nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-09 07:08:15 -05:00
Code

validate send model parameters (#1067)

Browse Source
This commit is contained in:
Kyle Spearrin 2020-12-30 16:25:00 -05:00 committed by GitHub
parent 4825998ba5
commit d96da37e2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/SendsController.cs
View File

@ -84,6 +84,7 @@ namespace Bit.Api.Controllers
[HttpPost("")] [HttpPost("")]
public async Task<SendResponseModel> Post([FromBody] SendRequestModel model) public async Task<SendResponseModel> Post([FromBody] SendRequestModel model)
{ {
model.ValidateCreation();
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var send = model.ToSend(userId, _sendService); var send = model.ToSend(userId, _sendService);
await _sendService.SaveSendAsync(send); await _sendService.SaveSendAsync(send);
@ -108,6 +109,7 @@ namespace Bit.Api.Controllers
Send send = null; Send send = null;
await Request.GetSendFileAsync(async (stream, fileName, model) => await Request.GetSendFileAsync(async (stream, fileName, model) =>
{ {
model.ValidateCreation();
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var (madeSend, madeData) = model.ToSend(userId, fileName, _sendService); var (madeSend, madeData) = model.ToSend(userId, fileName, _sendService);
send = madeSend; send = madeSend;

18
src/Core/Models/Api/Request/SendRequestModel.cs
View File

@ -6,6 +6,7 @@ using Newtonsoft.Json;
using Bit.Core.Models.Data; using Bit.Core.Models.Data;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Exceptions;
namespace Bit.Core.Models.Api namespace Bit.Core.Models.Api
{ {
@ -22,6 +23,7 @@ namespace Bit.Core.Models.Api
[EncryptedString] [EncryptedString]
[EncryptedStringLength(1000)] [EncryptedStringLength(1000)]
public string Key { get; set; } public string Key { get; set; }
[Range(1, int.MaxValue)]
public int? MaxAccessCount { get; set; } public int? MaxAccessCount { get; set; }
public DateTime? ExpirationDate { get; set; } public DateTime? ExpirationDate { get; set; }
[Required] [Required]
@ -77,6 +79,22 @@ namespace Bit.Core.Models.Api
return existingSend; return existingSend;
} }
public void ValidateCreation()
{
// Add 1 minute for a sane buffer and client clock float
var nowPlus1Minute = DateTime.UtcNow.AddMinutes(1);
if (ExpirationDate.HasValue && ExpirationDate.Value <= nowPlus1Minute)
{
throw new BadRequestException("You cannot create a send that is already expired. " +
"Adjust the expiration date and try again.");
}
if (DeletionDate.HasValue && DeletionDate.Value <= nowPlus1Minute)
{
throw new BadRequestException("You cannot create a send that is already deleted. " +
"Adjust the deletion date and try again.");
}
}
private Send ToSendBase(Send existingSend, ISendService sendService) private Send ToSendBase(Send existingSend, ISendService sendService)
{ {
existingSend.Key = Key; existingSend.Key = Key;