diff --git a/src/Core/Auth/Models/Data/PendingAuthRequestDetails.cs b/src/Core/Auth/Models/Data/PendingAuthRequestDetails.cs index 0b28af0e8b..0755e941b7 100644 --- a/src/Core/Auth/Models/Data/PendingAuthRequestDetails.cs +++ b/src/Core/Auth/Models/Data/PendingAuthRequestDetails.cs @@ -40,40 +40,35 @@ public class PendingAuthRequestDetails : AuthRequest /** * Constructor for dapper response. - * Note: if the DeviceId is null it comes back as an empty guid That could change if the stored - * procedure runs on a different database provider. - * In order to maintain the flexibility of the wildcard (*) in SQL, the constructor accepts a"row number" rn of type long - * parameter. 'rn' was used to order the results in the SQL query. Also, SQL complains about the constructor not - * having the same parameters as the SELECT statement and since the SELECT uses the wildcard we need to include everything. - * Order matters when mapping from the Stored Procedure, so the columns are in the order they come back from the query. */ public PendingAuthRequestDetails( Guid id, Guid userId, + Guid organizationId, short type, string requestDeviceIdentifier, short requestDeviceType, string requestIpAddress, + string requestCountryName, Guid? responseDeviceId, string accessCode, string publicKey, string key, string masterPasswordHash, + bool? approved, DateTime creationDate, DateTime? responseDate, DateTime? authenticationDate, - bool? approved, - Guid organizationId, - string requestCountryName, - Guid deviceId, - long rn) // see comment above about rn parameter + Guid deviceId) { Id = id; UserId = userId; + OrganizationId = organizationId; Type = (AuthRequestType)type; RequestDeviceIdentifier = requestDeviceIdentifier; RequestDeviceType = (DeviceType)requestDeviceType; RequestIpAddress = requestIpAddress; + RequestCountryName = requestCountryName; ResponseDeviceId = responseDeviceId; AccessCode = accessCode; PublicKey = publicKey; @@ -83,8 +78,6 @@ public class PendingAuthRequestDetails : AuthRequest CreationDate = creationDate; ResponseDate = responseDate; AuthenticationDate = authenticationDate; - OrganizationId = organizationId; - RequestCountryName = requestCountryName; RequestDeviceId = deviceId; } } diff --git a/src/Sql/dbo/Auth/Stored Procedures/AuthRequest_ReadPendingByUserId.sql b/src/Sql/dbo/Auth/Stored Procedures/AuthRequest_ReadPendingByUserId.sql index b3465f912c..2d2d00ff8d 100644 --- a/src/Sql/dbo/Auth/Stored Procedures/AuthRequest_ReadPendingByUserId.sql +++ b/src/Sql/dbo/Auth/Stored Procedures/AuthRequest_ReadPendingByUserId.sql @@ -1,24 +1,46 @@ -CREATE PROCEDURE [dbo].[AuthRequest_ReadPendingByUserId] +CREATE PROCEDURE [dbo].[AuthRequest_ReadPendingByUserId] @UserId UNIQUEIDENTIFIER, @ExpirationMinutes INT AS BEGIN SET NOCOUNT ON; - ;WITH PendingRequests AS ( - SELECT - AR.*, - D.Id AS DeviceId, - ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn - FROM dbo.AuthRequestView AR - LEFT JOIN - Device D ON AR.RequestDeviceIdentifier = D.Identifier - WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock - AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) - AND AR.UserId = @UserId - ) - SELECT PR.* + ; + WITH + PendingRequests + AS + ( + SELECT + AR.*, + D.Id AS DeviceId, + ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn + FROM dbo.AuthRequestView AR + LEFT JOIN Device D ON AR.RequestDeviceIdentifier = D.Identifier + AND D.UserId = AR.UserId + WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock + AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) + AND AR.UserId = @UserId + ) + SELECT + PR.Id, + PR.UserId, + PR.OrganizationId, + PR.Type, + PR.RequestDeviceIdentifier, + PR.RequestDeviceType, + PR.RequestIpAddress, + PR.RequestCountryName, + PR.ResponseDeviceId, + PR.AccessCode, + PR.PublicKey, + PR.[Key], + PR.MasterPasswordHash, + PR.Approved, + PR.CreationDate, + PR.ResponseDate, + PR.AuthenticationDate, + PR.DeviceId FROM PendingRequests PR WHERE rn = 1 - AND PR.Approved IS NULL; + AND PR.Approved IS NULL; END; diff --git a/util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql b/util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql index 62edc9e91b..4510c2a7dc 100644 --- a/util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql +++ b/util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql @@ -6,20 +6,42 @@ AS BEGIN SET NOCOUNT ON; - ;WITH PendingRequests AS ( - SELECT - AR.*, - D.Id AS DeviceId, - ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn - FROM dbo.AuthRequestView AR - LEFT JOIN - Device D ON AR.RequestDeviceIdentifier = D.Identifier - WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock - AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) - AND AR.UserId = @UserId - ) - SELECT PR.* + ; + WITH + PendingRequests + AS + ( + SELECT + AR.*, + D.Id AS DeviceId, + ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn + FROM dbo.AuthRequestView AR + LEFT JOIN Device D ON AR.RequestDeviceIdentifier = D.Identifier + AND D.UserId = AR.UserId + WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock + AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) + AND AR.UserId = @UserId + ) + SELECT + PR.Id, + PR.UserId, + PR.OrganizationId, + PR.Type, + PR.RequestDeviceIdentifier, + PR.RequestDeviceType, + PR.RequestIpAddress, + PR.RequestCountryName, + PR.ResponseDeviceId, + PR.AccessCode, + PR.PublicKey, + PR.[Key], + PR.MasterPasswordHash, + PR.Approved, + PR.CreationDate, + PR.ResponseDate, + PR.AuthenticationDate, + PR.DeviceId FROM PendingRequests PR WHERE rn = 1 - AND PR.Approved IS NULL; + AND PR.Approved IS NULL; END;