mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
[AC-1192] Create endpoints for new Device Approvals page (#2993)
* [AC-1192] Create new OrganizationAuthRequestsController.cs * [AC-1192] Introduce OrganizationAdminAuthRequest model * [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository * [AC-1192] Add new list pending organization auth requests endpoint * [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository * [AC-1192] Make the response device identifier optional for admin approval requests * [AC-1192] Add endpoint for bulk denying admin device auth requests * [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel * [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController * [AC-1192] Secure new endpoints behind TDE feature flag * [AC-1192] Formatting * [AC-1192] Add sql migration script * [AC-1192] Add optional OrganizationId column to AuthRequest entity - Rename migration script to match existing formatting - Add new column - Add migration scripts - Update new sprocs to filter/join on OrganizationId - Update old sprocs to include OrganizationId * [AC-1192] Format migration scripts * [AC-1192] Fix failing AuthRequest EF unit test * [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability * [AC-1192] Fix missing comma in migration file * [AC-1192] Rename Key to EncryptedUserKey to be more descriptive * [AC-1192] Move request validation into helper method to reduce repetition * [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission * [AC-1192] Introduce FeatureUnavailableException * [AC-1192] Introduce RequireFeatureAttribute * [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController * [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column * [AC-1192] More attempts to sync database migrations * [AC-1192] Formatting * [AC-1192] Remove unused reference to FeatureService * [AC-1192] Change Id types from String to Guid * [AC-1192] Add EncryptedString attribute * [AC-1192] Remove redundant OrganizationId property * [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping - Add new OrganizationUser relationship to EF entity - Replace AuthRequest DBContext config with new IEntityTypeConfiguration - Add navigation property to AuthRequest entity configuration for OrganizationUser - Update EF AuthRequestRepository to use new mapping and navigation properties * [AC-1192] Remove OrganizationUser navigation property
This commit is contained in:
parent
bdd5e0916e
commit
904b2fe205
@ -0,0 +1,13 @@
|
|||||||
|
using System.ComponentModel.DataAnnotations;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
|
|
||||||
|
namespace Bit.Api.Auth.Models.Request;
|
||||||
|
|
||||||
|
public class AdminAuthRequestUpdateRequestModel
|
||||||
|
{
|
||||||
|
[EncryptedString]
|
||||||
|
public string EncryptedUserKey { get; set; }
|
||||||
|
|
||||||
|
[Required]
|
||||||
|
public bool RequestApproved { get; set; }
|
||||||
|
}
|
@ -0,0 +1,6 @@
|
|||||||
|
namespace Bit.Api.Auth.Models.Request;
|
||||||
|
|
||||||
|
public class BulkDenyAdminAuthRequestRequestModel
|
||||||
|
{
|
||||||
|
public IEnumerable<Guid> Ids { get; set; }
|
||||||
|
}
|
@ -0,0 +1,38 @@
|
|||||||
|
using System.ComponentModel.DataAnnotations;
|
||||||
|
using System.Reflection;
|
||||||
|
using Bit.Core.Auth.Models.Data;
|
||||||
|
using Bit.Core.Models.Api;
|
||||||
|
|
||||||
|
namespace Bit.Api.Auth.Models.Response;
|
||||||
|
|
||||||
|
public class PendingOrganizationAuthRequestResponseModel : ResponseModel
|
||||||
|
{
|
||||||
|
public PendingOrganizationAuthRequestResponseModel(OrganizationAdminAuthRequest authRequest, string obj = "pending-org-auth-request") : base(obj)
|
||||||
|
{
|
||||||
|
if (authRequest == null)
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(authRequest));
|
||||||
|
}
|
||||||
|
|
||||||
|
Id = authRequest.Id;
|
||||||
|
UserId = authRequest.UserId;
|
||||||
|
OrganizationUserId = authRequest.OrganizationUserId;
|
||||||
|
Email = authRequest.Email;
|
||||||
|
PublicKey = authRequest.PublicKey;
|
||||||
|
RequestDeviceIdentifier = authRequest.RequestDeviceIdentifier;
|
||||||
|
RequestDeviceType = authRequest.RequestDeviceType.GetType().GetMember(authRequest.RequestDeviceType.ToString())
|
||||||
|
.FirstOrDefault()?.GetCustomAttribute<DisplayAttribute>()?.GetName();
|
||||||
|
RequestIpAddress = authRequest.RequestIpAddress;
|
||||||
|
CreationDate = authRequest.CreationDate;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Guid Id { get; set; }
|
||||||
|
public Guid UserId { get; set; }
|
||||||
|
public Guid OrganizationUserId { get; set; }
|
||||||
|
public string Email { get; set; }
|
||||||
|
public string PublicKey { get; set; }
|
||||||
|
public string RequestDeviceIdentifier { get; set; }
|
||||||
|
public string RequestDeviceType { get; set; }
|
||||||
|
public string RequestIpAddress { get; set; }
|
||||||
|
public DateTime CreationDate { get; set; }
|
||||||
|
}
|
83
src/Api/Controllers/OrganizationAuthRequestsController.cs
Normal file
83
src/Api/Controllers/OrganizationAuthRequestsController.cs
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
using Bit.Api.Auth.Models.Request;
|
||||||
|
using Bit.Api.Auth.Models.Response;
|
||||||
|
using Bit.Api.Models.Response;
|
||||||
|
using Bit.Core;
|
||||||
|
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
|
||||||
|
using Bit.Core.Auth.Services;
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
|
||||||
|
namespace Bit.Api.Controllers;
|
||||||
|
|
||||||
|
[Route("organizations/{orgId}/auth-requests")]
|
||||||
|
[Authorize("Application")]
|
||||||
|
[RequireFeature(FeatureFlagKeys.TrustedDeviceEncryption)]
|
||||||
|
public class OrganizationAuthRequestsController : Controller
|
||||||
|
{
|
||||||
|
private readonly IAuthRequestRepository _authRequestRepository;
|
||||||
|
private readonly ICurrentContext _currentContext;
|
||||||
|
private readonly IAuthRequestService _authRequestService;
|
||||||
|
|
||||||
|
public OrganizationAuthRequestsController(IAuthRequestRepository authRequestRepository,
|
||||||
|
ICurrentContext currentContext, IAuthRequestService authRequestService)
|
||||||
|
{
|
||||||
|
_authRequestRepository = authRequestRepository;
|
||||||
|
_currentContext = currentContext;
|
||||||
|
_authRequestService = authRequestService;
|
||||||
|
}
|
||||||
|
|
||||||
|
[HttpGet("")]
|
||||||
|
public async Task<ListResponseModel<PendingOrganizationAuthRequestResponseModel>> GetPendingRequests(Guid orgId)
|
||||||
|
{
|
||||||
|
await ValidateAdminRequest(orgId);
|
||||||
|
|
||||||
|
var authRequests = await _authRequestRepository.GetManyPendingByOrganizationIdAsync(orgId);
|
||||||
|
var responses = authRequests
|
||||||
|
.Select(a => new PendingOrganizationAuthRequestResponseModel(a))
|
||||||
|
.ToList();
|
||||||
|
return new ListResponseModel<PendingOrganizationAuthRequestResponseModel>(responses);
|
||||||
|
}
|
||||||
|
|
||||||
|
[HttpPost("{requestId}")]
|
||||||
|
public async Task UpdateAuthRequest(Guid orgId, Guid requestId, [FromBody] AdminAuthRequestUpdateRequestModel model)
|
||||||
|
{
|
||||||
|
await ValidateAdminRequest(orgId);
|
||||||
|
|
||||||
|
var authRequest =
|
||||||
|
(await _authRequestRepository.GetManyAdminApprovalRequestsByManyIdsAsync(orgId, new[] { requestId })).FirstOrDefault();
|
||||||
|
|
||||||
|
if (authRequest == null || authRequest.OrganizationId != orgId)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
await _authRequestService.UpdateAuthRequestAsync(authRequest.Id, authRequest.UserId,
|
||||||
|
new AuthRequestUpdateRequestModel { RequestApproved = model.RequestApproved, Key = model.EncryptedUserKey });
|
||||||
|
}
|
||||||
|
|
||||||
|
[HttpPost("deny")]
|
||||||
|
public async Task BulkDenyRequests(Guid orgId, [FromBody] BulkDenyAdminAuthRequestRequestModel model)
|
||||||
|
{
|
||||||
|
await ValidateAdminRequest(orgId);
|
||||||
|
|
||||||
|
var authRequests = await _authRequestRepository.GetManyAdminApprovalRequestsByManyIdsAsync(orgId, model.Ids);
|
||||||
|
|
||||||
|
foreach (var authRequest in authRequests)
|
||||||
|
{
|
||||||
|
await _authRequestService.UpdateAuthRequestAsync(authRequest.Id, authRequest.UserId,
|
||||||
|
new AuthRequestUpdateRequestModel { RequestApproved = false, });
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task ValidateAdminRequest(Guid orgId)
|
||||||
|
{
|
||||||
|
if (!await _currentContext.ManageResetPassword(orgId))
|
||||||
|
{
|
||||||
|
throw new UnauthorizedAccessException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -9,6 +9,7 @@ public class AuthRequest : ITableObject<Guid>
|
|||||||
{
|
{
|
||||||
public Guid Id { get; set; }
|
public Guid Id { get; set; }
|
||||||
public Guid UserId { get; set; }
|
public Guid UserId { get; set; }
|
||||||
|
public Guid? OrganizationId { get; set; }
|
||||||
public Enums.AuthRequestType Type { get; set; }
|
public Enums.AuthRequestType Type { get; set; }
|
||||||
[MaxLength(50)]
|
[MaxLength(50)]
|
||||||
public string RequestDeviceIdentifier { get; set; }
|
public string RequestDeviceIdentifier { get; set; }
|
||||||
|
@ -3,5 +3,6 @@
|
|||||||
public enum AuthRequestType : byte
|
public enum AuthRequestType : byte
|
||||||
{
|
{
|
||||||
AuthenticateAndUnlock = 0,
|
AuthenticateAndUnlock = 0,
|
||||||
Unlock = 1
|
Unlock = 1,
|
||||||
|
AdminApproval = 2,
|
||||||
}
|
}
|
||||||
|
18
src/Core/Auth/Models/Data/OrganizationAdminAuthRequest.cs
Normal file
18
src/Core/Auth/Models/Data/OrganizationAdminAuthRequest.cs
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
using Bit.Core.Auth.Entities;
|
||||||
|
using Bit.Core.Auth.Enums;
|
||||||
|
|
||||||
|
namespace Bit.Core.Auth.Models.Data;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Represents an <see cref="AuthRequestType.AdminApproval"/> AuthRequest.
|
||||||
|
/// Includes additional user and organization information.
|
||||||
|
/// </summary>
|
||||||
|
public class OrganizationAdminAuthRequest : AuthRequest
|
||||||
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// Email address of the requesting user
|
||||||
|
/// </summary>
|
||||||
|
public string Email { get; set; }
|
||||||
|
|
||||||
|
public Guid OrganizationUserId { get; set; }
|
||||||
|
}
|
@ -1,4 +1,5 @@
|
|||||||
using Bit.Core.Auth.Entities;
|
using Bit.Core.Auth.Entities;
|
||||||
|
using Bit.Core.Auth.Models.Data;
|
||||||
|
|
||||||
namespace Bit.Core.Repositories;
|
namespace Bit.Core.Repositories;
|
||||||
|
|
||||||
@ -6,4 +7,6 @@ public interface IAuthRequestRepository : IRepository<AuthRequest, Guid>
|
|||||||
{
|
{
|
||||||
Task<int> DeleteExpiredAsync();
|
Task<int> DeleteExpiredAsync();
|
||||||
Task<ICollection<AuthRequest>> GetManyByUserIdAsync(Guid userId);
|
Task<ICollection<AuthRequest>> GetManyByUserIdAsync(Guid userId);
|
||||||
|
Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId);
|
||||||
|
Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(Guid organizationId, IEnumerable<Guid> ids);
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
using Bit.Core.Auth.Entities;
|
using Bit.Core.Auth.Entities;
|
||||||
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.Exceptions;
|
using Bit.Core.Auth.Exceptions;
|
||||||
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
|
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
@ -119,13 +120,17 @@ public class AuthRequestService : IAuthRequestService
|
|||||||
throw new DuplicateAuthRequestException();
|
throw new DuplicateAuthRequestException();
|
||||||
}
|
}
|
||||||
|
|
||||||
var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier, userId);
|
// Admin approval responses are not tied to a specific device, so we don't need to validate it.
|
||||||
if (device == null)
|
if (authRequest.Type != AuthRequestType.AdminApproval)
|
||||||
{
|
{
|
||||||
throw new BadRequestException("Invalid device.");
|
var device = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier, userId);
|
||||||
|
if (device == null)
|
||||||
|
{
|
||||||
|
throw new BadRequestException("Invalid device.");
|
||||||
|
}
|
||||||
|
authRequest.ResponseDeviceId = device.Id;
|
||||||
}
|
}
|
||||||
|
|
||||||
authRequest.ResponseDeviceId = device.Id;
|
|
||||||
authRequest.ResponseDate = DateTime.UtcNow;
|
authRequest.ResponseDate = DateTime.UtcNow;
|
||||||
authRequest.Approved = model.RequestApproved;
|
authRequest.Approved = model.RequestApproved;
|
||||||
|
|
||||||
|
14
src/Core/Exceptions/FeatureUnavailableException.cs
Normal file
14
src/Core/Exceptions/FeatureUnavailableException.cs
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
namespace Bit.Core.Exceptions;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Exception to throw when a requested feature is not yet enabled/available for the requesting context.
|
||||||
|
/// </summary>
|
||||||
|
public class FeatureUnavailableException : NotFoundException
|
||||||
|
{
|
||||||
|
public FeatureUnavailableException()
|
||||||
|
{ }
|
||||||
|
|
||||||
|
public FeatureUnavailableException(string message)
|
||||||
|
: base(message)
|
||||||
|
{ }
|
||||||
|
}
|
36
src/Core/Utilities/RequireFeatureAttribute.cs
Normal file
36
src/Core/Utilities/RequireFeatureAttribute.cs
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
|
||||||
|
namespace Bit.Core.Utilities;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Specifies that the class or method that this attribute is applied to requires the specified boolean feature flag
|
||||||
|
/// to be enabled. If the feature flag is not enabled, a <see cref="FeatureUnavailableException"/> is thrown
|
||||||
|
/// </summary>
|
||||||
|
public class RequireFeatureAttribute : ActionFilterAttribute
|
||||||
|
{
|
||||||
|
private readonly string _featureFlagKey;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Initializes a new instance of the <see cref="RequireFeatureAttribute"/> class with the specified feature flag key.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="featureFlagKey">The name of the feature flag to require.</param>
|
||||||
|
public RequireFeatureAttribute(string featureFlagKey)
|
||||||
|
{
|
||||||
|
_featureFlagKey = featureFlagKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public override void OnActionExecuting(ActionExecutingContext context)
|
||||||
|
{
|
||||||
|
var currentContext = context.HttpContext.RequestServices.GetRequiredService<ICurrentContext>();
|
||||||
|
var featureService = context.HttpContext.RequestServices.GetRequiredService<IFeatureService>();
|
||||||
|
|
||||||
|
if (!featureService.IsEnabled(_featureFlagKey, currentContext))
|
||||||
|
{
|
||||||
|
throw new FeatureUnavailableException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -1,5 +1,6 @@
|
|||||||
using System.Data;
|
using System.Data;
|
||||||
using Bit.Core.Auth.Entities;
|
using Bit.Core.Auth.Entities;
|
||||||
|
using Bit.Core.Auth.Models.Data;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using Bit.Core.Settings;
|
using Bit.Core.Settings;
|
||||||
using Bit.Infrastructure.Dapper.Repositories;
|
using Bit.Infrastructure.Dapper.Repositories;
|
||||||
@ -41,4 +42,30 @@ public class AuthRequestRepository : Repository<AuthRequest, Guid>, IAuthRequest
|
|||||||
return results.ToList();
|
return results.ToList();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId)
|
||||||
|
{
|
||||||
|
using (var connection = new SqlConnection(ConnectionString))
|
||||||
|
{
|
||||||
|
var results = await connection.QueryAsync<OrganizationAdminAuthRequest>(
|
||||||
|
$"[{Schema}].[AuthRequest_ReadPendingByOrganizationId]",
|
||||||
|
new { OrganizationId = organizationId },
|
||||||
|
commandType: CommandType.StoredProcedure);
|
||||||
|
|
||||||
|
return results.ToList();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(Guid organizationId, IEnumerable<Guid> ids)
|
||||||
|
{
|
||||||
|
using (var connection = new SqlConnection(ConnectionString))
|
||||||
|
{
|
||||||
|
var results = await connection.QueryAsync<OrganizationAdminAuthRequest>(
|
||||||
|
$"[{Schema}].[AuthRequest_ReadAdminApprovalsByIds]",
|
||||||
|
new { OrganizationId = organizationId, Ids = ids.ToGuidIdArrayTVP() },
|
||||||
|
commandType: CommandType.StoredProcedure);
|
||||||
|
|
||||||
|
return results.ToList();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,14 @@
|
|||||||
|
using Bit.Infrastructure.EntityFramework.Auth.Models;
|
||||||
|
using Microsoft.EntityFrameworkCore;
|
||||||
|
using Microsoft.EntityFrameworkCore.Metadata.Builders;
|
||||||
|
|
||||||
|
namespace Bit.Infrastructure.EntityFramework.Auth.Configurations;
|
||||||
|
|
||||||
|
public class AuthRequestConfiguration : IEntityTypeConfiguration<AuthRequest>
|
||||||
|
{
|
||||||
|
public void Configure(EntityTypeBuilder<AuthRequest> builder)
|
||||||
|
{
|
||||||
|
builder.Property(ar => ar.Id).ValueGeneratedNever();
|
||||||
|
builder.ToTable(nameof(AuthRequest));
|
||||||
|
}
|
||||||
|
}
|
@ -1,4 +1,5 @@
|
|||||||
using AutoMapper;
|
using AutoMapper;
|
||||||
|
using Bit.Core.Auth.Models.Data;
|
||||||
using Bit.Infrastructure.EntityFramework.Models;
|
using Bit.Infrastructure.EntityFramework.Models;
|
||||||
|
|
||||||
namespace Bit.Infrastructure.EntityFramework.Auth.Models;
|
namespace Bit.Infrastructure.EntityFramework.Auth.Models;
|
||||||
@ -7,6 +8,7 @@ public class AuthRequest : Core.Auth.Entities.AuthRequest
|
|||||||
{
|
{
|
||||||
public virtual User User { get; set; }
|
public virtual User User { get; set; }
|
||||||
public virtual Device ResponseDevice { get; set; }
|
public virtual Device ResponseDevice { get; set; }
|
||||||
|
public virtual Organization Organization { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public class AuthRequestMapperProfile : Profile
|
public class AuthRequestMapperProfile : Profile
|
||||||
@ -14,5 +16,9 @@ public class AuthRequestMapperProfile : Profile
|
|||||||
public AuthRequestMapperProfile()
|
public AuthRequestMapperProfile()
|
||||||
{
|
{
|
||||||
CreateMap<Core.Auth.Entities.AuthRequest, AuthRequest>().ReverseMap();
|
CreateMap<Core.Auth.Entities.AuthRequest, AuthRequest>().ReverseMap();
|
||||||
|
CreateProjection<AuthRequest, OrganizationAdminAuthRequest>()
|
||||||
|
.ForMember(m => m.Email, opt => opt.MapFrom(t => t.User.Email))
|
||||||
|
.ForMember(m => m.OrganizationUserId, opt => opt.MapFrom(
|
||||||
|
t => t.User.OrganizationUsers.FirstOrDefault(ou => ou.OrganizationId == t.OrganizationId && ou.UserId == t.UserId).Id));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
using AutoMapper;
|
using AutoMapper;
|
||||||
|
using AutoMapper.QueryableExtensions;
|
||||||
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Auth.Models.Data;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using Bit.Infrastructure.EntityFramework.Auth.Models;
|
using Bit.Infrastructure.EntityFramework.Auth.Models;
|
||||||
using Bit.Infrastructure.EntityFramework.Repositories;
|
using Bit.Infrastructure.EntityFramework.Repositories;
|
||||||
@ -33,4 +36,32 @@ public class AuthRequestRepository : Repository<Core.Auth.Entities.AuthRequest,
|
|||||||
return Mapper.Map<List<Core.Auth.Entities.AuthRequest>>(userAuthRequests);
|
return Mapper.Map<List<Core.Auth.Entities.AuthRequest>>(userAuthRequests);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId)
|
||||||
|
{
|
||||||
|
using (var scope = ServiceScopeFactory.CreateScope())
|
||||||
|
{
|
||||||
|
var dbContext = GetDatabaseContext(scope);
|
||||||
|
var orgUserAuthRequests = await (from ar in dbContext.AuthRequests
|
||||||
|
where ar.OrganizationId.Equals(organizationId) && ar.ResponseDate == null && ar.Type == AuthRequestType.AdminApproval
|
||||||
|
select ar).ProjectTo<OrganizationAdminAuthRequest>(Mapper.ConfigurationProvider).ToListAsync();
|
||||||
|
|
||||||
|
return orgUserAuthRequests;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyAdminApprovalRequestsByManyIdsAsync(
|
||||||
|
Guid organizationId,
|
||||||
|
IEnumerable<Guid> ids)
|
||||||
|
{
|
||||||
|
using (var scope = ServiceScopeFactory.CreateScope())
|
||||||
|
{
|
||||||
|
var dbContext = GetDatabaseContext(scope);
|
||||||
|
var orgUserAuthRequests = await (from ar in dbContext.AuthRequests
|
||||||
|
where ar.OrganizationId.Equals(organizationId) && ids.Contains(ar.Id) && ar.Type == AuthRequestType.AdminApproval
|
||||||
|
select ar).ProjectTo<OrganizationAdminAuthRequest>(Mapper.ConfigurationProvider).ToListAsync();
|
||||||
|
|
||||||
|
return orgUserAuthRequests;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -97,7 +97,6 @@ public class DatabaseContext : DbContext
|
|||||||
var eUser = builder.Entity<User>();
|
var eUser = builder.Entity<User>();
|
||||||
var eOrganizationApiKey = builder.Entity<OrganizationApiKey>();
|
var eOrganizationApiKey = builder.Entity<OrganizationApiKey>();
|
||||||
var eOrganizationConnection = builder.Entity<OrganizationConnection>();
|
var eOrganizationConnection = builder.Entity<OrganizationConnection>();
|
||||||
var eAuthRequest = builder.Entity<AuthRequest>();
|
|
||||||
var eOrganizationDomain = builder.Entity<OrganizationDomain>();
|
var eOrganizationDomain = builder.Entity<OrganizationDomain>();
|
||||||
|
|
||||||
eCipher.Property(c => c.Id).ValueGeneratedNever();
|
eCipher.Property(c => c.Id).ValueGeneratedNever();
|
||||||
@ -119,7 +118,6 @@ public class DatabaseContext : DbContext
|
|||||||
eUser.Property(c => c.Id).ValueGeneratedNever();
|
eUser.Property(c => c.Id).ValueGeneratedNever();
|
||||||
eOrganizationApiKey.Property(c => c.Id).ValueGeneratedNever();
|
eOrganizationApiKey.Property(c => c.Id).ValueGeneratedNever();
|
||||||
eOrganizationConnection.Property(c => c.Id).ValueGeneratedNever();
|
eOrganizationConnection.Property(c => c.Id).ValueGeneratedNever();
|
||||||
eAuthRequest.Property(ar => ar.Id).ValueGeneratedNever();
|
|
||||||
eOrganizationDomain.Property(ar => ar.Id).ValueGeneratedNever();
|
eOrganizationDomain.Property(ar => ar.Id).ValueGeneratedNever();
|
||||||
|
|
||||||
eCollectionCipher.HasKey(cc => new { cc.CollectionId, cc.CipherId });
|
eCollectionCipher.HasKey(cc => new { cc.CollectionId, cc.CipherId });
|
||||||
@ -171,7 +169,6 @@ public class DatabaseContext : DbContext
|
|||||||
eUser.ToTable(nameof(User));
|
eUser.ToTable(nameof(User));
|
||||||
eOrganizationApiKey.ToTable(nameof(OrganizationApiKey));
|
eOrganizationApiKey.ToTable(nameof(OrganizationApiKey));
|
||||||
eOrganizationConnection.ToTable(nameof(OrganizationConnection));
|
eOrganizationConnection.ToTable(nameof(OrganizationConnection));
|
||||||
eAuthRequest.ToTable(nameof(AuthRequest));
|
|
||||||
eOrganizationDomain.ToTable(nameof(OrganizationDomain));
|
eOrganizationDomain.ToTable(nameof(OrganizationDomain));
|
||||||
|
|
||||||
ConfigureDateTimeUtcQueries(builder);
|
ConfigureDateTimeUtcQueries(builder);
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
CREATE PROCEDURE [dbo].[AuthRequest_Create]
|
CREATE PROCEDURE [dbo].[AuthRequest_Create]
|
||||||
@Id UNIQUEIDENTIFIER OUTPUT,
|
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||||
@UserId UNIQUEIDENTIFIER,
|
@UserId UNIQUEIDENTIFIER,
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||||
@Type TINYINT,
|
@Type TINYINT,
|
||||||
@RequestDeviceIdentifier NVARCHAR(50),
|
@RequestDeviceIdentifier NVARCHAR(50),
|
||||||
@RequestDeviceType TINYINT,
|
@RequestDeviceType TINYINT,
|
||||||
@ -22,6 +23,7 @@ BEGIN
|
|||||||
(
|
(
|
||||||
[Id],
|
[Id],
|
||||||
[UserId],
|
[UserId],
|
||||||
|
[OrganizationId],
|
||||||
[Type],
|
[Type],
|
||||||
[RequestDeviceIdentifier],
|
[RequestDeviceIdentifier],
|
||||||
[RequestDeviceType],
|
[RequestDeviceType],
|
||||||
@ -40,6 +42,7 @@ BEGIN
|
|||||||
(
|
(
|
||||||
@Id,
|
@Id,
|
||||||
@UserId,
|
@UserId,
|
||||||
|
@OrganizationId,
|
||||||
@Type,
|
@Type,
|
||||||
@RequestDeviceIdentifier,
|
@RequestDeviceIdentifier,
|
||||||
@RequestDeviceType,
|
@RequestDeviceType,
|
||||||
@ -54,4 +57,4 @@ BEGIN
|
|||||||
@ResponseDate,
|
@ResponseDate,
|
||||||
@AuthenticationDate
|
@AuthenticationDate
|
||||||
)
|
)
|
||||||
END
|
END
|
@ -0,0 +1,20 @@
|
|||||||
|
CREATE PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER,
|
||||||
|
@Ids AS [dbo].[GuidIdArray] READONLY
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
SELECT
|
||||||
|
ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
|
||||||
|
FROM
|
||||||
|
[dbo].[AuthRequestView] ar
|
||||||
|
INNER JOIN
|
||||||
|
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||||
|
WHERE
|
||||||
|
ar.[OrganizationId] = @OrganizationId
|
||||||
|
AND
|
||||||
|
ar.[Type] = 2 -- AdminApproval
|
||||||
|
AND
|
||||||
|
ar.[Id] IN (SELECT [Id] FROM @Ids)
|
||||||
|
END
|
@ -0,0 +1,19 @@
|
|||||||
|
CREATE PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
SELECT
|
||||||
|
ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
|
||||||
|
FROM
|
||||||
|
[dbo].[AuthRequestView] ar
|
||||||
|
INNER JOIN
|
||||||
|
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||||
|
WHERE
|
||||||
|
ar.[OrganizationId] = @OrganizationId
|
||||||
|
AND
|
||||||
|
ar.[ResponseDate] IS NULL
|
||||||
|
AND
|
||||||
|
ar.[Type] = 2 -- AdminApproval
|
||||||
|
END
|
@ -1,6 +1,7 @@
|
|||||||
CREATE PROCEDURE [dbo].[AuthRequest_Update]
|
CREATE PROCEDURE [dbo].[AuthRequest_Update]
|
||||||
@Id UNIQUEIDENTIFIER OUTPUT,
|
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||||
@UserId UNIQUEIDENTIFIER,
|
@UserId UNIQUEIDENTIFIER,
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||||
@Type SMALLINT,
|
@Type SMALLINT,
|
||||||
@RequestDeviceIdentifier NVARCHAR(50),
|
@RequestDeviceIdentifier NVARCHAR(50),
|
||||||
@RequestDeviceType SMALLINT,
|
@RequestDeviceType SMALLINT,
|
||||||
@ -23,6 +24,7 @@ BEGIN
|
|||||||
SET
|
SET
|
||||||
[UserId] = @UserId,
|
[UserId] = @UserId,
|
||||||
[Type] = @Type,
|
[Type] = @Type,
|
||||||
|
[OrganizationId] = @OrganizationId,
|
||||||
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
|
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
|
||||||
[RequestDeviceType] = @RequestDeviceType,
|
[RequestDeviceType] = @RequestDeviceType,
|
||||||
[RequestIpAddress] = @RequestIpAddress,
|
[RequestIpAddress] = @RequestIpAddress,
|
||||||
|
@ -14,9 +14,11 @@
|
|||||||
[CreationDate] DATETIME2 (7) NOT NULL,
|
[CreationDate] DATETIME2 (7) NOT NULL,
|
||||||
[ResponseDate] DATETIME2 (7) NULL,
|
[ResponseDate] DATETIME2 (7) NULL,
|
||||||
[AuthenticationDate] DATETIME2 (7) NULL,
|
[AuthenticationDate] DATETIME2 (7) NULL,
|
||||||
|
[OrganizationId] UNIQUEIDENTIFIER NULL,
|
||||||
CONSTRAINT [PK_AuthRequest] PRIMARY KEY CLUSTERED ([Id] ASC),
|
CONSTRAINT [PK_AuthRequest] PRIMARY KEY CLUSTERED ([Id] ASC),
|
||||||
CONSTRAINT [FK_AuthRequest_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id]),
|
CONSTRAINT [FK_AuthRequest_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id]),
|
||||||
CONSTRAINT [FK_AuthRequest_ResponseDevice] FOREIGN KEY ([ResponseDeviceId]) REFERENCES [dbo].[Device] ([Id])
|
CONSTRAINT [FK_AuthRequest_ResponseDevice] FOREIGN KEY ([ResponseDeviceId]) REFERENCES [dbo].[Device] ([Id]),
|
||||||
|
CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
|
85
test/Core.Test/Utilities/RequireFeatureAttributeTests.cs
Normal file
85
test/Core.Test/Utilities/RequireFeatureAttributeTests.cs
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Abstractions;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
using Microsoft.AspNetCore.Routing;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.Utilities;
|
||||||
|
|
||||||
|
public class RequireFeatureAttributeTests
|
||||||
|
{
|
||||||
|
private const string _testFeature = "test-feature";
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void Throws_When_Feature_Disabled()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var rfa = new RequireFeatureAttribute(_testFeature);
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
Assert.Throws<FeatureUnavailableException>(() => rfa.OnActionExecuting(GetContext(enabled: false)));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void Throws_When_Feature_Not_Found()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var rfa = new RequireFeatureAttribute("missing-feature");
|
||||||
|
|
||||||
|
// Act & Assert
|
||||||
|
Assert.Throws<FeatureUnavailableException>(() => rfa.OnActionExecuting(GetContext(enabled: false)));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void Success_When_Feature_Enabled()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var rfa = new RequireFeatureAttribute(_testFeature);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
rfa.OnActionExecuting(GetContext(enabled: true));
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
// The Assert here is NOT throwing an exception
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Generates a ActionExecutingContext with the necessary services registered to test
|
||||||
|
/// the <see cref="RequireFeatureAttribute"/>
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="enabled">Mock value for the <see cref="_testFeature"/> flag</param>
|
||||||
|
/// <returns></returns>
|
||||||
|
private static ActionExecutingContext GetContext(bool enabled)
|
||||||
|
{
|
||||||
|
IServiceCollection services = new ServiceCollection();
|
||||||
|
|
||||||
|
var featureService = Substitute.For<IFeatureService>();
|
||||||
|
var currentContext = Substitute.For<ICurrentContext>();
|
||||||
|
|
||||||
|
featureService.IsEnabled(_testFeature, Arg.Any<ICurrentContext>()).Returns(enabled);
|
||||||
|
|
||||||
|
services.AddSingleton(featureService);
|
||||||
|
services.AddSingleton(currentContext);
|
||||||
|
|
||||||
|
var httpContext = new DefaultHttpContext();
|
||||||
|
httpContext.RequestServices = services.BuildServiceProvider();
|
||||||
|
|
||||||
|
var context = Substitute.For<ActionExecutingContext>(
|
||||||
|
Substitute.For<ActionContext>(httpContext,
|
||||||
|
new RouteData(),
|
||||||
|
Substitute.For<ActionDescriptor>()),
|
||||||
|
new List<IFilterMetadata>(),
|
||||||
|
new Dictionary<string, object>(),
|
||||||
|
Substitute.For<Controller>());
|
||||||
|
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
}
|
@ -41,9 +41,11 @@ internal class EfAuthRequest : ICustomization
|
|||||||
fixture.Customizations.Add(new GlobalSettingsBuilder());
|
fixture.Customizations.Add(new GlobalSettingsBuilder());
|
||||||
fixture.Customizations.Add(new AuthRequestBuilder());
|
fixture.Customizations.Add(new AuthRequestBuilder());
|
||||||
fixture.Customizations.Add(new DeviceBuilder());
|
fixture.Customizations.Add(new DeviceBuilder());
|
||||||
|
fixture.Customizations.Add(new OrganizationBuilder());
|
||||||
fixture.Customizations.Add(new UserBuilder());
|
fixture.Customizations.Add(new UserBuilder());
|
||||||
fixture.Customizations.Add(new EfRepositoryListBuilder<AuthRequestRepository>());
|
fixture.Customizations.Add(new EfRepositoryListBuilder<AuthRequestRepository>());
|
||||||
fixture.Customizations.Add(new EfRepositoryListBuilder<DeviceRepository>());
|
fixture.Customizations.Add(new EfRepositoryListBuilder<DeviceRepository>());
|
||||||
|
fixture.Customizations.Add(new EfRepositoryListBuilder<OrganizationRepository>());
|
||||||
fixture.Customizations.Add(new EfRepositoryListBuilder<UserRepository>());
|
fixture.Customizations.Add(new EfRepositoryListBuilder<UserRepository>());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -19,9 +19,12 @@ public class AuthRequestRepositoryTests
|
|||||||
AuthRequestCompare equalityComparer,
|
AuthRequestCompare equalityComparer,
|
||||||
List<EfAuthRepo.AuthRequestRepository> suts,
|
List<EfAuthRepo.AuthRequestRepository> suts,
|
||||||
SqlAuthRepo.AuthRequestRepository sqlAuthRequestRepo,
|
SqlAuthRepo.AuthRequestRepository sqlAuthRequestRepo,
|
||||||
|
Organization organization,
|
||||||
User user,
|
User user,
|
||||||
List<EfRepo.UserRepository> efUserRepos,
|
List<EfRepo.UserRepository> efUserRepos,
|
||||||
SqlRepo.UserRepository sqlUserRepo
|
List<EfRepo.OrganizationRepository> efOrgRepos,
|
||||||
|
SqlRepo.UserRepository sqlUserRepo,
|
||||||
|
SqlRepo.OrganizationRepository sqlOrgRepo
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
authRequest.ResponseDeviceId = null;
|
authRequest.ResponseDeviceId = null;
|
||||||
@ -34,6 +37,10 @@ public class AuthRequestRepositoryTests
|
|||||||
sut.ClearChangeTracking();
|
sut.ClearChangeTracking();
|
||||||
authRequest.UserId = efUser.Id;
|
authRequest.UserId = efUser.Id;
|
||||||
|
|
||||||
|
var efOrg = await efOrgRepos[i].CreateAsync(organization);
|
||||||
|
sut.ClearChangeTracking();
|
||||||
|
authRequest.OrganizationId = efOrg.Id;
|
||||||
|
|
||||||
var postEfAuthRequest = await sut.CreateAsync(authRequest);
|
var postEfAuthRequest = await sut.CreateAsync(authRequest);
|
||||||
sut.ClearChangeTracking();
|
sut.ClearChangeTracking();
|
||||||
|
|
||||||
@ -43,6 +50,8 @@ public class AuthRequestRepositoryTests
|
|||||||
|
|
||||||
var sqlUser = await sqlUserRepo.CreateAsync(user);
|
var sqlUser = await sqlUserRepo.CreateAsync(user);
|
||||||
authRequest.UserId = sqlUser.Id;
|
authRequest.UserId = sqlUser.Id;
|
||||||
|
var sqlOrg = await sqlOrgRepo.CreateAsync(organization);
|
||||||
|
authRequest.OrganizationId = sqlOrg.Id;
|
||||||
var sqlAuthRequest = await sqlAuthRequestRepo.CreateAsync(authRequest);
|
var sqlAuthRequest = await sqlAuthRequestRepo.CreateAsync(authRequest);
|
||||||
var savedSqlAuthRequest = await sqlAuthRequestRepo.GetByIdAsync(sqlAuthRequest.Id);
|
var savedSqlAuthRequest = await sqlAuthRequestRepo.GetByIdAsync(sqlAuthRequest.Id);
|
||||||
savedAuthRequests.Add(savedSqlAuthRequest);
|
savedAuthRequests.Add(savedSqlAuthRequest);
|
||||||
|
193
util/Migrator/DbScripts/2023-06-01_00_TdeAdminApproval.sql
Normal file
193
util/Migrator/DbScripts/2023-06-01_00_TdeAdminApproval.sql
Normal file
@ -0,0 +1,193 @@
|
|||||||
|
--Add OrganizationId Column and Foreign Key
|
||||||
|
IF COL_LENGTH('[dbo].[AuthRequest]', 'OrganizationId') IS NULL
|
||||||
|
BEGIN
|
||||||
|
ALTER TABLE
|
||||||
|
[dbo].[AuthRequest]
|
||||||
|
ADD [OrganizationId] UNIQUEIDENTIFIER NULL;
|
||||||
|
ALTER TABLE
|
||||||
|
[dbo].[AuthRequest]
|
||||||
|
ADD CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
|
||||||
|
END
|
||||||
|
GO
|
||||||
|
|
||||||
|
-- Drop and recreate view
|
||||||
|
IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
|
||||||
|
BEGIN
|
||||||
|
DROP VIEW [dbo].[AuthRequestView]
|
||||||
|
END
|
||||||
|
GO
|
||||||
|
|
||||||
|
CREATE VIEW [dbo].[AuthRequestView]
|
||||||
|
AS
|
||||||
|
SELECT
|
||||||
|
*
|
||||||
|
FROM
|
||||||
|
[dbo].[AuthRequest]
|
||||||
|
GO
|
||||||
|
|
||||||
|
--Drop existing SPROC
|
||||||
|
IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
|
||||||
|
BEGIN
|
||||||
|
DROP PROCEDURE [dbo].[AuthRequest_Update]
|
||||||
|
END
|
||||||
|
GO
|
||||||
|
|
||||||
|
--Create SPROC with OrganizationId column
|
||||||
|
CREATE PROCEDURE [dbo].[AuthRequest_Update]
|
||||||
|
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||||
|
@UserId UNIQUEIDENTIFIER,
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||||
|
@Type SMALLINT,
|
||||||
|
@RequestDeviceIdentifier NVARCHAR(50),
|
||||||
|
@RequestDeviceType SMALLINT,
|
||||||
|
@RequestIpAddress VARCHAR(50),
|
||||||
|
@ResponseDeviceId UNIQUEIDENTIFIER,
|
||||||
|
@AccessCode VARCHAR(25),
|
||||||
|
@PublicKey VARCHAR(MAX),
|
||||||
|
@Key VARCHAR(MAX),
|
||||||
|
@MasterPasswordHash VARCHAR(MAX),
|
||||||
|
@Approved BIT,
|
||||||
|
@CreationDate DATETIME2 (7),
|
||||||
|
@ResponseDate DATETIME2 (7),
|
||||||
|
@AuthenticationDate DATETIME2 (7)
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
UPDATE
|
||||||
|
[dbo].[AuthRequest]
|
||||||
|
SET
|
||||||
|
[UserId] = @UserId,
|
||||||
|
[Type] = @Type,
|
||||||
|
[OrganizationId] = @OrganizationId,
|
||||||
|
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
|
||||||
|
[RequestDeviceType] = @RequestDeviceType,
|
||||||
|
[RequestIpAddress] = @RequestIpAddress,
|
||||||
|
[ResponseDeviceId] = @ResponseDeviceId,
|
||||||
|
[AccessCode] = @AccessCode,
|
||||||
|
[PublicKey] = @PublicKey,
|
||||||
|
[Key] = @Key,
|
||||||
|
[MasterPasswordHash] = @MasterPasswordHash,
|
||||||
|
[Approved] = @Approved,
|
||||||
|
[CreationDate] = @CreationDate,
|
||||||
|
[ResponseDate] = @ResponseDate,
|
||||||
|
[AuthenticationDate] = @AuthenticationDate
|
||||||
|
WHERE
|
||||||
|
[Id] = @Id
|
||||||
|
END
|
||||||
|
GO
|
||||||
|
|
||||||
|
--Drop existing SPROC
|
||||||
|
IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
|
||||||
|
BEGIN
|
||||||
|
DROP PROCEDURE [dbo].[AuthRequest_Create]
|
||||||
|
END
|
||||||
|
GO
|
||||||
|
|
||||||
|
--Create SPROC with OrganizationId column
|
||||||
|
CREATE PROCEDURE [dbo].[AuthRequest_Create]
|
||||||
|
@Id UNIQUEIDENTIFIER OUTPUT,
|
||||||
|
@UserId UNIQUEIDENTIFIER,
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
||||||
|
@Type TINYINT,
|
||||||
|
@RequestDeviceIdentifier NVARCHAR(50),
|
||||||
|
@RequestDeviceType TINYINT,
|
||||||
|
@RequestIpAddress VARCHAR(50),
|
||||||
|
@ResponseDeviceId UNIQUEIDENTIFIER,
|
||||||
|
@AccessCode VARCHAR(25),
|
||||||
|
@PublicKey VARCHAR(MAX),
|
||||||
|
@Key VARCHAR(MAX),
|
||||||
|
@MasterPasswordHash VARCHAR(MAX),
|
||||||
|
@Approved BIT,
|
||||||
|
@CreationDate DATETIME2(7),
|
||||||
|
@ResponseDate DATETIME2(7),
|
||||||
|
@AuthenticationDate DATETIME2(7)
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
INSERT INTO [dbo].[AuthRequest]
|
||||||
|
(
|
||||||
|
[Id],
|
||||||
|
[UserId],
|
||||||
|
[OrganizationId],
|
||||||
|
[Type],
|
||||||
|
[RequestDeviceIdentifier],
|
||||||
|
[RequestDeviceType],
|
||||||
|
[RequestIpAddress],
|
||||||
|
[ResponseDeviceId],
|
||||||
|
[AccessCode],
|
||||||
|
[PublicKey],
|
||||||
|
[Key],
|
||||||
|
[MasterPasswordHash],
|
||||||
|
[Approved],
|
||||||
|
[CreationDate],
|
||||||
|
[ResponseDate],
|
||||||
|
[AuthenticationDate]
|
||||||
|
)
|
||||||
|
VALUES
|
||||||
|
(
|
||||||
|
@Id,
|
||||||
|
@UserId,
|
||||||
|
@OrganizationId,
|
||||||
|
@Type,
|
||||||
|
@RequestDeviceIdentifier,
|
||||||
|
@RequestDeviceType,
|
||||||
|
@RequestIpAddress,
|
||||||
|
@ResponseDeviceId,
|
||||||
|
@AccessCode,
|
||||||
|
@PublicKey,
|
||||||
|
@Key,
|
||||||
|
@MasterPasswordHash,
|
||||||
|
@Approved,
|
||||||
|
@CreationDate,
|
||||||
|
@ResponseDate,
|
||||||
|
@AuthenticationDate
|
||||||
|
)
|
||||||
|
END
|
||||||
|
Go
|
||||||
|
|
||||||
|
-- New SPROC
|
||||||
|
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER,
|
||||||
|
@Ids AS [dbo].[GuidIdArray] READONLY
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
SELECT
|
||||||
|
ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
|
||||||
|
FROM
|
||||||
|
[dbo].[AuthRequestView] ar
|
||||||
|
INNER JOIN
|
||||||
|
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||||
|
WHERE
|
||||||
|
ar.[OrganizationId] = @OrganizationId
|
||||||
|
AND
|
||||||
|
ar.[Type] = 2 -- AdminApproval
|
||||||
|
AND
|
||||||
|
ar.[Id] IN (SELECT [Id] FROM @Ids)
|
||||||
|
END
|
||||||
|
GO
|
||||||
|
|
||||||
|
-- New SPROC
|
||||||
|
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
SELECT
|
||||||
|
ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
|
||||||
|
FROM
|
||||||
|
[dbo].[AuthRequestView] ar
|
||||||
|
INNER JOIN
|
||||||
|
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
||||||
|
WHERE
|
||||||
|
ar.[OrganizationId] = @OrganizationId
|
||||||
|
AND
|
||||||
|
ar.[ResponseDate] IS NULL
|
||||||
|
AND
|
||||||
|
ar.[Type] = 2 -- AdminApproval
|
||||||
|
END
|
||||||
|
GO
|
2201
util/MySqlMigrations/Migrations/20230605183142_TdeAdminApproval.Designer.cs
generated
Normal file
2201
util/MySqlMigrations/Migrations/20230605183142_TdeAdminApproval.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,45 @@
|
|||||||
|
using Microsoft.EntityFrameworkCore.Migrations;
|
||||||
|
|
||||||
|
#nullable disable
|
||||||
|
|
||||||
|
namespace Bit.MySqlMigrations.Migrations;
|
||||||
|
|
||||||
|
public partial class TdeAdminApproval : Migration
|
||||||
|
{
|
||||||
|
protected override void Up(MigrationBuilder migrationBuilder)
|
||||||
|
{
|
||||||
|
migrationBuilder.AddColumn<Guid>(
|
||||||
|
name: "OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
type: "char(36)",
|
||||||
|
nullable: true,
|
||||||
|
collation: "ascii_general_ci");
|
||||||
|
|
||||||
|
migrationBuilder.CreateIndex(
|
||||||
|
name: "IX_AuthRequest_OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
column: "OrganizationId");
|
||||||
|
|
||||||
|
migrationBuilder.AddForeignKey(
|
||||||
|
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
column: "OrganizationId",
|
||||||
|
principalTable: "Organization",
|
||||||
|
principalColumn: "Id");
|
||||||
|
}
|
||||||
|
|
||||||
|
protected override void Down(MigrationBuilder migrationBuilder)
|
||||||
|
{
|
||||||
|
migrationBuilder.DropForeignKey(
|
||||||
|
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
|
||||||
|
migrationBuilder.DropIndex(
|
||||||
|
name: "IX_AuthRequest_OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
|
||||||
|
migrationBuilder.DropColumn(
|
||||||
|
name: "OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
}
|
||||||
|
}
|
@ -43,6 +43,9 @@ namespace Bit.MySqlMigrations.Migrations
|
|||||||
b.Property<string>("MasterPasswordHash")
|
b.Property<string>("MasterPasswordHash")
|
||||||
.HasColumnType("longtext");
|
.HasColumnType("longtext");
|
||||||
|
|
||||||
|
b.Property<Guid?>("OrganizationId")
|
||||||
|
.HasColumnType("char(36)");
|
||||||
|
|
||||||
b.Property<string>("PublicKey")
|
b.Property<string>("PublicKey")
|
||||||
.HasColumnType("longtext");
|
.HasColumnType("longtext");
|
||||||
|
|
||||||
@ -71,6 +74,8 @@ namespace Bit.MySqlMigrations.Migrations
|
|||||||
|
|
||||||
b.HasKey("Id");
|
b.HasKey("Id");
|
||||||
|
|
||||||
|
b.HasIndex("OrganizationId");
|
||||||
|
|
||||||
b.HasIndex("ResponseDeviceId");
|
b.HasIndex("ResponseDeviceId");
|
||||||
|
|
||||||
b.HasIndex("UserId");
|
b.HasIndex("UserId");
|
||||||
@ -1658,6 +1663,10 @@ namespace Bit.MySqlMigrations.Migrations
|
|||||||
|
|
||||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
||||||
{
|
{
|
||||||
|
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
|
||||||
|
.WithMany()
|
||||||
|
.HasForeignKey("OrganizationId");
|
||||||
|
|
||||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
||||||
.WithMany()
|
.WithMany()
|
||||||
.HasForeignKey("ResponseDeviceId");
|
.HasForeignKey("ResponseDeviceId");
|
||||||
@ -1668,6 +1677,8 @@ namespace Bit.MySqlMigrations.Migrations
|
|||||||
.OnDelete(DeleteBehavior.Cascade)
|
.OnDelete(DeleteBehavior.Cascade)
|
||||||
.IsRequired();
|
.IsRequired();
|
||||||
|
|
||||||
|
b.Navigation("Organization");
|
||||||
|
|
||||||
b.Navigation("ResponseDevice");
|
b.Navigation("ResponseDevice");
|
||||||
|
|
||||||
b.Navigation("User");
|
b.Navigation("User");
|
||||||
|
2212
util/PostgresMigrations/Migrations/20230605182609_TdeAdminApproval.Designer.cs
generated
Normal file
2212
util/PostgresMigrations/Migrations/20230605182609_TdeAdminApproval.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,44 @@
|
|||||||
|
using Microsoft.EntityFrameworkCore.Migrations;
|
||||||
|
|
||||||
|
#nullable disable
|
||||||
|
|
||||||
|
namespace Bit.PostgresMigrations.Migrations;
|
||||||
|
|
||||||
|
public partial class TdeAdminApproval : Migration
|
||||||
|
{
|
||||||
|
protected override void Up(MigrationBuilder migrationBuilder)
|
||||||
|
{
|
||||||
|
migrationBuilder.AddColumn<Guid>(
|
||||||
|
name: "OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
type: "uuid",
|
||||||
|
nullable: true);
|
||||||
|
|
||||||
|
migrationBuilder.CreateIndex(
|
||||||
|
name: "IX_AuthRequest_OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
column: "OrganizationId");
|
||||||
|
|
||||||
|
migrationBuilder.AddForeignKey(
|
||||||
|
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
column: "OrganizationId",
|
||||||
|
principalTable: "Organization",
|
||||||
|
principalColumn: "Id");
|
||||||
|
}
|
||||||
|
|
||||||
|
protected override void Down(MigrationBuilder migrationBuilder)
|
||||||
|
{
|
||||||
|
migrationBuilder.DropForeignKey(
|
||||||
|
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
|
||||||
|
migrationBuilder.DropIndex(
|
||||||
|
name: "IX_AuthRequest_OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
|
||||||
|
migrationBuilder.DropColumn(
|
||||||
|
name: "OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
}
|
||||||
|
}
|
@ -47,6 +47,9 @@ namespace Bit.PostgresMigrations.Migrations
|
|||||||
b.Property<string>("MasterPasswordHash")
|
b.Property<string>("MasterPasswordHash")
|
||||||
.HasColumnType("text");
|
.HasColumnType("text");
|
||||||
|
|
||||||
|
b.Property<Guid?>("OrganizationId")
|
||||||
|
.HasColumnType("uuid");
|
||||||
|
|
||||||
b.Property<string>("PublicKey")
|
b.Property<string>("PublicKey")
|
||||||
.HasColumnType("text");
|
.HasColumnType("text");
|
||||||
|
|
||||||
@ -75,6 +78,8 @@ namespace Bit.PostgresMigrations.Migrations
|
|||||||
|
|
||||||
b.HasKey("Id");
|
b.HasKey("Id");
|
||||||
|
|
||||||
|
b.HasIndex("OrganizationId");
|
||||||
|
|
||||||
b.HasIndex("ResponseDeviceId");
|
b.HasIndex("ResponseDeviceId");
|
||||||
|
|
||||||
b.HasIndex("UserId");
|
b.HasIndex("UserId");
|
||||||
@ -1669,6 +1674,10 @@ namespace Bit.PostgresMigrations.Migrations
|
|||||||
|
|
||||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
||||||
{
|
{
|
||||||
|
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
|
||||||
|
.WithMany()
|
||||||
|
.HasForeignKey("OrganizationId");
|
||||||
|
|
||||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
||||||
.WithMany()
|
.WithMany()
|
||||||
.HasForeignKey("ResponseDeviceId");
|
.HasForeignKey("ResponseDeviceId");
|
||||||
@ -1679,6 +1688,8 @@ namespace Bit.PostgresMigrations.Migrations
|
|||||||
.OnDelete(DeleteBehavior.Cascade)
|
.OnDelete(DeleteBehavior.Cascade)
|
||||||
.IsRequired();
|
.IsRequired();
|
||||||
|
|
||||||
|
b.Navigation("Organization");
|
||||||
|
|
||||||
b.Navigation("ResponseDevice");
|
b.Navigation("ResponseDevice");
|
||||||
|
|
||||||
b.Navigation("User");
|
b.Navigation("User");
|
||||||
|
2199
util/SqliteMigrations/Migrations/20230605182605_TdeAdminApproval.Designer.cs
generated
Normal file
2199
util/SqliteMigrations/Migrations/20230605182605_TdeAdminApproval.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,44 @@
|
|||||||
|
using Microsoft.EntityFrameworkCore.Migrations;
|
||||||
|
|
||||||
|
#nullable disable
|
||||||
|
|
||||||
|
namespace Bit.SqliteMigrations.Migrations;
|
||||||
|
|
||||||
|
public partial class TdeAdminApproval : Migration
|
||||||
|
{
|
||||||
|
protected override void Up(MigrationBuilder migrationBuilder)
|
||||||
|
{
|
||||||
|
migrationBuilder.AddColumn<Guid>(
|
||||||
|
name: "OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
type: "TEXT",
|
||||||
|
nullable: true);
|
||||||
|
|
||||||
|
migrationBuilder.CreateIndex(
|
||||||
|
name: "IX_AuthRequest_OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
column: "OrganizationId");
|
||||||
|
|
||||||
|
migrationBuilder.AddForeignKey(
|
||||||
|
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||||
|
table: "AuthRequest",
|
||||||
|
column: "OrganizationId",
|
||||||
|
principalTable: "Organization",
|
||||||
|
principalColumn: "Id");
|
||||||
|
}
|
||||||
|
|
||||||
|
protected override void Down(MigrationBuilder migrationBuilder)
|
||||||
|
{
|
||||||
|
migrationBuilder.DropForeignKey(
|
||||||
|
name: "FK_AuthRequest_Organization_OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
|
||||||
|
migrationBuilder.DropIndex(
|
||||||
|
name: "IX_AuthRequest_OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
|
||||||
|
migrationBuilder.DropColumn(
|
||||||
|
name: "OrganizationId",
|
||||||
|
table: "AuthRequest");
|
||||||
|
}
|
||||||
|
}
|
@ -41,6 +41,9 @@ namespace Bit.SqliteMigrations.Migrations
|
|||||||
b.Property<string>("MasterPasswordHash")
|
b.Property<string>("MasterPasswordHash")
|
||||||
.HasColumnType("TEXT");
|
.HasColumnType("TEXT");
|
||||||
|
|
||||||
|
b.Property<Guid?>("OrganizationId")
|
||||||
|
.HasColumnType("TEXT");
|
||||||
|
|
||||||
b.Property<string>("PublicKey")
|
b.Property<string>("PublicKey")
|
||||||
.HasColumnType("TEXT");
|
.HasColumnType("TEXT");
|
||||||
|
|
||||||
@ -69,6 +72,8 @@ namespace Bit.SqliteMigrations.Migrations
|
|||||||
|
|
||||||
b.HasKey("Id");
|
b.HasKey("Id");
|
||||||
|
|
||||||
|
b.HasIndex("OrganizationId");
|
||||||
|
|
||||||
b.HasIndex("ResponseDeviceId");
|
b.HasIndex("ResponseDeviceId");
|
||||||
|
|
||||||
b.HasIndex("UserId");
|
b.HasIndex("UserId");
|
||||||
@ -1656,6 +1661,10 @@ namespace Bit.SqliteMigrations.Migrations
|
|||||||
|
|
||||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
|
||||||
{
|
{
|
||||||
|
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
|
||||||
|
.WithMany()
|
||||||
|
.HasForeignKey("OrganizationId");
|
||||||
|
|
||||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
|
||||||
.WithMany()
|
.WithMany()
|
||||||
.HasForeignKey("ResponseDeviceId");
|
.HasForeignKey("ResponseDeviceId");
|
||||||
@ -1666,6 +1675,8 @@ namespace Bit.SqliteMigrations.Migrations
|
|||||||
.OnDelete(DeleteBehavior.Cascade)
|
.OnDelete(DeleteBehavior.Cascade)
|
||||||
.IsRequired();
|
.IsRequired();
|
||||||
|
|
||||||
|
b.Navigation("Organization");
|
||||||
|
|
||||||
b.Navigation("ResponseDevice");
|
b.Navigation("ResponseDevice");
|
||||||
|
|
||||||
b.Navigation("User");
|
b.Navigation("User");
|
||||||
|
Loading…
Reference in New Issue
Block a user