diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs index 83f1cc17eb..d58562f8b1 100644 --- a/src/Api/Controllers/AccountsController.cs +++ b/src/Api/Controllers/AccountsController.cs @@ -8,7 +8,6 @@ using Bit.Core.Services; using Microsoft.AspNetCore.Identity; using Bit.Core.Domains; using Bit.Core.Enums; -using Bit.Core; using System.Linq; namespace Bit.Api.Controllers @@ -20,18 +19,15 @@ namespace Bit.Api.Controllers private readonly IUserService _userService; private readonly ICipherService _cipherService; private readonly UserManager _userManager; - private readonly CurrentContext _currentContext; public AccountsController( IUserService userService, ICipherService cipherService, - UserManager userManager, - CurrentContext currentContext) + UserManager userManager) { _userService = userService; _cipherService = cipherService; _userManager = userManager; - _currentContext = currentContext; } [HttpPost("register")] @@ -63,25 +59,28 @@ namespace Bit.Api.Controllers [HttpPost("email-token")] public async Task PostEmailToken([FromBody]EmailTokenRequestModel model) { - if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash)) + var user = await _userService.GetUserByPrincipalAsync(User); + if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) { await Task.Delay(2000); throw new BadRequestException("MasterPasswordHash", "Invalid password."); } - await _userService.InitiateEmailChangeAsync(_currentContext.User, model.NewEmail); + await _userService.InitiateEmailChangeAsync(user, model.NewEmail); } [HttpPut("email")] [HttpPost("email")] public async Task PutEmail([FromBody]EmailRequestModel model) { + var user = await _userService.GetUserByPrincipalAsync(User); + // NOTE: It is assumed that the eventual repository call will make sure the updated // ciphers belong to user making this call. Therefore, no check is done here. - var ciphers = model.Ciphers.Select(c => c.ToCipher(_userManager.GetUserId(User))); + var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id)); var result = await _userService.ChangeEmailAsync( - _currentContext.User, + user, model.MasterPasswordHash, model.NewEmail, model.NewMasterPasswordHash, @@ -106,12 +105,14 @@ namespace Bit.Api.Controllers [HttpPost("password")] public async Task PutPassword([FromBody]PasswordRequestModel model) { + var user = await _userService.GetUserByPrincipalAsync(User); + // NOTE: It is assumed that the eventual repository call will make sure the updated // ciphers belong to user making this call. Therefore, no check is done here. - var ciphers = model.Ciphers.Select(c => c.ToCipher(_userManager.GetUserId(User))); + var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id)); var result = await _userService.ChangePasswordAsync( - _currentContext.User, + user, model.MasterPasswordHash, model.NewMasterPasswordHash, ciphers); @@ -134,7 +135,8 @@ namespace Bit.Api.Controllers [HttpPost("security-stamp")] public async Task PutSecurityStamp([FromBody]SecurityStampRequestModel model) { - var result = await _userService.RefreshSecurityStampAsync(_currentContext.User, model.MasterPasswordHash); + var user = await _userService.GetUserByPrincipalAsync(User); + var result = await _userService.RefreshSecurityStampAsync(user, model.MasterPasswordHash); if(result.Succeeded) { return; @@ -150,9 +152,10 @@ namespace Bit.Api.Controllers } [HttpGet("profile")] - public ProfileResponseModel GetProfile() + public async Task GetProfile() { - var response = new ProfileResponseModel(_currentContext.User); + var user = await _userService.GetUserByPrincipalAsync(User); + var response = new ProfileResponseModel(user); return response; } @@ -160,14 +163,16 @@ namespace Bit.Api.Controllers [HttpPost("profile")] public async Task PutProfile([FromBody]UpdateProfileRequestModel model) { - await _userService.SaveUserAsync(model.ToUser(_currentContext.User)); + var user = await _userService.GetUserByPrincipalAsync(User); - var response = new ProfileResponseModel(_currentContext.User); + await _userService.SaveUserAsync(model.ToUser(user)); + + var response = new ProfileResponseModel(user); return response; } [HttpGet("revision-date")] - public long? GetAccountRevisionDate() + public async Task GetAccountRevisionDate() { //var userId = _userService.GetProperUserId(User); //long? revisionDate = null; @@ -177,13 +182,14 @@ namespace Bit.Api.Controllers // revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date); //} - return Core.Utilities.CoreHelpers.EpocMilliseconds(_currentContext.User.AccountRevisionDate); + var user = await _userService.GetUserByPrincipalAsync(User); + return Core.Utilities.CoreHelpers.EpocMilliseconds(user.AccountRevisionDate); } [HttpGet("two-factor")] public async Task GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider) { - var user = _currentContext.User; + var user = await _userService.GetUserByPrincipalAsync(User); if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash)) { await Task.Delay(2000); @@ -200,7 +206,7 @@ namespace Bit.Api.Controllers [HttpPost("two-factor")] public async Task PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model) { - var user = _currentContext.User; + var user = await _userService.GetUserByPrincipalAsync(User); if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) { await Task.Delay(2000); @@ -237,7 +243,7 @@ namespace Bit.Api.Controllers [HttpPost("two-factor-regenerate")] public async Task PutTwoFactorRegenerate([FromBody]RegenerateTwoFactorRequestModel model) { - var user = _currentContext.User; + var user = await _userService.GetUserByPrincipalAsync(User); if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) { await Task.Delay(2000); @@ -263,7 +269,7 @@ namespace Bit.Api.Controllers [HttpPost("delete")] public async Task PostDelete([FromBody]DeleteAccountRequestModel model) { - var user = _currentContext.User; + var user = await _userService.GetUserByPrincipalAsync(User); if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) { ModelState.AddModelError("MasterPasswordHash", "Invalid password."); diff --git a/src/Api/Controllers/AuthController.cs b/src/Api/Controllers/AuthController.cs index 0a3ab03c07..c2f1672c0c 100644 --- a/src/Api/Controllers/AuthController.cs +++ b/src/Api/Controllers/AuthController.cs @@ -5,7 +5,7 @@ using Bit.Core.Identity; using Bit.Api.Models; using Microsoft.AspNetCore.Authorization; using Bit.Core.Exceptions; -using Bit.Core; +using Bit.Core.Services; namespace Bit.Api.Controllers { @@ -14,21 +14,22 @@ namespace Bit.Api.Controllers public class AuthController : Controller { private readonly JwtBearerSignInManager _signInManager; - private readonly CurrentContext _currentContext; + private readonly IUserService _userService; public AuthController( JwtBearerSignInManager signInManager, - CurrentContext currentContext) + IUserService userService) { _signInManager = signInManager; - _currentContext = currentContext; + _userService = userService; } [HttpPost("token")] [AllowAnonymous] public async Task PostToken([FromBody]AuthTokenRequestModel model) { - var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash, model.Device?.ToDevice()); + var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash, + model.Device?.ToDevice()); if(result == JwtBearerSignInResult.Success) { return new AuthTokenResponseModel(result.Token, result.User); @@ -46,7 +47,8 @@ namespace Bit.Api.Controllers [Authorize("TwoFactor")] public async Task PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model) { - var result = await _signInManager.TwoFactorSignInAsync(_currentContext.User, model.Provider, model.Code, model.Device?.ToDevice()); + var user = await _userService.GetUserByPrincipalAsync(User); + var result = await _signInManager.TwoFactorSignInAsync(user, model.Provider, model.Code, model.Device?.ToDevice()); if(result == JwtBearerSignInResult.Success) { return new AuthTokenResponseModel(result.Token, result.User); diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs index 3553fb93cc..f818abedfe 100644 --- a/src/Api/Controllers/CiphersController.cs +++ b/src/Api/Controllers/CiphersController.cs @@ -18,22 +18,22 @@ namespace Bit.Api.Controllers { private readonly ICipherRepository _cipherRepository; private readonly ICipherService _cipherService; - private readonly UserManager _userManager; + private readonly IUserService _userService; public CiphersController( ICipherRepository cipherRepository, ICipherService cipherService, - UserManager userManager) + IUserService userService) { _cipherRepository = cipherRepository; _cipherService = cipherService; - _userManager = userManager; + _userService = userService; } [HttpGet("{id}")] public async Task Get(string id) { - var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(cipher == null) { throw new NotFoundException(); @@ -45,7 +45,7 @@ namespace Bit.Api.Controllers [HttpGet("")] public async Task> Get() { - var ciphers = await _cipherRepository.GetManyByUserIdAsync(new Guid(_userManager.GetUserId(User))); + var ciphers = await _cipherRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value); var responses = ciphers.Select(c => new CipherResponseModel(c)); return new ListResponseModel(responses); } @@ -54,15 +54,16 @@ namespace Bit.Api.Controllers public async Task Get(DateTime since) { var history = await _cipherRepository.GetManySinceRevisionDateAndUserIdWithDeleteHistoryAsync( - since, new Guid(_userManager.GetUserId(User))); + since, _userService.GetProperUserId(User).Value); return new CipherHistoryResponseModel(history.Item1, history.Item2); } [HttpPost("import")] public async Task PostImport([FromBody]ImportRequestModel model) { - var folderCiphers = model.Folders.Select(f => f.ToCipher(_userManager.GetUserId(User))).ToList(); - var otherCiphers = model.Logins.Select(s => s.ToCipher(_userManager.GetUserId(User))).ToList(); + var userId = _userService.GetProperUserId(User).Value; + var folderCiphers = model.Folders.Select(f => f.ToCipher(userId)).ToList(); + var otherCiphers = model.Logins.Select(s => s.ToCipher(userId)).ToList(); await _cipherService.ImportCiphersAsync( folderCiphers, @@ -74,7 +75,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}/favorite")] public async Task Favorite(string id) { - var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(cipher == null) { throw new NotFoundException(); @@ -89,7 +90,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}/delete")] public async Task Delete(string id) { - var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(cipher == null) { throw new NotFoundException(); diff --git a/src/Api/Controllers/DevicesController.cs b/src/Api/Controllers/DevicesController.cs index b5acfec663..c52c781ee2 100644 --- a/src/Api/Controllers/DevicesController.cs +++ b/src/Api/Controllers/DevicesController.cs @@ -19,22 +19,22 @@ namespace Bit.Api.Controllers { private readonly IDeviceRepository _deviceRepository; private readonly IDeviceService _deviceService; - private readonly UserManager _userManager; + private readonly IUserService _userService; public DevicesController( IDeviceRepository deviceRepository, IDeviceService deviceService, - UserManager userManager) + IUserService userService) { _deviceRepository = deviceRepository; _deviceService = deviceService; - _userManager = userManager; + _userService = userService; } [HttpGet("{id}")] public async Task Get(string id) { - var device = await _deviceRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(device == null) { throw new NotFoundException(); @@ -47,7 +47,7 @@ namespace Bit.Api.Controllers [HttpGet("identifier/{identifier}")] public async Task GetByIdentifier(string identifier) { - var device = await _deviceRepository.GetByIdentifierAsync(identifier, new Guid(_userManager.GetUserId(User))); + var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value); if(device == null) { throw new NotFoundException(); @@ -60,7 +60,7 @@ namespace Bit.Api.Controllers [HttpGet("")] public async Task> Get() { - ICollection devices = await _deviceRepository.GetManyByUserIdAsync(new Guid(_userManager.GetUserId(User))); + ICollection devices = await _deviceRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value); var responses = devices.Select(d => new DeviceResponseModel(d)); return new ListResponseModel(responses); } @@ -68,7 +68,7 @@ namespace Bit.Api.Controllers [HttpPost("")] public async Task Post([FromBody]DeviceRequestModel model) { - var device = model.ToDevice(_userManager.GetUserId(User)); + var device = model.ToDevice(_userService.GetProperUserId(User)); await _deviceService.SaveAsync(device); var response = new DeviceResponseModel(device); @@ -79,7 +79,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}")] public async Task Put(string id, [FromBody]DeviceRequestModel model) { - var device = await _deviceRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(device == null) { throw new NotFoundException(); @@ -95,7 +95,7 @@ namespace Bit.Api.Controllers [HttpPost("identifier/{identifier}/token")] public async Task PutToken(string identifier, [FromBody]DeviceTokenRequestModel model) { - var device = await _deviceRepository.GetByIdentifierAsync(identifier, new Guid(_userManager.GetUserId(User))); + var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value); if(device == null) { throw new NotFoundException(); @@ -116,7 +116,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}/delete")] public async Task Delete(string id) { - var device = await _deviceRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(device == null) { throw new NotFoundException(); diff --git a/src/Api/Controllers/FoldersController.cs b/src/Api/Controllers/FoldersController.cs index 33cf04c4f0..02363c9846 100644 --- a/src/Api/Controllers/FoldersController.cs +++ b/src/Api/Controllers/FoldersController.cs @@ -19,22 +19,22 @@ namespace Bit.Api.Controllers { private readonly ICipherRepository _cipherRepository; private readonly ICipherService _cipherService; - private readonly UserManager _userManager; + private readonly IUserService _userService; public FoldersController( ICipherRepository cipherRepository, ICipherService cipherService, - UserManager userManager) + IUserService userService) { _cipherRepository = cipherRepository; _cipherService = cipherService; - _userManager = userManager; + _userService = userService; } [HttpGet("{id}")] public async Task Get(string id) { - var folder = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(folder == null || folder.Type != Core.Enums.CipherType.Folder) { throw new NotFoundException(); @@ -46,7 +46,8 @@ namespace Bit.Api.Controllers [HttpGet("")] public async Task> Get() { - ICollection folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder, new Guid(_userManager.GetUserId(User))); + ICollection folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder, + _userService.GetProperUserId(User).Value); var responses = folders.Select(f => new FolderResponseModel(f)); return new ListResponseModel(responses); } @@ -54,7 +55,7 @@ namespace Bit.Api.Controllers [HttpPost("")] public async Task Post([FromBody]FolderRequestModel model) { - var folder = model.ToCipher(_userManager.GetUserId(User)); + var folder = model.ToCipher(_userService.GetProperUserId(User).Value); await _cipherService.SaveAsync(folder); return new FolderResponseModel(folder); } @@ -63,7 +64,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}")] public async Task Put(string id, [FromBody]FolderRequestModel model) { - var folder = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(folder == null || folder.Type != Core.Enums.CipherType.Folder) { throw new NotFoundException(); @@ -77,7 +78,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}/delete")] public async Task Delete(string id) { - var folder = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(folder == null || folder.Type != Core.Enums.CipherType.Folder) { throw new NotFoundException(); diff --git a/src/Api/Controllers/LoginsController.cs b/src/Api/Controllers/LoginsController.cs index 6b2fe153ed..ef212dc52b 100644 --- a/src/Api/Controllers/LoginsController.cs +++ b/src/Api/Controllers/LoginsController.cs @@ -21,22 +21,22 @@ namespace Bit.Api.Controllers { private readonly ICipherRepository _cipherRepository; private readonly ICipherService _cipherService; - private readonly UserManager _userManager; + private readonly IUserService _userService; public LoginsController( ICipherRepository cipherRepository, ICipherService cipherService, - UserManager userManager) + IUserService userService) { _cipherRepository = cipherRepository; _cipherService = cipherService; - _userManager = userManager; + _userService = userService; } [HttpGet("{id}")] public async Task Get(string id, string[] expand = null) { - var login = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(login == null || login.Type != Core.Enums.CipherType.Login) { throw new NotFoundException(); @@ -51,7 +51,7 @@ namespace Bit.Api.Controllers public async Task> Get(string[] expand = null) { ICollection logins = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Login, - new Guid(_userManager.GetUserId(User))); + _userService.GetProperUserId(User).Value); var responses = logins.Select(s => new LoginResponseModel(s)).ToList(); await ExpandManyAsync(logins, responses, expand, null); return new ListResponseModel(responses); @@ -60,7 +60,7 @@ namespace Bit.Api.Controllers [HttpPost("")] public async Task Post([FromBody]LoginRequestModel model, string[] expand = null) { - var login = model.ToCipher(_userManager.GetUserId(User)); + var login = model.ToCipher(_userService.GetProperUserId(User).Value); await _cipherService.SaveAsync(login); var response = new LoginResponseModel(login); @@ -72,7 +72,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}")] public async Task Put(string id, [FromBody]LoginRequestModel model, string[] expand = null) { - var login = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(login == null || login.Type != Core.Enums.CipherType.Login) { throw new NotFoundException(); @@ -89,7 +89,7 @@ namespace Bit.Api.Controllers [HttpPost("{id}/delete")] public async Task Delete(string id) { - var login = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); + var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value); if(login == null || login.Type != Core.Enums.CipherType.Login) { throw new NotFoundException(); @@ -129,7 +129,7 @@ namespace Bit.Api.Controllers if(folders == null) { folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder, - new Guid(_userManager.GetUserId(User))); + _userService.GetProperUserId(User).Value); } if(folders != null && folders.Count() > 0) diff --git a/src/Api/Controllers/SettingsController.cs b/src/Api/Controllers/SettingsController.cs index 4baa383eff..5b66a71f39 100644 --- a/src/Api/Controllers/SettingsController.cs +++ b/src/Api/Controllers/SettingsController.cs @@ -4,7 +4,6 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Bit.Api.Models; using Bit.Core.Services; -using Bit.Core; namespace Bit.Api.Controllers { @@ -13,30 +12,29 @@ namespace Bit.Api.Controllers public class SettingsController : Controller { private readonly IUserService _userService; - private readonly CurrentContext _currentContext; public SettingsController( - IUserService userService, - CurrentContext currentContext) + IUserService userService) { _userService = userService; - _currentContext = currentContext; } [HttpGet("domains")] - public Task GetDomains(bool excluded = true) + public async Task GetDomains(bool excluded = true) { - var response = new DomainsResponseModel(_currentContext.User, excluded); - return Task.FromResult(response); + var user = await _userService.GetUserByPrincipalAsync(User); + var response = new DomainsResponseModel(user, excluded); + return response; } [HttpPut("domains")] [HttpPost("domains")] public async Task PutDomains([FromBody]UpdateDomainsRequestModel model) { - await _userService.SaveUserAsync(model.ToUser(_currentContext.User)); + var user = await _userService.GetUserByPrincipalAsync(User); + await _userService.SaveUserAsync(model.ToUser(user)); - var response = new DomainsResponseModel(_currentContext.User); + var response = new DomainsResponseModel(user); return response; } } diff --git a/src/Api/Models/Request/CipherRequestModel.cs b/src/Api/Models/Request/CipherRequestModel.cs index 5fb310e2ce..111def53bc 100644 --- a/src/Api/Models/Request/CipherRequestModel.cs +++ b/src/Api/Models/Request/CipherRequestModel.cs @@ -33,12 +33,12 @@ namespace Bit.Api.Models [StringLength(10000)] public string Notes { get; set; } - public virtual Cipher ToCipher(string userId = null) + public virtual Cipher ToCipher(Guid userId) { var cipher = new Cipher { Id = new Guid(Id), - UserId = new Guid(userId), + UserId = userId, FolderId = string.IsNullOrWhiteSpace(FolderId) ? null : (Guid?)new Guid(FolderId), Type = Type }; diff --git a/src/Api/Models/Request/DeviceRequestModels.cs b/src/Api/Models/Request/DeviceRequestModels.cs index 15602f4589..0d27f3b997 100644 --- a/src/Api/Models/Request/DeviceRequestModels.cs +++ b/src/Api/Models/Request/DeviceRequestModels.cs @@ -19,11 +19,11 @@ namespace Bit.Api.Models [StringLength(255)] public string PushToken { get; set; } - public Device ToDevice(string userId = null) + public Device ToDevice(Guid? userId = null) { return ToDevice(new Device { - UserId = userId == null ? default(Guid) : new Guid(userId) + UserId = userId == null ? default(Guid) : userId.Value }); } diff --git a/src/Api/Models/Request/FolderRequestModel.cs b/src/Api/Models/Request/FolderRequestModel.cs index 08db98e021..73a072740f 100644 --- a/src/Api/Models/Request/FolderRequestModel.cs +++ b/src/Api/Models/Request/FolderRequestModel.cs @@ -13,11 +13,11 @@ namespace Bit.Api.Models [StringLength(300)] public string Name { get; set; } - public Cipher ToCipher(string userId = null) + public Cipher ToCipher(Guid userId) { return ToCipher(new Cipher { - UserId = new Guid(userId) + UserId = userId }); } diff --git a/src/Api/Models/Request/LoginRequestModel.cs b/src/Api/Models/Request/LoginRequestModel.cs index 85e4fd8053..219fc4dac4 100644 --- a/src/Api/Models/Request/LoginRequestModel.cs +++ b/src/Api/Models/Request/LoginRequestModel.cs @@ -28,11 +28,11 @@ namespace Bit.Api.Models [StringLength(10000)] public string Notes { get; set; } - public Cipher ToCipher(string userId = null) + public Cipher ToCipher(Guid userId) { return ToCipher(new Cipher { - UserId = new Guid(userId) + UserId = userId }); } diff --git a/src/Core/Services/IUserService.cs b/src/Core/Services/IUserService.cs index 7e3289746d..edd5061209 100644 --- a/src/Core/Services/IUserService.cs +++ b/src/Core/Services/IUserService.cs @@ -12,6 +12,7 @@ namespace Bit.Core.Services Guid? GetProperUserId(ClaimsPrincipal principal); Task GetUserByIdAsync(string userId); Task GetUserByIdAsync(Guid userId); + Task GetUserByPrincipalAsync(ClaimsPrincipal principal); Task GetAccountRevisionDateByIdAsync(Guid userId); Task SaveUserAsync(User user); Task RegisterUserAsync(User user, string masterPassword); diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs index c953fc070e..05a287d0dc 100644 --- a/src/Core/Services/Implementations/UserService.cs +++ b/src/Core/Services/Implementations/UserService.cs @@ -73,7 +73,7 @@ namespace Bit.Core.Services public async Task GetUserByIdAsync(string userId) { - if(_currentContext?.User != null && + if(_currentContext?.User != null && string.Equals(_currentContext.User.Id.ToString(), userId, StringComparison.InvariantCultureIgnoreCase)) { return _currentContext.User; @@ -100,6 +100,17 @@ namespace Bit.Core.Services return _currentContext.User; } + public async Task GetUserByPrincipalAsync(ClaimsPrincipal principal) + { + var userId = GetProperUserId(principal); + if(!userId.HasValue) + { + return null; + } + + return await GetUserByIdAsync(userId.Value); + } + public async Task GetAccountRevisionDateByIdAsync(Guid userId) { return await _userRepository.GetAccountRevisionDateAsync(userId);