nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 08:32:50 -05:00
Code Activity

[AC-1192] Create endpoints for new Device Approvals page (#2993)

Browse Source 
* [AC-1192] Create new OrganizationAuthRequestsController.cs

* [AC-1192] Introduce OrganizationAdminAuthRequest model

* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository

* [AC-1192] Add new list pending organization auth requests endpoint

* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository

* [AC-1192] Make the response device identifier optional for admin approval requests

* [AC-1192] Add endpoint for bulk denying admin device auth requests

* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel

* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController

* [AC-1192] Secure new endpoints behind TDE feature flag

* [AC-1192] Formatting

* [AC-1192] Add sql migration script

* [AC-1192] Add optional OrganizationId column to AuthRequest entity

- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId

* [AC-1192] Format migration scripts

* [AC-1192] Fix failing AuthRequest EF unit test

* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability

* [AC-1192] Fix missing comma in migration file

* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive

* [AC-1192] Move request validation into helper method to reduce repetition

* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission

* [AC-1192] Introduce FeatureUnavailableException

* [AC-1192] Introduce RequireFeatureAttribute

* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController

* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column

* [AC-1192] More attempts to sync database migrations

* [AC-1192] Formatting

* [AC-1192] Remove unused reference to FeatureService

* [AC-1192] Change Id types from String to Guid

* [AC-1192] Add EncryptedString attribute

* [AC-1192] Remove redundant OrganizationId property

* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping

- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties

* [AC-1192] Remove OrganizationUser navigation property
This commit is contained in:
Shane Melton
2023-06-15 14:54:08 -07:00
committed by GitHub
parent bdd5e0916e
commit 904b2fe205
34 changed files with 7417 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
util/Migrator/DbScripts/2023-06-01_00_TdeAdminApproval.sql Normal file
View File

@ -0,0 +1,193 @@
--Add OrganizationId Column and Foreign Key
IF COL_LENGTH('[dbo].[AuthRequest]', 'OrganizationId') IS NULL
BEGIN
ALTER TABLE
[dbo].[AuthRequest]
ADD [OrganizationId] UNIQUEIDENTIFIER NULL;
ALTER TABLE
[dbo].[AuthRequest]
ADD CONSTRAINT [FK_AuthRequest_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
END
GO
-- Drop and recreate view
IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
BEGIN
DROP VIEW [dbo].[AuthRequestView]
END
GO
CREATE VIEW [dbo].[AuthRequestView]
AS
SELECT
*
FROM
[dbo].[AuthRequest]
GO
--Drop existing SPROC
IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[AuthRequest_Update]
END
GO
--Create SPROC with OrganizationId column
CREATE PROCEDURE [dbo].[AuthRequest_Update]
@Id UNIQUEIDENTIFIER OUTPUT,
@UserId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER = NULL,
@Type SMALLINT,
@RequestDeviceIdentifier NVARCHAR(50),
@RequestDeviceType SMALLINT,
@RequestIpAddress VARCHAR(50),
@ResponseDeviceId UNIQUEIDENTIFIER,
@AccessCode VARCHAR(25),
@PublicKey VARCHAR(MAX),
@Key VARCHAR(MAX),
@MasterPasswordHash VARCHAR(MAX),
@Approved BIT,
@CreationDate DATETIME2 (7),
@ResponseDate DATETIME2 (7),
@AuthenticationDate DATETIME2 (7)
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[AuthRequest]
SET
[UserId] = @UserId,
[Type] = @Type,
[OrganizationId] = @OrganizationId,
[RequestDeviceIdentifier] = @RequestDeviceIdentifier,
[RequestDeviceType] = @RequestDeviceType,
[RequestIpAddress] = @RequestIpAddress,
[ResponseDeviceId] = @ResponseDeviceId,
[AccessCode] = @AccessCode,
[PublicKey] = @PublicKey,
[Key] = @Key,
[MasterPasswordHash] = @MasterPasswordHash,
[Approved] = @Approved,
[CreationDate] = @CreationDate,
[ResponseDate] = @ResponseDate,
[AuthenticationDate] = @AuthenticationDate
WHERE
[Id] = @Id
END
GO
--Drop existing SPROC
IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[AuthRequest_Create]
END
GO
--Create SPROC with OrganizationId column
CREATE PROCEDURE [dbo].[AuthRequest_Create]
@Id UNIQUEIDENTIFIER OUTPUT,
@UserId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER = NULL,
@Type TINYINT,
@RequestDeviceIdentifier NVARCHAR(50),
@RequestDeviceType TINYINT,
@RequestIpAddress VARCHAR(50),
@ResponseDeviceId UNIQUEIDENTIFIER,
@AccessCode VARCHAR(25),
@PublicKey VARCHAR(MAX),
@Key VARCHAR(MAX),
@MasterPasswordHash VARCHAR(MAX),
@Approved BIT,
@CreationDate DATETIME2(7),
@ResponseDate DATETIME2(7),
@AuthenticationDate DATETIME2(7)
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[AuthRequest]
(
[Id],
[UserId],
[OrganizationId],
[Type],
[RequestDeviceIdentifier],
[RequestDeviceType],
[RequestIpAddress],
[ResponseDeviceId],
[AccessCode],
[PublicKey],
[Key],
[MasterPasswordHash],
[Approved],
[CreationDate],
[ResponseDate],
[AuthenticationDate]
)
VALUES
(
@Id,
@UserId,
@OrganizationId,
@Type,
@RequestDeviceIdentifier,
@RequestDeviceType,
@RequestIpAddress,
@ResponseDeviceId,
@AccessCode,
@PublicKey,
@Key,
@MasterPasswordHash,
@Approved,
@CreationDate,
@ResponseDate,
@AuthenticationDate
)
END
Go
-- New SPROC
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadAdminApprovalsByIds]
@OrganizationId UNIQUEIDENTIFIER,
@Ids AS [dbo].[GuidIdArray] READONLY
AS
BEGIN
SET NOCOUNT ON
SELECT
ar.*, ou.[Email], ou.[Id] AS [OrganizationUserId]
FROM
[dbo].[AuthRequestView] ar
INNER JOIN
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
WHERE
ar.[OrganizationId] = @OrganizationId
AND
ar.[Type] = 2 -- AdminApproval
AND
ar.[Id] IN (SELECT [Id] FROM @Ids)
END
GO
-- New SPROC
CREATE OR ALTER PROCEDURE [dbo].[AuthRequest_ReadPendingByOrganizationId]
@OrganizationId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
ar.*, ou.[Email], ou.[OrganizationId], ou.[Id] AS [OrganizationUserId]
FROM
[dbo].[AuthRequestView] ar
INNER JOIN
[dbo].[OrganizationUser] ou ON ou.[UserId] = ar.[UserId] AND ou.[OrganizationId] = ar.[OrganizationId]
WHERE
ar.[OrganizationId] = @OrganizationId
AND
ar.[ResponseDate] IS NULL
AND
ar.[Type] = 2 -- AdminApproval
END
GO

2201
util/MySqlMigrations/Migrations/20230605183142_TdeAdminApproval.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

45
util/MySqlMigrations/Migrations/20230605183142_TdeAdminApproval.cs Normal file
View File

@ -0,0 +1,45 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
public partial class TdeAdminApproval : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "OrganizationId",
table: "AuthRequest",
type: "char(36)",
nullable: true,
collation: "ascii_general_ci");
migrationBuilder.CreateIndex(
name: "IX_AuthRequest_OrganizationId",
table: "AuthRequest",
column: "OrganizationId");
migrationBuilder.AddForeignKey(
name: "FK_AuthRequest_Organization_OrganizationId",
table: "AuthRequest",
column: "OrganizationId",
principalTable: "Organization",
principalColumn: "Id");
}
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AuthRequest_Organization_OrganizationId",
table: "AuthRequest");
migrationBuilder.DropIndex(
name: "IX_AuthRequest_OrganizationId",
table: "AuthRequest");
migrationBuilder.DropColumn(
name: "OrganizationId",
table: "AuthRequest");
}
}

11
util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -43,6 +43,9 @@ namespace Bit.MySqlMigrations.Migrations
b.Property<string>("MasterPasswordHash")
.HasColumnType("longtext");
b.Property<Guid?>("OrganizationId")
.HasColumnType("char(36)");
b.Property<string>("PublicKey")
.HasColumnType("longtext");
@ -71,6 +74,8 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("ResponseDeviceId");
b.HasIndex("UserId");
@ -1658,6 +1663,10 @@ namespace Bit.MySqlMigrations.Migrations
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
.WithMany()
.HasForeignKey("OrganizationId");
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
.WithMany()
.HasForeignKey("ResponseDeviceId");
@ -1668,6 +1677,8 @@ namespace Bit.MySqlMigrations.Migrations
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.Navigation("Organization");
b.Navigation("ResponseDevice");
b.Navigation("User");

2212
util/PostgresMigrations/Migrations/20230605182609_TdeAdminApproval.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

44
util/PostgresMigrations/Migrations/20230605182609_TdeAdminApproval.cs Normal file
View File

@ -0,0 +1,44 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
public partial class TdeAdminApproval : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "OrganizationId",
table: "AuthRequest",
type: "uuid",
nullable: true);
migrationBuilder.CreateIndex(
name: "IX_AuthRequest_OrganizationId",
table: "AuthRequest",
column: "OrganizationId");
migrationBuilder.AddForeignKey(
name: "FK_AuthRequest_Organization_OrganizationId",
table: "AuthRequest",
column: "OrganizationId",
principalTable: "Organization",
principalColumn: "Id");
}
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AuthRequest_Organization_OrganizationId",
table: "AuthRequest");
migrationBuilder.DropIndex(
name: "IX_AuthRequest_OrganizationId",
table: "AuthRequest");
migrationBuilder.DropColumn(
name: "OrganizationId",
table: "AuthRequest");
}
}

11
util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -47,6 +47,9 @@ namespace Bit.PostgresMigrations.Migrations
b.Property<string>("MasterPasswordHash")
.HasColumnType("text");
b.Property<Guid?>("OrganizationId")
.HasColumnType("uuid");
b.Property<string>("PublicKey")
.HasColumnType("text");
@ -75,6 +78,8 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("ResponseDeviceId");
b.HasIndex("UserId");
@ -1669,6 +1674,10 @@ namespace Bit.PostgresMigrations.Migrations
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
.WithMany()
.HasForeignKey("OrganizationId");
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
.WithMany()
.HasForeignKey("ResponseDeviceId");
@ -1679,6 +1688,8 @@ namespace Bit.PostgresMigrations.Migrations
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.Navigation("Organization");
b.Navigation("ResponseDevice");
b.Navigation("User");

2199
util/SqliteMigrations/Migrations/20230605182605_TdeAdminApproval.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

44
util/SqliteMigrations/Migrations/20230605182605_TdeAdminApproval.cs Normal file
View File

@ -0,0 +1,44 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
public partial class TdeAdminApproval : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "OrganizationId",
table: "AuthRequest",
type: "TEXT",
nullable: true);
migrationBuilder.CreateIndex(
name: "IX_AuthRequest_OrganizationId",
table: "AuthRequest",
column: "OrganizationId");
migrationBuilder.AddForeignKey(
name: "FK_AuthRequest_Organization_OrganizationId",
table: "AuthRequest",
column: "OrganizationId",
principalTable: "Organization",
principalColumn: "Id");
}
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AuthRequest_Organization_OrganizationId",
table: "AuthRequest");
migrationBuilder.DropIndex(
name: "IX_AuthRequest_OrganizationId",
table: "AuthRequest");
migrationBuilder.DropColumn(
name: "OrganizationId",
table: "AuthRequest");
}
}

11
util/SqliteMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -41,6 +41,9 @@ namespace Bit.SqliteMigrations.Migrations
b.Property<string>("MasterPasswordHash")
.HasColumnType("TEXT");
b.Property<Guid?>("OrganizationId")
.HasColumnType("TEXT");
b.Property<string>("PublicKey")
.HasColumnType("TEXT");
@ -69,6 +72,8 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("ResponseDeviceId");
b.HasIndex("UserId");
@ -1656,6 +1661,10 @@ namespace Bit.SqliteMigrations.Migrations
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Organization", "Organization")
.WithMany()
.HasForeignKey("OrganizationId");
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Device", "ResponseDevice")
.WithMany()
.HasForeignKey("ResponseDeviceId");
@ -1666,6 +1675,8 @@ namespace Bit.SqliteMigrations.Migrations
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.Navigation("Organization");
b.Navigation("ResponseDevice");
b.Navigation("User");