[PM-20348] Add pending auth request endpoint (#5957)

* Feat(pm-20348): * Add migration scripts for Read Pending Auth Requests by UserId stored procedure and new `view` for pending AuthRequest. * View only returns the most recent pending authRequest, or none at all if the most recent is answered. * Implement stored procedure in AuthRequestRepository for both Dapper and Entity Framework. * Update AuthRequestController to query the new View to get a user's most recent pending auth requests response includes the requesting deviceId. * Doc: * Move summary xml comments to interface. * Added comments for the AuthRequestService. * Test: * Added testing for AuthRequestsController. * Added testing for repositories. * Added integration tests for multiple auth requests but only returning the most recent.
2025-07-04 09:32:48 -05:00 · 2025-06-30 13:17:51 -04:00
parent 899ff1b660
commit 20bf1455cf
14 changed files with 752 additions and 50 deletions
--- a/util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql
+++ b/util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql
@ -0,0 +1,53 @@
+CREATE OR ALTER VIEW [dbo].[AuthRequestPendingDetailsView]
+AS
+    WITH
+        PendingRequests
+        AS
+        (
+            SELECT
+                [AR].*,
+                [D].[Id] AS [DeviceId],
+                ROW_NUMBER() OVER (PARTITION BY [AR].[RequestDeviceIdentifier] ORDER BY [AR].[CreationDate] DESC) AS [rn]
+            FROM [dbo].[AuthRequest] [AR]
+                LEFT JOIN [dbo].[Device] [D]
+                ON [AR].[RequestDeviceIdentifier] = [D].[Identifier]
+                    AND [D].[UserId] = [AR].[UserId]
+            WHERE [AR].[Type] IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
+        )
+    SELECT
+        [PR].[Id],
+        [PR].[UserId],
+        [PR].[OrganizationId],
+        [PR].[Type],
+        [PR].[RequestDeviceIdentifier],
+        [PR].[RequestDeviceType],
+        [PR].[RequestIpAddress],
+        [PR].[RequestCountryName],
+        [PR].[ResponseDeviceId],
+        [PR].[AccessCode],
+        [PR].[PublicKey],
+        [PR].[Key],
+        [PR].[MasterPasswordHash],
+        [PR].[Approved],
+        [PR].[CreationDate],
+        [PR].[ResponseDate],
+        [PR].[AuthenticationDate],
+        [PR].[DeviceId]
+    FROM [PendingRequests] [PR]
+    WHERE [PR].[rn] = 1
+        AND [PR].[Approved] IS NULL -- since we only want pending requests we only want the most recent that is also approved = null
+  GO
+
+CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadPendingByUserId]
+    @UserId UNIQUEIDENTIFIER,
+    @ExpirationMinutes INT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT *
+    FROM [dbo].[AuthRequestPendingDetailsView]
+    WHERE [UserId] = @UserId
+        AND [CreationDate] >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
+END
+  GO