nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

Throw if collection Id does not exist on the organization (#1259)

Browse Source 
Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
This commit is contained in:
Matt Gibson 2021-04-05 15:20:13 -05:00 committed by GitHub
parent 7a35813dfd
commit 79f3dabaac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Core/Services/Implementations/CipherService.cs
View File

@ -122,6 +122,11 @@ namespace Bit.Core.Services
{ {
if (cipher.OrganizationId.HasValue && collectionIds != null) if (cipher.OrganizationId.HasValue && collectionIds != null)
{ {
var existingCollectionIds = (await _collectionRepository.GetManyByOrganizationIdAsync(cipher.OrganizationId.Value)).Select(c => c.Id);
if (collectionIds.Except(existingCollectionIds).Any())
{
throw new BadRequestException("Specified CollectionId does not exist on the specified Organization.");
}
await _cipherRepository.CreateAsync(cipher, collectionIds); await _cipherRepository.CreateAsync(cipher, collectionIds);
} }
else else
@ -198,7 +203,7 @@ namespace Bit.Core.Services
Key = request.Key, Key = request.Key,
Size = request.FileSize, Size = request.FileSize,
Validated = false, Validated = false,
}; };
var uploadUrl = await _attachmentStorageService.GetAttachmentUploadUrlAsync(cipher, data); var uploadUrl = await _attachmentStorageService.GetAttachmentUploadUrlAsync(cipher, data);
@ -248,7 +253,8 @@ namespace Bit.Core.Services
await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_AttachmentCreated); await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_AttachmentCreated);
cipher.AddAttachment(attachmentId, data); cipher.AddAttachment(attachmentId, data);
if (!await ValidateCipherAttachmentFile(cipher, data)) { if (!await ValidateCipherAttachmentFile(cipher, data))
{
throw new Exception("Content-Length does not match uploaded file size"); throw new Exception("Content-Length does not match uploaded file size");
} }
} }
@ -911,7 +917,7 @@ namespace Bit.Core.Services
{ {
return; return;
} }
await _cipherRepository.DeleteAttachmentAsync(cipher.Id, attachmentData.AttachmentId); await _cipherRepository.DeleteAttachmentAsync(cipher.Id, attachmentData.AttachmentId);
cipher.DeleteAttachment(attachmentData.AttachmentId); cipher.DeleteAttachment(attachmentData.AttachmentId);
await _attachmentStorageService.DeleteAttachmentAsync(cipher.Id, attachmentData); await _attachmentStorageService.DeleteAttachmentAsync(cipher.Id, attachmentData);