mirror of
https://github.com/bitwarden/server.git
synced 2024-12-05 14:23:30 +01:00
904b2fe205
* [AC-1192] Create new OrganizationAuthRequestsController.cs * [AC-1192] Introduce OrganizationAdminAuthRequest model * [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository * [AC-1192] Add new list pending organization auth requests endpoint * [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository * [AC-1192] Make the response device identifier optional for admin approval requests * [AC-1192] Add endpoint for bulk denying admin device auth requests * [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel * [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController * [AC-1192] Secure new endpoints behind TDE feature flag * [AC-1192] Formatting * [AC-1192] Add sql migration script * [AC-1192] Add optional OrganizationId column to AuthRequest entity - Rename migration script to match existing formatting - Add new column - Add migration scripts - Update new sprocs to filter/join on OrganizationId - Update old sprocs to include OrganizationId * [AC-1192] Format migration scripts * [AC-1192] Fix failing AuthRequest EF unit test * [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability * [AC-1192] Fix missing comma in migration file * [AC-1192] Rename Key to EncryptedUserKey to be more descriptive * [AC-1192] Move request validation into helper method to reduce repetition * [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission * [AC-1192] Introduce FeatureUnavailableException * [AC-1192] Introduce RequireFeatureAttribute * [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController * [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column * [AC-1192] More attempts to sync database migrations * [AC-1192] Formatting * [AC-1192] Remove unused reference to FeatureService * [AC-1192] Change Id types from String to Guid * [AC-1192] Add EncryptedString attribute * [AC-1192] Remove redundant OrganizationId property * [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping - Add new OrganizationUser relationship to EF entity - Replace AuthRequest DBContext config with new IEntityTypeConfiguration - Add navigation property to AuthRequest entity configuration for OrganizationUser - Update EF AuthRequestRepository to use new mapping and navigation properties * [AC-1192] Remove OrganizationUser navigation property
193 lines
4.6 KiB
Transact-SQL
193 lines
4.6 KiB
Transact-SQL
--Add OrganizationId Column and Foreign Key
|
|
IF COL_LENGTH('[dbo].[AuthRequest]', 'OrganizationId') IS NULL
|
|
BEGIN
|
|
ALTER TABLE
|
|
[dbo].[AuthRequest]
|
|
ADD [OrganizationId] UNIQUEIDENTIFIER NULL;
|
|
ALTER TABLE
|
|
[dbo].[AuthRequest]
|
|
ADD CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
|
|
END
|
|
GO
|
|
|
|
-- Drop and recreate view
|
|
IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
|
|
BEGIN
|
|
DROP VIEW [dbo].[AuthRequestView]
|
|
END
|
|
GO
|
|
|
|
CREATE VIEW [dbo].[AuthRequestView]
|
|
AS
|
|
SELECT
|
|
*
|
|
FROM
|
|
[dbo].[AuthRequest]
|
|
GO
|
|
|
|
--Drop existing SPROC
|
|
IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
|
|
BEGIN
|
|
DROP PROCEDURE [dbo].[AuthRequest_Update]
|
|
END
|
|
GO
|
|
|
|
--Create SPROC with OrganizationId column
|
|
CREATE PROCEDURE [dbo].[AuthRequest_Update]
|
|
@Id UNIQUEIDENTIFIER OUTPUT,
|
|
@UserId UNIQUEIDENTIFIER,
|
|
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
|
@Type SMALLINT,
|
|
@RequestDeviceIdentifier NVARCHAR(50),
|
|
@RequestDeviceType SMALLINT,
|
|
@RequestIpAddress VARCHAR(50),
|
|
@ResponseDeviceId UNIQUEIDENTIFIER,
|
|
@AccessCode VARCHAR(25),
|
|
@PublicKey VARCHAR(MAX),
|
|
@Key VARCHAR(MAX),
|
|
@MasterPasswordHash VARCHAR(MAX),
|
|
@Approved BIT,
|
|
@CreationDate DATETIME2 (7),
|
|
@ResponseDate DATETIME2 (7),
|
|
@AuthenticationDate DATETIME2 (7)
|
|
AS
|
|
BEGIN
|
|
SET NOCOUNT ON
|
|
|
|
UPDATE
|
|
[dbo].[AuthRequest]
|
|
SET
|
|
[UserId] = @UserId,
|
|
[Type] = @Type,
|
|
[OrganizationId] = @OrganizationId,
|
|
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
|
|
[RequestDeviceType] = @RequestDeviceType,
|
|
[RequestIpAddress] = @RequestIpAddress,
|
|
[ResponseDeviceId] = @ResponseDeviceId,
|
|
[AccessCode] = @AccessCode,
|
|
[PublicKey] = @PublicKey,
|
|
[Key] = @Key,
|
|
[MasterPasswordHash] = @MasterPasswordHash,
|
|
[Approved] = @Approved,
|
|
[CreationDate] = @CreationDate,
|
|
[ResponseDate] = @ResponseDate,
|
|
[AuthenticationDate] = @AuthenticationDate
|
|
WHERE
|
|
[Id] = @Id
|
|
END
|
|
GO
|
|
|
|
--Drop existing SPROC
|
|
IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
|
|
BEGIN
|
|
DROP PROCEDURE [dbo].[AuthRequest_Create]
|
|
END
|
|
GO
|
|
|
|
--Create SPROC with OrganizationId column
|
|
CREATE PROCEDURE [dbo].[AuthRequest_Create]
|
|
@Id UNIQUEIDENTIFIER OUTPUT,
|
|
@UserId UNIQUEIDENTIFIER,
|
|
@OrganizationId UNIQUEIDENTIFIER = NULL,
|
|
@Type TINYINT,
|
|
@RequestDeviceIdentifier NVARCHAR(50),
|
|
@RequestDeviceType TINYINT,
|
|
@RequestIpAddress VARCHAR(50),
|
|
@ResponseDeviceId UNIQUEIDENTIFIER,
|
|
@AccessCode VARCHAR(25),
|
|
@PublicKey VARCHAR(MAX),
|
|
@Key VARCHAR(MAX),
|
|
@MasterPasswordHash VARCHAR(MAX),
|
|
@Approved BIT,
|
|
@CreationDate DATETIME2(7),
|
|
@ResponseDate DATETIME2(7),
|
|
@AuthenticationDate DATETIME2(7)
|
|
AS
|
|
BEGIN
|
|
SET NOCOUNT ON
|
|
|
|
INSERT INTO [dbo].[AuthRequest]
|
|
(
|
|
[Id],
|
|
[UserId],
|
|
[OrganizationId],
|
|
[Type],
|
|
[RequestDeviceIdentifier],
|
|
[RequestDeviceType],
|
|
[RequestIpAddress],
|
|
[ResponseDeviceId],
|
|
[AccessCode],
|
|
[PublicKey],
|
|
[Key],
|
|
[MasterPasswordHash],
|
|
[Approved],
|
|
[CreationDate],
|
|
[ResponseDate],
|
|
[AuthenticationDate]
|
|
)
|
|
VALUES
|
|
(
|
|
@Id,
|
|
@UserId,
|
|
@OrganizationId,
|
|
@Type,
|
|
@RequestDeviceIdentifier,
|
|
@RequestDeviceType,
|
|
@RequestIpAddress,
|
|
@ResponseDeviceId,
|
|
@AccessCode,
|
|
@PublicKey,
|
|
@Key,
|
|
@MasterPasswordHash,
|
|
@Approved,
|
|
@CreationDate,
|
|
@ResponseDate,
|
|
@AuthenticationDate
|
|
)
|
|
END
|
|
Go
|
|
|
|
-- New SPROC
|
|
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
|
|
@OrganizationId UNIQUEIDENTIFIER,
|
|
@Ids AS [dbo].[GuidIdArray] READONLY
|
|
AS
|
|
BEGIN
|
|
SET NOCOUNT ON
|
|
|
|
SELECT
|
|
ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
|
|
FROM
|
|
[dbo].[AuthRequestView] ar
|
|
INNER JOIN
|
|
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
|
WHERE
|
|
ar.[OrganizationId] = @OrganizationId
|
|
AND
|
|
ar.[Type] = 2 -- AdminApproval
|
|
AND
|
|
ar.[Id] IN (SELECT [Id] FROM @Ids)
|
|
END
|
|
GO
|
|
|
|
-- New SPROC
|
|
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
|
|
@OrganizationId UNIQUEIDENTIFIER
|
|
AS
|
|
BEGIN
|
|
SET NOCOUNT ON
|
|
|
|
SELECT
|
|
ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
|
|
FROM
|
|
[dbo].[AuthRequestView] ar
|
|
INNER JOIN
|
|
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
|
|
WHERE
|
|
ar.[OrganizationId] = @OrganizationId
|
|
AND
|
|
ar.[ResponseDate] IS NULL
|
|
AND
|
|
ar.[Type] = 2 -- AdminApproval
|
|
END
|
|
GO |