admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-02-03 23:53:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
4871f0b9562f63a741a5024f5c1d2565b68a5bb5
server/src/Core/KeyManagement/UserKey/IRotateUserKeyCommand.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

30 lines
1.3 KiB
C#
Raw Normal View History

[PM-12607] Move key rotation & validators to km ownership (#4941) * Move key rotation & validators to km ownership * Fix build errors * Fix build errors * Fix import ordering * Update validator namespace * Move key rotation data to km ownership * Fix linting * Fix namespaces * Fix namespace * Fix namespaces * Move rotateuserkeycommandtests to km ownership
2024-11-21 10:17:04 -08:00
using Bit.Core.Entities;
using Bit.Core.KeyManagement.Models.Data;
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
using Microsoft.AspNetCore.Identity;
using Microsoft.Data.SqlClient;
[PM-12607] Move key rotation & validators to km ownership (#4941) * Move key rotation & validators to km ownership * Fix build errors * Fix build errors * Fix import ordering * Update validator namespace * Move key rotation data to km ownership * Fix linting * Fix namespaces * Fix namespace * Fix namespaces * Move rotateuserkeycommandtests to km ownership
2024-11-21 10:17:04 -08:00
namespace Bit.Core.KeyManagement.UserKey;
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
[PM-3797 Part 4] Add Sends to new Key Rotation (#3442) * add send validation * add send repo methods * add send rotation to delegate list * add success test
2023-12-12 11:58:34 -05:00
/// <summary>
/// Responsible for rotation of a user key and updating database with re-encrypted data
/// </summary>
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
public interface IRotateUserKeyCommand
{
/// <summary>
/// Sets a new user key and updates all encrypted data.
/// </summary>
/// <param name="model">All necessary information for rotation. Warning: Any encrypted data not included will be lost.</param>
/// <returns>An IdentityResult for verification of the master password hash</returns>
/// <exception cref="ArgumentNullException">User must be provided.</exception>
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
Task<IdentityResult> RotateUserKeyAsync(User user, RotateUserKeyData model);
[PM-3797 Part 1] Layout new key rotation methods (#3425) * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * layout new key rotation methods - add endpoint with request model - add command with data model - add repository method * formatting * rename account recovery to reset password * fix tests * remove extra endpoint * rename account recovery to reset password * fix tests and formatting * register db calls in command, removing list from user repo * formatting
2023-11-09 14:56:08 -05:00
}
[Pm 3797 Part 2] Add emergency access rotations (#3434) ## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team
2023-12-05 12:05:51 -05:00
/// <summary>
/// A type used to implement updates to the database for key rotations. Each domain that requires an update of encrypted
/// data during a key rotation should use this to implement its own database call. The user repository loops through
/// these during a key rotation.
/// <para>Note: connection and transaction are only used for Dapper. They won't be available in EF</para>
/// </summary>
public delegate Task UpdateEncryptedDataForKeyRotation(SqlConnection connection = null,
SqlTransaction transaction = null);
Reference in New Issue Copy Permalink