mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
[PM-2740] Add null check on base64-encoded values on knowndevice query (#3586)
* Added null check on header-based knowndevice call to match query-string implementation. * Updated to use model binding instead of individual inputs. * Linting.
This commit is contained in:
parent
506d0aa318
commit
cf4d8a4f92
@ -1,4 +1,5 @@
|
||||
using Bit.Api.Auth.Models.Request;
|
||||
using Api.Models.Request;
|
||||
using Bit.Api.Auth.Models.Request;
|
||||
using Bit.Api.Auth.Models.Request.Accounts;
|
||||
using Bit.Api.Models.Request;
|
||||
using Bit.Api.Models.Response;
|
||||
@ -206,10 +207,8 @@ public class DevicesController : Controller
|
||||
|
||||
[AllowAnonymous]
|
||||
[HttpGet("knowndevice")]
|
||||
public async Task<bool> GetByIdentifierQuery(
|
||||
[FromHeader(Name = "X-Request-Email")] string email,
|
||||
[FromHeader(Name = "X-Device-Identifier")] string deviceIdentifier)
|
||||
=> await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(email), deviceIdentifier);
|
||||
public async Task<bool> GetByIdentifierQuery([FromHeader] KnownDeviceRequestModel request)
|
||||
=> await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(request.Email), request.DeviceIdentifier);
|
||||
|
||||
[Obsolete("Path is deprecated due to encoding issues, use /knowndevice instead.")]
|
||||
[AllowAnonymous]
|
||||
|
16
src/Api/Models/Request/KnownDeviceRequestModel.cs
Normal file
16
src/Api/Models/Request/KnownDeviceRequestModel.cs
Normal file
@ -0,0 +1,16 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Api.Models.Request;
|
||||
|
||||
public class KnownDeviceRequestModel
|
||||
{
|
||||
[Required]
|
||||
[FromHeader(Name = "X-Request-Email")]
|
||||
public string Email { get; set; }
|
||||
|
||||
[Required]
|
||||
[FromHeader(Name = "X-Device-Identifier")]
|
||||
public string DeviceIdentifier { get; set; }
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user