nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[PM-3779] idor allow the attacker to delete the victim domain (#3308)

Browse Source 
* [PM-3779] Added IOrganizationDomainRepository.GetDomainByIdAndOrganizationIdAsync and SQL stored procedure

* [PM-3779] Changed GetOrganizationDomainByIdQuery to also take OrgId as a parameter. Updated existing unit tests and added new. Updated controller to match command changes

* [PM-3779] Removed type from url routes

* [PM-3779] Renamed IGetOrganizationDomainByIdAndOrganizationIdQuery to IGetOrganizationDomainByIdOrganizationIdQuery

* [PM-3779] Renamed GetOrganizationDomainByIdOrganizationIdQueryTests file and added more tests
This commit is contained in:
Rui Tomé
2023-10-18 11:57:59 +01:00
committed by GitHub
parent cb73056c42
commit 21219262a2
22 changed files with 312 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
util/Migrator/DbScripts/2023-09-29_00_OrgDomainReadByIdOrgId.sql Normal file
View File

@ -0,0 +1,17 @@
CREATE OR ALTER PROCEDURE [dbo].[OrganizationDomain_ReadByIdOrganizationId]
@Id UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
*
FROM
[dbo].[OrganizationDomain]
WHERE
[Id] = @Id
AND
[OrganizationId] = @OrganizationId
END
GO