adjust date validation for send (#1137)

2025-02-02 23:41:21 +01:00 · 2021-02-11 14:39:21 -05:00 · 2021-02-11 14:39:21 -05:00 · c3a99402f8
commit c3a99402f8
parent 7c9ea83ad2
2 changed files with 24 additions and 5 deletions
--- a/src/Api/Controllers/SendsController.cs
+++ b/src/Api/Controllers/SendsController.cs
@ -122,6 +122,7 @@ namespace Bit.Api.Controllers
        [HttpPut("{id}")]
        public async Task<SendResponseModel> Put(string id, [FromBody] SendRequestModel model)
        {
+            model.ValidateEdit();
            var userId = _userService.GetProperUserId(User).Value;
            var send = await _sendRepository.GetByIdAsync(new Guid(id));
            if (send == null || send.UserId != userId)
--- a/src/Core/Models/Api/Request/SendRequestModel.cs
+++ b/src/Core/Models/Api/Request/SendRequestModel.cs
@ -81,17 +81,35 @@ namespace Bit.Core.Models.Api

        public void ValidateCreation()
        {
+            var now = DateTime.UtcNow;
            // Add 1 minute for a sane buffer and client clock float
-            var nowPlus1Minute = DateTime.UtcNow.AddMinutes(1);
+            var nowPlus1Minute = now.AddMinutes(1);
            if (ExpirationDate.HasValue && ExpirationDate.Value <= nowPlus1Minute)
            {
-                throw new BadRequestException("You cannot create a send that is already expired. " +
+                throw new BadRequestException("You cannot create a Send that is already expired. " +
                    "Adjust the expiration date and try again.");
            }
-            if (DeletionDate.HasValue && DeletionDate.Value <= nowPlus1Minute)
+            ValidateEdit();
+        }
+
+        public void ValidateEdit()
+        {
+            var now = DateTime.UtcNow;
+            // Add 1 minute for a sane buffer and client clock float
+            var nowPlus1Minute = now.AddMinutes(1);
+            if (DeletionDate.HasValue)
            {
-                throw new BadRequestException("You cannot create a send that is already deleted. " +
-                    "Adjust the deletion date and try again.");
+                if (DeletionDate.Value <= nowPlus1Minute)
+                {
+                    throw new BadRequestException("You cannot have a Send with a deletion date in the past. " +
+                        "Adjust the deletion date and try again.");
+                }
+                if (DeletionDate.Value > now.AddDays(31))
+                {
+                    throw new BadRequestException("You cannot have a Send with a deletion date that far " +
+                        "into the future. Adjust the Deletion Date to a value less than 31 days from now " +
+                        "and try again.");
+                }
            }
        }