nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[SG-859] Key and MasterPasswordHash stored on AuthRequest when you deny login request (#2469)

Browse Source 
* [SG-856] Remove nullable from RequestApproved property

* [SG-856] Assign key and hash only if approved
This commit is contained in:
André Bispo 2022-12-13 21:50:53 +00:00 committed by GitHub
parent a504364e91
commit 16ad5db418
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Api/Controllers/AuthRequestsController.cs
View File

@ -137,11 +137,16 @@ public class AuthRequestsController : Controller
throw new BadRequestException("Invalid device.");
}
authRequest.Key = model.Key;
authRequest.MasterPasswordHash = model.MasterPasswordHash;
authRequest.ResponseDeviceId = device.Id;
authRequest.ResponseDate = DateTime.UtcNow;
authRequest.Approved = model.RequestApproved;
if (model.RequestApproved)
{
authRequest.Key = model.Key;
authRequest.MasterPasswordHash = model.MasterPasswordHash;
}
await _authRequestRepository.ReplaceAsync(authRequest);
// We only want to send an approval notification if the request is approved (or null),