mirror of
https://github.com/bitwarden/server.git
synced 2024-12-22 16:57:36 +01:00
[AC-1192] Create endpoints for new Device Approvals page (#2993)
* [AC-1192] Create new OrganizationAuthRequestsController.cs * [AC-1192] Introduce OrganizationAdminAuthRequest model * [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository * [AC-1192] Add new list pending organization auth requests endpoint * [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository * [AC-1192] Make the response device identifier optional for admin approval requests * [AC-1192] Add endpoint for bulk denying admin device auth requests * [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel * [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController * [AC-1192] Secure new endpoints behind TDE feature flag * [AC-1192] Formatting * [AC-1192] Add sql migration script * [AC-1192] Add optional OrganizationId column to AuthRequest entity - Rename migration script to match existing formatting - Add new column - Add migration scripts - Update new sprocs to filter/join on OrganizationId - Update old sprocs to include OrganizationId * [AC-1192] Format migration scripts * [AC-1192] Fix failing AuthRequest EF unit test * [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability * [AC-1192] Fix missing comma in migration file * [AC-1192] Rename Key to EncryptedUserKey to be more descriptive * [AC-1192] Move request validation into helper method to reduce repetition * [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission * [AC-1192] Introduce FeatureUnavailableException * [AC-1192] Introduce RequireFeatureAttribute * [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController * [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column * [AC-1192] More attempts to sync database migrations * [AC-1192] Formatting * [AC-1192] Remove unused reference to FeatureService * [AC-1192] Change Id types from String to Guid * [AC-1192] Add EncryptedString attribute * [AC-1192] Remove redundant OrganizationId property * [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping - Add new OrganizationUser relationship to EF entity - Replace AuthRequest DBContext config with new IEntityTypeConfiguration - Add navigation property to AuthRequest entity configuration for OrganizationUser - Update EF AuthRequestRepository to use new mapping and navigation properties * [AC-1192] Remove OrganizationUser navigation property
This commit is contained in:
parent
bdd5e0916e
commit
904b2fe205
@ -0,0 +1,13 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Bit.Core.Utilities;
|
||||
|
||||
namespace Bit.Api.Auth.Models.Request;
|
||||
|
||||
public class AdminAuthRequestUpdateRequestModel
|
||||
{
|
||||
[EncryptedString]
|
||||
public string EncryptedUserKey { get; set; }
|
||||
|
||||
[Required]
|
||||
public bool RequestApproved { get; set; }
|
||||
}
|
@ -0,0 +1,6 @@
|
||||
namespace Bit.Api.Auth.Models.Request;
|
||||
|
||||
public class BulkDenyAdminAuthRequestRequestModel
|
||||
{
|
||||
public IEnumerable<Guid> Ids { get; set; }
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using System.Reflection;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Models.Api;
|
||||
|
||||
namespace Bit.Api.Auth.Models.Response;
|
||||
|
||||
public class PendingOrganizationAuthRequestResponseModel : ResponseModel
|
||||
{
|
||||
public PendingOrganizationAuthRequestResponseModel(OrganizationAdminAuthRequest authRequest, string obj = "pending-org-auth-request") : base(obj)
|
||||
{
|
||||
if (authRequest == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(authRequest));
|
||||
}
|
||||
|
||||
Id = authRequest.Id;
|
||||
UserId = authRequest.UserId;
|
||||
OrganizationUserId = authRequest.OrganizationUserId;
|
||||
Email = authRequest.Email;
|
||||
PublicKey = authRequest.PublicKey;
|
||||
RequestDeviceIdentifier = authRequest.RequestDeviceIdentifier;
|
||||
RequestDeviceType = authRequest.RequestDeviceType.GetType().GetMember(authRequest.RequestDeviceType.ToString())
|
||||
.FirstOrDefault()?.GetCustomAttribute<DisplayAttribute>()?.GetName();
|
||||
RequestIpAddress = authRequest.RequestIpAddress;
|
||||
CreationDate = authRequest.CreationDate;
|
||||
}
|
||||
|
||||
public Guid Id { get; set; }
|
||||
public Guid UserId { get; set; }
|
||||
public Guid OrganizationUserId { get; set; }
|
||||
public string Email { get; set; }
|
||||
public string PublicKey { get; set; }
|
||||
public string RequestDeviceIdentifier { get; set; }
|
||||
public string RequestDeviceType { get; set; }
|
||||
public string RequestIpAddress { get; set; }
|
||||
public DateTime CreationDate { get; set; }
|
||||
}
|
83
src/Api/Controllers/OrganizationAuthRequestsController.cs
Normal file
83
src/Api/Controllers/OrganizationAuthRequestsController.cs
Normal file
@ -0,0 +1,83 @@
|
||||
using Bit.Api.Auth.Models.Request;
|
||||
using Bit.Api.Auth.Models.Response;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
|
||||
using Bit.Core.Auth.Services;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.Controllers;
|
||||
|
||||
[Route("organizations/{orgId}/auth-requests")]
|
||||
[Authorize("Application")]
|
||||
[RequireFeature(FeatureFlagKeys.TrustedDeviceEncryption)]
|
||||
public class OrganizationAuthRequestsController : Controller
|
||||
{
|
||||
private readonly IAuthRequestRepository _authRequestRepository;
|
||||
private readonly ICurrentContext _currentContext;
|
||||
private readonly IAuthRequestService _authRequestService;
|
||||
|
||||
public OrganizationAuthRequestsController(IAuthRequestRepository authRequestRepository,
|
||||
ICurrentContext currentContext, IAuthRequestService authRequestService)
|
||||
{
|
||||
_authRequestRepository = authRequestRepository;
|
||||
_currentContext = currentContext;
|
||||
_authRequestService = authRequestService;
|
||||
}
|
||||
|
||||
[HttpGet("")]
|
||||
public async Task<ListResponseModel<PendingOrganizationAuthRequestResponseModel>> GetPendingRequests(Guid orgId)
|
||||
{
|
||||
await ValidateAdminRequest(orgId);
|
||||
|
||||
var authRequests = await _authRequestRepository.GetManyPendingByOrganizationIdAsync(orgId);
|
||||
var responses = authRequests
|
||||
.Select(a => new PendingOrganizationAuthRequestResponseModel(a))
|
||||
.ToList();
|
||||
return new ListResponseModel<PendingOrganizationAuthRequestResponseModel>(responses);
|
||||
}
|
||||
|
||||
[HttpPost("{requestId}")]
|
||||
public async Task UpdateAuthRequest(Guid orgId, Guid requestId, [FromBody] AdminAuthRequestUpdateRequestModel model)
|
||||
{
|
||||
await ValidateAdminRequest(orgId);
|
||||
|
||||
var authRequest =
|
||||
(await _authRequestRepository.GetManyAdminApprovalRequestsByManyIdsAsync(orgId, new[] { requestId })).FirstOrDefault();
|
||||
|
||||
if (authRequest == null || authRequest.OrganizationId != orgId)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
await _authRequestService.UpdateAuthRequestAsync(authRequest.Id, authRequest.UserId,
|
||||
new AuthRequestUpdateRequestModel { RequestApproved = model.RequestApproved, Key = model.EncryptedUserKey });
|
||||
}
|
||||
|
||||
[HttpPost("deny")]
|
||||
public async Task BulkDenyRequests(Guid orgId, [FromBody] BulkDenyAdminAuthRequestRequestModel model)
|
||||
{
|
||||
await ValidateAdminRequest(orgId);
|
||||
|
||||
var authRequests = await _authRequestRepository.GetManyAdminApprovalRequestsByManyIdsAsync(orgId, model.Ids);
|
||||
|
||||
foreach (var authRequest in authRequests)
|
||||
{
|
||||
await _authRequestService.UpdateAuthRequestAsync(authRequest.Id, authRequest.UserId,
|
||||
new AuthRequestUpdateRequestModel { RequestApproved = false, });
|
||||
}
|
||||
}
|
||||
|
||||
private async Task ValidateAdminRequest(Guid orgId)
|
||||
{
|
||||
if (!await _currentContext.ManageResetPassword(orgId))
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
}
|
||||
}
|
||||
}
|
@ -9,6 +9,7 @@ public class AuthRequest : ITableObject<Guid>
|
||||
{
|
||||
public Guid Id { get; set; }
|
||||
public Guid UserId { get; set; }
|
||||
public Guid? OrganizationId { get; set; }
|
||||
public Enums.AuthRequestType Type { get; set; }
|
||||
[MaxLength(50)]
|
||||
public string RequestDeviceIdentifier { get; set; }
|
||||
|
@ -3,5 +3,6 @@
|
||||
public enum AuthRequestType : byte
|
||||
{
|
||||
AuthenticateAndUnlock = 0,
|
||||
Unlock = 1
|
||||
Unlock = 1,
|
||||
AdminApproval = 2,
|
||||
}
|
||||
|
18
src/Core/Auth/Models/Data/OrganizationAdminAuthRequest.cs
Normal file
18
src/Core/Auth/Models/Data/OrganizationAdminAuthRequest.cs
Normal file
@ -0,0 +1,18 @@
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
|
||||
namespace Bit.Core.Auth.Models.Data;
|
||||
|
||||
/// <summary>
|
||||
/// Represents an <see cref="AuthRequestType.AdminApproval"/> AuthRequest.
|
||||
/// Includes additional user and organization information.
|
||||
/// </summary>
|
||||
public class OrganizationAdminAuthRequest : AuthRequest
|
||||
{
|
||||
/// <summary>
|
||||
/// Email address of the requesting user
|
||||
/// </summary>
|
||||
public string Email { get; set; }
|
||||
|
||||
public Guid OrganizationUserId { get; set; }
|
||||
}
|
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
|
||||
namespace Bit.Core.Repositories;
|
||||
|
||||
@ -6,4 +7,6 @@ public interface IAuthRequestRepository : IRepository<AuthRequest, Guid>
|
||||
{
|
||||
Task<int> DeleteExpiredAsync();
|
||||
Task<ICollection<AuthRequest>> GetManyByUserIdAsync(Guid userId);
|
||||
Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId);
|
||||
Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(Guid organizationId, IEnumerable<Guid> ids);
|
||||
}
|
||||
|
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Exceptions;
|
||||
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
|
||||
using Bit.Core.Context;
|
||||
@ -119,13 +120,17 @@ public class AuthRequestService : IAuthRequestService
|
||||
throw new DuplicateAuthRequestException();
|
||||
}
|
||||
|
||||
var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier, userId);
|
||||
if (device == null)
|
||||
// Admin approval responses are not tied to a specific device, so we don't need to validate it.
|
||||
if (authRequest.Type != AuthRequestType.AdminApproval)
|
||||
{
|
||||
throw new BadRequestException("Invalid device.");
|
||||
var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier, userId);
|
||||
if (device == null)
|
||||
{
|
||||
throw new BadRequestException("Invalid device.");
|
||||
}
|
||||
authRequest.ResponseDeviceId = device.Id;
|
||||
}
|
||||
|
||||
authRequest.ResponseDeviceId = device.Id;
|
||||
authRequest.ResponseDate = DateTime.UtcNow;
|
||||
authRequest.Approved = model.RequestApproved;
|
||||
|
||||
|
14
src/Core/Exceptions/FeatureUnavailableException.cs
Normal file
14
src/Core/Exceptions/FeatureUnavailableException.cs
Normal file
@ -0,0 +1,14 @@
|
||||
namespace Bit.Core.Exceptions;
|
||||
|
||||
/// <summary>
|
||||
/// Exception to throw when a requested feature is not yet enabled/available for the requesting context.
|
||||
/// </summary>
|
||||
public class FeatureUnavailableException : NotFoundException
|
||||
{
|
||||
public FeatureUnavailableException()
|
||||
{ }
|
||||
|
||||
public FeatureUnavailableException(string message)
|
||||
: base(message)
|
||||
{ }
|
||||
}
|
36
src/Core/Utilities/RequireFeatureAttribute.cs
Normal file
36
src/Core/Utilities/RequireFeatureAttribute.cs
Normal file
@ -0,0 +1,36 @@
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Services;
|
||||
using Microsoft.AspNetCore.Mvc.Filters;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
|
||||
namespace Bit.Core.Utilities;
|
||||
|
||||
/// <summary>
|
||||
/// Specifies that the class or method that this attribute is applied to requires the specified boolean feature flag
|
||||
/// to be enabled. If the feature flag is not enabled, a <see cref="FeatureUnavailableException"/> is thrown
|
||||
/// </summary>
|
||||
public class RequireFeatureAttribute : ActionFilterAttribute
|
||||
{
|
||||
private readonly string _featureFlagKey;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="RequireFeatureAttribute"/> class with the specified feature flag key.
|
||||
/// </summary>
|
||||
/// <param name="featureFlagKey">The name of the feature flag to require.</param>
|
||||
public RequireFeatureAttribute(string featureFlagKey)
|
||||
{
|
||||
_featureFlagKey = featureFlagKey;
|
||||
}
|
||||
|
||||
public override void OnActionExecuting(ActionExecutingContext context)
|
||||
{
|
||||
var currentContext = context.HttpContext.RequestServices.GetRequiredService<ICurrentContext>();
|
||||
var featureService = context.HttpContext.RequestServices.GetRequiredService<IFeatureService>();
|
||||
|
||||
if (!featureService.IsEnabled(_featureFlagKey, currentContext))
|
||||
{
|
||||
throw new FeatureUnavailableException();
|
||||
}
|
||||
}
|
||||
}
|
@ -1,5 +1,6 @@
|
||||
using System.Data;
|
||||
using Bit.Core.Auth.Entities;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Settings;
|
||||
using Bit.Infrastructure.Dapper.Repositories;
|
||||
@ -41,4 +42,30 @@ public class AuthRequestRepository : Repository<AuthRequest, Guid>, IAuthRequest
|
||||
return results.ToList();
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId)
|
||||
{
|
||||
using (var connection = new SqlConnection(ConnectionString))
|
||||
{
|
||||
var results = await connection.QueryAsync<OrganizationAdminAuthRequest>(
|
||||
$"[{Schema}].[AuthRequest_ReadPendingByOrganizationId]",
|
||||
new { OrganizationId = organizationId },
|
||||
commandType: CommandType.StoredProcedure);
|
||||
|
||||
return results.ToList();
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(Guid organizationId, IEnumerable<Guid> ids)
|
||||
{
|
||||
using (var connection = new SqlConnection(ConnectionString))
|
||||
{
|
||||
var results = await connection.QueryAsync<OrganizationAdminAuthRequest>(
|
||||
$"[{Schema}].[AuthRequest_ReadAdminApprovalsByIds]",
|
||||
new { OrganizationId = organizationId, Ids = ids.ToGuidIdArrayTVP() },
|
||||
commandType: CommandType.StoredProcedure);
|
||||
|
||||
return results.ToList();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,14 @@
|
||||
using Bit.Infrastructure.EntityFramework.Auth.Models;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.EntityFrameworkCore.Metadata.Builders;
|
||||
|
||||
namespace Bit.Infrastructure.EntityFramework.Auth.Configurations;
|
||||
|
||||
public class AuthRequestConfiguration : IEntityTypeConfiguration<AuthRequest>
|
||||
{
|
||||
public void Configure(EntityTypeBuilder<AuthRequest> builder)
|
||||
{
|
||||
builder.Property(ar => ar.Id).ValueGeneratedNever();
|
||||
builder.ToTable(nameof(AuthRequest));
|
||||
}
|
||||
}
|
@ -1,4 +1,5 @@
|
||||
using AutoMapper;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Infrastructure.EntityFramework.Models;
|
||||
|
||||
namespace Bit.Infrastructure.EntityFramework.Auth.Models;
|
||||
@ -7,6 +8,7 @@ public class AuthRequest : Core.Auth.Entities.AuthRequest
|
||||
{
|
||||
public virtual User User { get; set; }
|
||||
public virtual Device ResponseDevice { get; set; }
|
||||
public virtual Organization Organization { get; set; }
|
||||
}
|
||||
|
||||
public class AuthRequestMapperProfile : Profile
|
||||
@ -14,5 +16,9 @@ public class AuthRequestMapperProfile : Profile
|
||||
public AuthRequestMapperProfile()
|
||||
{
|
||||
CreateMap<Core.Auth.Entities.AuthRequest, AuthRequest>().ReverseMap();
|
||||
CreateProjection<AuthRequest, OrganizationAdminAuthRequest>()
|
||||
.ForMember(m => m.Email, opt => opt.MapFrom(t => t.User.Email))
|
||||
.ForMember(m => m.OrganizationUserId, opt => opt.MapFrom(
|
||||
t => t.User.OrganizationUsers.FirstOrDefault(ou => ou.OrganizationId == t.OrganizationId && ou.UserId == t.UserId).Id));
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,7 @@
|
||||
using AutoMapper;
|
||||
using AutoMapper.QueryableExtensions;
|
||||
using Bit.Core.Auth.Enums;
|
||||
using Bit.Core.Auth.Models.Data;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Infrastructure.EntityFramework.Auth.Models;
|
||||
using Bit.Infrastructure.EntityFramework.Repositories;
|
||||
@ -33,4 +36,32 @@ public class AuthRequestRepository : Repository<Core.Auth.Entities.AuthRequest,
|
||||
return Mapper.Map<List<Core.Auth.Entities.AuthRequest>>(userAuthRequests);
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId)
|
||||
{
|
||||
using (var scope = ServiceScopeFactory.CreateScope())
|
||||
{
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var orgUserAuthRequests = await (from ar in dbContext.AuthRequests
|
||||
where ar.OrganizationId.Equals(organizationId) && ar.ResponseDate == null && ar.Type == AuthRequestType.AdminApproval
|
||||
select ar).ProjectTo<OrganizationAdminAuthRequest>(Mapper.ConfigurationProvider).ToListAsync();
|
||||
|
||||
return orgUserAuthRequests;
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(
|
||||
Guid organizationId,
|
||||
IEnumerable<Guid> ids)
|
||||
{
|
||||
using (var scope = ServiceScopeFactory.CreateScope())
|
||||
{
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var orgUserAuthRequests = await (from ar in dbContext.AuthRequests
|
||||
where ar.OrganizationId.Equals(organizationId) && ids.Contains(ar.Id) && ar.Type == AuthRequestType.AdminApproval
|
||||
select ar).ProjectTo<OrganizationAdminAuthRequest>(Mapper.ConfigurationProvider).ToListAsync();
|
||||
|
||||
return orgUserAuthRequests;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -97,7 +97,6 @@ public class DatabaseContext : DbContext
|
||||
var eUser = builder.Entity<User>();
|
||||
var eOrganizationApiKey = builder.Entity<OrganizationApiKey>();
|
||||
var eOrganizationConnection = builder.Entity<OrganizationConnection>();
|
||||
var eAuthRequest = builder.Entity<AuthRequest>();
|
||||
var eOrganizationDomain = builder.Entity<OrganizationDomain>();
|
||||
|
||||
eCipher.Property(c => c.Id).ValueGeneratedNever();
|
||||
@ -119,7 +118,6 @@ public class DatabaseContext : DbContext
|
||||
eUser.Property(c => c.Id).ValueGeneratedNever();
|
||||
eOrganizationApiKey.Property(c => c.Id).ValueGeneratedNever();
|
||||
eOrganizationConnection.Property(c => c.Id).ValueGeneratedNever();
|
||||
eAuthRequest.Property(ar => ar.Id).ValueGeneratedNever();
|
||||
eOrganizationDomain.Property(ar => ar.Id).ValueGeneratedNever();
|
||||
|
||||
eCollectionCipher.HasKey(cc => new { cc.CollectionId, cc.CipherId });
|
||||
@ -171,7 +169,6 @@ public class DatabaseContext : DbContext
|
||||
eUser.ToTable(nameof(User));
|
||||
eOrganizationApiKey.ToTable(nameof(OrganizationApiKey));
|
||||
eOrganizationConnection.ToTable(nameof(OrganizationConnection));
|
||||
eAuthRequest.ToTable(nameof(AuthRequest));
|
||||
eOrganizationDomain.ToTable(nameof(OrganizationDomain));
|
||||
|
||||
ConfigureDateTimeUtcQueries(builder);
|
||||
|
@ -1,6 +1,7 @@
|
||||
CREATE PROCEDURE [dbo].[AuthRequest_Create]
|
||||
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||
@UserId UNIQUEIDENTIFIER,
|
||||
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||
@Type TINYINT,
|
||||
@RequestDeviceIdentifier NVARCHAR(50),
|
||||
@RequestDeviceType TINYINT,
|
||||
@ -22,6 +23,7 @@ BEGIN
|
||||
(
|
||||
[Id],
|
||||
[UserId],
|
||||
[OrganizationId],
|
||||
[Type],
|
||||
[RequestDeviceIdentifier],
|
||||
[RequestDeviceType],
|
||||
@ -40,6 +42,7 @@ BEGIN
|
||||
(
|
||||
@Id,
|
||||
@UserId,
|
||||
@OrganizationId,
|
||||
@Type,
|
||||
@RequestDeviceIdentifier,
|
||||
@RequestDeviceType,
|
||||
@ -54,4 +57,4 @@ BEGIN
|
||||
@ResponseDate,
|
||||
@AuthenticationDate
|
||||
)
|
||||
END
|
||||
END
|
@ -0,0 +1,20 @@
|
||||
CREATE PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
|
||||
@OrganizationId UNIQUEIDENTIFIER,
|
||||
@Ids AS [dbo].[GuidIdArray] READONLY
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
|
||||
FROM
|
||||
[dbo].[AuthRequestView] ar
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||
WHERE
|
||||
ar.[OrganizationId] = @OrganizationId
|
||||
AND
|
||||
ar.[Type] = 2 -- AdminApproval
|
||||
AND
|
||||
ar.[Id] IN (SELECT [Id] FROM @Ids)
|
||||
END
|
@ -0,0 +1,19 @@
|
||||
CREATE PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
|
||||
@OrganizationId UNIQUEIDENTIFIER
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
|
||||
FROM
|
||||
[dbo].[AuthRequestView] ar
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||
WHERE
|
||||
ar.[OrganizationId] = @OrganizationId
|
||||
AND
|
||||
ar.[ResponseDate] IS NULL
|
||||
AND
|
||||
ar.[Type] = 2 -- AdminApproval
|
||||
END
|
@ -1,6 +1,7 @@
|
||||
CREATE PROCEDURE [dbo].[AuthRequest_Update]
|
||||
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||
@UserId UNIQUEIDENTIFIER,
|
||||
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||
@Type SMALLINT,
|
||||
@RequestDeviceIdentifier NVARCHAR(50),
|
||||
@RequestDeviceType SMALLINT,
|
||||
@ -23,6 +24,7 @@ BEGIN
|
||||
SET
|
||||
[UserId] = @UserId,
|
||||
[Type] = @Type,
|
||||
[OrganizationId] = @OrganizationId,
|
||||
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
|
||||
[RequestDeviceType] = @RequestDeviceType,
|
||||
[RequestIpAddress] = @RequestIpAddress,
|
||||
|
@ -14,9 +14,11 @@
|
||||
[CreationDate] DATETIME2 (7) NOT NULL,
|
||||
[ResponseDate] DATETIME2 (7) NULL,
|
||||
[AuthenticationDate] DATETIME2 (7) NULL,
|
||||
[OrganizationId] UNIQUEIDENTIFIER NULL,
|
||||
CONSTRAINT [PK_AuthRequest] PRIMARY KEY CLUSTERED ([Id] ASC),
|
||||
CONSTRAINT [FK_AuthRequest_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id]),
|
||||
CONSTRAINT [FK_AuthRequest_ResponseDevice] FOREIGN KEY ([ResponseDeviceId]) REFERENCES [dbo].[Device] ([Id])
|
||||
CONSTRAINT [FK_AuthRequest_ResponseDevice] FOREIGN KEY ([ResponseDeviceId]) REFERENCES [dbo].[Device] ([Id]),
|
||||
CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
|
||||
);
|
||||
|
||||
|
||||
|
85
test/Core.Test/Utilities/RequireFeatureAttributeTests.cs
Normal file
85
test/Core.Test/Utilities/RequireFeatureAttributeTests.cs
Normal file
@ -0,0 +1,85 @@
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.Abstractions;
|
||||
using Microsoft.AspNetCore.Mvc.Filters;
|
||||
using Microsoft.AspNetCore.Routing;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using NSubstitute;
|
||||
using Xunit;
|
||||
|
||||
namespace Bit.Core.Test.Utilities;
|
||||
|
||||
public class RequireFeatureAttributeTests
|
||||
{
|
||||
private const string _testFeature = "test-feature";
|
||||
|
||||
[Fact]
|
||||
public void Throws_When_Feature_Disabled()
|
||||
{
|
||||
// Arrange
|
||||
var rfa = new RequireFeatureAttribute(_testFeature);
|
||||
|
||||
// Act & Assert
|
||||
Assert.Throws<FeatureUnavailableException>(() => rfa.OnActionExecuting(GetContext(enabled: false)));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Throws_When_Feature_Not_Found()
|
||||
{
|
||||
// Arrange
|
||||
var rfa = new RequireFeatureAttribute("missing-feature");
|
||||
|
||||
// Act & Assert
|
||||
Assert.Throws<FeatureUnavailableException>(() => rfa.OnActionExecuting(GetContext(enabled: false)));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void Success_When_Feature_Enabled()
|
||||
{
|
||||
// Arrange
|
||||
var rfa = new RequireFeatureAttribute(_testFeature);
|
||||
|
||||
// Act
|
||||
rfa.OnActionExecuting(GetContext(enabled: true));
|
||||
|
||||
// Assert
|
||||
// The Assert here is NOT throwing an exception
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Generates a ActionExecutingContext with the necessary services registered to test
|
||||
/// the <see cref="RequireFeatureAttribute"/>
|
||||
/// </summary>
|
||||
/// <param name="enabled">Mock value for the <see cref="_testFeature"/> flag</param>
|
||||
/// <returns></returns>
|
||||
private static ActionExecutingContext GetContext(bool enabled)
|
||||
{
|
||||
IServiceCollection services = new ServiceCollection();
|
||||
|
||||
var featureService = Substitute.For<IFeatureService>();
|
||||
var currentContext = Substitute.For<ICurrentContext>();
|
||||
|
||||
featureService.IsEnabled(_testFeature, Arg.Any<ICurrentContext>()).Returns(enabled);
|
||||
|
||||
services.AddSingleton(featureService);
|
||||
services.AddSingleton(currentContext);
|
||||
|
||||
var httpContext = new DefaultHttpContext();
|
||||
httpContext.RequestServices = services.BuildServiceProvider();
|
||||
|
||||
var context = Substitute.For<ActionExecutingContext>(
|
||||
Substitute.For<ActionContext>(httpContext,
|
||||
new RouteData(),
|
||||
Substitute.For<ActionDescriptor>()),
|
||||
new List<IFilterMetadata>(),
|
||||
new Dictionary<string, object>(),
|
||||
Substitute.For<Controller>());
|
||||
|
||||
return context;
|
||||
}
|
||||
}
|
@ -41,9 +41,11 @@ internal class EfAuthRequest : ICustomization
|
||||
fixture.Customizations.Add(new GlobalSettingsBuilder());
|
||||
fixture.Customizations.Add(new AuthRequestBuilder());
|
||||
fixture.Customizations.Add(new DeviceBuilder());
|
||||
fixture.Customizations.Add(new OrganizationBuilder());
|
||||
fixture.Customizations.Add(new UserBuilder());
|
||||
fixture.Customizations.Add(new EfRepositoryListBuilder<AuthRequestRepository>());
|
||||
fixture.Customizations.Add(new EfRepositoryListBuilder<DeviceRepository>());
|
||||
fixture.Customizations.Add(new EfRepositoryListBuilder<OrganizationRepository>());
|
||||
fixture.Customizations.Add(new EfRepositoryListBuilder<UserRepository>());
|
||||
}
|
||||
}
|
||||
|
@ -19,9 +19,12 @@ public class AuthRequestRepositoryTests
|
||||
AuthRequestCompare equalityComparer,
|
||||
List<EfAuthRepo.AuthRequestRepository> suts,
|
||||
SqlAuthRepo.AuthRequestRepository sqlAuthRequestRepo,
|
||||
Organization organization,
|
||||
User user,
|
||||
List<EfRepo.UserRepository> efUserRepos,
|
||||
SqlRepo.UserRepository sqlUserRepo
|
||||
List<EfRepo.OrganizationRepository> efOrgRepos,
|
||||
SqlRepo.UserRepository sqlUserRepo,
|
||||
SqlRepo.OrganizationRepository sqlOrgRepo
|
||||
)
|
||||
{
|
||||
authRequest.ResponseDeviceId = null;
|
||||
@ -34,6 +37,10 @@ public class AuthRequestRepositoryTests
|
||||
sut.ClearChangeTracking();
|
||||
authRequest.UserId = efUser.Id;
|
||||
|
||||
var efOrg = await efOrgRepos[i].CreateAsync(organization);
|
||||
sut.ClearChangeTracking();
|
||||
authRequest.OrganizationId = efOrg.Id;
|
||||
|
||||
var postEfAuthRequest = await sut.CreateAsync(authRequest);
|
||||
sut.ClearChangeTracking();
|
||||
|
||||
@ -43,6 +50,8 @@ public class AuthRequestRepositoryTests
|
||||
|
||||
var sqlUser = await sqlUserRepo.CreateAsync(user);
|
||||
authRequest.UserId = sqlUser.Id;
|
||||
var sqlOrg = await sqlOrgRepo.CreateAsync(organization);
|
||||
authRequest.OrganizationId = sqlOrg.Id;
|
||||
var sqlAuthRequest = await sqlAuthRequestRepo.CreateAsync(authRequest);
|
||||
var savedSqlAuthRequest = await sqlAuthRequestRepo.GetByIdAsync(sqlAuthRequest.Id);
|
||||
savedAuthRequests.Add(savedSqlAuthRequest);
|
||||
|
193
util/Migrator/DbScripts/2023-06-01_00_TdeAdminApproval.sql
Normal file
193
util/Migrator/DbScripts/2023-06-01_00_TdeAdminApproval.sql
Normal file
@ -0,0 +1,193 @@
|
||||
--Add OrganizationId Column and Foreign Key
|
||||
IF COL_LENGTH('[dbo].[AuthRequest]', 'OrganizationId') IS NULL
|
||||
BEGIN
|
||||
ALTER TABLE
|
||||
[dbo].[AuthRequest]
|
||||
ADD [OrganizationId] UNIQUEIDENTIFIER NULL;
|
||||
ALTER TABLE
|
||||
[dbo].[AuthRequest]
|
||||
ADD CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
|
||||
END
|
||||
GO
|
||||
|
||||
-- Drop and recreate view
|
||||
IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
|
||||
BEGIN
|
||||
DROP VIEW [dbo].[AuthRequestView]
|
||||
END
|
||||
GO
|
||||
|
||||
CREATE VIEW [dbo].[AuthRequestView]
|
||||
AS
|
||||
SELECT
|
||||
*
|
||||
FROM
|
||||
[dbo].[AuthRequest]
|
||||
GO
|
||||
|
||||
--Drop existing SPROC
|
||||
IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
|
||||
BEGIN
|
||||
DROP PROCEDURE [dbo].[AuthRequest_Update]
|
||||
END
|
||||
GO
|
||||
|
||||
--Create SPROC with OrganizationId column
|
||||
CREATE PROCEDURE [dbo].[AuthRequest_Update]
|
||||
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||
@UserId UNIQUEIDENTIFIER,
|
||||
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||
@Type SMALLINT,
|
||||
@RequestDeviceIdentifier NVARCHAR(50),
|
||||
@RequestDeviceType SMALLINT,
|
||||
@RequestIpAddress VARCHAR(50),
|
||||
@ResponseDeviceId UNIQUEIDENTIFIER,
|
||||
@AccessCode VARCHAR(25),
|
||||
@PublicKey VARCHAR(MAX),
|
||||
@Key VARCHAR(MAX),
|
||||
@MasterPasswordHash VARCHAR(MAX),
|
||||
@Approved BIT,
|
||||
@CreationDate DATETIME2 (7),
|
||||
@ResponseDate DATETIME2 (7),
|
||||
@AuthenticationDate DATETIME2 (7)
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
UPDATE
|
||||
[dbo].[AuthRequest]
|
||||
SET
|
||||
[UserId] = @UserId,
|
||||
[Type] = @Type,
|
||||
[OrganizationId] = @OrganizationId,
|
||||
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
|
||||
[RequestDeviceType] = @RequestDeviceType,
|
||||
[RequestIpAddress] = @RequestIpAddress,
|
||||
[ResponseDeviceId] = @ResponseDeviceId,
|
||||
[AccessCode] = @AccessCode,
|
||||
[PublicKey] = @PublicKey,
|
||||
[Key] = @Key,
|
||||
[MasterPasswordHash] = @MasterPasswordHash,
|
||||
[Approved] = @Approved,
|
||||
[CreationDate] = @CreationDate,
|
||||
[ResponseDate] = @ResponseDate,
|
||||
[AuthenticationDate] = @AuthenticationDate
|
||||
WHERE
|
||||
[Id] = @Id
|
||||
END
|
||||
GO
|
||||
|
||||
--Drop existing SPROC
|
||||
IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
|
||||
BEGIN
|
||||
DROP PROCEDURE [dbo].[AuthRequest_Create]
|
||||
END
|
||||
GO
|
||||
|
||||
--Create SPROC with OrganizationId column
|
||||
CREATE PROCEDURE [dbo].[AuthRequest_Create]
|
||||
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||
@UserId UNIQUEIDENTIFIER,
|
||||
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||
@Type TINYINT,
|
||||
@RequestDeviceIdentifier NVARCHAR(50),
|
||||
@RequestDeviceType TINYINT,
|
||||
@RequestIpAddress VARCHAR(50),
|
||||
@ResponseDeviceId UNIQUEIDENTIFIER,
|
||||
@AccessCode VARCHAR(25),
|
||||
@PublicKey VARCHAR(MAX),
|
||||
@Key VARCHAR(MAX),
|
||||
@MasterPasswordHash VARCHAR(MAX),
|
||||
@Approved BIT,
|
||||
@CreationDate DATETIME2(7),
|
||||
@ResponseDate DATETIME2(7),
|
||||
@AuthenticationDate DATETIME2(7)
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
INSERT INTO [dbo].[AuthRequest]
|
||||
(
|
||||
[Id],
|
||||
[UserId],
|
||||
[OrganizationId],
|
||||
[Type],
|
||||
[RequestDeviceIdentifier],
|
||||
[RequestDeviceType],
|
||||
[RequestIpAddress],
|
||||
[ResponseDeviceId],
|
||||
[AccessCode],
|
||||
[PublicKey],
|
||||
[Key],
|
||||
[MasterPasswordHash],
|
||||
[Approved],
|
||||
[CreationDate],
|
||||
[ResponseDate],
|
||||
[AuthenticationDate]
|
||||
)
|
||||
VALUES
|
||||
(
|
||||
@Id,
|
||||
@UserId,
|
||||
@OrganizationId,
|
||||
@Type,
|
||||
@RequestDeviceIdentifier,
|
||||
@RequestDeviceType,
|
||||
@RequestIpAddress,
|
||||
@ResponseDeviceId,
|
||||
@AccessCode,
|
||||
@PublicKey,
|
||||
@Key,
|
||||
@MasterPasswordHash,
|
||||
@Approved,
|
||||
@CreationDate,
|
||||
@ResponseDate,
|
||||
@AuthenticationDate
|
||||
)
|
||||
END
|
||||
Go
|
||||
|
||||
-- New SPROC
|
||||
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
|
||||
@OrganizationId UNIQUEIDENTIFIER,
|
||||
@Ids AS [dbo].[GuidIdArray] READONLY
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
|
||||
FROM
|
||||
[dbo].[AuthRequestView] ar
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||
WHERE
|
||||
ar.[OrganizationId] = @OrganizationId
|
||||
AND
|
||||
ar.[Type] = 2 -- AdminApproval
|
||||
AND
|
||||
ar.[Id] IN (SELECT [Id] FROM @Ids)
|
||||
END
|
||||
GO
|
||||
|
||||
-- New SPROC
|
||||
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
|
||||
@OrganizationId UNIQUEIDENTIFIER
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
|
||||
FROM
|
||||
[dbo].[AuthRequestView] ar
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||
WHERE
|
||||
ar.[OrganizationId] = @OrganizationId
|
||||
AND
|
||||
ar.[ResponseDate] IS NULL
|
||||
AND
|
||||
ar.[Type] = 2 -- AdminApproval
|
||||
END
|
||||
GO
|
2201
util/MySqlMigrations/Migrations/20230605183142_TdeAdminApproval.Designer.cs
generated
Normal file
2201
util/MySqlMigrations/Migrations/20230605183142_TdeAdminApproval.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,45 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace Bit.MySqlMigrations.Migrations;
|
||||
|
||||
public partial class TdeAdminApproval : Migration
|
||||
{
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<Guid>(
|
||||
name: "OrganizationId",
|
||||
table: "AuthRequest",
|
||||
type: "char(36)",
|
||||
nullable: true,
|
||||
collation: "ascii_general_ci");
|
||||
|
||||
migrationBuilder.CreateIndex(
|
||||
name: "IX_AuthRequest_OrganizationId",
|
||||
table: "AuthRequest",
|
||||
column: "OrganizationId");
|
||||
|
||||
migrationBuilder.AddForeignKey(
|
||||
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||
table: "AuthRequest",
|
||||
column: "OrganizationId",
|
||||
principalTable: "Organization",
|
||||
principalColumn: "Id");
|
||||
}
|
||||
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropForeignKey(
|
||||
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||
table: "AuthRequest");
|
||||
|
||||
migrationBuilder.DropIndex(
|
||||
name: "IX_AuthRequest_OrganizationId",
|
||||
table: "AuthRequest");
|
||||
|
||||
migrationBuilder.DropColumn(
|
||||
name: "OrganizationId",
|
||||
table: "AuthRequest");
|
||||
}
|
||||
}
|
@ -43,6 +43,9 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.Property<string>("MasterPasswordHash")
|
||||
.HasColumnType("longtext");
|
||||
|
||||
b.Property<Guid?>("OrganizationId")
|
||||
.HasColumnType("char(36)");
|
||||
|
||||
b.Property<string>("PublicKey")
|
||||
.HasColumnType("longtext");
|
||||
|
||||
@ -71,6 +74,8 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
|
||||
b.HasKey("Id");
|
||||
|
||||
b.HasIndex("OrganizationId");
|
||||
|
||||
b.HasIndex("ResponseDeviceId");
|
||||
|
||||
b.HasIndex("UserId");
|
||||
@ -1658,6 +1663,10 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
|
||||
.WithMany()
|
||||
.HasForeignKey("OrganizationId");
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
||||
.WithMany()
|
||||
.HasForeignKey("ResponseDeviceId");
|
||||
@ -1668,6 +1677,8 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
.OnDelete(DeleteBehavior.Cascade)
|
||||
.IsRequired();
|
||||
|
||||
b.Navigation("Organization");
|
||||
|
||||
b.Navigation("ResponseDevice");
|
||||
|
||||
b.Navigation("User");
|
||||
|
2212
util/PostgresMigrations/Migrations/20230605182609_TdeAdminApproval.Designer.cs
generated
Normal file
2212
util/PostgresMigrations/Migrations/20230605182609_TdeAdminApproval.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,44 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace Bit.PostgresMigrations.Migrations;
|
||||
|
||||
public partial class TdeAdminApproval : Migration
|
||||
{
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<Guid>(
|
||||
name: "OrganizationId",
|
||||
table: "AuthRequest",
|
||||
type: "uuid",
|
||||
nullable: true);
|
||||
|
||||
migrationBuilder.CreateIndex(
|
||||
name: "IX_AuthRequest_OrganizationId",
|
||||
table: "AuthRequest",
|
||||
column: "OrganizationId");
|
||||
|
||||
migrationBuilder.AddForeignKey(
|
||||
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||
table: "AuthRequest",
|
||||
column: "OrganizationId",
|
||||
principalTable: "Organization",
|
||||
principalColumn: "Id");
|
||||
}
|
||||
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropForeignKey(
|
||||
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||
table: "AuthRequest");
|
||||
|
||||
migrationBuilder.DropIndex(
|
||||
name: "IX_AuthRequest_OrganizationId",
|
||||
table: "AuthRequest");
|
||||
|
||||
migrationBuilder.DropColumn(
|
||||
name: "OrganizationId",
|
||||
table: "AuthRequest");
|
||||
}
|
||||
}
|
@ -47,6 +47,9 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.Property<string>("MasterPasswordHash")
|
||||
.HasColumnType("text");
|
||||
|
||||
b.Property<Guid?>("OrganizationId")
|
||||
.HasColumnType("uuid");
|
||||
|
||||
b.Property<string>("PublicKey")
|
||||
.HasColumnType("text");
|
||||
|
||||
@ -75,6 +78,8 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
|
||||
b.HasKey("Id");
|
||||
|
||||
b.HasIndex("OrganizationId");
|
||||
|
||||
b.HasIndex("ResponseDeviceId");
|
||||
|
||||
b.HasIndex("UserId");
|
||||
@ -1669,6 +1674,10 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
|
||||
.WithMany()
|
||||
.HasForeignKey("OrganizationId");
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
||||
.WithMany()
|
||||
.HasForeignKey("ResponseDeviceId");
|
||||
@ -1679,6 +1688,8 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
.OnDelete(DeleteBehavior.Cascade)
|
||||
.IsRequired();
|
||||
|
||||
b.Navigation("Organization");
|
||||
|
||||
b.Navigation("ResponseDevice");
|
||||
|
||||
b.Navigation("User");
|
||||
|
2199
util/SqliteMigrations/Migrations/20230605182605_TdeAdminApproval.Designer.cs
generated
Normal file
2199
util/SqliteMigrations/Migrations/20230605182605_TdeAdminApproval.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,44 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace Bit.SqliteMigrations.Migrations;
|
||||
|
||||
public partial class TdeAdminApproval : Migration
|
||||
{
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<Guid>(
|
||||
name: "OrganizationId",
|
||||
table: "AuthRequest",
|
||||
type: "TEXT",
|
||||
nullable: true);
|
||||
|
||||
migrationBuilder.CreateIndex(
|
||||
name: "IX_AuthRequest_OrganizationId",
|
||||
table: "AuthRequest",
|
||||
column: "OrganizationId");
|
||||
|
||||
migrationBuilder.AddForeignKey(
|
||||
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||
table: "AuthRequest",
|
||||
column: "OrganizationId",
|
||||
principalTable: "Organization",
|
||||
principalColumn: "Id");
|
||||
}
|
||||
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropForeignKey(
|
||||
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||
table: "AuthRequest");
|
||||
|
||||
migrationBuilder.DropIndex(
|
||||
name: "IX_AuthRequest_OrganizationId",
|
||||
table: "AuthRequest");
|
||||
|
||||
migrationBuilder.DropColumn(
|
||||
name: "OrganizationId",
|
||||
table: "AuthRequest");
|
||||
}
|
||||
}
|
@ -41,6 +41,9 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.Property<string>("MasterPasswordHash")
|
||||
.HasColumnType("TEXT");
|
||||
|
||||
b.Property<Guid?>("OrganizationId")
|
||||
.HasColumnType("TEXT");
|
||||
|
||||
b.Property<string>("PublicKey")
|
||||
.HasColumnType("TEXT");
|
||||
|
||||
@ -69,6 +72,8 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
|
||||
b.HasKey("Id");
|
||||
|
||||
b.HasIndex("OrganizationId");
|
||||
|
||||
b.HasIndex("ResponseDeviceId");
|
||||
|
||||
b.HasIndex("UserId");
|
||||
@ -1656,6 +1661,10 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
|
||||
.WithMany()
|
||||
.HasForeignKey("OrganizationId");
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
||||
.WithMany()
|
||||
.HasForeignKey("ResponseDeviceId");
|
||||
@ -1666,6 +1675,8 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
.OnDelete(DeleteBehavior.Cascade)
|
||||
.IsRequired();
|
||||
|
||||
b.Navigation("Organization");
|
||||
|
||||
b.Navigation("ResponseDevice");
|
||||
|
||||
b.Navigation("User");
|
||||
|
Loading…
Reference in New Issue
Block a user