nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

[AC-1654] idor allow the attacker to disable any one scim provising (#3325)

Browse Source 
* [AC-1654] Added IOrganizationConnectionRepository.GetByIdOrganizationIdAsync and modified OrganizationConnectionsController to use it to get a connection matching both Id and OrganizationId

* [AC-1654] Fixed unit tests
This commit is contained in:
Rui Tomé
2023-10-18 11:39:00 +01:00
committed by GitHub
parent 8c77c65ce8
commit cb73056c42
7 changed files with 75 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Api/Controllers/OrganizationConnectionsController.cs
View File

@ -78,7 +78,12 @@ public class OrganizationConnectionsController : Controller
[HttpPut("{organizationConnectionId}")]
public async Task<OrganizationConnectionResponseModel> UpdateConnection(Guid organizationConnectionId, [FromBody] OrganizationConnectionRequestModel model)
{
var existingOrganizationConnection = await _organizationConnectionRepository.GetByIdAsync(organizationConnectionId);
if (model == null)
{
throw new NotFoundException();
}
var existingOrganizationConnection = await _organizationConnectionRepository.GetByIdOrganizationIdAsync(organizationConnectionId, model.OrganizationId);
if (existingOrganizationConnection == null)
{
throw new NotFoundException();