[SG-763] Store the fact that a Passwordless request was denied in the AuthRequest table (#2363)

* Added migrations for sqlserver and mysql * Added migrations for postgres * renamed mysql migration script to make naming uniform * introduced approved field to the update auth request controller;This change would keep track of denied passwordless requests * Recreated the authRequestView, introduced the approved field to the create procedure and updated the response model * Formatted code * fixed incorrect syntax in the AuthRequest_Create.sql SP
2025-06-30 23:52:50 -05:00 · 2022-10-25 17:14:48 -04:00
parent b938abab65
commit 351f62866b
15 changed files with 3591 additions and 12 deletions
--- a/src/Api/Controllers/AuthRequestsController.cs
+++ b/src/Api/Controllers/AuthRequestsController.cs
@ -131,15 +131,13 @@ public class AuthRequestsController : Controller
            throw new BadRequestException("Invalid device.");
        }

-        if (model.RequestApproved)
-        {
-            authRequest.Key = model.Key;
-            authRequest.MasterPasswordHash = model.MasterPasswordHash;
-            authRequest.ResponseDeviceId = device.Id;
-            authRequest.ResponseDate = DateTime.UtcNow;
-            await _authRequestRepository.ReplaceAsync(authRequest);
-            await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
-        }
+        authRequest.Key = model.Key;
+        authRequest.MasterPasswordHash = model.MasterPasswordHash;
+        authRequest.ResponseDeviceId = device.Id;
+        authRequest.ResponseDate = DateTime.UtcNow;
+        authRequest.Approved = model.RequestApproved;
+        await _authRequestRepository.ReplaceAsync(authRequest);
+        await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);

        return new AuthRequestResponseModel(authRequest, _globalSettings.BaseServiceUri.Vault);
    }
--- a/src/Api/Models/Response/AuthRequestResponseModel.cs
+++ b/src/Api/Models/Response/AuthRequestResponseModel.cs
@ -1,7 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 using System.Reflection;
 using Bit.Core.Entities;
-using Bit.Core.Enums;
 using Bit.Core.Models.Api;

 namespace Bit.Api.Models.Response;
@ -25,8 +24,7 @@ public class AuthRequestResponseModel : ResponseModel
        Key = authRequest.Key;
        MasterPasswordHash = authRequest.MasterPasswordHash;
        CreationDate = authRequest.CreationDate;
-        RequestApproved = !string.IsNullOrWhiteSpace(Key) &&
-            (authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash));
+        RequestApproved = authRequest.Approved ?? false;
        Origin = new Uri(vaultUri).Host;
    }