[PM-20348] Add pending auth request endpoint (#5957)

* Feat(pm-20348): * Add migration scripts for Read Pending Auth Requests by UserId stored procedure and new `view` for pending AuthRequest. * View only returns the most recent pending authRequest, or none at all if the most recent is answered. * Implement stored procedure in AuthRequestRepository for both Dapper and Entity Framework. * Update AuthRequestController to query the new View to get a user's most recent pending auth requests response includes the requesting deviceId. * Doc: * Move summary xml comments to interface. * Added comments for the AuthRequestService. * Test: * Added testing for AuthRequestsController. * Added testing for repositories. * Added integration tests for multiple auth requests but only returning the most recent.
2025-07-02 16:42:50 -05:00 · 2025-06-30 13:17:51 -04:00
parent 899ff1b660
commit 20bf1455cf
14 changed files with 752 additions and 50 deletions
--- a/src/Infrastructure.Dapper/Auth/Repositories/AuthRequestRepository.cs
+++ b/src/Infrastructure.Dapper/Auth/Repositories/AuthRequestRepository.cs
@ -14,13 +14,12 @@ namespace Bit.Infrastructure.Dapper.Auth.Repositories;

 public class AuthRequestRepository : Repository<AuthRequest, Guid>, IAuthRequestRepository
 {
+    private readonly GlobalSettings _globalSettings;
    public AuthRequestRepository(GlobalSettings globalSettings)
-        : this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
-    { }
-
-    public AuthRequestRepository(string connectionString, string readOnlyConnectionString)
-        : base(connectionString, readOnlyConnectionString)
-    { }
+        : base(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
+    {
+        _globalSettings = globalSettings;
+    }

    public async Task<int> DeleteExpiredAsync(
        TimeSpan userRequestExpiration, TimeSpan adminRequestExpiration, TimeSpan afterAdminApprovalExpiration)
@ -52,6 +51,18 @@ public class AuthRequestRepository : Repository<AuthRequest, Guid>, IAuthRequest
        }
    }

+    public async Task<IEnumerable<PendingAuthRequestDetails>> GetManyPendingAuthRequestByUserId(Guid userId)
+    {
+        var expirationMinutes = (int)_globalSettings.PasswordlessAuth.UserRequestExpiration.TotalMinutes;
+        using var connection = new SqlConnection(ConnectionString);
+        var results = await connection.QueryAsync<PendingAuthRequestDetails>(
+            $"[{Schema}].[AuthRequest_ReadPendingByUserId]",
+            new { UserId = userId, ExpirationMinutes = expirationMinutes },
+            commandType: CommandType.StoredProcedure);
+
+        return results;
+    }
+
    public async Task<ICollection<OrganizationAdminAuthRequest>> GetManyPendingByOrganizationIdAsync(Guid organizationId)
    {
        using (var connection = new SqlConnection(ConnectionString))