nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

Validate cipher updates with revision date (#994)

Browse Source 
* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
This commit is contained in:
Matt Gibson
2020-11-23 08:48:05 -06:00
committed by GitHub
parent f311f40d93
commit edf30974dc
13 changed files with 440 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/Api/Controllers/CiphersController.cs
View File

@ -113,7 +113,7 @@ namespace Bit.Api.Controllers
throw new NotFoundException();
}
await _cipherService.SaveDetailsAsync(cipher, userId, null, cipher.OrganizationId.HasValue);
await _cipherService.SaveDetailsAsync(cipher, userId, model.LastKnownRevisionDate, null, cipher.OrganizationId.HasValue);
var response = new CipherResponseModel(cipher, _globalSettings);
return response;
}
@ -128,7 +128,7 @@ namespace Bit.Api.Controllers
throw new NotFoundException();
}
await _cipherService.SaveDetailsAsync(cipher, userId, model.CollectionIds, cipher.OrganizationId.HasValue);
await _cipherService.SaveDetailsAsync(cipher, userId, model.Cipher.LastKnownRevisionDate, model.CollectionIds, cipher.OrganizationId.HasValue);
var response = new CipherResponseModel(cipher, _globalSettings);
return response;
}
@ -143,7 +143,7 @@ namespace Bit.Api.Controllers
}
var userId = _userService.GetProperUserId(User).Value;
await _cipherService.SaveAsync(cipher, userId, model.CollectionIds, true, false);
await _cipherService.SaveAsync(cipher, userId, model.Cipher.LastKnownRevisionDate, model.CollectionIds, true, false);
var response = new CipherMiniResponseModel(cipher, _globalSettings, false);
return response;
@ -168,7 +168,7 @@ namespace Bit.Api.Controllers
"then try again.");
}
await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId);
await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate);
var response = new CipherResponseModel(cipher, _globalSettings);
return response;
@ -188,7 +188,7 @@ namespace Bit.Api.Controllers
// object cannot be a descendant of CipherDetails, so let's clone it.
var cipherClone = CoreHelpers.CloneObject(model.ToCipher(cipher));
await _cipherService.SaveAsync(cipherClone, userId, null, true, false);
await _cipherService.SaveAsync(cipherClone, userId, model.LastKnownRevisionDate, null, true, false);
var response = new CipherMiniResponseModel(cipherClone, _globalSettings, cipher.OrganizationUseTotp);
return response;
@ -277,8 +277,8 @@ namespace Bit.Api.Controllers
}
var original = CoreHelpers.CloneObject(cipher);
await _cipherService.ShareAsync(original, model.Cipher.ToCipher(cipher),
new Guid(model.Cipher.OrganizationId), model.CollectionIds.Select(c => new Guid(c)), userId);
await _cipherService.ShareAsync(original, model.Cipher.ToCipher(cipher), new Guid(model.Cipher.OrganizationId),
model.CollectionIds.Select(c => new Guid(c)), userId, model.Cipher.LastKnownRevisionDate);
var sharedCipher = await _cipherRepository.GetByIdAsync(cipherId, userId);
var response = new CipherResponseModel(sharedCipher, _globalSettings);
@ -503,7 +503,7 @@ namespace Bit.Api.Controllers
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, false);
var ciphersDict = ciphers.ToDictionary(c => c.Id);
var shareCiphers = new List<Cipher>();
var shareCiphers = new List<(Cipher, DateTime?)>();
foreach (var cipher in model.Ciphers)
{
if (!ciphersDict.ContainsKey(cipher.Id.Value))
@ -511,7 +511,7 @@ namespace Bit.Api.Controllers
throw new BadRequestException("Trying to share ciphers that you do not own.");
}
shareCiphers.Add(cipher.ToCipher(ciphersDict[cipher.Id.Value]));
shareCiphers.Add((cipher.ToCipher(ciphersDict[cipher.Id.Value]), cipher.LastKnownRevisionDate));
}
await _cipherService.ShareManyAsync(shareCiphers, organizationId,

1
src/Core/Models/Api/Request/CipherRequestModel.cs
View File

@ -38,6 +38,7 @@ namespace Bit.Core.Models.Api
public CipherCardModel Card { get; set; }
public CipherIdentityModel Identity { get; set; }
public CipherSecureNoteModel SecureNote { get; set; }
public DateTime? LastKnownRevisionDate { get; set; } = null;
public CipherDetails ToCipherDetails(Guid userId, bool allowOrgIdSet = true)
{

12
src/Core/Services/ICipherService.cs
View File

@ -9,10 +9,10 @@ namespace Bit.Core.Services
{
public interface ICipherService
{
Task SaveAsync(Cipher cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate, IEnumerable<Guid> collectionIds = null,
bool skipPermissionCheck = false, bool limitCollectionScope = true);
Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
bool skipPermissionCheck = false);
Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false);
Task CreateAttachmentAsync(Cipher cipher, Stream stream, string fileName, string key,
long requestLength, Guid savingUserId, bool orgAdmin = false);
Task CreateAttachmentShareAsync(Cipher cipher, Stream stream, long requestLength, string attachmentId,
@ -25,9 +25,9 @@ namespace Bit.Core.Services
Task SaveFolderAsync(Folder folder);
Task DeleteFolderAsync(Folder folder);
Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId, IEnumerable<Guid> collectionIds,
Guid userId);
Task ShareManyAsync(IEnumerable<Cipher> ciphers, Guid organizationId, IEnumerable<Guid> collectionIds,
Guid sharingUserId);
Guid userId, DateTime? lastKnownRevisionDate);
Task ShareManyAsync(IEnumerable<(Cipher cipher, DateTime? lastKnownRevisionDate)> ciphers, Guid organizationId,
IEnumerable<Guid> collectionIds, Guid sharingUserId);
Task SaveCollectionsAsync(Cipher cipher, IEnumerable<Guid> collectionIds, Guid savingUserId, bool orgAdmin);
Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
IEnumerable<KeyValuePair<int, int>> folderRelationships);

41
src/Core/Services/Implementations/CipherService.cs
View File

@ -57,8 +57,8 @@ namespace Bit.Core.Services
_globalSettings = globalSettings;
}
public async Task SaveAsync(Cipher cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
bool skipPermissionCheck = false, bool limitCollectionScope = true)
public async Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false, bool limitCollectionScope = true)
{
if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
{
@ -91,6 +91,7 @@ namespace Bit.Core.Services
{
throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
}
ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
cipher.RevisionDate = DateTime.UtcNow;
await _cipherRepository.ReplaceAsync(cipher);
await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);
@ -100,7 +101,7 @@ namespace Bit.Core.Services
}
}
public async Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId,
public async Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false)
{
if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
@ -136,6 +137,7 @@ namespace Bit.Core.Services
{
throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
}
ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
cipher.RevisionDate = DateTime.UtcNow;
await _cipherRepository.ReplaceAsync(cipher);
await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);
@ -394,7 +396,7 @@ namespace Bit.Core.Services
}
public async Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId,
IEnumerable<Guid> collectionIds, Guid sharingUserId)
IEnumerable<Guid> collectionIds, Guid sharingUserId, DateTime? lastKnownRevisionDate)
{
var attachments = cipher.GetAttachments();
var hasAttachments = attachments?.Any() ?? false;
@ -431,6 +433,8 @@ namespace Bit.Core.Services
throw new BadRequestException("Not enough storage available for this organization.");
}
ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
// Sproc will not save this UserId on the cipher. It is used limit scope of the collectionIds.
cipher.UserId = sharingUserId;
cipher.OrganizationId = organizationId;
@ -490,11 +494,11 @@ namespace Bit.Core.Services
}
}
public async Task ShareManyAsync(IEnumerable<Cipher> ciphers, Guid organizationId,
IEnumerable<Guid> collectionIds, Guid sharingUserId)
public async Task ShareManyAsync(IEnumerable<(Cipher cipher, DateTime? lastKnownRevisionDate)> cipherInfos,
Guid organizationId, IEnumerable<Guid> collectionIds, Guid sharingUserId)
{
var cipherIds = new List<Guid>();
foreach (var cipher in ciphers)
foreach (var (cipher, lastKnownRevisionDate) in cipherInfos)
{
if (cipher.Id == default(Guid))
{
@ -511,18 +515,20 @@ namespace Bit.Core.Services
throw new BadRequestException("One or more ciphers do not belong to you.");
}
ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
cipher.UserId = null;
cipher.OrganizationId = organizationId;
cipher.RevisionDate = DateTime.UtcNow;
cipherIds.Add(cipher.Id);
}
await _cipherRepository.UpdateCiphersAsync(sharingUserId, ciphers);
await _cipherRepository.UpdateCiphersAsync(sharingUserId, cipherInfos.Select(c => c.cipher));
await _collectionCipherRepository.UpdateCollectionsForCiphersAsync(cipherIds, sharingUserId,
organizationId, collectionIds);
var events = ciphers.Select(c =>
new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Shared, null));
var events = cipherInfos.Select(c =>
new Tuple<Cipher, EventType, DateTime?>(c.cipher, EventType.Cipher_Shared, null));
foreach (var eventsBatch in events.Batch(100))
{
await _eventService.LogCipherEventsAsync(eventsBatch);
@ -790,5 +796,20 @@ namespace Bit.Core.Services
return await _cipherRepository.GetCanEditByIdAsync(userId, cipher.Id);
}
private void ValidateCipherLastKnownRevisionDateAsync(Cipher cipher, DateTime? lastKnownRevisionDate)
{
if (cipher.Id == default || !lastKnownRevisionDate.HasValue)
{
return;
}
if ((cipher.RevisionDate - lastKnownRevisionDate.Value).Duration() > TimeSpan.FromSeconds(1))
{
throw new BadRequestException(
"The cipher you are updating is out of date. Please save your work, sync your vault, and try again."
);
}
}
}
}