nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Handle name == null in Emergency Access (#1100)

Browse Source
This commit is contained in:
Oscar Hinton 2021-01-20 19:50:07 +01:00 committed by GitHub
parent 001bbf2f2b
commit 48d14e8521
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Controllers/EmergencyAccessController.cs
View File

@ -87,14 +87,14 @@ namespace Bit.Api.Controllers
public async Task Invite([FromBody] EmergencyAccessInviteRequestModel model) public async Task Invite([FromBody] EmergencyAccessInviteRequestModel model)
{ {
var user = await _userService.GetUserByPrincipalAsync(User); var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.InviteAsync(user, user.Name, model.Email, model.Type.Value, model.WaitTimeDays); await _emergencyAccessService.InviteAsync(user, model.Email, model.Type.Value, model.WaitTimeDays);
} }
[HttpPost("{id}/reinvite")] [HttpPost("{id}/reinvite")]
public async Task Reinvite(string id) public async Task Reinvite(string id)
{ {
var user = await _userService.GetUserByPrincipalAsync(User); var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.ResendInviteAsync(user.Id, new Guid(id), user.Name); await _emergencyAccessService.ResendInviteAsync(user, new Guid(id));
} }
[HttpPost("{id}/accept")] [HttpPost("{id}/accept")]

4
src/Core/Services/IEmergencyAccessService.cs
View File

@ -9,8 +9,8 @@ namespace Bit.Core.Services
{ {
public interface IEmergencyAccessService public interface IEmergencyAccessService
{ {
Task<EmergencyAccess> InviteAsync(User invitingUser, string invitingUsersName, string email, EmergencyAccessType type, int waitTime); Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime);
Task ResendInviteAsync(Guid invitingUserId, Guid emergencyAccessId, string invitingUsersName); Task ResendInviteAsync(User invitingUser, Guid emergencyAccessId);
Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService); Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService);
Task DeleteAsync(Guid emergencyAccessId, Guid grantorId); Task DeleteAsync(Guid emergencyAccessId, Guid grantorId);
Task<EmergencyAccess> ConfirmUserAsync(Guid emergencyAccessId, string key, Guid grantorId); Task<EmergencyAccess> ConfirmUserAsync(Guid emergencyAccessId, string key, Guid grantorId);

23
src/Core/Services/Implementations/EmergencyAccessService.cs
View File

@ -45,7 +45,7 @@ namespace Bit.Core.Services
_globalSettings = globalSettings; _globalSettings = globalSettings;
} }
public async Task<EmergencyAccess> InviteAsync(User invitingUser, string invitingUsersName, string email, EmergencyAccessType type, int waitTime) public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime)
{ {
if (! await _userService.CanAccessPremium(invitingUser)) if (! await _userService.CanAccessPremium(invitingUser))
{ {
@ -64,7 +64,7 @@ namespace Bit.Core.Services
}; };
await _emergencyAccessRepository.CreateAsync(emergencyAccess); await _emergencyAccessRepository.CreateAsync(emergencyAccess);
await SendInviteAsync(emergencyAccess, invitingUsersName); await SendInviteAsync(emergencyAccess, NameOrEmail(invitingUser));
return emergencyAccess; return emergencyAccess;
} }
@ -80,16 +80,16 @@ namespace Bit.Core.Services
return emergencyAccess; return emergencyAccess;
} }
public async Task ResendInviteAsync(Guid invitingUserId, Guid emergencyAccessId, string invitingUsersName) public async Task ResendInviteAsync(User invitingUser, Guid emergencyAccessId)
{ {
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(emergencyAccessId); var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(emergencyAccessId);
if (emergencyAccess == null || emergencyAccess.GrantorId != invitingUserId || if (emergencyAccess == null || emergencyAccess.GrantorId != invitingUser.Id ||
emergencyAccess.Status != EmergencyAccessStatusType.Invited) emergencyAccess.Status != EmergencyAccessStatusType.Invited)
{ {
throw new BadRequestException("Emergency Access not valid."); throw new BadRequestException("Emergency Access not valid.");
} }
await SendInviteAsync(emergencyAccess, invitingUsersName); await SendInviteAsync(emergencyAccess, NameOrEmail(invitingUser));
} }
public async Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService) public async Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService)
@ -157,7 +157,7 @@ namespace Bit.Core.Services
emergencyAccess.KeyEncrypted = key; emergencyAccess.KeyEncrypted = key;
emergencyAccess.Email = null; emergencyAccess.Email = null;
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess); await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
await _mailService.SendEmergencyAccessConfirmedEmailAsync(grantor.Name, grantee.Email); await _mailService.SendEmergencyAccessConfirmedEmailAsync(NameOrEmail(grantor), grantee.Email);
return emergencyAccess; return emergencyAccess;
} }
@ -191,7 +191,7 @@ namespace Bit.Core.Services
var grantor = await _userRepository.GetByIdAsync(emergencyAccess.GrantorId); var grantor = await _userRepository.GetByIdAsync(emergencyAccess.GrantorId);
await _mailService.SendEmergencyAccessRecoveryInitiated(emergencyAccess, initiatingUser.Name, grantor.Email); await _mailService.SendEmergencyAccessRecoveryInitiated(emergencyAccess, NameOrEmail(initiatingUser), grantor.Email);
} }
public async Task ApproveAsync(Guid id, User approvingUser) public async Task ApproveAsync(Guid id, User approvingUser)
@ -208,7 +208,7 @@ namespace Bit.Core.Services
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess); await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value); var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value);
await _mailService.SendEmergencyAccessRecoveryApproved(emergencyAccess, approvingUser.Name, grantee.Email); await _mailService.SendEmergencyAccessRecoveryApproved(emergencyAccess, NameOrEmail(approvingUser), grantee.Email);
} }
public async Task RejectAsync(Guid id, User rejectingUser) public async Task RejectAsync(Guid id, User rejectingUser)
@ -226,7 +226,7 @@ namespace Bit.Core.Services
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess); await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value); var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value);
await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, rejectingUser.Name, grantee.Email); await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, NameOrEmail(rejectingUser), grantee.Email);
} }
public async Task<(EmergencyAccess, User)> TakeoverAsync(Guid id, User requestingUser) public async Task<(EmergencyAccess, User)> TakeoverAsync(Guid id, User requestingUser)
@ -313,5 +313,10 @@ namespace Bit.Core.Services
var token = _dataProtector.Protect($"EmergencyAccessInvite {emergencyAccess.Id} {emergencyAccess.Email} {nowMillis}"); var token = _dataProtector.Protect($"EmergencyAccessInvite {emergencyAccess.Id} {emergencyAccess.Email} {nowMillis}");
await _mailService.SendEmergencyAccessInviteEmailAsync(emergencyAccess, invitingUsersName, token); await _mailService.SendEmergencyAccessInviteEmailAsync(emergencyAccess, invitingUsersName, token);
} }
private string NameOrEmail(User user)
{
return string.IsNullOrWhiteSpace(user.Name) ? user.Email : user.Name;
}
} }
} }