[PM-1380] Modify Device Table (#2937)

* Update Models - Add Controller Method * Add MSSQL Migration * Update SQL Proj * Update SQL Migration * Update Models * Update SQL Project * Add EF Migrations * Switch to using Identifier * Update Code Comment
2025-06-30 23:52:50 -05:00 · 2023-06-09 21:36:12 -04:00
parent 5f4a303180
commit 5874ff42c3
17 changed files with 6978 additions and 7 deletions
--- a/src/Api/Controllers/DevicesController.cs
+++ b/src/Api/Controllers/DevicesController.cs
@ -91,6 +91,22 @@ public class DevicesController : Controller
        return response;
    }

+    [HttpPut("{identifier}/keys")]
+    [HttpPost("{identifier}/keys")]
+    public async Task<DeviceResponseModel> PutKeys(string identifier, [FromBody] DeviceKeysRequestModel model)
+    {
+        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
+        if (device == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _deviceService.SaveAsync(model.ToDevice(device));
+
+        var response = new DeviceResponseModel(device);
+        return response;
+    }
+
    [HttpPut("identifier/{identifier}/token")]
    [HttpPost("identifier/{identifier}/token")]
    public async Task PutToken(string identifier, [FromBody] DeviceTokenRequestModel model)
--- a/src/Api/Models/Request/DeviceRequestModels.cs
+++ b/src/Api/Models/Request/DeviceRequestModels.cs
@ -1,6 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
+using Bit.Core.Utilities;

 namespace Bit.Api.Models.Request;

@ -47,3 +48,30 @@ public class DeviceTokenRequestModel
        return existingDevice;
    }
 }
+
+public class DeviceKeysRequestModel
+{
+    /// <inheritdoc cref="Device.EncryptedUserKey" />
+    [Required]
+    [EncryptedString]
+    public string EncryptedUserKey { get; set; }
+
+    /// <inheritdoc cref="Device.EncryptedPublicKey" />
+    [Required]
+    [EncryptedString]
+    public string EncryptedPublicKey { get; set; }
+
+    /// <inheritdoc cref="Device.EncryptedPrivateKey" />
+    [Required]
+    [EncryptedString]
+    public string EncryptedPrivateKey { get; set; }
+
+    public Device ToDevice(Device existingDevice)
+    {
+        existingDevice.EncryptedUserKey = EncryptedUserKey;
+        existingDevice.EncryptedPublicKey = EncryptedPublicKey;
+        existingDevice.EncryptedPrivateKey = EncryptedPrivateKey;
+
+        return existingDevice;
+    }
+}
--- a/src/Api/Models/Response/DeviceResponseModel.cs
+++ b/src/Api/Models/Response/DeviceResponseModel.cs
@ -19,6 +19,9 @@ public class DeviceResponseModel : ResponseModel
        Type = device.Type;
        Identifier = device.Identifier;
        CreationDate = device.CreationDate;
+        EncryptedUserKey = device.EncryptedUserKey;
+        EncryptedPublicKey = device.EncryptedPublicKey;
+        EncryptedPrivateKey = device.EncryptedPrivateKey;
    }

    public string Id { get; set; }
@ -26,4 +29,7 @@ public class DeviceResponseModel : ResponseModel
    public DeviceType Type { get; set; }
    public string Identifier { get; set; }
    public DateTime CreationDate { get; set; }
+    public string EncryptedUserKey { get; }
+    public string EncryptedPublicKey { get; }
+    public string EncryptedPrivateKey { get; }
 }
--- a/src/Core/Entities/Device.cs
+++ b/src/Core/Entities/Device.cs
@ -17,6 +17,26 @@ public class Device : ITableObject<Guid>
    public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
    public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;

+    /// <summary>
+    /// Intended to be the users symmetric key that is encrypted in some form, the current way to encrypt this is with
+    /// the devices public key.
+    /// </summary>
+    public string EncryptedUserKey { get; set; }
+
+    /// <summary>
+    /// Intended to be the public key that was generated for a device upon trust and encrypted. Currenly encrypted using
+    /// a users symmetric key so that when trusted and unlocked a user can decrypt the public key for all their devices.
+    /// This enabled a user to rotate the keys for all of their devices.
+    /// </summary>
+    public string EncryptedPublicKey { get; set; }
+
+    /// <summary>
+    /// Intended to be the private key that was generated for a device upon trust and encrypted. Currenly encrypted with
+    /// the devices key, that upon successful login a user can decrypt this value and therefor decrypt their vault.
+    /// </summary>
+    public string EncryptedPrivateKey { get; set; }
+
+
    public void SetNewId()
    {
        Id = CoreHelpers.GenerateComb();
--- a/Procedures/Device_Create.sql
+++ b/Procedures/Device_Create.sql
@ -6,7 +6,10 @@
    @Identifier NVARCHAR(50),
    @PushToken NVARCHAR(255),
    @CreationDate DATETIME2(7),
-    @RevisionDate DATETIME2(7)
+    @RevisionDate DATETIME2(7),
+    @EncryptedUserKey VARCHAR(MAX) = NULL,
+    @EncryptedPublicKey VARCHAR(MAX) = NULL,
+    @EncryptedPrivateKey VARCHAR(MAX) = NULL
 AS
 BEGIN
    SET NOCOUNT ON
@ -20,7 +23,10 @@ BEGIN
        [Identifier],
        [PushToken],
        [CreationDate],
-        [RevisionDate]
+        [RevisionDate],
+        [EncryptedUserKey],
+        [EncryptedPublicKey],
+        [EncryptedPrivateKey]
    )
    VALUES
    (
@ -31,6 +37,9 @@ BEGIN
        @Identifier,
        @PushToken,
        @CreationDate,
-        @RevisionDate
+        @RevisionDate,
+        @EncryptedUserKey,
+        @EncryptedPublicKey,
+        @EncryptedPrivateKey
    )
 END
--- a/Procedures/Device_Update.sql
+++ b/Procedures/Device_Update.sql
@ -6,7 +6,10 @@
    @Identifier NVARCHAR(50),
    @PushToken NVARCHAR(255),
    @CreationDate DATETIME2(7),
-    @RevisionDate DATETIME2(7)
+    @RevisionDate DATETIME2(7),
+    @EncryptedUserKey VARCHAR(MAX) = NULL,
+    @EncryptedPublicKey VARCHAR(MAX) = NULL,
+    @EncryptedPrivateKey VARCHAR(MAX) = NULL
 AS
 BEGIN
    SET NOCOUNT ON
@ -20,7 +23,10 @@ BEGIN
        [Identifier] = @Identifier,
        [PushToken] = @PushToken,
        [CreationDate] = @CreationDate,
-        [RevisionDate] = @RevisionDate
+        [RevisionDate] = @RevisionDate,
+        [EncryptedUserKey] = @EncryptedUserKey,
+        [EncryptedPublicKey] = @EncryptedPublicKey,
+        [EncryptedPrivateKey] = @EncryptedPrivateKey
    WHERE
        [Id] = @Id
-END
+END
--- a/src/Sql/dbo/Tables/Device.sql
+++ b/src/Sql/dbo/Tables/Device.sql
@ -7,6 +7,9 @@
    [PushToken]    NVARCHAR (255)   NULL,
    [CreationDate] DATETIME2 (7)    NOT NULL,
    [RevisionDate] DATETIME2 (7)    NOT NULL,
+    [EncryptedUserKey] VARCHAR (MAX) NULL,
+    [EncryptedPublicKey] VARCHAR (MAX) NULL,
+    [EncryptedPrivateKey] VARCHAR (MAX) NULL,
    CONSTRAINT [PK_Device] PRIMARY KEY CLUSTERED ([Id] ASC),
    CONSTRAINT [FK_Device_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id])
 );
@ -20,4 +23,3 @@ CREATE UNIQUE NONCLUSTERED INDEX [UX_Device_UserId_Identifier]
 GO
 CREATE NONCLUSTERED INDEX [IX_Device_Identifier]
    ON [dbo].[Device]([Identifier] ASC);
-