nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

Make error checking more robust per Justin

Browse Source
This commit is contained in:
Thomas Rittson 2025-04-01 15:23:26 +10:00
parent faa2ff8b1d
commit d1fff74504
No known key found for this signature in database
GPG Key ID: CDDDA03861C35E27
2 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Api/AdminConsole/Authorization/OrganizationRequirementHandler.cs
View File

@ -16,15 +16,11 @@ public class OrganizationRequirementHandler(
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, IOrganizationRequirement requirement) protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, IOrganizationRequirement requirement)
{ {
var organizationId = httpContextAccessor.GetOrganizationId(); var organizationId = httpContextAccessor.GetOrganizationId();
if (organizationId is null)
{
throw new Exception("No organizationId found in route. IOrganizationRequirement cannot be used on this endpoint.");
}
var organizationClaims = context.User.GetCurrentContextOrganization(organizationId.Value); var organizationClaims = context.User.GetCurrentContextOrganization(organizationId);
var providerOrganizationContext = null; // TODO var providerOrganizationContext = null; // TODO
var authorized = await requirement.AuthorizeAsync(organizationId.Value, organizationClaims, providerOrganizationContext); var authorized = await requirement.AuthorizeAsync(organizationId, organizationClaims, providerOrganizationContext);
if (authorized) if (authorized)
{ {

7
src/Api/AdminConsole/Authorization/OrganizationRequirementHelpers.cs
View File

@ -4,17 +4,18 @@ namespace Bit.Api.AdminConsole.Authorization;
public static class OrganizationRequirementHelpers public static class OrganizationRequirementHelpers
{ {
public static Guid? GetOrganizationId(this IHttpContextAccessor httpContextAccessor) public static Guid GetOrganizationId(this IHttpContextAccessor httpContextAccessor)
{ {
if (httpContextAccessor.HttpContext is null) if (httpContextAccessor.HttpContext is null)
{ {
return null; throw new InvalidOperationException("This method should only be called in the context of an HTTP Request.");
} }
httpContextAccessor.HttpContext.GetRouteData().Values.TryGetValue("orgId", out var orgIdParam); httpContextAccessor.HttpContext.GetRouteData().Values.TryGetValue("orgId", out var orgIdParam);
if (orgIdParam == null || !Guid.TryParse(orgIdParam.ToString(), out var orgId)) if (orgIdParam == null || !Guid.TryParse(orgIdParam.ToString(), out var orgId))
{ {
return null; throw new InvalidOperationException(
"A route decorated with with '[Authorize<Requirement>]' should include a route value named 'orgId' either through the [Controller] attribute or through a '[Http*]' attribute.");
} }
return orgId; return orgId;