nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Fix bug #2317: add deletion date validation for file Sends (#2342)

Browse Source 
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
This commit is contained in:
Alena N 2022-12-13 20:30:01 +01:00 committed by GitHub
parent c6fbe8cc44
commit 456cc6773e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Controllers/SendsController.cs
View File

@ -205,6 +205,7 @@ public class SendsController : Controller
throw new BadRequestException($"Max file size is {SendService.MAX_FILE_SIZE_READABLE}.");
}
model.ValidateCreation();
var userId = _userService.GetProperUserId(User).Value;
var (send, data) = model.ToSend(userId, model.File.FileName, _sendService);
var uploadUrl = await _sendService.SaveFileSendAsync(send, data, model.FileLength.Value);

28
test/Api.Test/Controllers/SendsControllerTests.cs
View File

@ -6,6 +6,7 @@ using Bit.Api.Models.Response;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
@ -19,7 +20,6 @@ namespace Bit.Api.Test.Controllers;
public class SendsControllerTests : IDisposable
{
private readonly SendsController _sut;
private readonly GlobalSettings _globalSettings;
private readonly IUserService _userService;
@ -76,4 +76,30 @@ public class SendsControllerTests : IDisposable
Assert.NotNull(response);
Assert.Null(response.CreatorIdentifier);
}
[Fact]
public async Task Post_DeletionDateIsMoreThan31DaysFromNow_ThrowsBadRequest()
{
var now = DateTime.UtcNow;
var expected = "You cannot have a Send with a deletion date that far " +
"into the future. Adjust the Deletion Date to a value less than 31 days from now " +
"and try again.";
var request = new SendRequestModel() { DeletionDate = now.AddDays(32) };
var exception = await Assert.ThrowsAsync<BadRequestException>(() => _sut.Post(request));
Assert.Equal(expected, exception.Message);
}
[Fact]
public async Task PostFile_DeletionDateIsMoreThan31DaysFromNow_ThrowsBadRequest()
{
var now = DateTime.UtcNow;
var expected = "You cannot have a Send with a deletion date that far " +
"into the future. Adjust the Deletion Date to a value less than 31 days from now " +
"and try again.";
var request = new SendRequestModel() { Type = SendType.File, FileLength = 1024L, DeletionDate = now.AddDays(32) };
var exception = await Assert.ThrowsAsync<BadRequestException>(() => _sut.PostFile(request));
Assert.Equal(expected, exception.Message);
}
}