Move into and read ciphers from org subvaults

2025-07-10 04:14:41 -05:00 · 2017-03-21 00:04:39 -04:00
parent 4779794599
commit ed8d5d69a4
22 changed files with 283 additions and 16 deletions
--- a/src/Core/Core.csproj
+++ b/src/Core/Core.csproj
@ -19,6 +19,7 @@
    <PackageReference Include="Microsoft.AspNetCore.Mvc.Abstractions" Version="1.1.2" />
    <PackageReference Include="Dapper" Version="1.50.2" />
    <PackageReference Include="DataTableProxy" Version="1.2.0" />
+    <PackageReference Include="Newtonsoft.Json" Version="10.0.1" />
    <PackageReference Include="Sendgrid" Version="9.0.12" />
    <PackageReference Include="PushSharp" Version="4.0.10" />
    <PackageReference Include="WindowsAzure.Storage" Version="8.1.1" />
--- a/src/Core/Models/Api/Request/CipherRequestModel.cs
+++ b/src/Core/Models/Api/Request/CipherRequestModel.cs
@ -4,6 +4,7 @@ using Bit.Core.Utilities;
 using Bit.Core.Models.Table;
 using Bit.Core.Enums;
 using Newtonsoft.Json;
+using System.Collections.Generic;

 namespace Bit.Core.Models.Api
 {
@ -15,6 +16,8 @@ namespace Bit.Core.Models.Api
        [StringLength(36)]
        public string Id { get; set; }
        [StringLength(36)]
+        public string OrganizationId { get; set; }
+        [StringLength(36)]
        public string FolderId { get; set; }
        [Required]
        [EncryptedString]
@ -35,24 +38,35 @@ namespace Bit.Core.Models.Api

        public virtual Cipher ToCipher(Guid userId)
        {
-            var cipher = new Cipher
+            return ToCipher(new Cipher
            {
                Id = new Guid(Id),
-                UserId = userId,
-                //FolderId = string.IsNullOrWhiteSpace(FolderId) ? null : (Guid?)new Guid(FolderId),
+                UserId = string.IsNullOrWhiteSpace(OrganizationId) ? (Guid?)userId : null,
                Type = Type
-            };
+            });
+        }

-            switch(Type)
+        public Cipher ToCipher(Cipher existingCipher)
+        {
+            existingCipher.OrganizationId = string.IsNullOrWhiteSpace(OrganizationId) ? null : (Guid?)new Guid(OrganizationId);
+
+            switch(existingCipher.Type)
            {
                case CipherType.Login:
-                    cipher.Data = JsonConvert.SerializeObject(new LoginDataModel(this), new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
+                    existingCipher.Data = JsonConvert.SerializeObject(new LoginDataModel(this), new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
                    break;
                default:
                    throw new ArgumentException("Unsupported " + nameof(Type) + ".");
            }

-            return cipher;
+            return existingCipher;
        }
    }
+
+    public class CipherMoveRequestModel
+    {
+        public IEnumerable<string> SubvaultIds { get; set; }
+        [Required]
+        public CipherRequestModel Cipher { get; set; }
+    }
 }
--- a/src/Core/Models/Api/Response/CipherResponseModel.cs
+++ b/src/Core/Models/Api/Response/CipherResponseModel.cs
@ -1,5 +1,8 @@
 using System;
 using Core.Models.Data;
+using System.Collections.Generic;
+using Bit.Core.Models.Table;
+using System.Linq;

 namespace Bit.Core.Models.Api
 {
@ -16,6 +19,7 @@ namespace Bit.Core.Models.Api
            Id = cipher.Id.ToString();
            Type = cipher.Type;
            RevisionDate = cipher.RevisionDate;
+            OrganizationId = cipher.OrganizationId?.ToString();
            FolderId = cipher.FolderId?.ToString();
            Favorite = cipher.Favorite;

@ -30,10 +34,22 @@ namespace Bit.Core.Models.Api
        }

        public string Id { get; set; }
+        public string OrganizationId { get; set; }
        public string FolderId { get; set; }
        public Enums.CipherType Type { get; set; }
        public bool Favorite { get; set; }
        public dynamic Data { get; set; }
        public DateTime RevisionDate { get; set; }
    }
+
+    public class CipherDetailsResponseModel : CipherResponseModel
+    {
+        public CipherDetailsResponseModel(CipherDetails cipher, IEnumerable<SubvaultCipher> subvaultCipher)
+            : base(cipher, "cipherDetails")
+        {
+            SubvaultIds = subvaultCipher.Select(s => s.SubvaultId);
+        }
+
+        public IEnumerable<Guid> SubvaultIds { get; set; }
+    }
 }
--- a/src/Core/Models/Api/Response/LoginResponseModel.cs
+++ b/src/Core/Models/Api/Response/LoginResponseModel.cs
@ -21,6 +21,7 @@ namespace Bit.Core.Models.Api
            var data = new LoginDataModel(cipher);

            Id = cipher.Id.ToString();
+            OrganizationId = cipher.OrganizationId?.ToString();
            FolderId = cipher.FolderId?.ToString();
            Favorite = cipher.Favorite;
            Name = data.Name;
@ -32,6 +33,7 @@ namespace Bit.Core.Models.Api
        }

        public string Id { get; set; }
+        public string OrganizationId { get; set; }
        public string FolderId { get; set; }
        public bool Favorite { get; set; }
        public string Name { get; set; }
--- a/src/Core/Models/Data/SubvaultUserPermissions.cs
+++ b/src/Core/Models/Data/SubvaultUserPermissions.cs
@ -0,0 +1,11 @@
+using System;
+
+namespace Bit.Core.Models.Data
+{
+    public class SubvaultUserPermissions
+    {
+        public Guid SubvaultId { get; set; }
+        public bool ReadOnly { get; set; }
+        public bool Admin { get; set; }
+    }
+}
--- a/src/Core/Models/Table/Cipher.cs
+++ b/src/Core/Models/Table/Cipher.cs
@ -6,7 +6,7 @@ namespace Bit.Core.Models.Table
    public class Cipher : IDataObject<Guid>
    {
        public Guid Id { get; set; }
-        public Guid UserId { get; set; }
+        public Guid? UserId { get; set; }
        public Guid? OrganizationId { get; set; }
        public Enums.CipherType Type { get; set; }
        public string Data { get; set; }
--- a/src/Core/Models/Table/SubvaultCipher.cs
+++ b/src/Core/Models/Table/SubvaultCipher.cs
@ -0,0 +1,10 @@
+using System;
+
+namespace Bit.Core.Models.Table
+{
+    public class SubvaultCipher
+    {
+        public Guid SubvaultId { get; set; }
+        public Guid CipherId { get; set; }
+    }
+}
--- a/src/Core/Repositories/ICipherRepository.cs
+++ b/src/Core/Repositories/ICipherRepository.cs
@ -16,6 +16,7 @@ namespace Bit.Core.Repositories
        Task CreateAsync(CipherDetails cipher);
        Task ReplaceAsync(CipherDetails cipher);
        Task UpsertAsync(CipherDetails cipher);
+        Task ReplaceAsync(Cipher obj, IEnumerable<Guid> subvaultIds);
        Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers);
        Task CreateAsync(IEnumerable<Cipher> ciphers);
    }
--- a/src/Core/Repositories/ISubvaultUserRepository.cs
+++ b/src/Core/Repositories/ISubvaultUserRepository.cs
@ -2,11 +2,15 @@
 using System.Threading.Tasks;
 using Bit.Core.Models.Table;
 using System.Collections.Generic;
+using Bit.Core.Models.Data;

 namespace Bit.Core.Repositories
 {
    public interface ISubvaultUserRepository : IRepository<SubvaultUser, Guid>
    {
        Task<ICollection<SubvaultUser>> GetManyByOrganizationUserIdAsync(Guid orgUserId);
+        Task<ICollection<SubvaultUserDetails>> GetManyDetailsByUserIdAsync(Guid userId);
+        Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId, IEnumerable<Guid> subvaultIds,
+            Guid organizationId);
    }
 }
--- a/src/Core/Repositories/SqlServer/CipherRepository.cs
+++ b/src/Core/Repositories/SqlServer/CipherRepository.cs
@ -8,6 +8,8 @@ using Bit.Core.Models.Table;
 using System.Data;
 using Dapper;
 using Core.Models.Data;
+using Bit.Core.Utilities;
+using Newtonsoft.Json;

 namespace Bit.Core.Repositories.SqlServer
 {
@ -120,6 +122,20 @@ namespace Bit.Core.Repositories.SqlServer
            }
        }

+        public async Task ReplaceAsync(Cipher obj, IEnumerable<Guid> subvaultIds)
+        {
+            var objWithSubvaults = JsonConvert.DeserializeObject<CipherWithSubvaults>(JsonConvert.SerializeObject(obj));
+            objWithSubvaults.SubvaultIds = subvaultIds.ToGuidIdArrayTVP();
+
+            using(var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.ExecuteAsync(
+                    $"[{Schema}].[Cipher_UpdateWithSubvaults]",
+                    objWithSubvaults,
+                    commandType: CommandType.StoredProcedure);
+            }
+        }
+
        public Task UpdateUserEmailPasswordAndCiphersAsync(User user, IEnumerable<Cipher> ciphers)
        {
            if(ciphers.Count() == 0)
@ -252,5 +268,10 @@ namespace Bit.Core.Repositories.SqlServer

            return Task.FromResult(0);
        }
+
+        public class CipherWithSubvaults : Cipher
+        {
+            public DataTable SubvaultIds { get; set; }
+        }
    }
 }
--- a/src/Core/Repositories/SqlServer/SubvaultUserRepository.cs
+++ b/src/Core/Repositories/SqlServer/SubvaultUserRepository.cs
@ -6,6 +6,8 @@ using System.Data;
 using System.Data.SqlClient;
 using Dapper;
 using System.Linq;
+using Bit.Core.Models.Data;
+using Bit.Core.Utilities;

 namespace Bit.Core.Repositories.SqlServer
 {
@ -31,5 +33,32 @@ namespace Bit.Core.Repositories.SqlServer
                return results.ToList();
            }
        }
+
+        public async Task<ICollection<SubvaultUserDetails>> GetManyDetailsByUserIdAsync(Guid userId)
+        {
+            using(var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<SubvaultUserDetails>(
+                    $"[{Schema}].[SubvaultUserDetails_ReadByUserId]",
+                    new { UserId = userId },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
+
+        public async Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId,
+            IEnumerable<Guid> subvaultIds, Guid organizationId)
+        {
+            using(var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<SubvaultUserPermissions>(
+                    $"[{Schema}].[SubvaultUser_ReadPermissionsBySubvaultUserId]",
+                    new { UserId = userId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP(), OrganizationId = organizationId },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
    }
 }
--- a/src/Core/Services/ICipherService.cs
+++ b/src/Core/Services/ICipherService.cs
@ -2,6 +2,7 @@
 using System.Threading.Tasks;
 using Bit.Core.Models.Table;
 using Core.Models.Data;
+using System;

 namespace Bit.Core.Services
 {
@ -11,6 +12,7 @@ namespace Bit.Core.Services
        Task DeleteAsync(Cipher cipher);
        Task SaveFolderAsync(Folder folder);
        Task DeleteFolderAsync(Folder folder);
+        Task MoveSubvaultAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid userId);
        Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
            IEnumerable<KeyValuePair<int, int>> folderRelationships);
    }
--- a/src/Core/Services/Implementations/CipherService.cs
+++ b/src/Core/Services/Implementations/CipherService.cs
@ -5,6 +5,7 @@ using System.Threading.Tasks;
 using Bit.Core.Models.Table;
 using Bit.Core.Repositories;
 using Core.Models.Data;
+using Bit.Core.Exceptions;

 namespace Bit.Core.Services
 {
@ -13,17 +14,26 @@ namespace Bit.Core.Services
        private readonly ICipherRepository _cipherRepository;
        private readonly IFolderRepository _folderRepository;
        private readonly IUserRepository _userRepository;
+        private readonly IOrganizationRepository _organizationRepository;
+        private readonly IOrganizationUserRepository _organizationUserRepository;
+        private readonly ISubvaultUserRepository _subvaultUserRepository;
        private readonly IPushService _pushService;

        public CipherService(
            ICipherRepository cipherRepository,
            IFolderRepository folderRepository,
            IUserRepository userRepository,
+            IOrganizationRepository organizationRepository,
+            IOrganizationUserRepository organizationUserRepository,
+            ISubvaultUserRepository subvaultUserRepository,
            IPushService pushService)
        {
            _cipherRepository = cipherRepository;
            _folderRepository = folderRepository;
            _userRepository = userRepository;
+            _organizationRepository = organizationRepository;
+            _organizationUserRepository = organizationUserRepository;
+            _subvaultUserRepository = subvaultUserRepository;
            _pushService = pushService;
        }

@ -81,6 +91,35 @@ namespace Bit.Core.Services
            //await _pushService.PushSyncCipherDeleteAsync(cipher);
        }

+        public async Task MoveSubvaultAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid userId)
+        {
+            if(cipher.Id == default(Guid))
+            {
+                throw new BadRequestException(nameof(cipher.Id));
+            }
+
+            if(!cipher.OrganizationId.HasValue)
+            {
+                throw new BadRequestException(nameof(cipher.OrganizationId));
+            }
+
+            var existingCipher = await _cipherRepository.GetByIdAsync(cipher.Id);
+            if(existingCipher == null || (existingCipher.UserId.HasValue && existingCipher.UserId != userId))
+            {
+                throw new NotFoundException();
+            }
+
+            var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(userId, subvaultIds,
+                cipher.OrganizationId.Value);
+
+            cipher.UserId = null;
+            cipher.RevisionDate = DateTime.UtcNow;
+            await _cipherRepository.ReplaceAsync(cipher, subvaultUserDetails.Where(s => s.Admin).Select(s => s.SubvaultId));
+
+            // push
+            await _pushService.PushSyncCipherUpdateAsync(cipher);
+        }
+
        public async Task ImportCiphersAsync(
            List<Folder> folders,
            List<CipherDetails> ciphers,
--- a/src/Core/Services/Implementations/PushSharpPushService.cs
+++ b/src/Core/Services/Implementations/PushSharpPushService.cs
@ -71,7 +71,7 @@ namespace Bit.Core.Services
            {
                Type = type,
                Id = cipher.Id,
-                UserId = cipher.UserId,
+                UserId = cipher.UserId.Value,
                RevisionDate = cipher.RevisionDate,
                Aps = new PushNotification.AppleData { ContentAvailable = 1 }
            };
@ -82,7 +82,7 @@ namespace Bit.Core.Services
                excludedTokens.Add(_currentContext.DeviceIdentifier);
            }

-            await PushToAllUserDevicesAsync(cipher.UserId, JObject.FromObject(message), excludedTokens);
+            await PushToAllUserDevicesAsync(cipher.UserId.Value, JObject.FromObject(message), excludedTokens);
        }

        public async Task PushSyncCiphersAsync(Guid userId)
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -1,4 +1,7 @@
-using System;
+using Dapper;
+using System;
+using System.Collections.Generic;
+using System.Data;
 using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;

@ -40,6 +43,28 @@ namespace Bit.Core.Utilities
            return new Guid(guidArray);
        }

+        public static DataTable ToGuidIdArrayTVP(this IEnumerable<Guid> ids)
+        {
+            return ids.ToArrayTVP("GuidId");
+        }
+
+        public static DataTable ToArrayTVP<T>(this IEnumerable<T> values, string columnName)
+        {
+            var table = new DataTable();
+            table.Columns.Add(columnName, typeof(T));
+            table.SetTypeName($"[dbo].[{columnName}Array]");
+
+            if(values != null)
+            {
+                foreach(var value in values)
+                {
+                    table.Rows.Add(value);
+                }
+            }
+
+            return table;
+        }
+
        public static X509Certificate2 GetCertificate(string thumbprint)
        {
            // Clean possible garbage characters from thumbprint copy/paste