src/Api/Controllers/PoliciesController.cs

using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.Authorization;
using Bit.Core.Models.Api;
using Bit.Core.Exceptions;
using Bit.Core.Services;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Utilities;
using Bit.Core.Settings;
using Microsoft.AspNetCore.DataProtection;

namespace Bit.Api.Controllers
{
    [Route("organizations/{orgId}/policies")]
    [Authorize("Application")]
    public class PoliciesController : Controller
    {
        private readonly IPolicyRepository _policyRepository;
        private readonly IPolicyService _policyService;
        private readonly IOrganizationService _organizationService;
        private readonly IOrganizationUserRepository _organizationUserRepository;
        private readonly IUserService _userService;
        private readonly ICurrentContext _currentContext;
        private readonly GlobalSettings _globalSettings;
        private readonly IDataProtector _organizationServiceDataProtector;

        public PoliciesController(
            IPolicyRepository policyRepository,
            IPolicyService policyService,
            IOrganizationService organizationService,
            IOrganizationUserRepository organizationUserRepository,
            IUserService userService,
            ICurrentContext currentContext,
            GlobalSettings globalSettings,
            IDataProtectionProvider dataProtectionProvider)
        {
            _policyRepository = policyRepository;
            _policyService = policyService;
            _organizationService = organizationService;
            _organizationUserRepository = organizationUserRepository;
            _userService = userService;
            _currentContext = currentContext;
            _globalSettings = globalSettings;
            _organizationServiceDataProtector = dataProtectionProvider.CreateProtector(
                "OrganizationServiceDataProtector");
        }

        [HttpGet("{type}")]
        public async Task<PolicyResponseModel> Get(string orgId, int type)
        {
            var orgIdGuid = new Guid(orgId);
            if (!await _currentContext.ManagePolicies(orgIdGuid))
            {
                throw new NotFoundException();
            }
            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(orgIdGuid, (PolicyType)type);
            if (policy == null)
            {
                throw new NotFoundException();
            }

            return new PolicyResponseModel(policy);
        }

        [HttpGet("")]
        public async Task<ListResponseModel<PolicyResponseModel>> Get(string orgId)
        {
            var orgIdGuid = new Guid(orgId);
            if (!await _currentContext.ManagePolicies(orgIdGuid))
            {
                throw new NotFoundException();
            }

            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
            var responses = policies.Select(p => new PolicyResponseModel(p));
            return new ListResponseModel<PolicyResponseModel>(responses);
        }

        [AllowAnonymous]
        [HttpGet("token")]
        public async Task<ListResponseModel<PolicyResponseModel>> GetByToken(string orgId, [FromQuery]string email,
            [FromQuery]string token, [FromQuery]string organizationUserId)
        {
            var orgUserId = new Guid(organizationUserId);
            var tokenValid = CoreHelpers.UserInviteTokenIsValid(_organizationServiceDataProtector, token,
                email, orgUserId, _globalSettings);
            if (!tokenValid)
            {
                throw new NotFoundException();
            }

            var orgIdGuid = new Guid(orgId);
            var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId);
            if (orgUser == null || orgUser.OrganizationId != orgIdGuid)
            {
                throw new NotFoundException();
            }

            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
            var responses = policies.Where(p => p.Enabled).Select(p => new PolicyResponseModel(p));
            return new ListResponseModel<PolicyResponseModel>(responses);
        }

        [HttpPut("{type}")]
        public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody]PolicyRequestModel model)
        {
            var orgIdGuid = new Guid(orgId);
            if (!await _currentContext.ManagePolicies(orgIdGuid))
            {
                throw new NotFoundException();
            }
            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(new Guid(orgId), (PolicyType)type);
            if (policy == null)
            {
                policy = model.ToPolicy(orgIdGuid);
            }
            else
            {
                policy = model.ToPolicy(policy);
            }

            var userId = _userService.GetProperUserId(User);
            await _policyService.SaveAsync(policy, _userService, _organizationService, userId);
            return new PolicyResponseModel(policy);
        }
    }
}
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								using System;
 								using System.Linq;
 								using System.Threading.Tasks;
 								using Microsoft.AspNetCore.Mvc;
 								using Bit.Core.Repositories;
 								using Microsoft.AspNetCore.Authorization;
 								using Bit.Core.Models.Api;
 								using Bit.Core.Exceptions;
 								using Bit.Core.Services;
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 12:54:21 -06:00
+								using Bit.Core.Context;
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								using Bit.Core.Enums;
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								using Bit.Core.Utilities;
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								using Bit.Core.Settings;
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								using Microsoft.AspNetCore.DataProtection;
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
 								namespace Bit.Api.Controllers
 								{
 								    [Route("organizations/{orgId}/policies")]
 								    [Authorize("Application")]
 								    public class PoliciesController : Controller
 								    {
 								        private readonly IPolicyRepository _policyRepository;
-												use policy service

											
										
										
											2020-01-15 09:19:49 -05:00
+								        private readonly IPolicyService _policyService;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        private readonly IOrganizationService _organizationService;
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								        private readonly IOrganizationUserRepository _organizationUserRepository;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								        private readonly IUserService _userService;
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 12:54:21 -06:00
+								        private readonly ICurrentContext _currentContext;
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								        private readonly GlobalSettings _globalSettings;
 								        private readonly IDataProtector _organizationServiceDataProtector;
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
 								        public PoliciesController(
 								            IPolicyRepository policyRepository,
-												use policy service

											
										
										
											2020-01-15 09:19:49 -05:00
+								            IPolicyService policyService,
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            IOrganizationService organizationService,
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            IOrganizationUserRepository organizationUserRepository,
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            IUserService userService,
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 12:54:21 -06:00
+								            ICurrentContext currentContext,
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            GlobalSettings globalSettings,
 								            IDataProtectionProvider dataProtectionProvider)
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								        {
 								            _policyRepository = policyRepository;
-												use policy service

											
										
										
											2020-01-15 09:19:49 -05:00
+								            _policyService = policyService;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            _organizationService = organizationService;
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            _organizationUserRepository = organizationUserRepository;
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            _userService = userService;
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            _currentContext = currentContext;
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            _globalSettings = globalSettings;
 								            _organizationServiceDataProtector = dataProtectionProvider.CreateProtector(
 								                "OrganizationServiceDataProtector");
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								        }
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								        [HttpGet("{type}")]
 								        public async Task<PolicyResponseModel> Get(string orgId, int type)
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								        {
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								            var orgIdGuid = new Guid(orgId);
-												[Provider] Create and access child organizations (#1427)


											
										
										
											2021-07-08 17:05:32 +02:00
+								            if (!await _currentContext.ManagePolicies(orgIdGuid))
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(orgIdGuid, (PolicyType)type);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (policy == null)
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            return new PolicyResponseModel(policy);
 								        }
 								        [HttpGet("")]
 								        public async Task<ListResponseModel<PolicyResponseModel>> Get(string orgId)
 								        {
 								            var orgIdGuid = new Guid(orgId);
-												[Provider] Create and access child organizations (#1427)


											
										
										
											2021-07-08 17:05:32 +02:00
+								            if (!await _currentContext.ManagePolicies(orgIdGuid))
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
 								            var responses = policies.Select(p => new PolicyResponseModel(p));
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            return new ListResponseModel<PolicyResponseModel>(responses);
 								        }
 								        [AllowAnonymous]
 								        [HttpGet("token")]
 								        public async Task<ListResponseModel<PolicyResponseModel>> GetByToken(string orgId, [FromQuery]string email,
 								            [FromQuery]string token, [FromQuery]string organizationUserId)
 								        {
 								            var orgUserId = new Guid(organizationUserId);
 								            var tokenValid = CoreHelpers.UserInviteTokenIsValid(_organizationServiceDataProtector, token,
 								                email, orgUserId, _globalSettings);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!tokenValid)
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            var orgIdGuid = new Guid(orgId);
 								            var orgUser = await _organizationUserRepository.GetByIdAsync(orgUserId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (orgUser == null || orgUser.OrganizationId != orgIdGuid)
-												API to get org policies by invite token (#661)

* API to get org policies by invite token

* from query attr

											
										
										
											2020-03-02 10:17:32 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
-												only return eneabled policies by token

											
										
										
											2020-03-02 11:30:44 -05:00
+								            var responses = policies.Where(p => p.Enabled).Select(p => new PolicyResponseModel(p));
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            return new ListResponseModel<PolicyResponseModel>(responses);
 								        }
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								        [HttpPut("{type}")]
 								        public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody]PolicyRequestModel model)
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								        {
 								            var orgIdGuid = new Guid(orgId);
-												[Provider] Create and access child organizations (#1427)


											
										
										
											2021-07-08 17:05:32 +02:00
+								            if (!await _currentContext.ManagePolicies(orgIdGuid))
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								            var policy = await _policyRepository.GetByOrganizationIdTypeAsync(new Guid(orgId), (PolicyType)type);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (policy == null)
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            {
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								                policy = model.ToPolicy(orgIdGuid);
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            }
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								            else
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            {
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								                policy = model.ToPolicy(policy);
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								            }
-												Enforce 2fa policy (#654)


											
										
										
											2020-02-19 14:56:16 -05:00
+								            var userId = _userService.GetProperUserId(User);
 								            await _policyService.SaveAsync(policy, _userService, _organizationService, userId);
-												refactor policy apis

											
										
										
											2020-01-20 08:53:09 -05:00
+								            return new PolicyResponseModel(policy);
-												policy controller

											
										
										
											2020-01-15 08:35:53 -05:00
+								        }
 								    }
 								}