nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-03 09:02:48 -05:00
Code Activity

[AC-1654] idor allow the attacker to disable any one scim provising (#3325)

Browse Source 
* [AC-1654] Added IOrganizationConnectionRepository.GetByIdOrganizationIdAsync and modified OrganizationConnectionsController to use it to get a connection matching both Id and OrganizationId

* [AC-1654] Fixed unit tests
This commit is contained in:
Rui Tomé
2023-10-18 11:39:00 +01:00
committed by GitHub
parent 8c77c65ce8
commit cb73056c42
7 changed files with 75 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Infrastructure.EntityFramework/Repositories/OrganizationConnectionRepository.cs
View File

@ -15,6 +15,17 @@ public class OrganizationConnectionRepository : Repository<OrganizationConnectio
{
}
public async Task<OrganizationConnection> GetByIdOrganizationIdAsync(Guid id, Guid organizationId)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
var dbContext = GetDatabaseContext(scope);
var connection = await dbContext.OrganizationConnections
.FirstOrDefaultAsync(oc => oc.Id == id && oc.OrganizationId == organizationId);
return Mapper.Map<OrganizationConnection>(connection);
}
}
public async Task<ICollection<OrganizationConnection>> GetByOrganizationIdTypeAsync(Guid organizationId, OrganizationConnectionType type)
{
using (var scope = ServiceScopeFactory.CreateScope())