nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-10 07:38:13 -05:00
Code

Checked Emergency Access access type on access initiation ()

Browse Source 
* also updated the View method

* removed old code

* naming refactor

* used the right type

* also checked PasswordAsync()

* also checked GetPolicies()
This commit is contained in:
Addison Beck 2021-02-23 17:12:52 -05:00 committed by GitHub
parent 499c30a805
commit f8940e4be5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 8 deletions

19
src/Core/Services/Implementations/EmergencyAccessService.cs

@ -248,8 +248,7 @@ namespace Bit.Core.Services
{ {
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id); var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);
if (emergencyAccess == null || emergencyAccess.GranteeId != requestingUser.Id || if (!IsValidRequest(emergencyAccess, requestingUser, EmergencyAccessType.Takeover))
emergencyAccess.Status != EmergencyAccessStatusType.RecoveryApproved)
{ {
throw new BadRequestException("Emergency Access not valid."); throw new BadRequestException("Emergency Access not valid.");
} }
@ -267,8 +266,7 @@ namespace Bit.Core.Services
{ {
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id); var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);
if (emergencyAccess == null || emergencyAccess.GranteeId != requestingUser.Id || if (!IsValidRequest(emergencyAccess, requestingUser, EmergencyAccessType.Takeover))
emergencyAccess.Status != EmergencyAccessStatusType.RecoveryApproved)
{ {
throw new BadRequestException("Emergency Access not valid."); throw new BadRequestException("Emergency Access not valid.");
} }
@ -282,8 +280,7 @@ namespace Bit.Core.Services
{ {
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id); var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);
if (emergencyAccess == null || emergencyAccess.GranteeId != requestingUser.Id || if (!IsValidRequest(emergencyAccess, requestingUser, EmergencyAccessType.Takeover))
emergencyAccess.Status != EmergencyAccessStatusType.RecoveryApproved)
{ {
throw new BadRequestException("Emergency Access not valid."); throw new BadRequestException("Emergency Access not valid.");
} }
@ -340,8 +337,7 @@ namespace Bit.Core.Services
{ {
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id); var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);
if (emergencyAccess == null || emergencyAccess.GranteeId != requestingUser.Id || if (!IsValidRequest(emergencyAccess, requestingUser, EmergencyAccessType.View))
emergencyAccess.Status != EmergencyAccessStatusType.RecoveryApproved)
{ {
throw new BadRequestException("Emergency Access not valid."); throw new BadRequestException("Emergency Access not valid.");
} }
@ -362,5 +358,12 @@ namespace Bit.Core.Services
{ {
return string.IsNullOrWhiteSpace(user.Name) ? user.Email : user.Name; return string.IsNullOrWhiteSpace(user.Name) ? user.Email : user.Name;
} }
private bool IsValidRequest(EmergencyAccess availibleAccess, User requestingUser, EmergencyAccessType requestedAccessType) {
return availibleAccess != null &&
availibleAccess.GranteeId == requestingUser.Id &&
availibleAccess.Status == EmergencyAccessStatusType.RecoveryApproved &&
availibleAccess.Type == requestedAccessType;
}
} }
} }