nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-14 01:28:14 -05:00
Code

change email/password adjustments

Browse Source
This commit is contained in:
Kyle Spearrin 2017-04-17 14:53:07 -04:00
parent 184cf0c0df
commit e732996cd9
12 changed files with 98 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Api/Controllers/AccountsController.cs
View File

@ -82,7 +82,8 @@ namespace Bit.Api.Controllers
// NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
var result = await _userService.ChangeEmailAsync(
user,
@ -90,7 +91,9 @@ namespace Bit.Api.Controllers
model.NewEmail,
model.NewMasterPasswordHash,
model.Token,
ciphers);
ciphers,
folders,
model.Data.PrivateKey);
if(result.Succeeded)
{
@ -114,13 +117,16 @@ namespace Bit.Api.Controllers
// NOTE: It is assumed that the eventual repository call will make sure the updated
// ciphers belong to user making this call. Therefore, no check is done here.
var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
var ciphers = model.Data.Ciphers.Select(c => c.ToCipher(user.Id));
var folders = model.Data.Folders.Select(c => c.ToFolder(user.Id));
var result = await _userService.ChangePasswordAsync(
user,
model.MasterPasswordHash,
model.NewMasterPasswordHash,
ciphers);
ciphers,
folders,
model.Data.PrivateKey);
if(result.Succeeded)
{

2
src/Core/Models/Api/Request/Accounts/EmailRequestModel.cs
View File

@ -17,6 +17,6 @@ namespace Bit.Core.Models.Api
[Required]
public string Token { get; set; }
[Required]
public CipherRequestModel[] Ciphers { get; set; }
public DataReloadRequestModel Data { get; set; }
}
}

2
src/Core/Models/Api/Request/Accounts/PasswordRequestModel.cs
View File

@ -11,6 +11,6 @@ namespace Bit.Core.Models.Api
[StringLength(300)]
public string NewMasterPasswordHash { get; set; }
[Required]
public CipherRequestModel[] Ciphers { get; set; }
public DataReloadRequestModel Data { get; set; }
}
}

2
src/Core/Models/Api/Request/CipherRequestModel.cs
View File

@ -18,8 +18,6 @@ namespace Bit.Core.Models.Api
public string Id { get; set; }
[StringLength(36)]
public string OrganizationId { get; set; }
[StringLength(36)]
public string FolderId { get; set; }
[Required]
[EncryptedString]
[StringLength(300)]

15
src/Core/Models/Api/Request/DataReloadRequestModel.cs Normal file
View File

@ -0,0 +1,15 @@
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
namespace Bit.Core.Models.Api
{
public class DataReloadRequestModel
{
[Required]
public IEnumerable<LoginWithIdRequestModel> Ciphers { get; set; }
[Required]
public IEnumerable<FolderWithIdRequestModel> Folders { get; set; }
[Required]
public string PrivateKey { get; set; }
}
}

14
src/Core/Models/Api/Request/FolderRequestModel.cs
View File

@ -27,4 +27,18 @@ namespace Bit.Core.Models.Api
return existingFolder;
}
}
public class FolderWithIdRequestModel : FolderRequestModel
{
public Guid Id { get; set; }
public new Folder ToFolder(Guid userId)
{
return ToFolder(new Folder
{
UserId = userId,
Id = Id
});
}
}
}

15
src/Core/Models/Api/Request/LoginRequestModel.cs
View File

@ -3,6 +3,7 @@ using System.ComponentModel.DataAnnotations;
using Bit.Core.Utilities;
using Newtonsoft.Json;
using Core.Models.Data;
using Bit.Core.Models.Table;
namespace Bit.Core.Models.Api
{
@ -48,4 +49,18 @@ namespace Bit.Core.Models.Api
return existingLogin;
}
}
public class LoginWithIdRequestModel : LoginRequestModel
{
public Guid Id { get; set; }
public Cipher ToCipher(Guid userId)
{
return ToCipherDetails(new CipherDetails
{
UserId = userId,
Id = Id
});
}
}
}

2
src/Core/Repositories/ICipherRepository.cs
View File

@ -18,7 +18,7 @@ namespace Bit.Core.Repositories
Task UpsertAsync(CipherDetails cipher);
Task ReplaceAsync(Cipher obj, IEnumerable<Guid> subvaultIds);
Task UpdatePartialAsync(Guid id, Guid userId, Guid? folderId, bool favorite);
Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers);
Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
Task CreateAsync(IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
}
}

31
src/Core/Repositories/SqlServer/CipherRepository.cs
View File

@ -154,7 +154,7 @@ namespace Bit.Core.Repositories.SqlServer
}
}
public Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers)
public Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders)
{
if(ciphers.Count() == 0)
{
@ -179,6 +179,7 @@ namespace Bit.Core.Repositories.SqlServer
cmd.Parameters.Add("@EmailVerified", SqlDbType.NVarChar).Value = user.EmailVerified;
cmd.Parameters.Add("@MasterPassword", SqlDbType.NVarChar).Value = user.MasterPassword;
cmd.Parameters.Add("@SecurityStamp", SqlDbType.NVarChar).Value = user.SecurityStamp;
cmd.Parameters.Add("@PrivateKey", SqlDbType.VarChar).Value = user.PrivateKey;
cmd.Parameters.Add("@RevisionDate", SqlDbType.DateTime2).Value = user.RevisionDate;
cmd.ExecuteNonQuery();
}
@ -188,7 +189,11 @@ namespace Bit.Core.Repositories.SqlServer
var sqlCreateTemp = @"
SELECT TOP 0 *
INTO #TempCipher
FROM [dbo].[Cipher]";
FROM [dbo].[Cipher]
SELECT TOP 0 *
INTO #TempFolder
FROM [dbo].[Folder]";
using(var cmd = new SqlCommand(sqlCreateTemp, connection, transaction))
{
@ -204,6 +209,13 @@ namespace Bit.Core.Repositories.SqlServer
bulkCopy.WriteToServer(dataTable);
}
using(var bulkCopy = new SqlBulkCopy(connection, SqlBulkCopyOptions.KeepIdentity, transaction))
{
bulkCopy.DestinationTableName = "#TempFolder";
var dataTable = BuildFoldersTable(folders);
bulkCopy.WriteToServer(dataTable);
}
// 4. Insert into real tables from temp tables and clean up.
var sqlUpdate = @"
@ -219,7 +231,20 @@ namespace Bit.Core.Repositories.SqlServer
WHERE
C.[UserId] = @UserId
DROP TABLE #TempCipher";
UPDATE
[dbo].[Folder]
SET
[Name] = TF.[Name],
[RevisionDate] = TF.[RevisionDate]
FROM
[dbo].[Folder] F
INNER JOIN
#TempFolder TF ON F.Id = TF.Id
WHERE
F.[UserId] = @UserId
DROP TABLE #TempCipher
DROP TABLE #TempFolder";
using(var cmd = new SqlCommand(sqlUpdate, connection, transaction))
{

6
src/Core/Services/IUserService.cs
View File

@ -18,8 +18,10 @@ namespace Bit.Core.Services
Task<IdentityResult> RegisterUserAsync(User user, string masterPassword);
Task SendMasterPasswordHintAsync(string email);
Task InitiateEmailChangeAsync(User user, string newEmail);
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword, string token, IEnumerable<Cipher> ciphers);
Task<IdentityResult> ChangePasswordAsync(User user, string currentMasterPasswordHash, string newMasterPasswordHash, IEnumerable<Cipher> ciphers);
Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail, string newMasterPassword,
string token, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey);
Task<IdentityResult> ChangePasswordAsync(User user, string currentMasterPasswordHash, string newMasterPasswordHash,
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey);
Task<IdentityResult> RefreshSecurityStampAsync(User user, string masterPasswordHash);
Task GetTwoFactorAsync(User user, Enums.TwoFactorProviderType provider);
Task<bool> RecoverTwoFactorAsync(string email, string masterPassword, string recoveryCode);

12
src/Core/Services/Implementations/UserService.cs
View File

@ -169,8 +169,8 @@ namespace Bit.Core.Services
await _mailService.SendChangeEmailEmailAsync(newEmail, token);
}
public async Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail,
string newMasterPassword, string token, IEnumerable<Cipher> ciphers)
public async Task<IdentityResult> ChangeEmailAsync(User user, string masterPassword, string newEmail,
string newMasterPassword, string token, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey)
{
var verifyPasswordResult = _passwordHasher.VerifyHashedPassword(user, user.MasterPassword, masterPassword);
if(verifyPasswordResult == PasswordVerificationResult.Failed)
@ -199,10 +199,11 @@ namespace Bit.Core.Services
user.Email = newEmail;
user.EmailVerified = true;
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.PrivateKey = privateKey;
if(ciphers.Any())
{
await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers);
await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers, folders);
}
else
{
@ -218,7 +219,7 @@ namespace Bit.Core.Services
}
public async Task<IdentityResult> ChangePasswordAsync(User user, string masterPassword, string newMasterPassword,
IEnumerable<Cipher> ciphers)
IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders, string privateKey)
{
if(user == null)
{
@ -234,9 +235,10 @@ namespace Bit.Core.Services
}
user.RevisionDate = user.AccountRevisionDate = DateTime.UtcNow;
user.PrivateKey = privateKey;
if(ciphers.Any())
{
await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers);
await _cipherRepository.UpdateUserEmailPasswordAndCiphersAsync(user, ciphers, folders);
}
else
{

2
src/Sql/dbo/Stored Procedures/User_UpdateEmailPassword.sql
View File

@ -4,6 +4,7 @@
@EmailVerified BIT,
@MasterPassword NVARCHAR(300),
@SecurityStamp NVARCHAR(50),
@PrivateKey VARCHAR(MAX),
@RevisionDate DATETIME2(7)
AS
BEGIN
@ -16,6 +17,7 @@ BEGIN
[EmailVerified] = @EmailVerified,
[MasterPassword] = @MasterPassword,
[SecurityStamp] = @SecurityStamp,
[PrivateKey] = @PrivateKey,
[RevisionDate] = @RevisionDate,
[AccountRevisionDate] = @RevisionDate
WHERE