[PM-8285] add endpoint for alerting when device lost trust (#4554)

* endpoint for alerting when device lost trust * get user from current context
2025-04-05 05:00:19 -05:00 · 2024-07-23 15:45:03 -04:00 · 2024-07-23 15:45:03 -04:00 · 8121f898de
commit 8121f898de
parent ce185eb3df
2 changed files with 27 additions and 1 deletions
--- a/src/Api/Controllers/DevicesController.cs
+++ b/src/Api/Controllers/DevicesController.cs
@ -3,6 +3,7 @@ using Bit.Api.Auth.Models.Request;
 using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Api.Models.Request;
 using Bit.Api.Models.Response;
+using Bit.Core;
 using Bit.Core.Auth.Models.Api.Request;
 using Bit.Core.Auth.Models.Api.Response;
 using Bit.Core.Context;
@ -25,19 +26,22 @@ public class DevicesController : Controller
    private readonly IUserService _userService;
    private readonly IUserRepository _userRepository;
    private readonly ICurrentContext _currentContext;
+    private readonly ILogger<DevicesController> _logger;

    public DevicesController(
        IDeviceRepository deviceRepository,
        IDeviceService deviceService,
        IUserService userService,
        IUserRepository userRepository,
-        ICurrentContext currentContext)
+        ICurrentContext currentContext,
+        ILogger<DevicesController> logger)
    {
        _deviceRepository = deviceRepository;
        _deviceService = deviceService;
        _userService = userService;
        _userRepository = userRepository;
        _currentContext = currentContext;
+        _logger = logger;
    }

    [HttpGet("{id}")]
@ -231,4 +235,25 @@ public class DevicesController : Controller
        var device = await _deviceRepository.GetByIdentifierAsync(identifier, user.Id);
        return device != null;
    }
+
+    [RequireFeature(FeatureFlagKeys.DeviceTrustLogging)]
+    [HttpPost("lost-trust")]
+    public void PostLostTrust()
+    {
+        var userId = _currentContext.UserId.GetValueOrDefault();
+        if (userId == default)
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        var deviceId = _currentContext.DeviceIdentifier;
+        if (deviceId == null)
+        {
+            throw new BadRequestException("Please provide a device identifier");
+        }
+
+        _logger.LogError("User {id} has a device key, but didn't receive decryption keys for device {device}", userId,
+            deviceId);
+    }
+
 }
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@ -135,6 +135,7 @@ public static class FeatureFlagKeys
    public const string GroupsComponentRefactor = "groups-component-refactor";
    public const string AC2828_ProviderPortalMembersPage = "AC-2828_provider-portal-members-page";
    public const string ProviderClientVaultPrivacyBanner = "ac-2833-provider-client-vault-privacy-banner";
+    public const string DeviceTrustLogging = "pm-8285-device-trust-logging";

    public static List<string> GetAllKeys()
    {