chore: update LastActivityDate on installation token refresh (#5081)

2025-04-05 13:08:17 -05:00 · 2025-01-06 16:22:03 -05:00 · 2025-01-06 16:22:03 -05:00 · 90f7bfe63d
commit 90f7bfe63d
parent cd7c4bf6ce
13 changed files with 229 additions and 7 deletions
--- a/src/Api/Platform/Installations/Controllers/InstallationsController.cs
+++ b/src/Api/Platform/Installations/Controllers/InstallationsController.cs
@ -6,6 +6,15 @@ using Microsoft.AspNetCore.Mvc;
 namespace Bit.Api.Platform.Installations;
 /// <summary>
 /// Routes used to manipulate `Installation` objects: a type used to manage
 /// a record of a self hosted installation.
 /// </summary>
 /// <remarks>
 /// This controller is not called from any clients. It's primarily referenced
 /// in the `Setup` project for creating a new self hosted installation.
 /// </remarks>
 /// <seealso>Bit.Setup.Program</seealso>
 [Route("installations")]
 [SelfHosted(NotSelfHostedOnly = true)]
 public class InstallationsController : Controller
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@ -165,6 +165,7 @@ public static class FeatureFlagKeys
    public const string AppReviewPrompt = "app-review-prompt";
    public const string ResellerManagedOrgAlert = "PM-15814-alert-owners-of-reseller-managed-orgs";
    public const string UsePricingService = "use-pricing-service";
    public const string RecordInstallationLastActivityDate = "installation-last-activity-date";
    public static List<string> GetAllKeys()
    {
--- a/src/Core/Platform/Installations/Commands/UpdateInstallationActivityDateCommand/IUpdateInstallationCommand.cs
+++ b/src/Core/Platform/Installations/Commands/UpdateInstallationActivityDateCommand/IUpdateInstallationCommand.cs
@ -0,0 +1,14 @@
 namespace Bit.Core.Platform.Installations;
 /// <summary>
 /// Command interface responsible for updating data on an `Installation`
 /// record.
 /// </summary>
 /// <remarks>
 /// This interface is implemented by `UpdateInstallationCommand`
 /// </remarks>
 /// <seealso cref="Bit.Core.Platform.Installations.UpdateInstallationCommand"/>
 public interface IUpdateInstallationCommand
 {
    Task UpdateLastActivityDateAsync(Guid installationId);
 }
--- a/src/Core/Platform/Installations/Commands/UpdateInstallationActivityDateCommand/UpdateInstallationCommand.cs
+++ b/src/Core/Platform/Installations/Commands/UpdateInstallationActivityDateCommand/UpdateInstallationCommand.cs
@ -0,0 +1,53 @@
 namespace Bit.Core.Platform.Installations;
 /// <summary>
 /// Commands responsible for updating an installation from
 /// `InstallationRepository`.
 /// </summary>
 /// <remarks>
 /// If referencing: you probably want the interface
 /// `IUpdateInstallationCommand` instead of directly calling this class.
 /// </remarks>
 /// <seealso cref="IUpdateInstallationCommand"/>
 public class UpdateInstallationCommand : IUpdateInstallationCommand
 {
    private readonly IGetInstallationQuery _getInstallationQuery;
    private readonly IInstallationRepository _installationRepository;
    private readonly TimeProvider _timeProvider;
    public UpdateInstallationCommand(
        IGetInstallationQuery getInstallationQuery,
        IInstallationRepository installationRepository,
        TimeProvider timeProvider
    )
    {
        _getInstallationQuery = getInstallationQuery;
        _installationRepository = installationRepository;
        _timeProvider = timeProvider;
    }
    public async Task UpdateLastActivityDateAsync(Guid installationId)
    {
        if (installationId == default)
        {
            throw new Exception
            (
              "Tried to update the last activity date for " +
              "an installation, but an invalid installation id was " +
              "provided."
            );
        }
        var installation = await _getInstallationQuery.GetByIdAsync(installationId);
        if (installation == null)
        {
            throw new Exception
            (
              "Tried to update the last activity date for " +
              $"installation {installationId.ToString()}, but no " +
              "installation was found for that id."
            );
        }
        installation.LastActivityDate = _timeProvider.GetUtcNow().UtcDateTime;
        await _installationRepository.UpsertAsync(installation);
    }
 }
--- a/src/Core/Platform/Installations/Entities/Installation.cs
+++ b/src/Core/Platform/Installations/Entities/Installation.cs
@ -19,6 +19,7 @@ public class Installation : ITableObject<Guid>
    public string Key { get; set; } = null!;
    public bool Enabled { get; set; }
    public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
    public DateTime? LastActivityDate { get; internal set; }
    public void SetNewId()
    {
--- a/src/Core/Platform/Installations/Queries/GetInstallationQuery/GetInstallationQuery.cs
+++ b/src/Core/Platform/Installations/Queries/GetInstallationQuery/GetInstallationQuery.cs
@ -0,0 +1,30 @@
 namespace Bit.Core.Platform.Installations;
 /// <summary>
 /// Queries responsible for fetching an installation from
 /// `InstallationRepository`.
 /// </summary>
 /// <remarks>
 /// If referencing: you probably want the interface `IGetInstallationQuery`
 /// instead of directly calling this class.
 /// </remarks>
 /// <seealso cref="IGetInstallationQuery"/>
 public class GetInstallationQuery : IGetInstallationQuery
 {
    private readonly IInstallationRepository _installationRepository;
    public GetInstallationQuery(IInstallationRepository installationRepository)
    {
        _installationRepository = installationRepository;
    }
    /// <inheritdoc cref="IGetInstallationQuery.GetByIdAsync"/>
    public async Task<Installation> GetByIdAsync(Guid installationId)
    {
        if (installationId == default(Guid))
        {
            return null;
        }
        return await _installationRepository.GetByIdAsync(installationId);
    }
 }
--- a/src/Core/Platform/Installations/Queries/GetInstallationQuery/IGetInstallationQuery.cs
+++ b/src/Core/Platform/Installations/Queries/GetInstallationQuery/IGetInstallationQuery.cs
@ -0,0 +1,20 @@
 namespace Bit.Core.Platform.Installations;
 /// <summary>
 /// Query interface responsible for fetching an installation from
 /// `InstallationRepository`.
 /// </summary>
 /// <remarks>
 /// This interface is implemented by `GetInstallationQuery`
 /// </remarks>
 /// <seealso cref="GetInstallationQuery"/>
 public interface IGetInstallationQuery
 {
    /// <summary>
    /// Retrieves an installation from the `InstallationRepository` by its id.
    /// </summary>
    /// <param name="installationId">The GUID id of the installation.</param>
    /// <returns>A task containing an `Installation`.</returns>
    /// <seealso cref="T:Bit.Core.Platform.Installations.Repositories.IInstallationRepository"/>
    Task<Installation> GetByIdAsync(Guid installationId);
 }
--- a/src/Core/Platform/PlatformServiceCollectionExtensions.cs
+++ b/src/Core/Platform/PlatformServiceCollectionExtensions.cs
@ -0,0 +1,19 @@
 using Bit.Core.Platform.Installations;
 using Microsoft.Extensions.DependencyInjection;
 namespace Bit.Core.Platform;
 public static class PlatformServiceCollectionExtensions
 {
    /// <summary>
    /// Extend DI to include commands and queries exported from the Platform
    /// domain.
    /// </summary>
    public static IServiceCollection AddPlatformServices(this IServiceCollection services)
    {
        services.AddScoped<IGetInstallationQuery, GetInstallationQuery>();
        services.AddScoped<IUpdateInstallationCommand, UpdateInstallationCommand>();
        return services;
    }
 }
--- a/src/Core/Platform/Push/Services/RelayPushRegistrationService.cs
+++ b/src/Core/Platform/Push/Services/RelayPushRegistrationService.cs
@ -9,7 +9,6 @@ namespace Bit.Core.Platform.Push.Internal;
 public class RelayPushRegistrationService : BaseIdentityClientService, IPushRegistrationService
 {
    public RelayPushRegistrationService(
        IHttpClientFactory httpFactory,
        GlobalSettings globalSettings,
--- a/src/Identity/IdentityServer/RequestValidators/CustomTokenRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/CustomTokenRequestValidator.cs
@ -1,11 +1,13 @@
 using System.Diagnostics;
 using System.Security.Claims;
 using Bit.Core;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Models.Api.Response;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.IdentityServer;
 using Bit.Core.Platform.Installations;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
@ -23,6 +25,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
    ICustomTokenRequestValidator
 {
    private readonly UserManager<User> _userManager;
    private readonly IUpdateInstallationCommand _updateInstallationCommand;
    public CustomTokenRequestValidator(
        UserManager<User> userManager,
@ -39,7 +42,8 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
        IPolicyService policyService,
        IFeatureService featureService,
        ISsoConfigRepository ssoConfigRepository,
-        IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder
+        IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder,
        IUpdateInstallationCommand updateInstallationCommand
        )
        : base(
            userManager,
@ -59,6 +63,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
            userDecryptionOptionsBuilder)
    {
        _userManager = userManager;
        _updateInstallationCommand = updateInstallationCommand;
    }
    public async Task ValidateAsync(CustomTokenRequestValidationContext context)
@ -76,16 +81,24 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
        }
        string[] allowedGrantTypes = ["authorization_code", "client_credentials"];
        string clientId = context.Result.ValidatedRequest.ClientId;
        if (!allowedGrantTypes.Contains(context.Result.ValidatedRequest.GrantType)
-            || context.Result.ValidatedRequest.ClientId.StartsWith("organization")
+            || clientId.StartsWith("organization")
-            || context.Result.ValidatedRequest.ClientId.StartsWith("installation")
+            || clientId.StartsWith("installation")
-            || context.Result.ValidatedRequest.ClientId.StartsWith("internal")
+            || clientId.StartsWith("internal")
            || context.Result.ValidatedRequest.Client.AllowedScopes.Contains(ApiScopes.ApiSecrets))
        {
            if (context.Result.ValidatedRequest.Client.Properties.TryGetValue("encryptedPayload", out var payload) &&
                !string.IsNullOrWhiteSpace(payload))
            {
                context.Result.CustomResponse = new Dictionary<string, object> { { "encrypted_payload", payload } };
            }
            if (FeatureService.IsEnabled(FeatureFlagKeys.RecordInstallationLastActivityDate)
                && context.Result.ValidatedRequest.ClientId.StartsWith("installation"))
            {
                var installationIdPart = clientId.Split(".")[1];
                await RecordActivityForInstallation(clientId.Split(".")[1]);
            }
            return;
        }
@ -152,6 +165,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
            context.Result.CustomResponse["KeyConnectorUrl"] = userDecryptionOptions.KeyConnectorOption.KeyConnectorUrl;
            context.Result.CustomResponse["ResetMasterPassword"] = false;
        }
        return Task.CompletedTask;
    }
@ -202,4 +216,25 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
        context.Result.ErrorDescription = requestContext.ValidationErrorResult.ErrorDescription;
        context.Result.CustomResponse = requestContext.CustomResponse;
    }
    /// <summary>
    /// To help mentally separate organizations that self host from abandoned
    /// organizations we hook in to the token refresh event for installations
    /// to write a simple `DateTime.Now` to the database.
    /// </summary>
    /// <remarks>
    /// This works well because installations don't phone home very often.
    /// Currently self hosted installations only refresh tokens every 24
    /// hours or so for the sake of hooking in to cloud's push relay service.
    /// If installations ever start refreshing tokens more frequently we may need to
    /// adjust this to avoid making a bunch of unnecessary database calls!
    /// </remarks>
    private async Task RecordActivityForInstallation(string? installationIdString)
    {
        if (!Guid.TryParse(installationIdString, out var installationId))
        {
            return;
        }
        await _updateInstallationCommand.UpdateLastActivityDateAsync(installationId);
    }
 }
--- a/src/Identity/IdentityServer/RequestValidators/WebAuthnGrantValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/WebAuthnGrantValidator.cs
@ -44,8 +44,7 @@ public class WebAuthnGrantValidator : BaseRequestValidator<ExtensionGrantValidat
        IDataProtectorTokenFactory<WebAuthnLoginAssertionOptionsTokenable> assertionOptionsDataProtector,
        IFeatureService featureService,
        IUserDecryptionOptionsBuilder userDecryptionOptionsBuilder,
-        IAssertWebAuthnLoginCredentialCommand assertWebAuthnLoginCredentialCommand
+        IAssertWebAuthnLoginCredentialCommand assertWebAuthnLoginCredentialCommand)
        )
        : base(
            userManager,
            userService,
--- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
+++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
@ -30,6 +30,7 @@ using Bit.Core.KeyManagement;
 using Bit.Core.NotificationCenter;
 using Bit.Core.NotificationHub;
 using Bit.Core.OrganizationFeatures;
 using Bit.Core.Platform;
 using Bit.Core.Platform.Push;
 using Bit.Core.Platform.Push.Internal;
 using Bit.Core.Repositories;
@ -126,6 +127,7 @@ public static class ServiceCollectionExtensions
        services.AddReportingServices();
        services.AddKeyManagementServices();
        services.AddNotificationCenterServices();
        services.AddPlatformServices();
    }
    public static void AddTokenizers(this IServiceCollection services)
--- a/test/Core.Test/Platform/Installations/Commands/UpdateInstallationCommandTests.cs
+++ b/test/Core.Test/Platform/Installations/Commands/UpdateInstallationCommandTests.cs
@ -0,0 +1,40 @@
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Microsoft.Extensions.Time.Testing;
 using NSubstitute;
 using Xunit;
 namespace Bit.Core.Platform.Installations.Tests;
 [SutProviderCustomize]
 public class UpdateInstallationCommandTests
 {
    [Theory]
    [BitAutoData]
    public async Task UpdateLastActivityDateAsync_ShouldUpdateLastActivityDate(
        Installation installation
    )
    {
        // Arrange
        var sutProvider = new SutProvider<UpdateInstallationCommand>()
            .WithFakeTimeProvider()
            .Create();
        var someDate = new DateTime(2014, 11, 3, 18, 27, 0, DateTimeKind.Utc);
        sutProvider.GetDependency<FakeTimeProvider>().SetUtcNow(someDate);
        sutProvider
            .GetDependency<IGetInstallationQuery>()
            .GetByIdAsync(installation.Id)
            .Returns(installation);
        // Act
        await sutProvider.Sut.UpdateLastActivityDateAsync(installation.Id);
        // Assert
        await sutProvider
            .GetDependency<IInstallationRepository>()
            .Received(1)
            .UpsertAsync(Arg.Is<Installation>(inst => inst.LastActivityDate == someDate));
    }
 }