nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Auth/PM-16947 - Device Management - Adjust Device + pending auth request get query (#5250)

Browse Source 
* Added userId check on query

* Added required field to inner select

* PM-16947 - Update to filter inner subquery on user id per discussion with Robert

* Updated to use new query with ROW_NUMBER

* More query optimizations to eliminate returning old requests for a device

* Fixed approval condition to be NULL as 0 means denied.

* Added negation of @ExpirationMinutes

---------

Co-authored-by: Todd Martin <tmartin@bitwarden.com>
This commit is contained in:
Jared Snider 2025-01-10 21:55:34 -05:00 committed by GitHub
parent aa0b35a345
commit 72bb06a9d7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 43 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/Sql/Auth/dbo/Stored Procedures/Device_ReadActiveWithPendingAuthRequestsByUserId.sql
View File

@ -11,17 +11,20 @@ BEGIN
AR.CreationDate as AuthRequestCreationDate AR.CreationDate as AuthRequestCreationDate
FROM dbo.DeviceView D FROM dbo.DeviceView D
LEFT JOIN ( LEFT JOIN (
SELECT TOP 1 -- Take only the top record sorted by auth request creation date SELECT
Id, Id,
CreationDate, CreationDate,
RequestDeviceIdentifier RequestDeviceIdentifier,
Approved,
ROW_NUMBER() OVER (PARTITION BY RequestDeviceIdentifier ORDER BY CreationDate DESC) as rn
FROM dbo.AuthRequestView FROM dbo.AuthRequestView
WHERE Type IN (0, 1) -- Include only AuthenticateAndUnlock and Unlock types, excluding Admin Approval (type 2) WHERE Type IN (0, 1) -- AuthenticateAndUnlock and Unlock types only
AND CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) -- Ensure the request hasn't expired AND CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) -- Ensure the request hasn't expired
AND Approved IS NULL -- Include only requests that haven't been acknowledged or approved AND UserId = @UserId -- Requests for this user only
ORDER BY CreationDate DESC ) AR -- This join will get the most recent request per device, regardless of approval status
) AR ON D.Identifier = AR.RequestDeviceIdentifier ON D.Identifier = AR.RequestDeviceIdentifier AND AR.rn = 1 AND AR.Approved IS NULL -- Get only the most recent unapproved request per device
WHERE WHERE
D.UserId = @UserId D.UserId = @UserId -- Include only devices for this user
AND D.Active = 1; -- Include only active devices AND D.Active = 1; -- Include only active devices
END; END;

29
util/Migrator/DbScripts/2025-01-10_00_ReadActiveWithPendingAuthRequestsByUserId.sql Normal file
View File

@ -0,0 +1,29 @@
CREATE OR ALTER PROCEDURE [dbo].[Device_ReadActiveWithPendingAuthRequestsByUserId]
@UserId UNIQUEIDENTIFIER,
@ExpirationMinutes INT
AS
BEGIN
SET NOCOUNT ON;
SELECT
D.*,
AR.Id as AuthRequestId,
AR.CreationDate as AuthRequestCreationDate
FROM dbo.DeviceView D
LEFT JOIN (
SELECT
Id,
CreationDate,
RequestDeviceIdentifier,
Approved,
ROW_NUMBER() OVER (PARTITION BY RequestDeviceIdentifier ORDER BY CreationDate DESC) as rn
FROM dbo.AuthRequestView
WHERE Type IN (0, 1) -- AuthenticateAndUnlock and Unlock types only
AND CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) -- Ensure the request hasn't expired
AND UserId = @UserId -- Requests for this user only
) AR -- This join will get the most recent request per device, regardless of approval status
ON D.Identifier = AR.RequestDeviceIdentifier AND AR.rn = 1 AND AR.Approved IS NULL -- Get only the most recent unapproved request per device
WHERE
D.UserId = @UserId -- Include only devices for this user
AND D.Active = 1; -- Include only active devices
END;