nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

properly handle patch operations with path values (#2190)

Browse Source
This commit is contained in:
Kyle Spearrin 2022-08-15 12:08:55 -04:00 committed by GitHub
parent a89bfdfe2b
commit 62f29efb00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 96 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs
View File

@ -165,35 +165,40 @@ namespace Bit.Scim.Controllers.v2
} }
var operationHandled = false; var operationHandled = false;
foreach (var operation in model.Operations)
var replaceOp = model.Operations?.FirstOrDefault(o => {
o.Op?.ToLowerInvariant() == "replace"); // Replace operations
if (replaceOp != null) if (operation.Op?.ToLowerInvariant() == "replace")
{ {
// Replace a list of members // Replace a list of members
if (replaceOp.Path?.ToLowerInvariant() == "members") if (operation.Path?.ToLowerInvariant() == "members")
{ {
var ids = GetOperationValueIds(replaceOp.Value); var ids = GetOperationValueIds(operation.Value);
await _groupRepository.UpdateUsersAsync(group.Id, ids); await _groupRepository.UpdateUsersAsync(group.Id, ids);
operationHandled = true; operationHandled = true;
} }
// Replace group name // Replace group name from path
else if (replaceOp.Value.TryGetProperty("displayName", out var displayNameProperty)) else if (operation.Path?.ToLowerInvariant() == "displayname")
{
group.Name = operation.Value.GetString();
await _groupService.SaveAsync(group);
operationHandled = true;
}
// Replace group name from value object
else if (string.IsNullOrWhiteSpace(operation.Path) &&
operation.Value.TryGetProperty("displayName", out var displayNameProperty))
{ {
group.Name = displayNameProperty.GetString(); group.Name = displayNameProperty.GetString();
await _groupService.SaveAsync(group); await _groupService.SaveAsync(group);
operationHandled = true; operationHandled = true;
} }
} }
// Add a single member // Add a single member
var addMemberOp = model.Operations?.FirstOrDefault( else if (operation.Op?.ToLowerInvariant() == "add" &&
o => o.Op?.ToLowerInvariant() == "add" && !string.IsNullOrWhiteSpace(operation.Path) &&
!string.IsNullOrWhiteSpace(o.Path) && operation.Path.ToLowerInvariant().StartsWith("members[value eq "))
o.Path.ToLowerInvariant().StartsWith("members[value eq "));
if (addMemberOp != null)
{ {
var addId = GetOperationPathId(addMemberOp.Path); var addId = GetOperationPathId(operation.Path);
if (addId.HasValue) if (addId.HasValue)
{ {
var orgUserIds = (await _groupRepository.GetManyUserIdsByIdAsync(group.Id)).ToHashSet(); var orgUserIds = (await _groupRepository.GetManyUserIdsByIdAsync(group.Id)).ToHashSet();
@ -202,51 +207,43 @@ namespace Bit.Scim.Controllers.v2
operationHandled = true; operationHandled = true;
} }
} }
// Add a list of members // Add a list of members
var addMembersOp = model.Operations?.FirstOrDefault(o => else if (operation.Op?.ToLowerInvariant() == "add" &&
o.Op?.ToLowerInvariant() == "add" && operation.Path?.ToLowerInvariant() == "members")
o.Path?.ToLowerInvariant() == "members");
if (addMembersOp != null)
{ {
var orgUserIds = (await _groupRepository.GetManyUserIdsByIdAsync(group.Id)).ToHashSet(); var orgUserIds = (await _groupRepository.GetManyUserIdsByIdAsync(group.Id)).ToHashSet();
foreach (var v in GetOperationValueIds(addMembersOp.Value)) foreach (var v in GetOperationValueIds(operation.Value))
{ {
orgUserIds.Add(v); orgUserIds.Add(v);
} }
await _groupRepository.UpdateUsersAsync(group.Id, orgUserIds); await _groupRepository.UpdateUsersAsync(group.Id, orgUserIds);
operationHandled = true; operationHandled = true;
} }
// Remove a single member // Remove a single member
var removeMemberOp = model.Operations?.FirstOrDefault( else if (operation.Op?.ToLowerInvariant() == "remove" &&
o => o.Op?.ToLowerInvariant() == "remove" && !string.IsNullOrWhiteSpace(operation.Path) &&
!string.IsNullOrWhiteSpace(o.Path) && operation.Path.ToLowerInvariant().StartsWith("members[value eq "))
o.Path.ToLowerInvariant().StartsWith("members[value eq "));
if (removeMemberOp != null)
{ {
var removeId = GetOperationPathId(removeMemberOp.Path); var removeId = GetOperationPathId(operation.Path);
if (removeId.HasValue) if (removeId.HasValue)
{ {
await _groupService.DeleteUserAsync(group, removeId.Value); await _groupService.DeleteUserAsync(group, removeId.Value);
operationHandled = true; operationHandled = true;
} }
} }
// Remove a list of members // Remove a list of members
var removeMembersOp = model.Operations?.FirstOrDefault(o => else if (operation.Op?.ToLowerInvariant() == "remove" &&
o.Op?.ToLowerInvariant() == "remove" && operation.Path?.ToLowerInvariant() == "members")
o.Path?.ToLowerInvariant() == "members");
if (removeMembersOp != null)
{ {
var orgUserIds = (await _groupRepository.GetManyUserIdsByIdAsync(group.Id)).ToHashSet(); var orgUserIds = (await _groupRepository.GetManyUserIdsByIdAsync(group.Id)).ToHashSet();
foreach (var v in GetOperationValueIds(removeMembersOp.Value)) foreach (var v in GetOperationValueIds(operation.Value))
{ {
orgUserIds.Remove(v); orgUserIds.Remove(v);
} }
await _groupRepository.UpdateUsersAsync(group.Id, orgUserIds); await _groupRepository.UpdateUsersAsync(group.Id, orgUserIds);
operationHandled = true; operationHandled = true;
} }
}
if (!operationHandled) if (!operationHandled)
{ {

45
bitwarden_license/src/Scim/Controllers/v2/UsersController.cs
View File

@ -224,23 +224,29 @@ namespace Bit.Scim.Controllers.v2
} }
var operationHandled = false; var operationHandled = false;
foreach (var operation in model.Operations)
var replaceOp = model.Operations?.FirstOrDefault(o =>
o.Op?.ToLowerInvariant() == "replace");
if (replaceOp != null)
{ {
if (replaceOp.Value.TryGetProperty("active", out var activeProperty)) // Replace operations
if (operation.Op?.ToLowerInvariant() == "replace")
{ {
var active = activeProperty.GetBoolean(); // Active from path
if (active && orgUser.Status == OrganizationUserStatusType.Revoked) if (operation.Path?.ToLowerInvariant() == "active")
{ {
await _organizationService.RestoreUserAsync(orgUser, null, _userService); var handled = await HandleActiveOperationAsync(orgUser, operation.Value.GetBoolean());
operationHandled = true; if (!operationHandled)
{
operationHandled = handled;
} }
else if (!active && orgUser.Status != OrganizationUserStatusType.Revoked) }
// Active from value object
else if (string.IsNullOrWhiteSpace(operation.Path) &&
operation.Value.TryGetProperty("active", out var activeProperty))
{ {
await _organizationService.RevokeUserAsync(orgUser, null); var handled = await HandleActiveOperationAsync(orgUser, activeProperty.GetBoolean());
operationHandled = true; if (!operationHandled)
{
operationHandled = handled;
}
} }
} }
} }
@ -269,5 +275,20 @@ namespace Bit.Scim.Controllers.v2
await _organizationService.DeleteUserAsync(organizationId, id, null); await _organizationService.DeleteUserAsync(organizationId, id, null);
return new NoContentResult(); return new NoContentResult();
} }
private async Task<bool> HandleActiveOperationAsync(Core.Entities.OrganizationUser orgUser, bool active)
{
if (active && orgUser.Status == OrganizationUserStatusType.Revoked)
{
await _organizationService.RestoreUserAsync(orgUser, null, _userService);
return true;
}
else if (!active && orgUser.Status != OrganizationUserStatusType.Revoked)
{
await _organizationService.RevokeUserAsync(orgUser, null);
return true;
}
return false;
}
} }
} }