Models/Data/OrganizationUserDetails.cs Normal file
View File

@ -0,0 +1,14 @@
using System;
namespace Bit.Core.Models.Data
{
public class OrganizationUserDetails
{
public Guid Id { get; set; }
public Guid? UserId { get; set; }
public string Name { get; set; }
public string Email { get; set; }
public Enums.OrganizationUserStatusType Status { get; set; }
public Enums.OrganizationUserType Type { get; set; }
}
}

3
src/Core/Repositories/IOrganizationUserRepository.cs
View File

@ -2,11 +2,14 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Threading.Tasks; using System.Threading.Tasks;
using Bit.Core.Domains; using Bit.Core.Domains;
using Bit.Core.Models.Data;
namespace Bit.Core.Repositories namespace Bit.Core.Repositories
{ {
public interface IOrganizationUserRepository : IRepository<OrganizationUser, Guid> public interface IOrganizationUserRepository : IRepository<OrganizationUser, Guid>
{ {
Task<OrganizationUser> GetByOrganizationAsync(Guid organizationId, Guid userId); Task<OrganizationUser> GetByOrganizationAsync(Guid organizationId, Guid userId);
Task<OrganizationUserDetails> GetDetailsByIdAsync(Guid id);
Task<ICollection<OrganizationUserDetails>> GetManyDetailsByOrganizationsAsync(Guid organizationId);
} }
} }

1
src/Core/Repositories/IUserRepository.cs
View File

@ -7,6 +7,7 @@ namespace Bit.Core.Repositories
public interface IUserRepository : IRepository<User, Guid> public interface IUserRepository : IRepository<User, Guid>
{ {
Task<User> GetByEmailAsync(string email); Task<User> GetByEmailAsync(string email);
Task<string> GetPublicKeyAsync(Guid id);
Task<DateTime> GetAccountRevisionDateAsync(Guid id); Task<DateTime> GetAccountRevisionDateAsync(Guid id);
} }
} }

28
src/Core/Repositories/SqlServer/OrganizationUserRepository.cs
View File

@ -5,6 +5,8 @@ using System.Data.SqlClient;
using System.Threading.Tasks; using System.Threading.Tasks;
using Dapper; using Dapper;
using System.Linq; using System.Linq;
using Bit.Core.Models.Data;
using System.Collections.Generic;
namespace Bit.Core.Repositories.SqlServer namespace Bit.Core.Repositories.SqlServer
{ {
@ -30,5 +32,31 @@ namespace Bit.Core.Repositories.SqlServer
return results.SingleOrDefault(); return results.SingleOrDefault();
} }
} }
public async Task<OrganizationUserDetails> GetDetailsByIdAsync(Guid id)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<OrganizationUserDetails>(
"[dbo].[OrganizationUserDetails_ReadById]",
new { Id = id },
commandType: CommandType.StoredProcedure);
return results.SingleOrDefault();
}
}
public async Task<ICollection<OrganizationUserDetails>> GetManyDetailsByOrganizationsAsync(Guid organizationId)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<OrganizationUserDetails>(
"[dbo].[OrganizationUserDetails_ReadByOrganizationId]",
new { OrganizationId = organizationId },
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
} }
} }

13
src/Core/Repositories/SqlServer/UserRepository.cs
View File

@ -36,6 +36,19 @@ namespace Bit.Core.Repositories.SqlServer
} }
} }
public async Task<string> GetPublicKeyAsync(Guid id)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<string>(
$"[{Schema}].[{Table}_ReadPublicKeyById]",
new { Id = id },
commandType: CommandType.StoredProcedure);
return results.SingleOrDefault();
}
}
public async Task<DateTime> GetAccountRevisionDateAsync(Guid id) public async Task<DateTime> GetAccountRevisionDateAsync(Guid id)
{ {
using(var connection = new SqlConnection(ConnectionString)) using(var connection = new SqlConnection(ConnectionString))

3
src/Core/Services/IOrganizationService.cs
View File

@ -8,5 +8,8 @@ namespace Bit.Core.Services
public interface IOrganizationService public interface IOrganizationService
{ {
Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup organizationSignup); Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup organizationSignup);
Task<OrganizationUser> InviteUserAsync(Guid organizationId, string email);
Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token);
Task<OrganizationUser> ConfirmUserAsync(Guid organizationUserId, string key);
} }
} }

78
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -13,18 +13,21 @@ namespace Bit.Core.Services
{ {
private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository; private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IUserRepository _userRepository;
public OrganizationService( public OrganizationService(
IOrganizationRepository organizationRepository, IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository) IOrganizationUserRepository organizationUserRepository,
IUserRepository userRepository)
{ {
_organizationRepository = organizationRepository; _organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository; _organizationUserRepository = organizationUserRepository;
_userRepository = userRepository;
} }
public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup organizationSignup) public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup signup)
{ {
var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == organizationSignup.Plan); var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == signup.Plan);
if(plan == null) if(plan == null)
{ {
throw new BadRequestException("Plan not found."); throw new BadRequestException("Plan not found.");
@ -32,8 +35,8 @@ namespace Bit.Core.Services
var organization = new Organization var organization = new Organization
{ {
Name = organizationSignup.Name, Name = signup.Name,
UserId = organizationSignup.Owner.Id, UserId = signup.Owner.Id,
PlanType = plan.Type, PlanType = plan.Type,
MaxUsers = plan.MaxUsers, MaxUsers = plan.MaxUsers,
PlanTrial = plan.Trial.HasValue, PlanTrial = plan.Trial.HasValue,
@ -60,9 +63,9 @@ namespace Bit.Core.Services
var orgUser = new OrganizationUser var orgUser = new OrganizationUser
{ {
OrganizationId = organization.Id, OrganizationId = organization.Id,
UserId = organizationSignup.Owner.Id, UserId = signup.Owner.Id,
Email = organizationSignup.Owner.Email, Email = signup.Owner.Email,
Key = organizationSignup.OwnerKey, Key = signup.OwnerKey,
Type = Enums.OrganizationUserType.Owner, Type = Enums.OrganizationUserType.Owner,
Status = Enums.OrganizationUserStatusType.Confirmed, Status = Enums.OrganizationUserStatusType.Confirmed,
CreationDate = DateTime.UtcNow, CreationDate = DateTime.UtcNow,
@ -79,5 +82,64 @@ namespace Bit.Core.Services
throw; throw;
} }
} }
public async Task<OrganizationUser> InviteUserAsync(Guid organizationId, string email)
{
var orgUser = new OrganizationUser
{
OrganizationId = organizationId,
UserId = null,
Email = email,
Key = null,
Type = Enums.OrganizationUserType.User,
Status = Enums.OrganizationUserStatusType.Invited,
CreationDate = DateTime.UtcNow,
RevisionDate = DateTime.UtcNow
};
await _organizationUserRepository.CreateAsync(orgUser);
// TODO: send email
return orgUser;
}
public async Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token)
{
var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
if(orgUser.Email != user.Email)
{
throw new BadRequestException("User invalid.");
}
// TODO: validate token
orgUser.Status = Enums.OrganizationUserStatusType.Accepted;
orgUser.UserId = orgUser.Id;
orgUser.Email = null;
await _organizationUserRepository.ReplaceAsync(orgUser);
// TODO: send email
return orgUser;
}
public async Task<OrganizationUser> ConfirmUserAsync(Guid organizationUserId, string key)
{
var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
if(orgUser.Status != Enums.OrganizationUserStatusType.Accepted)
{
throw new BadRequestException("User not accepted.");
}
orgUser.Status = Enums.OrganizationUserStatusType.Confirmed;
orgUser.Key = key;
orgUser.Email = null;
await _organizationUserRepository.ReplaceAsync(orgUser);
// TODO: send email
return orgUser;
}
} }
} }

4
src/Sql/Sql.sqlproj
View File

@ -142,5 +142,9 @@
<Build Include="dbo\Stored Procedures\Grant_ReadBySubjectId.sql" /> <Build Include="dbo\Stored Procedures\Grant_ReadBySubjectId.sql" />
<Build Include="dbo\Stored Procedures\Grant_Save.sql" /> <Build Include="dbo\Stored Procedures\Grant_Save.sql" />
<Build Include="dbo\Stored Procedures\User_ReadAccountRevisionDateById.sql" /> <Build Include="dbo\Stored Procedures\User_ReadAccountRevisionDateById.sql" />
<Build Include="dbo\Views\OrganizationUserDetailsView.sql" />
<Build Include="dbo\Stored Procedures\OrganizationUserDetails_ReadById.sql" />
<Build Include="dbo\Stored Procedures\OrganizationUserDetails_ReadByOrganizationId.sql" />
<Build Include="dbo\Stored Procedures\User_ReadPublicKeyById.sql" />
</ItemGroup> </ItemGroup>
</Project> </Project>

13
src/Sql/dbo/Stored Procedures/OrganizationUserDetails_ReadById.sql Normal file
View File

@ -0,0 +1,13 @@
CREATE PROCEDURE [dbo].[OrganizationUserDetails_ReadById]
@Id UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
*
FROM
[dbo].[OrganizationUserDetailsView]
WHERE
[Id] = @Id
END

13
src/Sql/dbo/Stored Procedures/OrganizationUserDetails_ReadByOrganizationId.sql Normal file
View File

@ -0,0 +1,13 @@
CREATE PROCEDURE [dbo].[OrganizationUserDetails_ReadByOrganizationId]
@OrganizationId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
*
FROM
[dbo].[OrganizationUserDetailsView]
WHERE
[OrganizationId] = @OrganizationId
END

13
src/Sql/dbo/Stored Procedures/User_ReadPublicKeyById.sql Normal file
View File

@ -0,0 +1,13 @@
CREATE PROCEDURE [dbo].[User_ReadPublicKeyById]
@Id NVARCHAR(50)
AS
BEGIN
SET NOCOUNT ON
SELECT
[PublicKey]
FROM
[dbo].[User]
WHERE
[Id] = @Id
END

14
src/Sql/dbo/Views/OrganizationUserDetailsView.sql Normal file
View File

@ -0,0 +1,14 @@
CREATE VIEW [dbo].[OrganizationUserDetailsView]
AS
SELECT
OU.[Id],
OU.[UserId],
OU.[OrganizationId],
U.[Name],
ISNULL(U.[Email], OU.[Email]) Email,
OU.[Status],
OU.[Type]
FROM
[dbo].[OrganizationUser] OU
LEFT JOIN
[dbo].[User] U ON U.Id = OU.UserId