nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[AC-1654] idor allow the attacker to disable any one scim provising (#3325)

Browse Source 
* [AC-1654] Added IOrganizationConnectionRepository.GetByIdOrganizationIdAsync and modified OrganizationConnectionsController to use it to get a connection matching both Id and OrganizationId

* [AC-1654] Fixed unit tests
This commit is contained in:
Rui Tomé
2023-10-18 11:39:00 +01:00
committed by GitHub
parent 8c77c65ce8
commit cb73056c42
7 changed files with 75 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
util/Migrator/DbScripts/2023-10-05_00_OrgConnectionsReadByIdOrgId.sql Normal file
View File

@ -0,0 +1,16 @@
CREATE OR ALTER PROCEDURE [dbo].[OrganizationConnection_ReadByIdOrganizationId]
@Id UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
*
FROM
[dbo].[OrganizationConnectionView]
WHERE
[Id] = @Id AND
[OrganizationId] = @OrganizationId
END
GO