nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-20 11:04:31 -05:00
Code

Implement User-based API Keys (#981)

Browse Source 
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
This commit is contained in:
Addison Beck 2020-11-10 15:15:29 -05:00 committed by GitHub
parent d9cd7551fe
commit 25a9991908
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 540 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/Api/Controllers/AccountsController.cs
View File

@ -734,5 +734,48 @@ namespace Bit.Api.Controllers
var userIdentifier = $"{user.Id},{token}"; var userIdentifier = $"{user.Id},{token}";
return userIdentifier; return userIdentifier;
} }
[HttpPost("api-key")]
public async Task<ApiKeyResponseModel> ApiKey([FromBody]ApiKeyRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
if (user == null)
{
throw new UnauthorizedAccessException();
}
if (!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
else
{
var response = new ApiKeyResponseModel(user);
return response;
}
}
[HttpPost("rotate-api-key")]
public async Task<ApiKeyResponseModel> RotateApiKey([FromBody]ApiKeyRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
if (user == null)
{
throw new UnauthorizedAccessException();
}
if (!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
else
{
await _userService.RotateApiKeyAsync(user);
var response = new ApiKeyResponseModel(user);
return response;
}
}
} }
} }

59
src/Core/IdentityServer/ClientStore.cs
View File

@ -1,4 +1,5 @@
using IdentityServer4.Stores; using System.Linq;
using IdentityServer4.Stores;
using System.Threading.Tasks; using System.Threading.Tasks;
using IdentityServer4.Models; using IdentityServer4.Models;
using System.Collections.Generic; using System.Collections.Generic;
@ -6,6 +7,9 @@ using Bit.Core.Repositories;
using System; using System;
using IdentityModel; using IdentityModel;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using System.Security.Claims;
using Bit.Core.Services;
using System.Collections.ObjectModel;
namespace Bit.Core.IdentityServer namespace Bit.Core.IdentityServer
{ {
@ -13,19 +17,31 @@ namespace Bit.Core.IdentityServer
{ {
private readonly IInstallationRepository _installationRepository; private readonly IInstallationRepository _installationRepository;
private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationRepository _organizationRepository;
private readonly IUserRepository _userRepository;
private readonly GlobalSettings _globalSettings; private readonly GlobalSettings _globalSettings;
private readonly StaticClientStore _staticClientStore; private readonly StaticClientStore _staticClientStore;
private readonly ILicensingService _licensingService;
private readonly CurrentContext _currentContext;
private readonly IOrganizationUserRepository _organizationUserRepository;
public ClientStore( public ClientStore(
IInstallationRepository installationRepository, IInstallationRepository installationRepository,
IOrganizationRepository organizationRepository, IOrganizationRepository organizationRepository,
IUserRepository userRepository,
GlobalSettings globalSettings, GlobalSettings globalSettings,
StaticClientStore staticClientStore) StaticClientStore staticClientStore,
ILicensingService licensingService,
CurrentContext currentContext,
IOrganizationUserRepository organizationUserRepository)
{ {
_installationRepository = installationRepository; _installationRepository = installationRepository;
_organizationRepository = organizationRepository; _organizationRepository = organizationRepository;
_userRepository = userRepository;
_globalSettings = globalSettings; _globalSettings = globalSettings;
_staticClientStore = staticClientStore; _staticClientStore = staticClientStore;
_licensingService = licensingService;
_currentContext = currentContext;
_organizationUserRepository = organizationUserRepository;
} }
public async Task<Client> FindClientByIdAsync(string clientId) public async Task<Client> FindClientByIdAsync(string clientId)
@ -106,6 +122,45 @@ namespace Bit.Core.IdentityServer
} }
} }
} }
else if (clientId.StartsWith("user."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
{
var user = await _userRepository.GetByIdAsync(id);
if (user != null)
{
var claims = new Collection<ClientClaim>()
{
new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()),
new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")
};
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
claims.Add(isBool ?
new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new ClientClaim(claim.Key, claim.Value)
);
}
return new Client
{
ClientId = clientId,
RequireClientSecret = true,
ClientSecrets = { new Secret(user.ApiKey.Sha256()) },
AllowedScopes = new string[] { "api" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 1,
ClientClaimsPrefix = null,
Claims = claims
};
}
}
}
return _staticClientStore.ApiClients.ContainsKey(clientId) ? return _staticClientStore.ApiClients.ContainsKey(clientId) ?
_staticClientStore.ApiClients[clientId] : null; _staticClientStore.ApiClients[clientId] : null;

8
src/Core/IdentityServer/CustomTokenRequestValidator.cs
View File

@ -10,6 +10,7 @@ using System.Linq;
using Bit.Core.Identity; using Bit.Core.Identity;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using IdentityServer4.Extensions; using IdentityServer4.Extensions;
using IdentityModel;
namespace Bit.Core.IdentityServer namespace Bit.Core.IdentityServer
{ {
@ -42,7 +43,8 @@ namespace Bit.Core.IdentityServer
public async Task ValidateAsync(CustomTokenRequestValidationContext context) public async Task ValidateAsync(CustomTokenRequestValidationContext context)
{ {
if (context.Result.ValidatedRequest.GrantType != "authorization_code") string[] allowedGrantTypes = { "authorization_code", "client_credentials" };
if (!allowedGrantTypes.Contains(context.Result.ValidatedRequest.GrantType))
{ {
return; return;
} }
@ -51,7 +53,9 @@ namespace Bit.Core.IdentityServer
protected async override Task<(User, bool)> ValidateContextAsync(CustomTokenRequestValidationContext context) protected async override Task<(User, bool)> ValidateContextAsync(CustomTokenRequestValidationContext context)
{ {
var user = await _userManager.FindByEmailAsync(context.Result.ValidatedRequest.Subject.GetDisplayName()); var email = context.Result.ValidatedRequest.Subject?.GetDisplayName()
?? context.Result.ValidatedRequest.ClientClaims.FirstOrDefault(claim => claim.Type == JwtClaimTypes.Email).Value;
var user = await _userManager.FindByEmailAsync(email);
return (user, user != null); return (user, user != null);
} }

56
src/Core/IdentityServer/ProfileService.cs
View File

@ -8,6 +8,7 @@ using System.Collections.Generic;
using System.Linq; using System.Linq;
using System; using System;
using IdentityModel; using IdentityModel;
using Bit.Core.Utilities;
namespace Bit.Core.IdentityServer namespace Bit.Core.IdentityServer
{ {
@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer
if (user != null) if (user != null)
{ {
var isPremium = await _licensingService.ValidateUserPremiumAsync(user); var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
newClaims.AddRange(new List<Claim>
{
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.Email, user.Email),
new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
ClaimValueTypes.Boolean),
new Claim("sstamp", user.SecurityStamp)
});
if (!string.IsNullOrWhiteSpace(user.Name))
{
newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name));
}
// Orgs that this user belongs to
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id); var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
if (orgs.Any()) foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{ {
foreach (var group in orgs.GroupBy(o => o.Type)) var upperValue = claim.Value.ToUpperInvariant();
{ var isBool = upperValue == "TRUE" || upperValue == "FALSE";
switch (group.Key) newClaims.Add(isBool ?
{ new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
case Enums.OrganizationUserType.Owner: new Claim(claim.Key, claim.Value)
foreach (var org in group) );
{
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
newClaims.Add(new Claim("orgmanager", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
newClaims.Add(new Claim("orguser", org.Id.ToString()));
}
break;
default:
break;
}
}
} }
} }

10
src/Core/Models/Api/Response/ApiKeyResponseModel.cs
View File

@ -15,6 +15,16 @@ namespace Bit.Core.Models.Api
ApiKey = organization.ApiKey; ApiKey = organization.ApiKey;
} }
public ApiKeyResponseModel(User user, string obj = "apiKey")
: base(obj)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
ApiKey = user.ApiKey;
}
public string ApiKey { get; set; } public string ApiKey { get; set; }
} }
} }

3
src/Core/Models/Table/User.cs
View File

@ -3,8 +3,6 @@ using Bit.Core.Enums;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using System.Collections.Generic; using System.Collections.Generic;
using Newtonsoft.Json; using Newtonsoft.Json;
using Bit.Core.Services;
using Bit.Core.Exceptions;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
namespace Bit.Core.Models.Table namespace Bit.Core.Models.Table
@ -39,6 +37,7 @@ namespace Bit.Core.Models.Table
public string GatewaySubscriptionId { get; set; } public string GatewaySubscriptionId { get; set; }
public string ReferenceData { get; set; } public string ReferenceData { get; set; }
public string LicenseKey { get; set; } public string LicenseKey { get; set; }
public string ApiKey { get; set; }
public KdfType Kdf { get; set; } = KdfType.PBKDF2_SHA256; public KdfType Kdf { get; set; } = KdfType.PBKDF2_SHA256;
public int KdfIterations { get; set; } = 5000; public int KdfIterations { get; set; } = 5000;
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow; public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;

1
src/Core/Services/IUserService.cs
View File

@ -69,5 +69,6 @@ namespace Bit.Core.Services
Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, ITwoFactorProvidersUser user); Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, ITwoFactorProvidersUser user);
Task<string> GenerateEnterprisePortalSignInTokenAsync(User user); Task<string> GenerateEnterprisePortalSignInTokenAsync(User user);
Task<string> GenerateSignInTokenAsync(User user, string purpose); Task<string> GenerateSignInTokenAsync(User user, string purpose);
Task RotateApiKeyAsync(User user);
} }
} }

8
src/Core/Services/Implementations/UserService.cs
View File

@ -292,6 +292,7 @@ namespace Bit.Core.Services
} }
} }
user.ApiKey = CoreHelpers.SecureRandomString(30);
var result = await base.CreateAsync(user, masterPassword); var result = await base.CreateAsync(user, masterPassword);
if (result == IdentityResult.Success) if (result == IdentityResult.Success)
{ {
@ -1204,5 +1205,12 @@ namespace Bit.Core.Services
} }
return result; return result;
} }
public async Task RotateApiKeyAsync(User user)
{
user.ApiKey = CoreHelpers.SecureRandomString(30);
user.RevisionDate = DateTime.UtcNow;
await _userRepository.ReplaceAsync(user);
}
} }
} }

56
src/Core/Utilities/CoreHelpers.cs
View File

@ -18,6 +18,8 @@ using Bit.Core.Enums;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.Azure.Storage; using Microsoft.Azure.Storage;
using Microsoft.Azure.Storage.Blob; using Microsoft.Azure.Storage.Blob;
using Bit.Core.Models.Table;
using IdentityModel;
namespace Bit.Core.Utilities namespace Bit.Core.Utilities
{ {
@ -670,5 +672,59 @@ namespace Bit.Core.Utilities
} }
return configDict; return configDict;
} }
public static Dictionary<string, string> BuildIdentityClaims(User user, ICollection<CurrentContext.CurrentContentOrganization> orgs, bool isPremium)
{
var claims = new Dictionary<string, string>()
{
{"premium", isPremium ? "true" : "false"},
{JwtClaimTypes.Email, user.Email},
{JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"},
{"sstamp", user.SecurityStamp}
};
if (!string.IsNullOrWhiteSpace(user.Name))
{
claims.Add(JwtClaimTypes.Name, user.Name);
}
// Orgs that this user belongs to
if (orgs.Any())
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
claims.Add("orgowner", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
claims.Add("orgadmin", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
claims.Add("orgmanager", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
claims.Add("orguser", org.Id.ToString());
}
break;
default:
break;
}
}
}
return claims;
}
} }
} }

9
src/Sql/dbo/Stored Procedures/User_Create.sql
View File

@ -28,7 +28,8 @@
@Kdf TINYINT, @Kdf TINYINT,
@KdfIterations INT, @KdfIterations INT,
@CreationDate DATETIME2(7), @CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7) @RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS AS
BEGIN BEGIN
SET NOCOUNT ON SET NOCOUNT ON
@ -64,7 +65,8 @@ BEGIN
[Kdf], [Kdf],
[KdfIterations], [KdfIterations],
[CreationDate], [CreationDate],
[RevisionDate] [RevisionDate],
[ApiKey]
) )
VALUES VALUES
( (
@ -97,6 +99,7 @@ BEGIN
@Kdf, @Kdf,
@KdfIterations, @KdfIterations,
@CreationDate, @CreationDate,
@RevisionDate @RevisionDate,
@ApiKey
) )
END END

6
src/Sql/dbo/Stored Procedures/User_Update.sql
View File

@ -28,7 +28,8 @@
@Kdf TINYINT, @Kdf TINYINT,
@KdfIterations INT, @KdfIterations INT,
@CreationDate DATETIME2(7), @CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7) @RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS AS
BEGIN BEGIN
SET NOCOUNT ON SET NOCOUNT ON
@ -64,7 +65,8 @@ BEGIN
[Kdf] = @Kdf, [Kdf] = @Kdf,
[KdfIterations] = @KdfIterations, [KdfIterations] = @KdfIterations,
[CreationDate] = @CreationDate, [CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate [RevisionDate] = @RevisionDate,
[ApiKey] = @ApiKey
WHERE WHERE
[Id] = @Id [Id] = @Id
END END

1
src/Sql/dbo/Tables/User.sql
View File

@ -29,6 +29,7 @@
[KdfIterations] INT NOT NULL, [KdfIterations] INT NOT NULL,
[CreationDate] DATETIME2 (7) NOT NULL, [CreationDate] DATETIME2 (7) NOT NULL,
[RevisionDate] DATETIME2 (7) NOT NULL, [RevisionDate] DATETIME2 (7) NOT NULL,
[ApiKey] VARCHAR (30) NOT NULL,
CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ([Id] ASC) CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ([Id] ASC)
); );

60
test/Api.Test/Controllers/AccountsControllerTests.cs
View File

@ -304,6 +304,66 @@ namespace Bit.Api.Test.Controllers
); );
} }
[Fact]
public async Task GetApiKey_ShouldReturnApiKeyResponse()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToAcceptPasswordFor(user);
await _sut.ApiKey(new ApiKeyRequestModel());
}
[Fact]
public async Task GetApiKey_WhenUserDoesNotExist_ShouldThrowUnauthorizedAccessException()
{
ConfigureUserServiceToReturnNullPrincipal();
await Assert.ThrowsAsync<UnauthorizedAccessException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
[Fact]
public async Task GetApiKey_WhenPasswordCheckFails_ShouldThrowBadRequestException()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToRejectPasswordFor(user);
await Assert.ThrowsAsync<BadRequestException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
[Fact]
public async Task PostRotateApiKey_ShouldRotateApiKey()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToAcceptPasswordFor(user);
await _sut.RotateApiKey(new ApiKeyRequestModel());
}
[Fact]
public async Task PostRotateApiKey_WhenUserDoesNotExist_ShouldThrowUnauthorizedAccessException()
{
ConfigureUserServiceToReturnNullPrincipal();
await Assert.ThrowsAsync<UnauthorizedAccessException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
[Fact]
public async Task PostRotateApiKey_WhenPasswordCheckFails_ShouldThrowBadRequestException()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToRejectPasswordFor(user);
await Assert.ThrowsAsync<BadRequestException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
// Below are helper functions that currently belong to this // Below are helper functions that currently belong to this
// test class, but ultimately may need to be split out into // test class, but ultimately may need to be split out into
// something greater in order to share common test steps with // something greater in order to share common test steps with

279
util/Migrator/DbScripts/2020-10-28_00_UserApiKey.sql Normal file
View File

@ -0,0 +1,279 @@
-- Add ApiKey column to dbo.User, nullable for now but will be not null after backfilling
IF COL_LENGTH('[dbo].[User]', 'ApiKey') IS NULL
BEGIN
ALTER TABLE
[dbo].[User]
ADD
[ApiKey] VARCHAR (30) NULL
END
GO
-- Setup for random string generation to backfill dbo.User.ApiKey
CREATE VIEW [dbo].[SecureRandomBytes]
AS
SELECT [RandBytes] = CRYPT_GEN_RANDOM(2)
GO
CREATE FUNCTION [dbo].[SecureRandomString]()
RETURNS varchar(30)
AS
BEGIN
declare @sLength tinyint
declare @randomString varchar(30)
declare @counter tinyint
declare @nextChar char(1)
declare @rnd as float
declare @bytes binary(2)
set @sLength = 30
set @counter = 1
set @randomString = ''
while @counter <= @sLength
begin
select @bytes = [RandBytes] from [dbo].[SecureRandomBytes]
select @rnd = cast(cast(cast(@bytes as int) as float) / 65535 as float)
select @nextChar = char(48 + convert(int, (122-48+1) * @rnd))
if ascii(@nextChar) not in (58,59,60,61,62,63,64,91,92,93,94,95,96)
begin
select @randomString = @randomString + @nextChar
set @counter = @counter + 1
end
end
return @randomString
END
GO
-- Backfill dbo.User.ApiKey
UPDATE
[dbo].[User]
SET
[ApiKey] = (SELECT [dbo].[SecureRandomString]())
GO
-- Change dbo.User.ApiKey to not null to enforece all future users to have one on create
ALTER TABLE
[dbo].[User]
ALTER COLUMN
[ApiKey] VARCHAR(30) NOT NULL
GO
-- Cleanup random string generation
DROP VIEW [dbo].[SecureRandomBytes]
GO
DROP FUNCTION [dbo].[SecureRandomString]
GO
-- Update dbo.User_Create to account for ApiKey
IF OBJECT_ID('[dbo].[User_Create]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[User_Create]
END
GO
CREATE PROCEDURE [dbo].[User_Create]
@Id UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@Email NVARCHAR(50),
@EmailVerified BIT,
@MasterPassword NVARCHAR(300),
@MasterPasswordHint NVARCHAR(50),
@Culture NVARCHAR(10),
@SecurityStamp NVARCHAR(50),
@TwoFactorProviders NVARCHAR(MAX),
@TwoFactorRecoveryCode NVARCHAR(32),
@EquivalentDomains NVARCHAR(MAX),
@ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
@AccountRevisionDate DATETIME2(7),
@Key NVARCHAR(MAX),
@PublicKey NVARCHAR(MAX),
@PrivateKey NVARCHAR(MAX),
@Premium BIT,
@PremiumExpirationDate DATETIME2(7),
@RenewalReminderDate DATETIME2(7),
@Storage BIGINT,
@MaxStorageGb SMALLINT,
@Gateway TINYINT,
@GatewayCustomerId VARCHAR(50),
@GatewaySubscriptionId VARCHAR(50),
@ReferenceData VARCHAR(MAX),
@LicenseKey VARCHAR(100),
@Kdf TINYINT,
@KdfIterations INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[User]
(
[Id],
[Name],
[Email],
[EmailVerified],
[MasterPassword],
[MasterPasswordHint],
[Culture],
[SecurityStamp],
[TwoFactorProviders],
[TwoFactorRecoveryCode],
[EquivalentDomains],
[ExcludedGlobalEquivalentDomains],
[AccountRevisionDate],
[Key],
[PublicKey],
[PrivateKey],
[Premium],
[PremiumExpirationDate],
[RenewalReminderDate],
[Storage],
[MaxStorageGb],
[Gateway],
[GatewayCustomerId],
[GatewaySubscriptionId],
[ReferenceData],
[LicenseKey],
[Kdf],
[KdfIterations],
[CreationDate],
[RevisionDate],
[ApiKey]
)
VALUES
(
@Id,
@Name,
@Email,
@EmailVerified,
@MasterPassword,
@MasterPasswordHint,
@Culture,
@SecurityStamp,
@TwoFactorProviders,
@TwoFactorRecoveryCode,
@EquivalentDomains,
@ExcludedGlobalEquivalentDomains,
@AccountRevisionDate,
@Key,
@PublicKey,
@PrivateKey,
@Premium,
@PremiumExpirationDate,
@RenewalReminderDate,
@Storage,
@MaxStorageGb,
@Gateway,
@GatewayCustomerId,
@GatewaySubscriptionId,
@ReferenceData,
@LicenseKey,
@Kdf,
@KdfIterations,
@CreationDate,
@RevisionDate,
@ApiKey
)
END
GO
-- Update dbo.User_Update to account for ApiKey
IF OBJECT_ID('[dbo].[User_Update]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[User_Update]
END
GO
CREATE PROCEDURE [dbo].[User_Update]
@Id UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@Email NVARCHAR(50),
@EmailVerified BIT,
@MasterPassword NVARCHAR(300),
@MasterPasswordHint NVARCHAR(50),
@Culture NVARCHAR(10),
@SecurityStamp NVARCHAR(50),
@TwoFactorProviders NVARCHAR(MAX),
@TwoFactorRecoveryCode NVARCHAR(32),
@EquivalentDomains NVARCHAR(MAX),
@ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
@AccountRevisionDate DATETIME2(7),
@Key NVARCHAR(MAX),
@PublicKey NVARCHAR(MAX),
@PrivateKey NVARCHAR(MAX),
@Premium BIT,
@PremiumExpirationDate DATETIME2(7),
@RenewalReminderDate DATETIME2(7),
@Storage BIGINT,
@MaxStorageGb SMALLINT,
@Gateway TINYINT,
@GatewayCustomerId VARCHAR(50),
@GatewaySubscriptionId VARCHAR(50),
@ReferenceData VARCHAR(MAX),
@LicenseKey VARCHAR(100),
@Kdf TINYINT,
@KdfIterations INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[User]
SET
[Name] = @Name,
[Email] = @Email,
[EmailVerified] = @EmailVerified,
[MasterPassword] = @MasterPassword,
[MasterPasswordHint] = @MasterPasswordHint,
[Culture] = @Culture,
[SecurityStamp] = @SecurityStamp,
[TwoFactorProviders] = @TwoFactorProviders,
[TwoFactorRecoveryCode] = @TwoFactorRecoveryCode,
[EquivalentDomains] = @EquivalentDomains,
[ExcludedGlobalEquivalentDomains] = @ExcludedGlobalEquivalentDomains,
[AccountRevisionDate] = @AccountRevisionDate,
[Key] = @Key,
[PublicKey] = @PublicKey,
[PrivateKey] = @PrivateKey,
[Premium] = @Premium,
[PremiumExpirationDate] = @PremiumExpirationDate,
[RenewalReminderDate] = @RenewalReminderDate,
[Storage] = @Storage,
[MaxStorageGb] = @MaxStorageGb,
[Gateway] = @Gateway,
[GatewayCustomerId] = @GatewayCustomerId,
[GatewaySubscriptionId] = @GatewaySubscriptionId,
[ReferenceData] = @ReferenceData,
[LicenseKey] = @LicenseKey,
[Kdf] = @Kdf,
[KdfIterations] = @KdfIterations,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate,
[ApiKey] = @ApiKey
WHERE
[Id] = @Id
END
GO
-- Refresh dbo.UserView so it has access to ApiKey
IF OBJECT_ID('[dbo].[UserView]') IS NOT NULL
BEGIN
DROP VIEW [dbo].[UserView]
END
GO
CREATE VIEW [dbo].[UserView]
AS
SELECT
*
FROM
[dbo].[User]
GO