nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

org context checks in org apis. remove depr. code

Browse Source
This commit is contained in:
Kyle Spearrin
2017-04-05 16:13:40 -04:00
parent a474449354
commit 9a1e512020
8 changed files with 69 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/Api/Controllers/OrganizationsController.cs
View File

@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Authorization;
using Bit.Core.Models.Api;
using Bit.Core.Exceptions;
using Bit.Core.Services;
using Bit.Core;
namespace Bit.Api.Controllers
{
@ -18,25 +19,27 @@ namespace Bit.Api.Controllers
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IOrganizationService _organizationService;
private readonly IUserService _userService;
private readonly CurrentContext _currentContext;
public OrganizationsController(
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IOrganizationService organizationService,
IUserService userService)
IUserService userService,
CurrentContext currentContext)
{
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
_organizationService = organizationService;
_userService = userService;
_currentContext = currentContext;
}
[HttpGet("{id}")]
public async Task<OrganizationResponseModel> Get(string id)
{
var userId = _userService.GetProperUserId(User).Value;
var organization = await _organizationRepository.GetByIdAsync(new Guid(id), userId);
if(organization == null)
var organization = await _organizationRepository.GetByIdAsync(new Guid(id));
if(organization == null || !_currentContext.OrganizationAdmin(organization.Id))
{
throw new NotFoundException();
}
@ -44,25 +47,6 @@ namespace Bit.Api.Controllers
return new OrganizationResponseModel(organization);
}
[HttpGet("{id}/extended")]
public async Task<OrganizationExtendedResponseModel> GetExtended(string id)
{
var userId = _userService.GetProperUserId(User).Value;
var organization = await _organizationRepository.GetByIdAsync(new Guid(id), userId);
if(organization == null)
{
throw new NotFoundException();
}
var organizationUser = await _organizationUserRepository.GetByOrganizationAsync(new Guid(id), userId);
if(organizationUser == null)
{
throw new NotFoundException();
}
return new OrganizationExtendedResponseModel(organization, organizationUser);
}
[HttpGet("")]
public async Task<ListResponseModel<OrganizationResponseModel>> Get()
{
@ -73,22 +57,20 @@ namespace Bit.Api.Controllers
}
[HttpPost("")]
public async Task<OrganizationExtendedResponseModel> Post([FromBody]OrganizationCreateRequestModel model)
public async Task<OrganizationResponseModel> Post([FromBody]OrganizationCreateRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
var organizationSignup = model.ToOrganizationSignup(user);
var result = await _organizationService.SignUpAsync(organizationSignup);
return new OrganizationExtendedResponseModel(result.Item1, result.Item2);
return new OrganizationResponseModel(result.Item1);
}
[HttpPut("{id}")]
[HttpPost("{id}")]
public async Task<OrganizationResponseModel> Put(string id, [FromBody]OrganizationUpdateRequestModel model)
{
var userId = _userService.GetProperUserId(User).Value;
var organization = await _organizationRepository.GetByIdAsync(new Guid(id), userId);
// TODO: Permission checks
if(organization == null)
var organization = await _organizationRepository.GetByIdAsync(new Guid(id));
if(organization == null || !_currentContext.OrganizationAdmin(organization.Id))
{
throw new NotFoundException();
}
@ -101,9 +83,8 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/delete")]
public async Task Delete(string id)
{
var organization = await _organizationRepository.GetByIdAsync(new Guid(id),
_userService.GetProperUserId(User).Value);
if(organization == null)
var organization = await _organizationRepository.GetByIdAsync(new Guid(id));
if(organization == null || !_currentContext.OrganizationAdmin(organization.Id))
{
throw new NotFoundException();
}

33
src/Api/Middleware/CurrentContextMiddleware.cs
View File

@ -20,6 +20,39 @@ namespace Bit.Api.Middleware
{
var securityStampClaim = httpContext.User.Claims.FirstOrDefault(c => c.Type == "device");
currentContext.DeviceIdentifier = securityStampClaim?.Value;
var orgOwnerClaims = httpContext.User.Claims.Where(c => c.Type == "orgowner");
if(orgOwnerClaims.Any())
{
currentContext.Organizations.AddRange(orgOwnerClaims.Select(c =>
new CurrentContext.CurrentContentOrganization
{
Id = new System.Guid(c.Value),
Type = Core.Enums.OrganizationUserType.Owner
}));
}
var orgAdminClaims = httpContext.User.Claims.Where(c => c.Type == "orgadmin");
if(orgAdminClaims.Any())
{
currentContext.Organizations.AddRange(orgAdminClaims.Select(c =>
new CurrentContext.CurrentContentOrganization
{
Id = new System.Guid(c.Value),
Type = Core.Enums.OrganizationUserType.Admin
}));
}
var orgUserClaims = httpContext.User.Claims.Where(c => c.Type == "orguser");
if(orgUserClaims.Any())
{
currentContext.Organizations.AddRange(orgUserClaims.Select(c =>
new CurrentContext.CurrentContentOrganization
{
Id = new System.Guid(c.Value),
Type = Core.Enums.OrganizationUserType.User
}));
}
}
if(currentContext.DeviceIdentifier == null && httpContext.Request.Headers.ContainsKey("Device-Identifier"))