nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 23:52:50 -05:00
Code Activity

Fix OrganizationConnection Update (#2071)

Browse Source 
* Force CloudOrganizationId to be read only

* Fix tests
This commit is contained in:
Justin Baur
2022-06-23 07:50:10 -04:00
committed by GitHub
parent d918f5aae3
commit 94059a2b06
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Api/Controllers/OrganizationConnectionsController.cs
View File

@ -89,6 +89,12 @@ namespace Bit.Api.Controllers
[HttpPut("{organizationConnectionId}")]
public async Task<OrganizationConnectionResponseModel> UpdateConnection(Guid organizationConnectionId, [FromBody] OrganizationConnectionRequestModel model)
{
var existingOrganizationConnection = await _organizationConnectionRepository.GetByIdAsync(organizationConnectionId);
if (existingOrganizationConnection == null)
{
throw new NotFoundException();
}
if (!await HasPermissionAsync(model?.OrganizationId))
{
throw new BadRequestException("Only the owner of an organization can update a connection.");
@ -103,6 +109,8 @@ namespace Bit.Api.Controllers
{
case OrganizationConnectionType.CloudBillingSync:
var typedModel = new OrganizationConnectionRequestModel<BillingSyncConfig>(model);
// We don't allow overwriting or changing the CloudOrganizationId so save it from the existing connection
typedModel.ParsedConfig.CloudOrganizationId = existingOrganizationConnection.GetConfig<BillingSyncConfig>().CloudOrganizationId;
var connection = await _updateOrganizationConnectionCommand.UpdateAsync(typedModel.ToData(organizationConnectionId));
return new OrganizationConnectionResponseModel(connection, typeof(BillingSyncConfig));
default: