mirror of
https://github.com/bitwarden/server.git
synced 2025-04-07 05:58:13 -05:00
5537470703
* Get limited life attachment download URL This change limits url download to a 1min lifetime. This requires moving to a new container to allow for non-public blob access. Clients will have to call GetAttachmentData api function to receive the download URL. For backwards compatibility, attachment URLs are still present, but will not work for attachments stored in non-public access blobs. * Make GlobalSettings interface for testing * Test LocalAttachmentStorageService equivalence * Remove comment * Add missing globalSettings using * Simplify default attachment container * Default to attachments containe for existing methods A new upload method will be made for uploading to attachments-v2. For compatibility for clients which don't use these new methods, we need to still use the old container. The new container will be used only for new uploads * Remove Default MetaData fixture. * Keep attachments container blob-level security for all instances * Close unclosed FileStream * Favor default value for noop services
132 lines
5.0 KiB
C#
132 lines
5.0 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Bit.Core.Repositories;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Bit.Core.Models.Api;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Context;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Utilities;
|
|
using Bit.Core.Settings;
|
|
using Microsoft.AspNetCore.DataProtection;
|
|
|
|
namespace Bit.Api.Controllers
|
|
{
|
|
[Route("organizations/{orgId}/policies")]
|
|
[Authorize("Application")]
|
|
public class PoliciesController : Controller
|
|
{
|
|
private readonly IPolicyRepository _policyRepository;
|
|
private readonly IPolicyService _policyService;
|
|
private readonly IOrganizationService _organizationService;
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
|
private readonly IUserService _userService;
|
|
private readonly ICurrentContext _currentContext;
|
|
private readonly GlobalSettings _globalSettings;
|
|
private readonly IDataProtector _organizationServiceDataProtector;
|
|
|
|
public PoliciesController(
|
|
IPolicyRepository policyRepository,
|
|
IPolicyService policyService,
|
|
IOrganizationService organizationService,
|
|
IOrganizationUserRepository organizationUserRepository,
|
|
IUserService userService,
|
|
ICurrentContext currentContext,
|
|
GlobalSettings globalSettings,
|
|
IDataProtectionProvider dataProtectionProvider)
|
|
{
|
|
_policyRepository = policyRepository;
|
|
_policyService = policyService;
|
|
_organizationService = organizationService;
|
|
_organizationUserRepository = organizationUserRepository;
|
|
_userService = userService;
|
|
_currentContext = currentContext;
|
|
_globalSettings = globalSettings;
|
|
_organizationServiceDataProtector = dataProtectionProvider.CreateProtector(
|
|
"OrganizationServiceDataProtector");
|
|
}
|
|
|
|
[HttpGet("{type}")]
|
|
public async Task<PolicyResponseModel> Get(string orgId, int type)
|
|
{
|
|
var orgIdGuid = new Guid(orgId);
|
|
if (!_currentContext.ManagePolicies(orgIdGuid))
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
var policy = await _policyRepository.GetByOrganizationIdTypeAsync(orgIdGuid, (PolicyType)type);
|
|
if (policy == null)
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
return new PolicyResponseModel(policy);
|
|
}
|
|
|
|
[HttpGet("")]
|
|
public async Task<ListResponseModel<PolicyResponseModel>> Get(string orgId)
|
|
{
|
|
var orgIdGuid = new Guid(orgId);
|
|
if (!_currentContext.ManagePolicies(orgIdGuid))
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
|
var responses = policies.Select(p => new PolicyResponseModel(p));
|
|
return new ListResponseModel<PolicyResponseModel>(responses);
|
|
}
|
|
|
|
[AllowAnonymous]
|
|
[HttpGet("token")]
|
|
public async Task<ListResponseModel<PolicyResponseModel>> GetByToken(string orgId, [FromQuery]string email,
|
|
[FromQuery]string token, [FromQuery]string organizationUserId)
|
|
{
|
|
var orgUserId = new Guid(organizationUserId);
|
|
var tokenValid = CoreHelpers.UserInviteTokenIsValid(_organizationServiceDataProtector, token,
|
|
email, orgUserId, _globalSettings);
|
|
if (!tokenValid)
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
var orgIdGuid = new Guid(orgId);
|
|
var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId);
|
|
if (orgUser == null || orgUser.OrganizationId != orgIdGuid)
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
|
var responses = policies.Where(p => p.Enabled).Select(p => new PolicyResponseModel(p));
|
|
return new ListResponseModel<PolicyResponseModel>(responses);
|
|
}
|
|
|
|
[HttpPut("{type}")]
|
|
public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody]PolicyRequestModel model)
|
|
{
|
|
var orgIdGuid = new Guid(orgId);
|
|
if (!_currentContext.ManagePolicies(orgIdGuid))
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
var policy = await _policyRepository.GetByOrganizationIdTypeAsync(new Guid(orgId), (PolicyType)type);
|
|
if (policy == null)
|
|
{
|
|
policy = model.ToPolicy(orgIdGuid);
|
|
}
|
|
else
|
|
{
|
|
policy = model.ToPolicy(policy);
|
|
}
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
|
await _policyService.SaveAsync(policy, _userService, _organizationService, userId);
|
|
return new PolicyResponseModel(policy);
|
|
}
|
|
}
|
|
}
|