mirror of
https://github.com/bitwarden/server.git
synced 2025-07-04 17:42:49 -05:00
[PM-3797 Part 4] Add Sends to new Key Rotation (#3442)
* add send validation * add send repo methods * add send rotation to delegate list * add success test
This commit is contained in:
Jake Fink
@ -5,6 +5,7 @@ using Bit.Api.Auth.Validators;
|
||||
using Bit.Api.Models.Request;
|
||||
using Bit.Api.Models.Request.Accounts;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Tools.Models.Request;
|
||||
using Bit.Api.Utilities;
|
||||
using Bit.Api.Vault.Models.Request;
|
||||
using Bit.Core;
|
||||
@ -68,6 +69,7 @@ public class AccountsController : Controller
|
||||
|
||||
private readonly IRotationValidator<IEnumerable<CipherWithIdRequestModel>, IEnumerable<Cipher>> _cipherValidator;
|
||||
private readonly IRotationValidator<IEnumerable<FolderWithIdRequestModel>, IEnumerable<Folder>> _folderValidator;
|
||||
private readonly IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>> _sendValidator;
|
||||
private readonly IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
|
||||
_emergencyAccessValidator;
|
||||
|
||||
@ -92,6 +94,7 @@ public class AccountsController : Controller
|
||||
ICurrentContext currentContext,
|
||||
IRotationValidator<IEnumerable<CipherWithIdRequestModel>, IEnumerable<Cipher>> cipherValidator,
|
||||
IRotationValidator<IEnumerable<FolderWithIdRequestModel>, IEnumerable<Folder>> folderValidator,
|
||||
IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>> sendValidator,
|
||||
IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>
|
||||
emergencyAccessValidator
|
||||
)
|
||||
@ -115,6 +118,7 @@ public class AccountsController : Controller
|
||||
_currentContext = currentContext;
|
||||
_cipherValidator = cipherValidator;
|
||||
_folderValidator = folderValidator;
|
||||
_sendValidator = sendValidator;
|
||||
_emergencyAccessValidator = emergencyAccessValidator;
|
||||
}
|
||||
|
||||
@ -423,7 +427,7 @@ public class AccountsController : Controller
|
||||
PrivateKey = model.PrivateKey,
|
||||
Ciphers = await _cipherValidator.ValidateAsync(user, model.Ciphers),
|
||||
Folders = await _folderValidator.ValidateAsync(user, model.Folders),
|
||||
Sends = new List<Send>(),
|
||||
Sends = await _sendValidator.ValidateAsync(user, model.Sends),
|
||||
EmergencyAccessKeys = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
|
||||
ResetPasswordKeys = new List<OrganizationUser>(),
|
||||
};
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Exceptions;
|
||||
|
||||
namespace Bit.Api.Auth.Validators;
|
||||
|
||||
@ -11,5 +12,11 @@ namespace Bit.Api.Auth.Validators;
|
||||
/// <typeparam name="R">Domain model</typeparam>
|
||||
public interface IRotationValidator<T, R>
|
||||
{
|
||||
/// <summary>
|
||||
/// Validates re-encrypted data before being saved to database.
|
||||
/// </summary>
|
||||
/// <param name="user">Request model</param>
|
||||
/// <param name="data">Domain model</param>
|
||||
/// <exception cref="BadRequestException">Throws if data fails validation</exception>
|
||||
Task<R> ValidateAsync(User user, T data);
|
||||
}
|
||||
|
||||
@ -9,6 +9,8 @@ using IdentityModel;
|
||||
using System.Globalization;
|
||||
using Bit.Api.Auth.Models.Request;
|
||||
using Bit.Api.Auth.Validators;
|
||||
using Bit.Api.Tools.Models.Request;
|
||||
using Bit.Api.Tools.Validators;
|
||||
using Bit.Api.Vault.Models.Request;
|
||||
using Bit.Api.Vault.Validators;
|
||||
using Bit.Core.Auth.Entities;
|
||||
@ -23,6 +25,7 @@ using Bit.Core.Auth.Identity;
|
||||
using Bit.Core.Auth.UserFeatures.UserKey;
|
||||
using Bit.Core.Auth.UserFeatures.UserKey.Implementations;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
|
||||
using Bit.Core.Tools.Entities;
|
||||
using Bit.Core.Vault.Entities;
|
||||
|
||||
#if !OSS
|
||||
@ -141,15 +144,18 @@ public class Startup
|
||||
|
||||
// Key Rotation
|
||||
services.AddScoped<IRotateUserKeyCommand, RotateUserKeyCommand>();
|
||||
services
|
||||
.AddScoped<IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>,
|
||||
EmergencyAccessRotationValidator>();
|
||||
services
|
||||
.AddScoped<IRotationValidator<IEnumerable<CipherWithIdRequestModel>, IEnumerable<Cipher>>,
|
||||
CipherRotationValidator>();
|
||||
services
|
||||
.AddScoped<IRotationValidator<IEnumerable<FolderWithIdRequestModel>, IEnumerable<Folder>>,
|
||||
FolderRotationValidator>();
|
||||
services
|
||||
.AddScoped<IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>>,
|
||||
SendRotationValidator>();
|
||||
services
|
||||
.AddScoped<IRotationValidator<IEnumerable<EmergencyAccessWithIdRequestModel>, IEnumerable<EmergencyAccess>>,
|
||||
EmergencyAccessRotationValidator>();
|
||||
|
||||
// Services
|
||||
services.AddBaseServices(globalSettings);
|
||||
|
||||
57
src/Api/Tools/Validators/SendRotationValidator.cs
Normal file
57
src/Api/Tools/Validators/SendRotationValidator.cs
Normal file
@ -0,0 +1,57 @@
|
||||
using Bit.Api.Auth.Validators;
|
||||
using Bit.Api.Tools.Models.Request;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Tools.Entities;
|
||||
using Bit.Core.Tools.Repositories;
|
||||
using Bit.Core.Tools.Services;
|
||||
|
||||
namespace Bit.Api.Tools.Validators;
|
||||
|
||||
/// <summary>
|
||||
/// Send implementation for <see cref="IRotationValidator{T,R}"/>
|
||||
/// </summary>
|
||||
public class SendRotationValidator : IRotationValidator<IEnumerable<SendWithIdRequestModel>, IReadOnlyList<Send>>
|
||||
{
|
||||
private readonly ISendService _sendService;
|
||||
private readonly ISendRepository _sendRepository;
|
||||
|
||||
/// <summary>
|
||||
/// Instantiates a new <see cref="SendRotationValidator"/>
|
||||
/// </summary>
|
||||
/// <param name="sendService">Enables conversion of <see cref="SendWithIdRequestModel"/> to <see cref="Send"/></param>
|
||||
/// <param name="sendRepository">Retrieves all user <see cref="Send"/>s</param>
|
||||
public SendRotationValidator(ISendService sendService, ISendRepository sendRepository)
|
||||
{
|
||||
_sendService = sendService;
|
||||
_sendRepository = sendRepository;
|
||||
}
|
||||
|
||||
public async Task<IReadOnlyList<Send>> ValidateAsync(User user, IEnumerable<SendWithIdRequestModel> sends)
|
||||
{
|
||||
var result = new List<Send>();
|
||||
if (sends == null || !sends.Any())
|
||||
{
|
||||
return result;
|
||||
}
|
||||
|
||||
var existingSends = await _sendRepository.GetManyByUserIdAsync(user.Id);
|
||||
if (existingSends == null || !existingSends.Any())
|
||||
{
|
||||
return result;
|
||||
}
|
||||
|
||||
foreach (var existing in existingSends)
|
||||
{
|
||||
var send = sends.FirstOrDefault(c => c.Id == existing.Id);
|
||||
if (send == null)
|
||||
{
|
||||
throw new BadRequestException("All existing folders must be included in the rotation.");
|
||||
}
|
||||
|
||||
result.Add(send.ToSend(existing, _sendService));
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user