nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-27 06:08:48 -05:00
Code

fix: update stored procedure

Browse Source
This commit is contained in:
Ike Kottlowski 2025-06-25 17:18:31 -04:00
parent 943b0024bb
commit 853551d9bd
No known key found for this signature in database
GPG Key ID: C86308E3DCA6D76F
3 changed files with 79 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Core/Auth/Models/Data/PendingAuthRequestDetails.cs
View File

@ -40,40 +40,35 @@ public class PendingAuthRequestDetails : AuthRequest
/** /**
* Constructor for dapper response. * Constructor for dapper response.
* Note: if the DeviceId is null it comes back as an empty guid That could change if the stored
* procedure runs on a different database provider.
* In order to maintain the flexibility of the wildcard (*) in SQL, the constructor accepts a"row number" rn of type long
* parameter. 'rn' was used to order the results in the SQL query. Also, SQL complains about the constructor not
* having the same parameters as the SELECT statement and since the SELECT uses the wildcard we need to include everything.
* Order matters when mapping from the Stored Procedure, so the columns are in the order they come back from the query.
*/ */
public PendingAuthRequestDetails( public PendingAuthRequestDetails(
Guid id, Guid id,
Guid userId, Guid userId,
Guid organizationId,
short type, short type,
string requestDeviceIdentifier, string requestDeviceIdentifier,
short requestDeviceType, short requestDeviceType,
string requestIpAddress, string requestIpAddress,
string requestCountryName,
Guid? responseDeviceId, Guid? responseDeviceId,
string accessCode, string accessCode,
string publicKey, string publicKey,
string key, string key,
string masterPasswordHash, string masterPasswordHash,
bool? approved,
DateTime creationDate, DateTime creationDate,
DateTime? responseDate, DateTime? responseDate,
DateTime? authenticationDate, DateTime? authenticationDate,
bool? approved, Guid deviceId)
Guid organizationId,
string requestCountryName,
Guid deviceId,
long rn) // see comment above about rn parameter
{ {
Id = id; Id = id;
UserId = userId; UserId = userId;
OrganizationId = organizationId;
Type = (AuthRequestType)type; Type = (AuthRequestType)type;
RequestDeviceIdentifier = requestDeviceIdentifier; RequestDeviceIdentifier = requestDeviceIdentifier;
RequestDeviceType = (DeviceType)requestDeviceType; RequestDeviceType = (DeviceType)requestDeviceType;
RequestIpAddress = requestIpAddress; RequestIpAddress = requestIpAddress;
RequestCountryName = requestCountryName;
ResponseDeviceId = responseDeviceId; ResponseDeviceId = responseDeviceId;
AccessCode = accessCode; AccessCode = accessCode;
PublicKey = publicKey; PublicKey = publicKey;
@ -83,8 +78,6 @@ public class PendingAuthRequestDetails : AuthRequest
CreationDate = creationDate; CreationDate = creationDate;
ResponseDate = responseDate; ResponseDate = responseDate;
AuthenticationDate = authenticationDate; AuthenticationDate = authenticationDate;
OrganizationId = organizationId;
RequestCountryName = requestCountryName;
RequestDeviceId = deviceId; RequestDeviceId = deviceId;
} }
} }

30
src/Sql/dbo/Auth/Stored Procedures/AuthRequest_ReadPendingByUserId.sql
View File

@ -5,19 +5,41 @@ AS
BEGIN BEGIN
SET NOCOUNT ON; SET NOCOUNT ON;
;WITH PendingRequests AS ( ;
WITH
PendingRequests
AS
(
SELECT SELECT
AR.*, AR.*,
D.Id AS DeviceId, D.Id AS DeviceId,
ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn
FROM dbo.AuthRequestView AR FROM dbo.AuthRequestView AR
LEFT JOIN LEFT JOIN Device D ON AR.RequestDeviceIdentifier = D.Identifier
Device D ON AR.RequestDeviceIdentifier = D.Identifier AND D.UserId = AR.UserId
WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
AND AR.UserId = @UserId AND AR.UserId = @UserId
) )
SELECT PR.* SELECT
PR.Id,
PR.UserId,
PR.OrganizationId,
PR.Type,
PR.RequestDeviceIdentifier,
PR.RequestDeviceType,
PR.RequestIpAddress,
PR.RequestCountryName,
PR.ResponseDeviceId,
PR.AccessCode,
PR.PublicKey,
PR.[Key],
PR.MasterPasswordHash,
PR.Approved,
PR.CreationDate,
PR.ResponseDate,
PR.AuthenticationDate,
PR.DeviceId
FROM PendingRequests PR FROM PendingRequests PR
WHERE rn = 1 WHERE rn = 1
AND PR.Approved IS NULL; AND PR.Approved IS NULL;

30
util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql
View File

@ -6,19 +6,41 @@ AS
BEGIN BEGIN
SET NOCOUNT ON; SET NOCOUNT ON;
;WITH PendingRequests AS ( ;
WITH
PendingRequests
AS
(
SELECT SELECT
AR.*, AR.*,
D.Id AS DeviceId, D.Id AS DeviceId,
ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn
FROM dbo.AuthRequestView AR FROM dbo.AuthRequestView AR
LEFT JOIN LEFT JOIN Device D ON AR.RequestDeviceIdentifier = D.Identifier
Device D ON AR.RequestDeviceIdentifier = D.Identifier AND D.UserId = AR.UserId
WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE()) AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
AND AR.UserId = @UserId AND AR.UserId = @UserId
) )
SELECT PR.* SELECT
PR.Id,
PR.UserId,
PR.OrganizationId,
PR.Type,
PR.RequestDeviceIdentifier,
PR.RequestDeviceType,
PR.RequestIpAddress,
PR.RequestCountryName,
PR.ResponseDeviceId,
PR.AccessCode,
PR.PublicKey,
PR.[Key],
PR.MasterPasswordHash,
PR.Approved,
PR.CreationDate,
PR.ResponseDate,
PR.AuthenticationDate,
PR.DeviceId
FROM PendingRequests PR FROM PendingRequests PR
WHERE rn = 1 WHERE rn = 1
AND PR.Approved IS NULL; AND PR.Approved IS NULL;