From cf4d8a4f9243e969fe13a360e6331887d3d04aac Mon Sep 17 00:00:00 2001 From: Todd Martin <106564991+trmartin4@users.noreply.github.com> Date: Fri, 22 Dec 2023 15:12:27 -0500 Subject: [PATCH] [PM-2740] Add null check on base64-encoded values on knowndevice query (#3586) * Added null check on header-based knowndevice call to match query-string implementation. * Updated to use model binding instead of individual inputs. * Linting. --- src/Api/Controllers/DevicesController.cs | 9 ++++----- .../Models/Request/KnownDeviceRequestModel.cs | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 src/Api/Models/Request/KnownDeviceRequestModel.cs diff --git a/src/Api/Controllers/DevicesController.cs b/src/Api/Controllers/DevicesController.cs index b462e51df..6787fe515 100644 --- a/src/Api/Controllers/DevicesController.cs +++ b/src/Api/Controllers/DevicesController.cs @@ -1,4 +1,5 @@ -using Bit.Api.Auth.Models.Request; +using Api.Models.Request; +using Bit.Api.Auth.Models.Request; using Bit.Api.Auth.Models.Request.Accounts; using Bit.Api.Models.Request; using Bit.Api.Models.Response; @@ -206,10 +207,8 @@ public class DevicesController : Controller [AllowAnonymous] [HttpGet("knowndevice")] - public async Task GetByIdentifierQuery( - [FromHeader(Name = "X-Request-Email")] string email, - [FromHeader(Name = "X-Device-Identifier")] string deviceIdentifier) - => await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(email), deviceIdentifier); + public async Task GetByIdentifierQuery([FromHeader] KnownDeviceRequestModel request) + => await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(request.Email), request.DeviceIdentifier); [Obsolete("Path is deprecated due to encoding issues, use /knowndevice instead.")] [AllowAnonymous] diff --git a/src/Api/Models/Request/KnownDeviceRequestModel.cs b/src/Api/Models/Request/KnownDeviceRequestModel.cs new file mode 100644 index 000000000..8232f596a --- /dev/null +++ b/src/Api/Models/Request/KnownDeviceRequestModel.cs @@ -0,0 +1,16 @@ +using System.ComponentModel.DataAnnotations; +using Microsoft.AspNetCore.Mvc; + +namespace Api.Models.Request; + +public class KnownDeviceRequestModel +{ + [Required] + [FromHeader(Name = "X-Request-Email")] + public string Email { get; set; } + + [Required] + [FromHeader(Name = "X-Device-Identifier")] + public string DeviceIdentifier { get; set; } + +}