nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-15 18:18:12 -05:00
Code

react to contact changes not being set from identity

Browse Source
This commit is contained in:
Kyle Spearrin 2017-01-24 22:46:54 -05:00
parent 9a10382b46
commit 0648c2d0a3
13 changed files with 104 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/Api/Controllers/AccountsController.cs
View File

@ -8,7 +8,6 @@ using Bit.Core.Services;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Bit.Core.Domains; using Bit.Core.Domains;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core;
using System.Linq; using System.Linq;
namespace Bit.Api.Controllers namespace Bit.Api.Controllers
@ -20,18 +19,15 @@ namespace Bit.Api.Controllers
private readonly IUserService _userService; private readonly IUserService _userService;
private readonly ICipherService _cipherService; private readonly ICipherService _cipherService;
private readonly UserManager<User> _userManager; private readonly UserManager<User> _userManager;
private readonly CurrentContext _currentContext;
public AccountsController( public AccountsController(
IUserService userService, IUserService userService,
ICipherService cipherService, ICipherService cipherService,
UserManager<User> userManager, UserManager<User> userManager)
CurrentContext currentContext)
{ {
_userService = userService; _userService = userService;
_cipherService = cipherService; _cipherService = cipherService;
_userManager = userManager; _userManager = userManager;
_currentContext = currentContext;
} }
[HttpPost("register")] [HttpPost("register")]
@ -63,25 +59,28 @@ namespace Bit.Api.Controllers
[HttpPost("email-token")] [HttpPost("email-token")]
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model) public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
{ {
if(!await _userManager.CheckPasswordAsync(_currentContext.User, model.MasterPasswordHash)) var user = await _userService.GetUserByPrincipalAsync(User);
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{ {
await Task.Delay(2000); await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password."); throw new BadRequestException("MasterPasswordHash", "Invalid password.");
} }
await _userService.InitiateEmailChangeAsync(_currentContext.User, model.NewEmail); await _userService.InitiateEmailChangeAsync(user, model.NewEmail);
} }
[HttpPut("email")] [HttpPut("email")]
[HttpPost("email")] [HttpPost("email")]
public async Task PutEmail([FromBody]EmailRequestModel model) public async Task PutEmail([FromBody]EmailRequestModel model)
{ {
var user = await _userService.GetUserByPrincipalAsync(User);
// NOTE: It is assumed that the eventual repository call will make sure the updated // NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here. // ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Ciphers.Select(c => c.ToCipher(_userManager.GetUserId(User))); var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
var result = await _userService.ChangeEmailAsync( var result = await _userService.ChangeEmailAsync(
_currentContext.User, user,
model.MasterPasswordHash, model.MasterPasswordHash,
model.NewEmail, model.NewEmail,
model.NewMasterPasswordHash, model.NewMasterPasswordHash,
@ -106,12 +105,14 @@ namespace Bit.Api.Controllers
[HttpPost("password")] [HttpPost("password")]
public async Task PutPassword([FromBody]PasswordRequestModel model) public async Task PutPassword([FromBody]PasswordRequestModel model)
{ {
var user = await _userService.GetUserByPrincipalAsync(User);
// NOTE: It is assumed that the eventual repository call will make sure the updated // NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here. // ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Ciphers.Select(c => c.ToCipher(_userManager.GetUserId(User))); var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
var result = await _userService.ChangePasswordAsync( var result = await _userService.ChangePasswordAsync(
_currentContext.User, user,
model.MasterPasswordHash, model.MasterPasswordHash,
model.NewMasterPasswordHash, model.NewMasterPasswordHash,
ciphers); ciphers);
@ -134,7 +135,8 @@ namespace Bit.Api.Controllers
[HttpPost("security-stamp")] [HttpPost("security-stamp")]
public async Task PutSecurityStamp([FromBody]SecurityStampRequestModel model) public async Task PutSecurityStamp([FromBody]SecurityStampRequestModel model)
{ {
var result = await _userService.RefreshSecurityStampAsync(_currentContext.User, model.MasterPasswordHash); var user = await _userService.GetUserByPrincipalAsync(User);
var result = await _userService.RefreshSecurityStampAsync(user, model.MasterPasswordHash);
if(result.Succeeded) if(result.Succeeded)
{ {
return; return;
@ -150,9 +152,10 @@ namespace Bit.Api.Controllers
} }
[HttpGet("profile")] [HttpGet("profile")]
public ProfileResponseModel GetProfile() public async Task<ProfileResponseModel> GetProfile()
{ {
var response = new ProfileResponseModel(_currentContext.User); var user = await _userService.GetUserByPrincipalAsync(User);
var response = new ProfileResponseModel(user);
return response; return response;
} }
@ -160,14 +163,16 @@ namespace Bit.Api.Controllers
[HttpPost("profile")] [HttpPost("profile")]
public async Task<ProfileResponseModel> PutProfile([FromBody]UpdateProfileRequestModel model) public async Task<ProfileResponseModel> PutProfile([FromBody]UpdateProfileRequestModel model)
{ {
await _userService.SaveUserAsync(model.ToUser(_currentContext.User)); var user = await _userService.GetUserByPrincipalAsync(User);
var response = new ProfileResponseModel(_currentContext.User); await _userService.SaveUserAsync(model.ToUser(user));
var response = new ProfileResponseModel(user);
return response; return response;
} }
[HttpGet("revision-date")] [HttpGet("revision-date")]
public long? GetAccountRevisionDate() public async Task<long?> GetAccountRevisionDate()
{ {
//var userId = _userService.GetProperUserId(User); //var userId = _userService.GetProperUserId(User);
//long? revisionDate = null; //long? revisionDate = null;
@ -177,13 +182,14 @@ namespace Bit.Api.Controllers
// revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date); // revisionDate = Core.Utilities.CoreHelpers.EpocMilliseconds(date);
//} //}
return Core.Utilities.CoreHelpers.EpocMilliseconds(_currentContext.User.AccountRevisionDate); var user = await _userService.GetUserByPrincipalAsync(User);
return Core.Utilities.CoreHelpers.EpocMilliseconds(user.AccountRevisionDate);
} }
[HttpGet("two-factor")] [HttpGet("two-factor")]
public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider) public async Task<TwoFactorResponseModel> GetTwoFactor(string masterPasswordHash, TwoFactorProviderType provider)
{ {
var user = _currentContext.User; var user = await _userService.GetUserByPrincipalAsync(User);
if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash)) if(!await _userManager.CheckPasswordAsync(user, masterPasswordHash))
{ {
await Task.Delay(2000); await Task.Delay(2000);
@ -200,7 +206,7 @@ namespace Bit.Api.Controllers
[HttpPost("two-factor")] [HttpPost("two-factor")]
public async Task<TwoFactorResponseModel> PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model) public async Task<TwoFactorResponseModel> PutTwoFactor([FromBody]UpdateTwoFactorRequestModel model)
{ {
var user = _currentContext.User; var user = await _userService.GetUserByPrincipalAsync(User);
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{ {
await Task.Delay(2000); await Task.Delay(2000);
@ -237,7 +243,7 @@ namespace Bit.Api.Controllers
[HttpPost("two-factor-regenerate")] [HttpPost("two-factor-regenerate")]
public async Task<TwoFactorResponseModel> PutTwoFactorRegenerate([FromBody]RegenerateTwoFactorRequestModel model) public async Task<TwoFactorResponseModel> PutTwoFactorRegenerate([FromBody]RegenerateTwoFactorRequestModel model)
{ {
var user = _currentContext.User; var user = await _userService.GetUserByPrincipalAsync(User);
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{ {
await Task.Delay(2000); await Task.Delay(2000);
@ -263,7 +269,7 @@ namespace Bit.Api.Controllers
[HttpPost("delete")] [HttpPost("delete")]
public async Task PostDelete([FromBody]DeleteAccountRequestModel model) public async Task PostDelete([FromBody]DeleteAccountRequestModel model)
{ {
var user = _currentContext.User; var user = await _userService.GetUserByPrincipalAsync(User);
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash)) if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
{ {
ModelState.AddModelError("MasterPasswordHash", "Invalid password."); ModelState.AddModelError("MasterPasswordHash", "Invalid password.");

14
src/Api/Controllers/AuthController.cs
View File

@ -5,7 +5,7 @@ using Bit.Core.Identity;
using Bit.Api.Models; using Bit.Api.Models;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core; using Bit.Core.Services;
namespace Bit.Api.Controllers namespace Bit.Api.Controllers
{ {
@ -14,21 +14,22 @@ namespace Bit.Api.Controllers
public class AuthController : Controller public class AuthController : Controller
{ {
private readonly JwtBearerSignInManager _signInManager; private readonly JwtBearerSignInManager _signInManager;
private readonly CurrentContext _currentContext; private readonly IUserService _userService;
public AuthController( public AuthController(
JwtBearerSignInManager signInManager, JwtBearerSignInManager signInManager,
CurrentContext currentContext) IUserService userService)
{ {
_signInManager = signInManager; _signInManager = signInManager;
_currentContext = currentContext; _userService = userService;
} }
[HttpPost("token")] [HttpPost("token")]
[AllowAnonymous] [AllowAnonymous]
public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model) public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
{ {
var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash, model.Device?.ToDevice()); var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash,
model.Device?.ToDevice());
if(result == JwtBearerSignInResult.Success) if(result == JwtBearerSignInResult.Success)
{ {
return new AuthTokenResponseModel(result.Token, result.User); return new AuthTokenResponseModel(result.Token, result.User);
@ -46,7 +47,8 @@ namespace Bit.Api.Controllers
[Authorize("TwoFactor")] [Authorize("TwoFactor")]
public async Task<AuthTokenResponseModel> PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model) public async Task<AuthTokenResponseModel> PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model)
{ {
var result = await _signInManager.TwoFactorSignInAsync(_currentContext.User, model.Provider, model.Code, model.Device?.ToDevice()); var user = await _userService.GetUserByPrincipalAsync(User);
var result = await _signInManager.TwoFactorSignInAsync(user, model.Provider, model.Code, model.Device?.ToDevice());
if(result == JwtBearerSignInResult.Success) if(result == JwtBearerSignInResult.Success)
{ {
return new AuthTokenResponseModel(result.Token, result.User); return new AuthTokenResponseModel(result.Token, result.User);

21
src/Api/Controllers/CiphersController.cs
View File

@ -18,22 +18,22 @@ namespace Bit.Api.Controllers
{ {
private readonly ICipherRepository _cipherRepository; private readonly ICipherRepository _cipherRepository;
private readonly ICipherService _cipherService; private readonly ICipherService _cipherService;
private readonly UserManager<User> _userManager; private readonly IUserService _userService;
public CiphersController( public CiphersController(
ICipherRepository cipherRepository, ICipherRepository cipherRepository,
ICipherService cipherService, ICipherService cipherService,
UserManager<User> userManager) IUserService userService)
{ {
_cipherRepository = cipherRepository; _cipherRepository = cipherRepository;
_cipherService = cipherService; _cipherService = cipherService;
_userManager = userManager; _userService = userService;
} }
[HttpGet("{id}")] [HttpGet("{id}")]
public async Task<CipherResponseModel> Get(string id) public async Task<CipherResponseModel> Get(string id)
{ {
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(cipher == null) if(cipher == null)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -45,7 +45,7 @@ namespace Bit.Api.Controllers
[HttpGet("")] [HttpGet("")]
public async Task<ListResponseModel<CipherResponseModel>> Get() public async Task<ListResponseModel<CipherResponseModel>> Get()
{ {
var ciphers = await _cipherRepository.GetManyByUserIdAsync(new Guid(_userManager.GetUserId(User))); var ciphers = await _cipherRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
var responses = ciphers.Select(c => new CipherResponseModel(c)); var responses = ciphers.Select(c => new CipherResponseModel(c));
return new ListResponseModel<CipherResponseModel>(responses); return new ListResponseModel<CipherResponseModel>(responses);
} }
@ -54,15 +54,16 @@ namespace Bit.Api.Controllers
public async Task<CipherHistoryResponseModel> Get(DateTime since) public async Task<CipherHistoryResponseModel> Get(DateTime since)
{ {
var history = await _cipherRepository.GetManySinceRevisionDateAndUserIdWithDeleteHistoryAsync( var history = await _cipherRepository.GetManySinceRevisionDateAndUserIdWithDeleteHistoryAsync(
since, new Guid(_userManager.GetUserId(User))); since, _userService.GetProperUserId(User).Value);
return new CipherHistoryResponseModel(history.Item1, history.Item2); return new CipherHistoryResponseModel(history.Item1, history.Item2);
} }
[HttpPost("import")] [HttpPost("import")]
public async Task PostImport([FromBody]ImportRequestModel model) public async Task PostImport([FromBody]ImportRequestModel model)
{ {
var folderCiphers = model.Folders.Select(f => f.ToCipher(_userManager.GetUserId(User))).ToList(); var userId = _userService.GetProperUserId(User).Value;
var otherCiphers = model.Logins.Select(s => s.ToCipher(_userManager.GetUserId(User))).ToList(); var folderCiphers = model.Folders.Select(f => f.ToCipher(userId)).ToList();
var otherCiphers = model.Logins.Select(s => s.ToCipher(userId)).ToList();
await _cipherService.ImportCiphersAsync( await _cipherService.ImportCiphersAsync(
folderCiphers, folderCiphers,
@ -74,7 +75,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/favorite")] [HttpPost("{id}/favorite")]
public async Task Favorite(string id) public async Task Favorite(string id)
{ {
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(cipher == null) if(cipher == null)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -89,7 +90,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/delete")] [HttpPost("{id}/delete")]
public async Task Delete(string id) public async Task Delete(string id)
{ {
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(cipher == null) if(cipher == null)
{ {
throw new NotFoundException(); throw new NotFoundException();

20
src/Api/Controllers/DevicesController.cs
View File

@ -19,22 +19,22 @@ namespace Bit.Api.Controllers
{ {
private readonly IDeviceRepository _deviceRepository; private readonly IDeviceRepository _deviceRepository;
private readonly IDeviceService _deviceService; private readonly IDeviceService _deviceService;
private readonly UserManager<User> _userManager; private readonly IUserService _userService;
public DevicesController( public DevicesController(
IDeviceRepository deviceRepository, IDeviceRepository deviceRepository,
IDeviceService deviceService, IDeviceService deviceService,
UserManager<User> userManager) IUserService userService)
{ {
_deviceRepository = deviceRepository; _deviceRepository = deviceRepository;
_deviceService = deviceService; _deviceService = deviceService;
_userManager = userManager; _userService = userService;
} }
[HttpGet("{id}")] [HttpGet("{id}")]
public async Task<DeviceResponseModel> Get(string id) public async Task<DeviceResponseModel> Get(string id)
{ {
var device = await _deviceRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(device == null) if(device == null)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -47,7 +47,7 @@ namespace Bit.Api.Controllers
[HttpGet("identifier/{identifier}")] [HttpGet("identifier/{identifier}")]
public async Task<DeviceResponseModel> GetByIdentifier(string identifier) public async Task<DeviceResponseModel> GetByIdentifier(string identifier)
{ {
var device = await _deviceRepository.GetByIdentifierAsync(identifier, new Guid(_userManager.GetUserId(User))); var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
if(device == null) if(device == null)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -60,7 +60,7 @@ namespace Bit.Api.Controllers
[HttpGet("")] [HttpGet("")]
public async Task<ListResponseModel<DeviceResponseModel>> Get() public async Task<ListResponseModel<DeviceResponseModel>> Get()
{ {
ICollection<Device> devices = await _deviceRepository.GetManyByUserIdAsync(new Guid(_userManager.GetUserId(User))); ICollection<Device> devices = await _deviceRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
var responses = devices.Select(d => new DeviceResponseModel(d)); var responses = devices.Select(d => new DeviceResponseModel(d));
return new ListResponseModel<DeviceResponseModel>(responses); return new ListResponseModel<DeviceResponseModel>(responses);
} }
@ -68,7 +68,7 @@ namespace Bit.Api.Controllers
[HttpPost("")] [HttpPost("")]
public async Task<DeviceResponseModel> Post([FromBody]DeviceRequestModel model) public async Task<DeviceResponseModel> Post([FromBody]DeviceRequestModel model)
{ {
var device = model.ToDevice(_userManager.GetUserId(User)); var device = model.ToDevice(_userService.GetProperUserId(User));
await _deviceService.SaveAsync(device); await _deviceService.SaveAsync(device);
var response = new DeviceResponseModel(device); var response = new DeviceResponseModel(device);
@ -79,7 +79,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}")] [HttpPost("{id}")]
public async Task<DeviceResponseModel> Put(string id, [FromBody]DeviceRequestModel model) public async Task<DeviceResponseModel> Put(string id, [FromBody]DeviceRequestModel model)
{ {
var device = await _deviceRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(device == null) if(device == null)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -95,7 +95,7 @@ namespace Bit.Api.Controllers
[HttpPost("identifier/{identifier}/token")] [HttpPost("identifier/{identifier}/token")]
public async Task PutToken(string identifier, [FromBody]DeviceTokenRequestModel model) public async Task PutToken(string identifier, [FromBody]DeviceTokenRequestModel model)
{ {
var device = await _deviceRepository.GetByIdentifierAsync(identifier, new Guid(_userManager.GetUserId(User))); var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
if(device == null) if(device == null)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -116,7 +116,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/delete")] [HttpPost("{id}/delete")]
public async Task Delete(string id) public async Task Delete(string id)
{ {
var device = await _deviceRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(device == null) if(device == null)
{ {
throw new NotFoundException(); throw new NotFoundException();

17
src/Api/Controllers/FoldersController.cs
View File

@ -19,22 +19,22 @@ namespace Bit.Api.Controllers
{ {
private readonly ICipherRepository _cipherRepository; private readonly ICipherRepository _cipherRepository;
private readonly ICipherService _cipherService; private readonly ICipherService _cipherService;
private readonly UserManager<User> _userManager; private readonly IUserService _userService;
public FoldersController( public FoldersController(
ICipherRepository cipherRepository, ICipherRepository cipherRepository,
ICipherService cipherService, ICipherService cipherService,
UserManager<User> userManager) IUserService userService)
{ {
_cipherRepository = cipherRepository; _cipherRepository = cipherRepository;
_cipherService = cipherService; _cipherService = cipherService;
_userManager = userManager; _userService = userService;
} }
[HttpGet("{id}")] [HttpGet("{id}")]
public async Task<FolderResponseModel> Get(string id) public async Task<FolderResponseModel> Get(string id)
{ {
var folder = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(folder == null || folder.Type != Core.Enums.CipherType.Folder) if(folder == null || folder.Type != Core.Enums.CipherType.Folder)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -46,7 +46,8 @@ namespace Bit.Api.Controllers
[HttpGet("")] [HttpGet("")]
public async Task<ListResponseModel<FolderResponseModel>> Get() public async Task<ListResponseModel<FolderResponseModel>> Get()
{ {
ICollection<Cipher> folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder, new Guid(_userManager.GetUserId(User))); ICollection<Cipher> folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder,
_userService.GetProperUserId(User).Value);
var responses = folders.Select(f => new FolderResponseModel(f)); var responses = folders.Select(f => new FolderResponseModel(f));
return new ListResponseModel<FolderResponseModel>(responses); return new ListResponseModel<FolderResponseModel>(responses);
} }
@ -54,7 +55,7 @@ namespace Bit.Api.Controllers
[HttpPost("")] [HttpPost("")]
public async Task<FolderResponseModel> Post([FromBody]FolderRequestModel model) public async Task<FolderResponseModel> Post([FromBody]FolderRequestModel model)
{ {
var folder = model.ToCipher(_userManager.GetUserId(User)); var folder = model.ToCipher(_userService.GetProperUserId(User).Value);
await _cipherService.SaveAsync(folder); await _cipherService.SaveAsync(folder);
return new FolderResponseModel(folder); return new FolderResponseModel(folder);
} }
@ -63,7 +64,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}")] [HttpPost("{id}")]
public async Task<FolderResponseModel> Put(string id, [FromBody]FolderRequestModel model) public async Task<FolderResponseModel> Put(string id, [FromBody]FolderRequestModel model)
{ {
var folder = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(folder == null || folder.Type != Core.Enums.CipherType.Folder) if(folder == null || folder.Type != Core.Enums.CipherType.Folder)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -77,7 +78,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/delete")] [HttpPost("{id}/delete")]
public async Task Delete(string id) public async Task Delete(string id)
{ {
var folder = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var folder = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(folder == null || folder.Type != Core.Enums.CipherType.Folder) if(folder == null || folder.Type != Core.Enums.CipherType.Folder)
{ {
throw new NotFoundException(); throw new NotFoundException();

18
src/Api/Controllers/LoginsController.cs
View File

@ -21,22 +21,22 @@ namespace Bit.Api.Controllers
{ {
private readonly ICipherRepository _cipherRepository; private readonly ICipherRepository _cipherRepository;
private readonly ICipherService _cipherService; private readonly ICipherService _cipherService;
private readonly UserManager<User> _userManager; private readonly IUserService _userService;
public LoginsController( public LoginsController(
ICipherRepository cipherRepository, ICipherRepository cipherRepository,
ICipherService cipherService, ICipherService cipherService,
UserManager<User> userManager) IUserService userService)
{ {
_cipherRepository = cipherRepository; _cipherRepository = cipherRepository;
_cipherService = cipherService; _cipherService = cipherService;
_userManager = userManager; _userService = userService;
} }
[HttpGet("{id}")] [HttpGet("{id}")]
public async Task<LoginResponseModel> Get(string id, string[] expand = null) public async Task<LoginResponseModel> Get(string id, string[] expand = null)
{ {
var login = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(login == null || login.Type != Core.Enums.CipherType.Login) if(login == null || login.Type != Core.Enums.CipherType.Login)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -51,7 +51,7 @@ namespace Bit.Api.Controllers
public async Task<ListResponseModel<LoginResponseModel>> Get(string[] expand = null) public async Task<ListResponseModel<LoginResponseModel>> Get(string[] expand = null)
{ {
ICollection<Cipher> logins = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Login, ICollection<Cipher> logins = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Login,
new Guid(_userManager.GetUserId(User))); _userService.GetProperUserId(User).Value);
var responses = logins.Select(s => new LoginResponseModel(s)).ToList(); var responses = logins.Select(s => new LoginResponseModel(s)).ToList();
await ExpandManyAsync(logins, responses, expand, null); await ExpandManyAsync(logins, responses, expand, null);
return new ListResponseModel<LoginResponseModel>(responses); return new ListResponseModel<LoginResponseModel>(responses);
@ -60,7 +60,7 @@ namespace Bit.Api.Controllers
[HttpPost("")] [HttpPost("")]
public async Task<LoginResponseModel> Post([FromBody]LoginRequestModel model, string[] expand = null) public async Task<LoginResponseModel> Post([FromBody]LoginRequestModel model, string[] expand = null)
{ {
var login = model.ToCipher(_userManager.GetUserId(User)); var login = model.ToCipher(_userService.GetProperUserId(User).Value);
await _cipherService.SaveAsync(login); await _cipherService.SaveAsync(login);
var response = new LoginResponseModel(login); var response = new LoginResponseModel(login);
@ -72,7 +72,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}")] [HttpPost("{id}")]
public async Task<LoginResponseModel> Put(string id, [FromBody]LoginRequestModel model, string[] expand = null) public async Task<LoginResponseModel> Put(string id, [FromBody]LoginRequestModel model, string[] expand = null)
{ {
var login = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(login == null || login.Type != Core.Enums.CipherType.Login) if(login == null || login.Type != Core.Enums.CipherType.Login)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -89,7 +89,7 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/delete")] [HttpPost("{id}/delete")]
public async Task Delete(string id) public async Task Delete(string id)
{ {
var login = await _cipherRepository.GetByIdAsync(new Guid(id), new Guid(_userManager.GetUserId(User))); var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
if(login == null || login.Type != Core.Enums.CipherType.Login) if(login == null || login.Type != Core.Enums.CipherType.Login)
{ {
throw new NotFoundException(); throw new NotFoundException();
@ -129,7 +129,7 @@ namespace Bit.Api.Controllers
if(folders == null) if(folders == null)
{ {
folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder, folders = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Folder,
new Guid(_userManager.GetUserId(User))); _userService.GetProperUserId(User).Value);
} }
if(folders != null && folders.Count() > 0) if(folders != null && folders.Count() > 0)

18
src/Api/Controllers/SettingsController.cs
View File

@ -4,7 +4,6 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Bit.Api.Models; using Bit.Api.Models;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core;
namespace Bit.Api.Controllers namespace Bit.Api.Controllers
{ {
@ -13,30 +12,29 @@ namespace Bit.Api.Controllers
public class SettingsController : Controller public class SettingsController : Controller
{ {
private readonly IUserService _userService; private readonly IUserService _userService;
private readonly CurrentContext _currentContext;
public SettingsController( public SettingsController(
IUserService userService, IUserService userService)
CurrentContext currentContext)
{ {
_userService = userService; _userService = userService;
_currentContext = currentContext;
} }
[HttpGet("domains")] [HttpGet("domains")]
public Task<DomainsResponseModel> GetDomains(bool excluded = true) public async Task<DomainsResponseModel> GetDomains(bool excluded = true)
{ {
var response = new DomainsResponseModel(_currentContext.User, excluded); var user = await _userService.GetUserByPrincipalAsync(User);
return Task.FromResult(response); var response = new DomainsResponseModel(user, excluded);
return response;
} }
[HttpPut("domains")] [HttpPut("domains")]
[HttpPost("domains")] [HttpPost("domains")]
public async Task<DomainsResponseModel> PutDomains([FromBody]UpdateDomainsRequestModel model) public async Task<DomainsResponseModel> PutDomains([FromBody]UpdateDomainsRequestModel model)
{ {
await _userService.SaveUserAsync(model.ToUser(_currentContext.User)); var user = await _userService.GetUserByPrincipalAsync(User);
await _userService.SaveUserAsync(model.ToUser(user));
var response = new DomainsResponseModel(_currentContext.User); var response = new DomainsResponseModel(user);
return response; return response;
} }
} }

4
src/Api/Models/Request/CipherRequestModel.cs
View File

@ -33,12 +33,12 @@ namespace Bit.Api.Models
[StringLength(10000)] [StringLength(10000)]
public string Notes { get; set; } public string Notes { get; set; }
public virtual Cipher ToCipher(string userId = null) public virtual Cipher ToCipher(Guid userId)
{ {
var cipher = new Cipher var cipher = new Cipher
{ {
Id = new Guid(Id), Id = new Guid(Id),
UserId = new Guid(userId), UserId = userId,
FolderId = string.IsNullOrWhiteSpace(FolderId) ? null : (Guid?)new Guid(FolderId), FolderId = string.IsNullOrWhiteSpace(FolderId) ? null : (Guid?)new Guid(FolderId),
Type = Type Type = Type
}; };

4
src/Api/Models/Request/DeviceRequestModels.cs
View File

@ -19,11 +19,11 @@ namespace Bit.Api.Models
[StringLength(255)] [StringLength(255)]
public string PushToken { get; set; } public string PushToken { get; set; }
public Device ToDevice(string userId = null) public Device ToDevice(Guid? userId = null)
{ {
return ToDevice(new Device return ToDevice(new Device
{ {
UserId = userId == null ? default(Guid) : new Guid(userId) UserId = userId == null ? default(Guid) : userId.Value
}); });
} }

4
src/Api/Models/Request/FolderRequestModel.cs
View File

@ -13,11 +13,11 @@ namespace Bit.Api.Models
[StringLength(300)] [StringLength(300)]
public string Name { get; set; } public string Name { get; set; }
public Cipher ToCipher(string userId = null) public Cipher ToCipher(Guid userId)
{ {
return ToCipher(new Cipher return ToCipher(new Cipher
{ {
UserId = new Guid(userId) UserId = userId
}); });
} }

4
src/Api/Models/Request/LoginRequestModel.cs
View File

@ -28,11 +28,11 @@ namespace Bit.Api.Models
[StringLength(10000)] [StringLength(10000)]
public string Notes { get; set; } public string Notes { get; set; }
public Cipher ToCipher(string userId = null) public Cipher ToCipher(Guid userId)
{ {
return ToCipher(new Cipher return ToCipher(new Cipher
{ {
UserId = new Guid(userId) UserId = userId
}); });
} }

1
src/Core/Services/IUserService.cs
View File

@ -12,6 +12,7 @@ namespace Bit.Core.Services
Guid? GetProperUserId(ClaimsPrincipal principal); Guid? GetProperUserId(ClaimsPrincipal principal);
Task<User> GetUserByIdAsync(string userId); Task<User> GetUserByIdAsync(string userId);
Task<User> GetUserByIdAsync(Guid userId); Task<User> GetUserByIdAsync(Guid userId);
Task<User> GetUserByPrincipalAsync(ClaimsPrincipal principal);
Task<DateTime> GetAccountRevisionDateByIdAsync(Guid userId); Task<DateTime> GetAccountRevisionDateByIdAsync(Guid userId);
Task SaveUserAsync(User user); Task SaveUserAsync(User user);
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword); Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);

11
src/Core/Services/Implementations/UserService.cs
View File

@ -100,6 +100,17 @@ namespace Bit.Core.Services
return _currentContext.User; return _currentContext.User;
} }
public async Task<User> GetUserByPrincipalAsync(ClaimsPrincipal principal)
{
var userId = GetProperUserId(principal);
if(!userId.HasValue)
{
return null;
}
return await GetUserByIdAsync(userId.Value);
}
public async Task<DateTime> GetAccountRevisionDateByIdAsync(Guid userId) public async Task<DateTime> GetAccountRevisionDateByIdAsync(Guid userId)
{ {
return await _userRepository.GetAccountRevisionDateAsync(userId); return await _userRepository.GetAccountRevisionDateAsync(userId);