nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-26 21:58:48 -05:00
Code

fix: update stored procedure

Browse Source
This commit is contained in:
Ike Kottlowski 2025-06-25 17:18:31 -04:00
parent 943b0024bb
commit 853551d9bd
No known key found for this signature in database
GPG Key ID: C86308E3DCA6D76F
3 changed files with 79 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Core/Auth/Models/Data/PendingAuthRequestDetails.cs
View File

@ -40,40 +40,35 @@ public class PendingAuthRequestDetails : AuthRequest
/**
* Constructor for dapper response.
* Note: if the DeviceId is null it comes back as an empty guid That could change if the stored
* procedure runs on a different database provider.
* In order to maintain the flexibility of the wildcard (*) in SQL, the constructor accepts a"row number" rn of type long
* parameter. 'rn' was used to order the results in the SQL query. Also, SQL complains about the constructor not
* having the same parameters as the SELECT statement and since the SELECT uses the wildcard we need to include everything.
* Order matters when mapping from the Stored Procedure, so the columns are in the order they come back from the query.
*/
public PendingAuthRequestDetails(
Guid id,
Guid userId,
Guid organizationId,
short type,
string requestDeviceIdentifier,
short requestDeviceType,
string requestIpAddress,
string requestCountryName,
Guid? responseDeviceId,
string accessCode,
string publicKey,
string key,
string masterPasswordHash,
bool? approved,
DateTime creationDate,
DateTime? responseDate,
DateTime? authenticationDate,
bool? approved,
Guid organizationId,
string requestCountryName,
Guid deviceId,
long rn) // see comment above about rn parameter
Guid deviceId)
{
Id = id;
UserId = userId;
OrganizationId = organizationId;
Type = (AuthRequestType)type;
RequestDeviceIdentifier = requestDeviceIdentifier;
RequestDeviceType = (DeviceType)requestDeviceType;
RequestIpAddress = requestIpAddress;
RequestCountryName = requestCountryName;
ResponseDeviceId = responseDeviceId;
AccessCode = accessCode;
PublicKey = publicKey;
@ -83,8 +78,6 @@ public class PendingAuthRequestDetails : AuthRequest
CreationDate = creationDate;
ResponseDate = responseDate;
AuthenticationDate = authenticationDate;
OrganizationId = organizationId;
RequestCountryName = requestCountryName;
RequestDeviceId = deviceId;
}
}

52
src/Sql/dbo/Auth/Stored Procedures/AuthRequest_ReadPendingByUserId.sql
View File

@ -1,24 +1,46 @@
CREATE PROCEDURE [dbo].[AuthRequest_ReadPendingByUserId]
CREATE PROCEDURE [dbo].[AuthRequest_ReadPendingByUserId]
@UserId UNIQUEIDENTIFIER,
@ExpirationMinutes INT
AS
BEGIN
SET NOCOUNT ON;
;WITH PendingRequests AS (
SELECT
AR.*,
D.Id AS DeviceId,
ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn
FROM dbo.AuthRequestView AR
LEFT JOIN
Device D ON AR.RequestDeviceIdentifier = D.Identifier
WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
AND AR.UserId = @UserId
)
SELECT PR.*
;
WITH
PendingRequests
AS
(
SELECT
AR.*,
D.Id AS DeviceId,
ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn
FROM dbo.AuthRequestView AR
LEFT JOIN Device D ON AR.RequestDeviceIdentifier = D.Identifier
AND D.UserId = AR.UserId
WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
AND AR.UserId = @UserId
)
SELECT
PR.Id,
PR.UserId,
PR.OrganizationId,
PR.Type,
PR.RequestDeviceIdentifier,
PR.RequestDeviceType,
PR.RequestIpAddress,
PR.RequestCountryName,
PR.ResponseDeviceId,
PR.AccessCode,
PR.PublicKey,
PR.[Key],
PR.MasterPasswordHash,
PR.Approved,
PR.CreationDate,
PR.ResponseDate,
PR.AuthenticationDate,
PR.DeviceId
FROM PendingRequests PR
WHERE rn = 1
AND PR.Approved IS NULL;
AND PR.Approved IS NULL;
END;

50
util/Migrator/DbScripts/2025-06-04-00_AddReadPendingAuthRequestsByUserId.sql
View File

@ -6,20 +6,42 @@ AS
BEGIN
SET NOCOUNT ON;
;WITH PendingRequests AS (
SELECT
AR.*,
D.Id AS DeviceId,
ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn
FROM dbo.AuthRequestView AR
LEFT JOIN
Device D ON AR.RequestDeviceIdentifier = D.Identifier
WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
AND AR.UserId = @UserId
)
SELECT PR.*
;
WITH
PendingRequests
AS
(
SELECT
AR.*,
D.Id AS DeviceId,
ROW_NUMBER() OVER (PARTITION BY AR.RequestDeviceIdentifier ORDER BY AR.CreationDate DESC) AS rn
FROM dbo.AuthRequestView AR
LEFT JOIN Device D ON AR.RequestDeviceIdentifier = D.Identifier
AND D.UserId = AR.UserId
WHERE AR.Type IN (0, 1) -- 0 = AuthenticateAndUnlock, 1 = Unlock
AND AR.CreationDate >= DATEADD(MINUTE, -@ExpirationMinutes, GETUTCDATE())
AND AR.UserId = @UserId
)
SELECT
PR.Id,
PR.UserId,
PR.OrganizationId,
PR.Type,
PR.RequestDeviceIdentifier,
PR.RequestDeviceType,
PR.RequestIpAddress,
PR.RequestCountryName,
PR.ResponseDeviceId,
PR.AccessCode,
PR.PublicKey,
PR.[Key],
PR.MasterPasswordHash,
PR.Approved,
PR.CreationDate,
PR.ResponseDate,
PR.AuthenticationDate,
PR.DeviceId
FROM PendingRequests PR
WHERE rn = 1
AND PR.Approved IS NULL;
AND PR.Approved IS NULL;
END;