From 1bd515e8f08846d630f078ea5846ea00187a6a36 Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Mon, 26 Apr 2021 14:36:06 -0500
Subject: [PATCH] Refuse upload renew if a file is validated (#1284)

Download should return regardless of file validation state
---
 src/Api/Controllers/CiphersController.cs           | 2 +-
 src/Core/Services/Implementations/CipherService.cs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs
index 22b6ce0e93..7f2eb7f2b5 100644
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@@ -609,7 +609,7 @@ namespace Bit.Api.Controllers
             var cipher = await _cipherRepository.GetByIdAsync(cipherId, userId);
             var attachments = cipher?.GetAttachments();
 
-            if (attachments == null || !attachments.ContainsKey(attachmentId))
+            if (attachments == null || !attachments.ContainsKey(attachmentId) || attachments[attachmentId].Validated)
             {
                 throw new NotFoundException();
             }
diff --git a/src/Core/Services/Implementations/CipherService.cs b/src/Core/Services/Implementations/CipherService.cs
index 718d687952..a9ceb14e7a 100644
--- a/src/Core/Services/Implementations/CipherService.cs
+++ b/src/Core/Services/Implementations/CipherService.cs
@@ -365,7 +365,7 @@ namespace Bit.Core.Services
         {
             var attachments = cipher?.GetAttachments() ?? new Dictionary<string, CipherAttachment.MetaData>();
 
-            if (!attachments.ContainsKey(attachmentId) || attachments[attachmentId].Validated)
+            if (!attachments.ContainsKey(attachmentId))
             {
                 throw new NotFoundException();
             }