src/Core/Services/Implementations/CipherService.cs

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text.Json;
using System.Threading.Tasks;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Core.Models.Data;

namespace Bit.Core.Services
{
    public class CipherService : ICipherService
    {
        public const long MAX_FILE_SIZE = Constants.FileSize501mb;
        public const string MAX_FILE_SIZE_READABLE = "500 MB";
        private readonly ICipherRepository _cipherRepository;
        private readonly IFolderRepository _folderRepository;
        private readonly ICollectionRepository _collectionRepository;
        private readonly IUserRepository _userRepository;
        private readonly IOrganizationRepository _organizationRepository;
        private readonly ICollectionCipherRepository _collectionCipherRepository;
        private readonly IPushNotificationService _pushService;
        private readonly IAttachmentStorageService _attachmentStorageService;
        private readonly IEventService _eventService;
        private readonly IUserService _userService;
        private readonly IPolicyRepository _policyRepository;
        private readonly GlobalSettings _globalSettings;
        private const long _fileSizeLeeway = 1024L * 1024L; // 1MB 
        private readonly IReferenceEventService _referenceEventService;

        public CipherService(
            ICipherRepository cipherRepository,
            IFolderRepository folderRepository,
            ICollectionRepository collectionRepository,
            IUserRepository userRepository,
            IOrganizationRepository organizationRepository,
            ICollectionCipherRepository collectionCipherRepository,
            IPushNotificationService pushService,
            IAttachmentStorageService attachmentStorageService,
            IEventService eventService,
            IUserService userService,
            IPolicyRepository policyRepository,
            GlobalSettings globalSettings,
            IReferenceEventService referenceEventService)
        {
            _cipherRepository = cipherRepository;
            _folderRepository = folderRepository;
            _collectionRepository = collectionRepository;
            _userRepository = userRepository;
            _organizationRepository = organizationRepository;
            _collectionCipherRepository = collectionCipherRepository;
            _pushService = pushService;
            _attachmentStorageService = attachmentStorageService;
            _eventService = eventService;
            _userService = userService;
            _policyRepository = policyRepository;
            _globalSettings = globalSettings;
            _referenceEventService = referenceEventService;
        }

        public async Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
             IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false, bool limitCollectionScope = true)
        {
            if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
            {
                throw new BadRequestException("You do not have permissions to edit this.");
            }

            if (cipher.Id == default(Guid))
            {
                if (cipher.OrganizationId.HasValue && collectionIds != null)
                {
                    if (limitCollectionScope)
                    {
                        // Set user ID to limit scope of collection ids in the create sproc
                        cipher.UserId = savingUserId;
                    }
                    await _cipherRepository.CreateAsync(cipher, collectionIds);

                    await _referenceEventService.RaiseEventAsync(
                        new ReferenceEvent(ReferenceEventType.CipherCreated, await _organizationRepository.GetByIdAsync(cipher.OrganizationId.Value)));
                }
                else
                {
                    await _cipherRepository.CreateAsync(cipher);
                }
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Created);

                // push
                await _pushService.PushSyncCipherCreateAsync(cipher, null);
            }
            else
            {
                if (collectionIds != null)
                {
                    throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
                }
                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
                cipher.RevisionDate = DateTime.UtcNow;
                await _cipherRepository.ReplaceAsync(cipher);
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);

                // push
                await _pushService.PushSyncCipherUpdateAsync(cipher, null);
            }
        }

        public async Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
            IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false)
        {
            if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
            {
                throw new BadRequestException("You do not have permissions to edit this.");
            }

            cipher.UserId = savingUserId;
            if (cipher.Id == default(Guid))
            {
                if (cipher.OrganizationId.HasValue && collectionIds != null)
                {
                    var existingCollectionIds = (await _collectionRepository.GetManyByOrganizationIdAsync(cipher.OrganizationId.Value)).Select(c => c.Id);
                    if (collectionIds.Except(existingCollectionIds).Any())
                    {
                        throw new BadRequestException("Specified CollectionId does not exist on the specified Organization.");
                    }
                    await _cipherRepository.CreateAsync(cipher, collectionIds);
                }
                else
                {
                    // Make sure the user can save new ciphers to their personal vault
                    var personalOwnershipPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(savingUserId,
                        PolicyType.PersonalOwnership);
                    if (personalOwnershipPolicyCount > 0)
                    {
                        throw new BadRequestException("Due to an Enterprise Policy, you are restricted from saving items to your personal vault.");
                    }
                    await _cipherRepository.CreateAsync(cipher);
                }
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Created);

                if (cipher.OrganizationId.HasValue)
                {
                    var org = await _organizationRepository.GetByIdAsync(cipher.OrganizationId.Value);
                    cipher.OrganizationUseTotp = org.UseTotp;
                }

                // push
                await _pushService.PushSyncCipherCreateAsync(cipher, null);
            }
            else
            {
                if (collectionIds != null)
                {
                    throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
                }
                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
                cipher.RevisionDate = DateTime.UtcNow;
                await _cipherRepository.ReplaceAsync(cipher);
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);

                // push
                await _pushService.PushSyncCipherUpdateAsync(cipher, null);
            }
        }

        public async Task UploadFileForExistingAttachmentAsync(Stream stream, Cipher cipher, CipherAttachment.MetaData attachment)
        {
            if (attachment == null)
            {
                throw new BadRequestException("Cipher attachment does not exist");
            }

            await _attachmentStorageService.UploadNewAttachmentAsync(stream, cipher, attachment);

            if (!await ValidateCipherAttachmentFile(cipher, attachment))
            {
                throw new BadRequestException("File received does not match expected file length.");
            }
        }

        public async Task<(string attachmentId, string uploadUrl)> CreateAttachmentForDelayedUploadAsync(Cipher cipher,
            string key, string fileName, long fileSize, bool adminRequest, Guid savingUserId)
        {
            await ValidateCipherEditForAttachmentAsync(cipher, savingUserId, adminRequest, fileSize);

            var attachmentId = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
            var data = new CipherAttachment.MetaData
            {
                AttachmentId = attachmentId,
                FileName = fileName,
                Key = key,
                Size = fileSize,
                Validated = false,
            };

            var uploadUrl = await _attachmentStorageService.GetAttachmentUploadUrlAsync(cipher, data);

            await _cipherRepository.UpdateAttachmentAsync(new CipherAttachment
            {
                Id = cipher.Id,
                UserId = cipher.UserId,
                OrganizationId = cipher.OrganizationId,
                AttachmentId = attachmentId,
                AttachmentData = JsonSerializer.Serialize(data)
            });
            cipher.AddAttachment(attachmentId, data);
            await _pushService.PushSyncCipherUpdateAsync(cipher, null);

            return (attachmentId, uploadUrl);
        }

        public async Task CreateAttachmentAsync(Cipher cipher, Stream stream, string fileName, string key,
            long requestLength, Guid savingUserId, bool orgAdmin = false)
        {
            await ValidateCipherEditForAttachmentAsync(cipher, savingUserId, orgAdmin, requestLength);

            var attachmentId = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
            var data = new CipherAttachment.MetaData
            {
                AttachmentId = attachmentId,
                FileName = fileName,
                Key = key,
            };

            await _attachmentStorageService.UploadNewAttachmentAsync(stream, cipher, data);
            // Must read stream length after it has been saved, otherwise it's 0
            data.Size = stream.Length;

            try
            {
                var attachment = new CipherAttachment
                {
                    Id = cipher.Id,
                    UserId = cipher.UserId,
                    OrganizationId = cipher.OrganizationId,
                    AttachmentId = attachmentId,
                    AttachmentData = JsonSerializer.Serialize(data)
                };

                await _cipherRepository.UpdateAttachmentAsync(attachment);
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_AttachmentCreated);
                cipher.AddAttachment(attachmentId, data);

                if (!await ValidateCipherAttachmentFile(cipher, data))
                {
                    throw new Exception("Content-Length does not match uploaded file size");
                }
            }
            catch
            {
                // Clean up since this is not transactional
                await _attachmentStorageService.DeleteAttachmentAsync(cipher.Id, data);
                throw;
            }

            // push
            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
        }

        public async Task CreateAttachmentShareAsync(Cipher cipher, Stream stream, long requestLength,
            string attachmentId, Guid organizationId)
        {
            try
            {
                if (requestLength < 1)
                {
                    throw new BadRequestException("No data to attach.");
                }

                if (cipher.Id == default(Guid))
                {
                    throw new BadRequestException(nameof(cipher.Id));
                }

                if (cipher.OrganizationId.HasValue)
                {
                    throw new BadRequestException("Cipher belongs to an organization already.");
                }

                var org = await _organizationRepository.GetByIdAsync(organizationId);
                if (org == null || !org.MaxStorageGb.HasValue)
                {
                    throw new BadRequestException("This organization cannot use attachments.");
                }

                var storageBytesRemaining = org.StorageBytesRemaining();
                if (storageBytesRemaining < requestLength)
                {
                    throw new BadRequestException("Not enough storage available for this organization.");
                }

                var attachments = cipher.GetAttachments();
                if (!attachments.ContainsKey(attachmentId))
                {
                    throw new BadRequestException($"Cipher does not own specified attachment");
                }

                await _attachmentStorageService.UploadShareAttachmentAsync(stream, cipher.Id, organizationId,
                    attachments[attachmentId]);

                // Previous call may alter metadata
                var updatedAttachment = new CipherAttachment
                {
                    Id = cipher.Id,
                    UserId = cipher.UserId,
                    OrganizationId = cipher.OrganizationId,
                    AttachmentId = attachmentId,
                    AttachmentData = JsonSerializer.Serialize(attachments[attachmentId])
                };

                await _cipherRepository.UpdateAttachmentAsync(updatedAttachment);
            }
            catch
            {
                await _attachmentStorageService.CleanupAsync(cipher.Id);
                throw;
            }
        }

        public async Task<bool> ValidateCipherAttachmentFile(Cipher cipher, CipherAttachment.MetaData attachmentData)
        {
            var (valid, realSize) = await _attachmentStorageService.ValidateFileAsync(cipher, attachmentData, _fileSizeLeeway);

            if (!valid || realSize > MAX_FILE_SIZE)
            {
                // File reported differs in size from that promised. Must be a rogue client. Delete Send
                await DeleteAttachmentAsync(cipher, attachmentData);
                return false;
            }
            // Update Send data if necessary
            if (realSize != attachmentData.Size)
            {
                attachmentData.Size = realSize.Value;
            }
            attachmentData.Validated = true;

            var updatedAttachment = new CipherAttachment
            {
                Id = cipher.Id,
                UserId = cipher.UserId,
                OrganizationId = cipher.OrganizationId,
                AttachmentId = attachmentData.AttachmentId,
                AttachmentData = JsonSerializer.Serialize(attachmentData)
            };


            await _cipherRepository.UpdateAttachmentAsync(updatedAttachment);

            return valid;
        }

        public async Task<AttachmentResponseData> GetAttachmentDownloadDataAsync(Cipher cipher, string attachmentId)
        {
            var attachments = cipher?.GetAttachments() ?? new Dictionary<string, CipherAttachment.MetaData>();

            if (!attachments.ContainsKey(attachmentId))
            {
                throw new NotFoundException();
            }

            var data = attachments[attachmentId];
            var response = new AttachmentResponseData
            {
                Cipher = cipher,
                Data = data,
                Id = attachmentId,
                Url = await _attachmentStorageService.GetAttachmentDownloadUrlAsync(cipher, data),
            };

            return response;
        }

        public async Task DeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false)
        {
            if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId)))
            {
                throw new BadRequestException("You do not have permissions to delete this.");
            }

            await _cipherRepository.DeleteAsync(cipher);
            await _attachmentStorageService.DeleteAttachmentsForCipherAsync(cipher.Id);
            await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_Deleted);

            // push
            await _pushService.PushSyncCipherDeleteAsync(cipher);
        }

        public async Task DeleteManyAsync(IEnumerable<Guid> cipherIds, Guid deletingUserId, Guid? organizationId = null, bool orgAdmin = false)
        {
            var cipherIdsSet = new HashSet<Guid>(cipherIds);
            var deletingCiphers = new List<Cipher>();

            if (orgAdmin && organizationId.HasValue)
            {
                var ciphers = await _cipherRepository.GetManyByOrganizationIdAsync(organizationId.Value);
                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id)).ToList();
                await _cipherRepository.DeleteByIdsOrganizationIdAsync(deletingCiphers.Select(c => c.Id), organizationId.Value);
            }
            else
            {
                var ciphers = await _cipherRepository.GetManyByUserIdAsync(deletingUserId);
                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(x => (Cipher)x).ToList();
                await _cipherRepository.DeleteAsync(deletingCiphers.Select(c => c.Id), deletingUserId);
            }

            var events = deletingCiphers.Select(c =>
                new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Deleted, null));
            foreach (var eventsBatch in events.Batch(100))
            {
                await _eventService.LogCipherEventsAsync(eventsBatch);
            }

            // push
            await _pushService.PushSyncCiphersAsync(deletingUserId);
        }

        public async Task DeleteAttachmentAsync(Cipher cipher, string attachmentId, Guid deletingUserId,
            bool orgAdmin = false)
        {
            if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId)))
            {
                throw new BadRequestException("You do not have permissions to delete this.");
            }

            if (!cipher.ContainsAttachment(attachmentId))
            {
                throw new NotFoundException();
            }

            await DeleteAttachmentAsync(cipher, cipher.GetAttachments()[attachmentId]);
        }

        public async Task PurgeAsync(Guid organizationId)
        {
            var org = await _organizationRepository.GetByIdAsync(organizationId);
            if (org == null)
            {
                throw new NotFoundException();
            }
            await _cipherRepository.DeleteByOrganizationIdAsync(organizationId);
            await _eventService.LogOrganizationEventAsync(org, Enums.EventType.Organization_PurgedVault);
        }

        public async Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId)
        {
            if (destinationFolderId.HasValue)
            {
                var folder = await _folderRepository.GetByIdAsync(destinationFolderId.Value);
                if (folder == null || folder.UserId != movingUserId)
                {
                    throw new BadRequestException("Invalid folder.");
                }
            }

            await _cipherRepository.MoveAsync(cipherIds, destinationFolderId, movingUserId);
            // push
            await _pushService.PushSyncCiphersAsync(movingUserId);
        }

        public async Task SaveFolderAsync(Folder folder)
        {
            if (folder.Id == default(Guid))
            {
                await _folderRepository.CreateAsync(folder);

                // push
                await _pushService.PushSyncFolderCreateAsync(folder);
            }
            else
            {
                folder.RevisionDate = DateTime.UtcNow;
                await _folderRepository.UpsertAsync(folder);

                // push
                await _pushService.PushSyncFolderUpdateAsync(folder);
            }
        }

        public async Task DeleteFolderAsync(Folder folder)
        {
            await _folderRepository.DeleteAsync(folder);

            // push
            await _pushService.PushSyncFolderDeleteAsync(folder);
        }

        public async Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId,
            IEnumerable<Guid> collectionIds, Guid sharingUserId, DateTime? lastKnownRevisionDate)
        {
            var attachments = cipher.GetAttachments();
            var hasAttachments = attachments?.Any() ?? false;
            var hasOldAttachments = attachments?.Any(a => a.Key == null) ?? false;
            var updatedCipher = false;
            var migratedAttachments = false;
            var originalAttachments = CoreHelpers.CloneObject(attachments);

            try
            {
                if (cipher.Id == default(Guid))
                {
                    throw new BadRequestException(nameof(cipher.Id));
                }

                if (cipher.OrganizationId.HasValue)
                {
                    throw new BadRequestException("Already belongs to an organization.");
                }

                if (!cipher.UserId.HasValue || cipher.UserId.Value != sharingUserId)
                {
                    throw new NotFoundException();
                }

                var org = await _organizationRepository.GetByIdAsync(organizationId);
                if (hasAttachments && !org.MaxStorageGb.HasValue)
                {
                    throw new BadRequestException("This organization cannot use attachments.");
                }

                var storageAdjustment = attachments?.Sum(a => a.Value.Size) ?? 0;
                if (org.StorageBytesRemaining() < storageAdjustment)
                {
                    throw new BadRequestException("Not enough storage available for this organization.");
                }

                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);

                // Sproc will not save this UserId on the cipher. It is used limit scope of the collectionIds.
                cipher.UserId = sharingUserId;
                cipher.OrganizationId = organizationId;
                cipher.RevisionDate = DateTime.UtcNow;
                if (!await _cipherRepository.ReplaceAsync(cipher, collectionIds))
                {
                    throw new BadRequestException("Unable to save.");
                }

                updatedCipher = true;
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Shared);

                if (hasOldAttachments)
                {
                    // migrate old attachments
                    foreach (var attachment in attachments.Where(a => a.Key == null))
                    {
                        await _attachmentStorageService.StartShareAttachmentAsync(cipher.Id, organizationId,
                            attachment.Value);
                        migratedAttachments = true;
                    }

                    // commit attachment migration
                    await _attachmentStorageService.CleanupAsync(cipher.Id);
                }

                // push
                await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds);
            }
            catch
            {
                // roll everything back
                if (updatedCipher)
                {
                    await _cipherRepository.ReplaceAsync(originalCipher);
                }

                if (!hasOldAttachments || !migratedAttachments)
                {
                    throw;
                }

                if (updatedCipher)
                {
                    await _userRepository.UpdateStorageAsync(sharingUserId);
                    await _organizationRepository.UpdateStorageAsync(organizationId);
                }

                foreach (var attachment in attachments.Where(a => a.Key == null))
                {
                    await _attachmentStorageService.RollbackShareAttachmentAsync(cipher.Id, organizationId,
                        attachment.Value, originalAttachments[attachment.Key].ContainerName);
                }

                await _attachmentStorageService.CleanupAsync(cipher.Id);
                throw;
            }
        }

        public async Task ShareManyAsync(IEnumerable<(Cipher cipher, DateTime? lastKnownRevisionDate)> cipherInfos,
            Guid organizationId, IEnumerable<Guid> collectionIds, Guid sharingUserId)
        {
            var cipherIds = new List<Guid>();
            foreach (var (cipher, lastKnownRevisionDate) in cipherInfos)
            {
                if (cipher.Id == default(Guid))
                {
                    throw new BadRequestException("All ciphers must already exist.");
                }

                if (cipher.OrganizationId.HasValue)
                {
                    throw new BadRequestException("One or more ciphers already belong to an organization.");
                }

                if (!cipher.UserId.HasValue || cipher.UserId.Value != sharingUserId)
                {
                    throw new BadRequestException("One or more ciphers do not belong to you.");
                }

                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);

                cipher.UserId = null;
                cipher.OrganizationId = organizationId;
                cipher.RevisionDate = DateTime.UtcNow;
                cipherIds.Add(cipher.Id);
            }

            await _cipherRepository.UpdateCiphersAsync(sharingUserId, cipherInfos.Select(c => c.cipher));
            await _collectionCipherRepository.UpdateCollectionsForCiphersAsync(cipherIds, sharingUserId,
                organizationId, collectionIds);

            var events = cipherInfos.Select(c =>
                new Tuple<Cipher, EventType, DateTime?>(c.cipher, EventType.Cipher_Shared, null));
            foreach (var eventsBatch in events.Batch(100))
            {
                await _eventService.LogCipherEventsAsync(eventsBatch);
            }

            // push
            await _pushService.PushSyncCiphersAsync(sharingUserId);
        }

        public async Task SaveCollectionsAsync(Cipher cipher, IEnumerable<Guid> collectionIds, Guid savingUserId,
            bool orgAdmin)
        {
            if (cipher.Id == default(Guid))
            {
                throw new BadRequestException(nameof(cipher.Id));
            }

            if (!cipher.OrganizationId.HasValue)
            {
                throw new BadRequestException("Cipher must belong to an organization.");
            }

            cipher.RevisionDate = DateTime.UtcNow;

            // The sprocs will validate that all collections belong to this org/user and that they have 
            // proper write permissions.
            if (orgAdmin)
            {
                await _collectionCipherRepository.UpdateCollectionsForAdminAsync(cipher.Id,
                    cipher.OrganizationId.Value, collectionIds);
            }
            else
            {
                if (!(await UserCanEditAsync(cipher, savingUserId)))
                {
                    throw new BadRequestException("You do not have permissions to edit this.");
                }
                await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds);
            }

            await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_UpdatedCollections);

            // push
            await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds);
        }

        public async Task ImportCiphersAsync(
            List<Folder> folders,
            List<CipherDetails> ciphers,
            IEnumerable<KeyValuePair<int, int>> folderRelationships)
        {
            var userId = folders.FirstOrDefault()?.UserId ?? ciphers.FirstOrDefault()?.UserId;

            // Make sure the user can save new ciphers to their personal vault
            var personalOwnershipPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(userId.Value,
                PolicyType.PersonalOwnership);
            if (personalOwnershipPolicyCount > 0)
            {
                throw new BadRequestException("You cannot import items into your personal vault because you are " +
                    "a member of an organization which forbids it.");
            }

            foreach (var cipher in ciphers)
            {
                cipher.SetNewId();

                if (cipher.UserId.HasValue && cipher.Favorite)
                {
                    cipher.Favorites = $"{{\"{cipher.UserId.ToString().ToUpperInvariant()}\":\"true\"}}";
                }
            }

            // Init. ids for folders
            foreach (var folder in folders)
            {
                folder.SetNewId();
            }

            // Create the folder associations based on the newly created folder ids
            foreach (var relationship in folderRelationships)
            {
                var cipher = ciphers.ElementAtOrDefault(relationship.Key);
                var folder = folders.ElementAtOrDefault(relationship.Value);

                if (cipher == null || folder == null)
                {
                    continue;
                }

                cipher.Folders = $"{{\"{cipher.UserId.ToString().ToUpperInvariant()}\":" +
                    $"\"{folder.Id.ToString().ToUpperInvariant()}\"}}";
            }

            // Create it all
            await _cipherRepository.CreateAsync(ciphers, folders);

            // push
            if (userId.HasValue)
            {
                await _pushService.PushSyncVaultAsync(userId.Value);
            }
        }

        public async Task ImportCiphersAsync(
            List<Collection> collections,
            List<CipherDetails> ciphers,
            IEnumerable<KeyValuePair<int, int>> collectionRelationships,
            Guid importingUserId)
        {
            var org = collections.Count > 0 ?
                await _organizationRepository.GetByIdAsync(collections[0].OrganizationId) :
                await _organizationRepository.GetByIdAsync(ciphers.FirstOrDefault(c => c.OrganizationId.HasValue).OrganizationId.Value);

            if (collections.Count > 0 && org != null && org.MaxCollections.HasValue)
            {
                var collectionCount = await _collectionRepository.GetCountByOrganizationIdAsync(org.Id);
                if (org.MaxCollections.Value < (collectionCount + collections.Count))
                {
                    throw new BadRequestException("This organization can only have a maximum of " +
                        $"{org.MaxCollections.Value} collections.");
                }
            }

            // Init. ids for ciphers
            foreach (var cipher in ciphers)
            {
                cipher.SetNewId();
            }

            // Init. ids for collections
            foreach (var collection in collections)
            {
                collection.SetNewId();
            }

            // Create associations based on the newly assigned ids
            var collectionCiphers = new List<CollectionCipher>();
            foreach (var relationship in collectionRelationships)
            {
                var cipher = ciphers.ElementAtOrDefault(relationship.Key);
                var collection = collections.ElementAtOrDefault(relationship.Value);

                if (cipher == null || collection == null)
                {
                    continue;
                }

                collectionCiphers.Add(new CollectionCipher
                {
                    CipherId = cipher.Id,
                    CollectionId = collection.Id
                });
            }

            // Create it all
            await _cipherRepository.CreateAsync(ciphers, collections, collectionCiphers);

            // push
            await _pushService.PushSyncVaultAsync(importingUserId);


            if (org != null)
            {
                await _referenceEventService.RaiseEventAsync(
                    new ReferenceEvent(ReferenceEventType.VaultImported, org));
            }
        }

        public async Task SoftDeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false)
        {
            if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId)))
            {
                throw new BadRequestException("You do not have permissions to soft delete this.");
            }

            if (cipher.DeletedDate.HasValue)
            {
                // Already soft-deleted, we can safely ignore this
                return;
            }

            cipher.DeletedDate = cipher.RevisionDate = DateTime.UtcNow;

            if (cipher is CipherDetails details)
            {
                await _cipherRepository.UpsertAsync(details);
            }
            else
            {
                await _cipherRepository.UpsertAsync(cipher);
            }
            await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted);

            // push
            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
        }

        public async Task SoftDeleteManyAsync(IEnumerable<Guid> cipherIds, Guid deletingUserId, Guid? organizationId, bool orgAdmin)
        {
            var cipherIdsSet = new HashSet<Guid>(cipherIds);
            var deletingCiphers = new List<Cipher>();

            if (orgAdmin && organizationId.HasValue)
            {
                var ciphers = await _cipherRepository.GetManyByOrganizationIdAsync(organizationId.Value);
                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id)).ToList();
                await _cipherRepository.SoftDeleteByIdsOrganizationIdAsync(deletingCiphers.Select(c => c.Id), organizationId.Value);
            }
            else
            {
                var ciphers = await _cipherRepository.GetManyByUserIdAsync(deletingUserId);
                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(x => (Cipher)x).ToList();
                await _cipherRepository.SoftDeleteAsync(deletingCiphers.Select(c => c.Id), deletingUserId);
            }

            var events = deletingCiphers.Select(c =>
                new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_SoftDeleted, null));
            foreach (var eventsBatch in events.Batch(100))
            {
                await _eventService.LogCipherEventsAsync(eventsBatch);
            }

            // push
            await _pushService.PushSyncCiphersAsync(deletingUserId);
        }

        public async Task RestoreAsync(Cipher cipher, Guid restoringUserId, bool orgAdmin = false)
        {
            if (!orgAdmin && !(await UserCanEditAsync(cipher, restoringUserId)))
            {
                throw new BadRequestException("You do not have permissions to delete this.");
            }

            if (!cipher.DeletedDate.HasValue)
            {
                // Already restored, we can safely ignore this
                return;
            }

            cipher.DeletedDate = null;
            cipher.RevisionDate = DateTime.UtcNow;

            if (cipher is CipherDetails details)
            {
                await _cipherRepository.UpsertAsync(details);
            }
            else
            {
                await _cipherRepository.UpsertAsync(cipher);
            }
            await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_Restored);

            // push
            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
        }

        public async Task RestoreManyAsync(IEnumerable<CipherDetails> ciphers, Guid restoringUserId)
        {
            var revisionDate = await _cipherRepository.RestoreAsync(ciphers.Select(c => c.Id), restoringUserId);

            var events = ciphers.Select(c =>
            {
                c.RevisionDate = revisionDate;
                c.DeletedDate = null;
                return new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Restored, null);
            });
            foreach (var eventsBatch in events.Batch(100))
            {
                await _eventService.LogCipherEventsAsync(eventsBatch);
            }

            // push
            await _pushService.PushSyncCiphersAsync(restoringUserId);
        }

        private async Task<bool> UserCanEditAsync(Cipher cipher, Guid userId)
        {
            if (!cipher.OrganizationId.HasValue && cipher.UserId.HasValue && cipher.UserId.Value == userId)
            {
                return true;
            }

            return await _cipherRepository.GetCanEditByIdAsync(userId, cipher.Id);
        }

        private void ValidateCipherLastKnownRevisionDateAsync(Cipher cipher, DateTime? lastKnownRevisionDate)
        {
            if (cipher.Id == default || !lastKnownRevisionDate.HasValue)
            {
                return;
            }

            if ((cipher.RevisionDate - lastKnownRevisionDate.Value).Duration() > TimeSpan.FromSeconds(1))
            {
                throw new BadRequestException(
                    "The cipher you are updating is out of date. Please save your work, sync your vault, and try again."
                );
            }
        }

        private async Task DeleteAttachmentAsync(Cipher cipher, CipherAttachment.MetaData attachmentData)
        {
            if (attachmentData == null || string.IsNullOrWhiteSpace(attachmentData.AttachmentId))
            {
                return;
            }

            await _cipherRepository.DeleteAttachmentAsync(cipher.Id, attachmentData.AttachmentId);
            cipher.DeleteAttachment(attachmentData.AttachmentId);
            await _attachmentStorageService.DeleteAttachmentAsync(cipher.Id, attachmentData);
            await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_AttachmentDeleted);

            // push
            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
        }

        private async Task ValidateCipherEditForAttachmentAsync(Cipher cipher, Guid savingUserId, bool orgAdmin,
            long requestLength)
        {
            if (!orgAdmin && !(await UserCanEditAsync(cipher, savingUserId)))
            {
                throw new BadRequestException("You do not have permissions to edit this.");
            }

            if (requestLength < 1)
            {
                throw new BadRequestException("No data to attach.");
            }

            var storageBytesRemaining = await StorageBytesRemainingForCipherAsync(cipher);

            if (storageBytesRemaining < requestLength)
            {
                throw new BadRequestException("Not enough storage available.");
            }
        }

        private async Task<long> StorageBytesRemainingForCipherAsync(Cipher cipher)
        {
            var storageBytesRemaining = 0L;
            if (cipher.UserId.HasValue)
            {
                var user = await _userRepository.GetByIdAsync(cipher.UserId.Value);
                if (!(await _userService.CanAccessPremium(user)))
                {
                    throw new BadRequestException("You must have premium status to use attachments.");
                }

                if (user.Premium)
                {
                    storageBytesRemaining = user.StorageBytesRemaining();
                }
                else
                {
                    // Users that get access to file storage/premium from their organization get the default
                    // 1 GB max storage.
                    storageBytesRemaining = user.StorageBytesRemaining(
                        _globalSettings.SelfHosted ? (short)10240 : (short)1);
                }
            }
            else if (cipher.OrganizationId.HasValue)
            {
                var org = await _organizationRepository.GetByIdAsync(cipher.OrganizationId.Value);
                if (!org.MaxStorageGb.HasValue)
                {
                    throw new BadRequestException("This organization cannot use attachments.");
                }

                storageBytesRemaining = org.StorageBytesRemaining();
            }

            return storageBytesRemaining;
        }
    }
}
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								using System;
 								using System.Collections.Generic;
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								using System.IO;
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								using System.Linq;
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								using System.Text.Json;
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								using System.Threading.Tasks;
-												Split out repositories to Infrastructure.Dapper / EntityFramework (#1759)


											
										
										
											2022-01-11 10:40:51 +01:00
+								using Bit.Core.Entities;
-												single event for delete and share bulk operations

											
										
										
											2019-07-25 15:39:25 -04:00
+								using Bit.Core.Enums;
-												Move into and read ciphers from org subvaults

											
										
										
											2017-03-21 00:04:39 -04:00
+								using Bit.Core.Exceptions;
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								using Bit.Core.Models.Business;
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								using Bit.Core.Models.Data;
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								using Bit.Core.Repositories;
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								using Bit.Core.Settings;
-												batch events

											
										
										
											2019-07-25 15:50:13 -04:00
+								using Bit.Core.Utilities;
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								using Core.Models.Data;
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
 								namespace Bit.Core.Services
 								{
 								    public class CipherService : ICipherService
 								    {
-												Fix upload limits for direct uploads (again) (#1479)

* Use constants to represent file size limits

* Allow uploads of up to 500mb for self-hosted

* Set nginx max body size to 505mb

* Add reminder about updating nginx/proxy.conf
											
										
										
											2021-08-04 09:00:30 +10:00
+								        public const long MAX_FILE_SIZE = Constants.FileSize501mb;
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        public const string MAX_FILE_SIZE_READABLE = "500 MB";
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								        private readonly ICipherRepository _cipherRepository;
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								        private readonly IFolderRepository _folderRepository;
-												check collection count on org import

											
										
										
											2018-07-17 13:34:12 -04:00
+								        private readonly ICollectionRepository _collectionRepository;
-												share service setup

											
										
										
											2017-02-25 23:38:24 -05:00
+								        private readonly IUserRepository _userRepository;
-												Move into and read ciphers from org subvaults

											
										
										
											2017-03-21 00:04:39 -04:00
+								        private readonly IOrganizationRepository _organizationRepository;
-												renaming subvault => collection

											
										
										
											2017-04-27 09:19:30 -04:00
+								        private readonly ICollectionCipherRepository _collectionCipherRepository;
-												rename to push notification service

											
										
										
											2017-05-26 09:44:54 -04:00
+								        private readonly IPushNotificationService _pushService;
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								        private readonly IAttachmentStorageService _attachmentStorageService;
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								        private readonly IEventService _eventService;
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								        private readonly IUserService _userService;
-												[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
											
										
										
											2020-12-11 10:45:26 -06:00
+								        private readonly IPolicyRepository _policyRepository;
-												self hosted users get 1 TB

											
										
										
											2018-08-29 09:45:57 -04:00
+								        private readonly GlobalSettings _globalSettings;
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        private const long _fileSizeLeeway = 1024L * 1024L; // 1MB
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								        private readonly IReferenceEventService _referenceEventService;
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
 								        public CipherService(
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            ICipherRepository cipherRepository,
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								            IFolderRepository folderRepository,
-												check collection count on org import

											
										
										
											2018-07-17 13:34:12 -04:00
+								            ICollectionRepository collectionRepository,
-												share service setup

											
										
										
											2017-02-25 23:38:24 -05:00
+								            IUserRepository userRepository,
-												Move into and read ciphers from org subvaults

											
										
										
											2017-03-21 00:04:39 -04:00
+								            IOrganizationRepository organizationRepository,
-												renaming subvault => collection

											
										
										
											2017-04-27 09:19:30 -04:00
+								            ICollectionCipherRepository collectionCipherRepository,
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            IPushNotificationService pushService,
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								            IAttachmentStorageService attachmentStorageService,
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								            IEventService eventService,
-												self hosted users get 1 TB

											
										
										
											2018-08-29 09:45:57 -04:00
+								            IUserService userService,
-												[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
											
										
										
											2020-12-11 10:45:26 -06:00
+								            IPolicyRepository policyRepository,
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								            GlobalSettings globalSettings,
 								            IReferenceEventService referenceEventService)
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								        {
 								            _cipherRepository = cipherRepository;
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								            _folderRepository = folderRepository;
-												check collection count on org import

											
										
										
											2018-07-17 13:34:12 -04:00
+								            _collectionRepository = collectionRepository;
-												share service setup

											
										
										
											2017-02-25 23:38:24 -05:00
+								            _userRepository = userRepository;
-												Move into and read ciphers from org subvaults

											
										
										
											2017-03-21 00:04:39 -04:00
+								            _organizationRepository = organizationRepository;
-												renaming subvault => collection

											
										
										
											2017-04-27 09:19:30 -04:00
+								            _collectionCipherRepository = collectionCipherRepository;
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            _pushService = pushService;
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            _attachmentStorageService = attachmentStorageService;
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								            _eventService = eventService;
-												More CanAccessPremium checks

											
										
										
											2018-08-28 17:40:08 -04:00
+								            _userService = userService;
-												[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
											
										
										
											2020-12-11 10:45:26 -06:00
+								            _policyRepository = policyRepository;
-												self hosted users get 1 TB

											
										
										
											2018-08-29 09:45:57 -04:00
+								            _globalSettings = globalSettings;
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								            _referenceEventService = referenceEventService;
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								        }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								        public async Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
 								             IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false, bool limitCollectionScope = true)
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            {
 								                throw new BadRequestException("You do not have permissions to edit this.");
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (cipher.Id == default(Guid))
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.OrganizationId.HasValue && collectionIds != null)
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                    if (limitCollectionScope)
-												limit collection scope option when creating cipher

											
										
										
											2018-10-22 14:09:55 -04:00
+								                    {
 								                        // Set user ID to limit scope of collection ids in the create sproc
 								                        cipher.UserId = savingUserId;
 								                    }
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                    await _cipherRepository.CreateAsync(cipher, collectionIds);
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
 								                    await _referenceEventService.RaiseEventAsync(
 								                        new ReferenceEvent(ReferenceEventType.CipherCreated, await _organizationRepository.GetByIdAsync(cipher.OrganizationId.Value)));
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                }
 								                else
 								                {
 								                    await _cipherRepository.CreateAsync(cipher);
 								                }
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Created);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
 								                // push
-												send collection ids with cipher notification

											
										
										
											2018-08-21 09:29:38 -04:00
+								                await _pushService.PushSyncCipherCreateAsync(cipher, null);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            }
 								            else
 								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (collectionIds != null)
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                {
 								                    throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
 								                }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								                cipher.RevisionDate = DateTime.UtcNow;
 								                await _cipherRepository.ReplaceAsync(cipher);
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
 								                // push
-												send collection ids with cipher notification

											
										
										
											2018-08-21 09:29:38 -04:00
+								                await _pushService.PushSyncCipherUpdateAsync(cipher, null);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            }
 								        }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								        public async Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								            IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false)
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            {
-												more user friendly error message for no access.

											
										
										
											2017-04-20 16:19:23 -04:00
+								                throw new BadRequestException("You do not have permissions to edit this.");
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            }
 								            cipher.UserId = savingUserId;
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (cipher.Id == default(Guid))
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.OrganizationId.HasValue && collectionIds != null)
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                {
-												Throw if collection Id does not exist on the organization (#1259)

Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
											
										
										
											2021-04-05 15:20:13 -05:00
+								                    var existingCollectionIds = (await _collectionRepository.GetManyByOrganizationIdAsync(cipher.OrganizationId.Value)).Select(c => c.Id);
 								                    if (collectionIds.Except(existingCollectionIds).Any())
 								                    {
 								                        throw new BadRequestException("Specified CollectionId does not exist on the specified Organization.");
 								                    }
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                    await _cipherRepository.CreateAsync(cipher, collectionIds);
 								                }
 								                else
 								                {
-												[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
											
										
										
											2020-12-11 10:45:26 -06:00
+								                    // Make sure the user can save new ciphers to their personal vault
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								                    var personalOwnershipPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(savingUserId,
 								                        PolicyType.PersonalOwnership);
 								                    if (personalOwnershipPolicyCount > 0)
-												[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
											
										
										
											2020-12-11 10:45:26 -06:00
+								                    {
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								                        throw new BadRequestException("Due to an Enterprise Policy, you are restricted from saving items to your personal vault.");
-												[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
											
										
										
											2020-12-11 10:45:26 -06:00
+								                    }
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                    await _cipherRepository.CreateAsync(cipher);
 								                }
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Created);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.OrganizationId.HasValue)
-												org totp and storage flags

											
										
										
											2017-07-07 14:08:30 -04:00
+								                {
 								                    var org = await _organizationRepository.GetByIdAsync(cipher.OrganizationId.Value);
 								                    cipher.OrganizationUseTotp = org.UseTotp;
 								                }
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								                // push
-												send collection ids with cipher notification

											
										
										
											2018-08-21 09:29:38 -04:00
+								                await _pushService.PushSyncCipherCreateAsync(cipher, null);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            }
 								            else
 								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (collectionIds != null)
-												apis for creating ciphers with org & collections

											
										
										
											2018-10-19 12:07:31 -04:00
+								                {
 								                    throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
 								                }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
-												cipher revision update. fixed exception handler logging issue. added logger to push service.

											
										
										
											2016-06-30 21:31:12 -04:00
+								                cipher.RevisionDate = DateTime.UtcNow;
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								                await _cipherRepository.ReplaceAsync(cipher);
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
 								                // push
-												send collection ids with cipher notification

											
										
										
											2018-08-21 09:29:38 -04:00
+								                await _pushService.PushSyncCipherUpdateAsync(cipher, null);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            }
 								        }
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        public async Task UploadFileForExistingAttachmentAsync(Stream stream, Cipher cipher, CipherAttachment.MetaData attachment)
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								        {
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            if (attachment == null)
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            {
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                throw new BadRequestException("Cipher attachment does not exist");
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            }
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            await _attachmentStorageService.UploadNewAttachmentAsync(stream, cipher, attachment);
 								            if (!await ValidateCipherAttachmentFile(cipher, attachment))
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            {
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                throw new BadRequestException("File received does not match expected file length.");
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            }
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        }
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        public async Task<(string attachmentId, string uploadUrl)> CreateAttachmentForDelayedUploadAsync(Cipher cipher,
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								            string key, string fileName, long fileSize, bool adminRequest, Guid savingUserId)
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        {
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								            await ValidateCipherEditForAttachmentAsync(cipher, savingUserId, adminRequest, fileSize);
-												premium check for attachments

											
										
										
											2017-07-05 16:06:53 -04:00
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            var attachmentId = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
 								            var data = new CipherAttachment.MetaData
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								            {
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                AttachmentId = attachmentId,
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								                FileName = fileName,
 								                Key = key,
 								                Size = fileSize,
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                Validated = false,
-												Throw if collection Id does not exist on the organization (#1259)

Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
											
										
										
											2021-04-05 15:20:13 -05:00
+								            };
-												premium check for attachments

											
										
										
											2017-07-05 16:06:53 -04:00
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            var uploadUrl = await _attachmentStorageService.GetAttachmentUploadUrlAsync(cipher, data);
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            await _cipherRepository.UpdateAttachmentAsync(new CipherAttachment
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								            {
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                Id = cipher.Id,
 								                UserId = cipher.UserId,
 								                OrganizationId = cipher.OrganizationId,
 								                AttachmentId = attachmentId,
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								                AttachmentData = JsonSerializer.Serialize(data)
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            });
 								            cipher.AddAttachment(attachmentId, data);
 								            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
 								            return (attachmentId, uploadUrl);
 								        }
 								        public async Task CreateAttachmentAsync(Cipher cipher, Stream stream, string fileName, string key,
 								            long requestLength, Guid savingUserId, bool orgAdmin = false)
 								        {
 								            await ValidateCipherEditForAttachmentAsync(cipher, savingUserId, orgAdmin, requestLength);
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
 								            var attachmentId = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								            var data = new CipherAttachment.MetaData
 								            {
 								                AttachmentId = attachmentId,
 								                FileName = fileName,
 								                Key = key,
 								            };
 								            await _attachmentStorageService.UploadNewAttachmentAsync(stream, cipher, data);
-												MultiplartSectionBody streams have 0 length until read. (#1196)


											
										
										
											2021-03-09 10:49:49 -06:00
+								            // Must read stream length after it has been saved, otherwise it's 0
 								            data.Size = stream.Length;
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								            try
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            {
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								                var attachment = new CipherAttachment
 								                {
 								                    Id = cipher.Id,
 								                    UserId = cipher.UserId,
 								                    OrganizationId = cipher.OrganizationId,
 								                    AttachmentId = attachmentId,
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								                    AttachmentData = JsonSerializer.Serialize(data)
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								                };
 								                await _cipherRepository.UpdateAttachmentAsync(attachment);
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_AttachmentCreated);
-												delete attachments

											
										
										
											2017-07-07 11:07:22 -04:00
+								                cipher.AddAttachment(attachmentId, data);
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
-												Throw if collection Id does not exist on the organization (#1259)

Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
											
										
										
											2021-04-05 15:20:13 -05:00
+								                if (!await ValidateCipherAttachmentFile(cipher, data))
 								                {
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                    throw new Exception("Content-Length does not match uploaded file size");
 								                }
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								            }
 								            catch
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								            {
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								                // Clean up since this is not transactional
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								                await _attachmentStorageService.DeleteAttachmentAsync(cipher.Id, data);
-												database adjustments and storage for attachments

											
										
										
											2017-06-30 14:41:57 -04:00
+								                throw;
 								            }
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
 								            // push
-												send collection ids with cipher notification

											
										
										
											2018-08-21 09:29:38 -04:00
+								            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
-												post, upload, and save cipher attachment

											
										
										
											2017-06-30 11:15:58 -04:00
+								        }
-												support for attachments keys

load existing items and set attachments on key update

											
										
										
											2018-11-14 17:19:04 -05:00
+								        public async Task CreateAttachmentShareAsync(Cipher cipher, Stream stream, long requestLength,
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								            string attachmentId, Guid organizationId)
 								        {
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								            try
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (requestLength < 1)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("No data to attach.");
 								                }
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.Id == default(Guid))
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException(nameof(cipher.Id));
 								                }
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.OrganizationId.HasValue)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("Cipher belongs to an organization already.");
 								                }
 								                var org = await _organizationRepository.GetByIdAsync(organizationId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (org == null || !org.MaxStorageGb.HasValue)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("This organization cannot use attachments.");
 								                }
 								                var storageBytesRemaining = org.StorageBytesRemaining();
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (storageBytesRemaining < requestLength)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("Not enough storage available for this organization.");
 								                }
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								                var attachments = cipher.GetAttachments();
 								                if (!attachments.ContainsKey(attachmentId))
 								                {
 								                    throw new BadRequestException($"Cipher does not own specified attachment");
 								                }
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								                await _attachmentStorageService.UploadShareAttachmentAsync(stream, cipher.Id, organizationId,
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								                    attachments[attachmentId]);
 								                // Previous call may alter metadata
 								                var updatedAttachment = new CipherAttachment
 								                {
 								                    Id = cipher.Id,
 								                    UserId = cipher.UserId,
 								                    OrganizationId = cipher.OrganizationId,
 								                    AttachmentId = attachmentId,
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								                    AttachmentData = JsonSerializer.Serialize(attachments[attachmentId])
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								                };
 								                await _cipherRepository.UpdateAttachmentAsync(updatedAttachment);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								            }
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								            catch
 								            {
-												attachment cleanup

											
										
										
											2017-07-10 20:48:06 -04:00
+								                await _attachmentStorageService.CleanupAsync(cipher.Id);
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                throw;
 								            }
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								        }
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        public async Task<bool> ValidateCipherAttachmentFile(Cipher cipher, CipherAttachment.MetaData attachmentData)
 								        {
 								            var (valid, realSize) = await _attachmentStorageService.ValidateFileAsync(cipher, attachmentData, _fileSizeLeeway);
 								            if (!valid || realSize > MAX_FILE_SIZE)
 								            {
 								                // File reported differs in size from that promised. Must be a rogue client. Delete Send
 								                await DeleteAttachmentAsync(cipher, attachmentData);
 								                return false;
 								            }
 								            // Update Send data if necessary
 								            if (realSize != attachmentData.Size)
 								            {
 								                attachmentData.Size = realSize.Value;
 								            }
 								            attachmentData.Validated = true;
 								            var updatedAttachment = new CipherAttachment
 								            {
 								                Id = cipher.Id,
 								                UserId = cipher.UserId,
 								                OrganizationId = cipher.OrganizationId,
 								                AttachmentId = attachmentData.AttachmentId,
-												Start Migration from Newtonsoft.Json to System.Text.Json (#1803)

* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
											
										
										
											2022-01-21 09:36:25 -05:00
+								                AttachmentData = JsonSerializer.Serialize(attachmentData)
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            };
 								            await _cipherRepository.UpdateAttachmentAsync(updatedAttachment);
 								            return valid;
 								        }
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								        public async Task<AttachmentResponseData> GetAttachmentDownloadDataAsync(Cipher cipher, string attachmentId)
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								        {
 								            var attachments = cipher?.GetAttachments() ?? new Dictionary<string, CipherAttachment.MetaData>();
-												Refuse upload renew if a file is validated (#1284)

Download should return regardless of file validation state
											
										
										
											2021-04-26 14:36:06 -05:00
+								            if (!attachments.ContainsKey(attachmentId))
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            var data = attachments[attachmentId];
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								            var response = new AttachmentResponseData
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            {
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								                Cipher = cipher,
 								                Data = data,
 								                Id = attachmentId,
 								                Url = await _attachmentStorageService.GetAttachmentDownloadUrlAsync(cipher, data),
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            };
 								            return response;
 								        }
-												cipher delete for admin

											
										
										
											2017-04-19 16:00:47 -04:00
+								        public async Task DeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false)
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId)))
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            {
-												more user friendly error message for no access.

											
										
										
											2017-04-20 16:19:23 -04:00
+								                throw new BadRequestException("You do not have permissions to delete this.");
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            }
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            await _cipherRepository.DeleteAsync(cipher);
-												attachment cleanup

											
										
										
											2017-07-10 20:48:06 -04:00
+								            await _attachmentStorageService.DeleteAttachmentsForCipherAsync(cipher.Id);
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								            await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_Deleted);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
 								            // push
-												push nots. for ciphers, folders, keys, & settings

											
										
										
											2017-04-21 14:22:32 -04:00
+								            await _pushService.PushSyncCipherDeleteAsync(cipher);
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								        }
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								        public async Task DeleteManyAsync(IEnumerable<Guid> cipherIds, Guid deletingUserId, Guid? organizationId = null, bool orgAdmin = false)
-												bulk action apis for delete and move

											
										
										
											2017-06-09 00:30:59 -04:00
+								        {
-												log events on bulk delete. ref #422

											
										
										
											2019-01-10 22:24:08 -05:00
+								            var cipherIdsSet = new HashSet<Guid>(cipherIds);
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								            var deletingCiphers = new List<Cipher>();
-												log events on bulk delete. ref #422

											
										
										
											2019-01-10 22:24:08 -05:00
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								            if (orgAdmin && organizationId.HasValue)
 								            {
 								                var ciphers = await _cipherRepository.GetManyByOrganizationIdAsync(organizationId.Value);
 								                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id)).ToList();
 								                await _cipherRepository.DeleteByIdsOrganizationIdAsync(deletingCiphers.Select(c => c.Id), organizationId.Value);
 								            }
 								            else
 								            {
 								                var ciphers = await _cipherRepository.GetManyByUserIdAsync(deletingUserId);
 								                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(x => (Cipher)x).ToList();
 								                await _cipherRepository.DeleteAsync(deletingCiphers.Select(c => c.Id), deletingUserId);
 								            }
-												log events on bulk delete. ref #422

											
										
										
											2019-01-10 22:24:08 -05:00
-												batch events

											
										
										
											2019-07-25 15:50:13 -04:00
+								            var events = deletingCiphers.Select(c =>
-												single event for delete and share bulk operations

											
										
										
											2019-07-25 15:39:25 -04:00
+								                new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Deleted, null));
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var eventsBatch in events.Batch(100))
-												batch events

											
										
										
											2019-07-25 15:50:13 -04:00
+								            {
 								                await _eventService.LogCipherEventsAsync(eventsBatch);
 								            }
-												log events on bulk delete. ref #422

											
										
										
											2019-01-10 22:24:08 -05:00
-												bulk action apis for delete and move

											
										
										
											2017-06-09 00:30:59 -04:00
+								            // push
 								            await _pushService.PushSyncCiphersAsync(deletingUserId);
 								        }
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								        public async Task DeleteAttachmentAsync(Cipher cipher, string attachmentId, Guid deletingUserId,
 								            bool orgAdmin = false)
-												delete attachments

											
										
										
											2017-07-07 11:07:22 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId)))
-												delete attachments

											
										
										
											2017-07-07 11:07:22 -04:00
+								            {
 								                throw new BadRequestException("You do not have permissions to delete this.");
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!cipher.ContainsAttachment(attachmentId))
-												delete attachments

											
										
										
											2017-07-07 11:07:22 -04:00
+								            {
 								                throw new NotFoundException();
 								            }
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            await DeleteAttachmentAsync(cipher, cipher.GetAttachments()[attachmentId]);
-												delete attachments

											
										
										
											2017-07-07 11:07:22 -04:00
+								        }
-												purge org vault

											
										
										
											2018-09-25 09:12:50 -04:00
+								        public async Task PurgeAsync(Guid organizationId)
 								        {
 								            var org = await _organizationRepository.GetByIdAsync(organizationId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (org == null)
-												purge org vault

											
										
										
											2018-09-25 09:12:50 -04:00
+								            {
 								                throw new NotFoundException();
 								            }
 								            await _cipherRepository.DeleteByOrganizationIdAsync(organizationId);
 								            await _eventService.LogOrganizationEventAsync(org, Enums.EventType.Organization_PurgedVault);
 								        }
-												folder permission checks and null folder

											
										
										
											2017-06-09 09:48:44 -04:00
+								        public async Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId)
-												bulk action apis for delete and move

											
										
										
											2017-06-09 00:30:59 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (destinationFolderId.HasValue)
-												folder permission checks and null folder

											
										
										
											2017-06-09 09:48:44 -04:00
+								            {
 								                var folder = await _folderRepository.GetByIdAsync(destinationFolderId.Value);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (folder == null || folder.UserId != movingUserId)
-												folder permission checks and null folder

											
										
										
											2017-06-09 09:48:44 -04:00
+								                {
 								                    throw new BadRequestException("Invalid folder.");
 								                }
 								            }
-												bulk action apis for delete and move

											
										
										
											2017-06-09 00:30:59 -04:00
+								            await _cipherRepository.MoveAsync(cipherIds, destinationFolderId, movingUserId);
 								            // push
 								            await _pushService.PushSyncCiphersAsync(movingUserId);
 								        }
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								        public async Task SaveFolderAsync(Folder folder)
 								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (folder.Id == default(Guid))
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								            {
 								                await _folderRepository.CreateAsync(folder);
 								                // push
-												push nots. for ciphers, folders, keys, & settings

											
										
										
											2017-04-21 14:22:32 -04:00
+								                await _pushService.PushSyncFolderCreateAsync(folder);
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								            }
 								            else
 								            {
 								                folder.RevisionDate = DateTime.UtcNow;
 								                await _folderRepository.UpsertAsync(folder);
 								                // push
-												push nots. for ciphers, folders, keys, & settings

											
										
										
											2017-04-21 14:22:32 -04:00
+								                await _pushService.PushSyncFolderUpdateAsync(folder);
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								            }
 								        }
 								        public async Task DeleteFolderAsync(Folder folder)
 								        {
 								            await _folderRepository.DeleteAsync(folder);
 								            // push
-												push nots. for ciphers, folders, keys, & settings

											
										
										
											2017-04-21 14:22:32 -04:00
+								            await _pushService.PushSyncFolderDeleteAsync(folder);
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								        }
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								        public async Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId,
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								            IEnumerable<Guid> collectionIds, Guid sharingUserId, DateTime? lastKnownRevisionDate)
-												Move into and read ciphers from org subvaults

											
										
										
											2017-03-21 00:04:39 -04:00
+								        {
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								            var attachments = cipher.GetAttachments();
-												support for sharing new attachments

											
										
										
											2018-11-15 12:52:31 -05:00
+								            var hasAttachments = attachments?.Any() ?? false;
 								            var hasOldAttachments = attachments?.Any(a => a.Key == null) ?? false;
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								            var updatedCipher = false;
 								            var migratedAttachments = false;
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								            var originalAttachments = CoreHelpers.CloneObject(attachments);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
 								            try
 								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.Id == default(Guid))
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException(nameof(cipher.Id));
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.OrganizationId.HasValue)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("Already belongs to an organization.");
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (!cipher.UserId.HasValue || cipher.UserId.Value != sharingUserId)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new NotFoundException();
 								                }
 								                var org = await _organizationRepository.GetByIdAsync(organizationId);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (hasAttachments && !org.MaxStorageGb.HasValue)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("This organization cannot use attachments.");
 								                }
-												recompute full storage each time

											
										
										
											2017-07-10 22:08:52 -04:00
+								                var storageAdjustment = attachments?.Sum(a => a.Value.Size) ?? 0;
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (org.StorageBytesRemaining() < storageAdjustment)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    throw new BadRequestException("Not enough storage available for this organization.");
 								                }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                // Sproc will not save this UserId on the cipher. It is used limit scope of the collectionIds.
 								                cipher.UserId = sharingUserId;
 								                cipher.OrganizationId = organizationId;
 								                cipher.RevisionDate = DateTime.UtcNow;
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (!await _cipherRepository.ReplaceAsync(cipher, collectionIds))
-												fix bugs around collection association

											
										
										
											2017-08-30 18:18:39 -04:00
+								                {
 								                    throw new BadRequestException("Unable to save.");
 								                }
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                updatedCipher = true;
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Shared);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (hasOldAttachments)
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                {
-												support for sharing new attachments

											
										
										
											2018-11-15 12:52:31 -05:00
+								                    // migrate old attachments
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                    foreach (var attachment in attachments.Where(a => a.Key == null))
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                    {
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								                        await _attachmentStorageService.StartShareAttachmentAsync(cipher.Id, organizationId,
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								                            attachment.Value);
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                        migratedAttachments = true;
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                    }
-												support for sharing new attachments

											
										
										
											2018-11-15 12:52:31 -05:00
 								                    // commit attachment migration
 								                    await _attachmentStorageService.CleanupAsync(cipher.Id);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                }
-												support for sharing new attachments

											
										
										
											2018-11-15 12:52:31 -05:00
 								                // push
 								                await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								            }
 								            catch
 								            {
 								                // roll everything back
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (updatedCipher)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
 								                    await _cipherRepository.ReplaceAsync(originalCipher);
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (!hasOldAttachments || !migratedAttachments)
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                {
 								                    throw;
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (updatedCipher)
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                {
-												recompute full storage each time

											
										
										
											2017-07-10 22:08:52 -04:00
+								                    await _userRepository.UpdateStorageAsync(sharingUserId);
 								                    await _organizationRepository.UpdateStorageAsync(organizationId);
-												rollback share if errors

											
										
										
											2017-07-10 16:21:18 -04:00
+								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                foreach (var attachment in attachments.Where(a => a.Key == null))
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                {
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								                    await _attachmentStorageService.RollbackShareAttachmentAsync(cipher.Id, organizationId,
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 15:35:16 -06:00
+								                        attachment.Value, originalAttachments[attachment.Key].ContainerName);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                }
-												attachment cleanup

											
										
										
											2017-07-10 20:48:06 -04:00
+								                await _attachmentStorageService.CleanupAsync(cipher.Id);
-												share login with attachments

											
										
										
											2017-07-10 14:30:12 -04:00
+								                throw;
 								            }
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								        }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								        public async Task ShareManyAsync(IEnumerable<(Cipher cipher, DateTime? lastKnownRevisionDate)> cipherInfos,
 								            Guid organizationId, IEnumerable<Guid> collectionIds, Guid sharingUserId)
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								        {
 								            var cipherIds = new List<Guid>();
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								            foreach (var (cipher, lastKnownRevisionDate) in cipherInfos)
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.Id == default(Guid))
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								                {
 								                    throw new BadRequestException("All ciphers must already exist.");
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.OrganizationId.HasValue)
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								                {
 								                    throw new BadRequestException("One or more ciphers already belong to an organization.");
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (!cipher.UserId.HasValue || cipher.UserId.Value != sharingUserId)
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								                {
 								                    throw new BadRequestException("One or more ciphers do not belong to you.");
 								                }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								                cipher.UserId = null;
 								                cipher.OrganizationId = organizationId;
 								                cipher.RevisionDate = DateTime.UtcNow;
 								                cipherIds.Add(cipher.Id);
 								            }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								            await _cipherRepository.UpdateCiphersAsync(sharingUserId, cipherInfos.Select(c => c.cipher));
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
+								            await _collectionCipherRepository.UpdateCollectionsForCiphersAsync(cipherIds, sharingUserId,
 								                organizationId, collectionIds);
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
+								            var events = cipherInfos.Select(c =>
 								                new Tuple<Cipher, EventType, DateTime?>(c.cipher, EventType.Cipher_Shared, null));
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var eventsBatch in events.Batch(100))
-												batch events

											
										
										
											2019-07-25 15:50:13 -04:00
+								            {
 								                await _eventService.LogCipherEventsAsync(eventsBatch);
 								            }
-												apis for bulk sharing

											
										
										
											2018-06-13 14:03:44 -04:00
 								            // push
 								            await _pushService.PushSyncCiphersAsync(sharingUserId);
 								        }
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								        public async Task SaveCollectionsAsync(Cipher cipher, IEnumerable<Guid> collectionIds, Guid savingUserId,
 								            bool orgAdmin)
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (cipher.Id == default(Guid))
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								            {
 								                throw new BadRequestException(nameof(cipher.Id));
 								            }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!cipher.OrganizationId.HasValue)
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								            {
 								                throw new BadRequestException("Cipher must belong to an organization.");
 								            }
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								            cipher.RevisionDate = DateTime.UtcNow;
 								            // The sprocs will validate that all collections belong to this org/user and that they have
 								            // proper write permissions.
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (orgAdmin)
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								            {
-												send revision date with collection edits

											
										
										
											2018-08-21 23:11:57 -04:00
+								                await _collectionCipherRepository.UpdateCollectionsForAdminAsync(cipher.Id,
 								                    cipher.OrganizationId.Value, collectionIds);
-												admin subvault updates for cipher

											
										
										
											2017-04-17 23:12:48 -04:00
+								            }
 								            else
 								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (!(await UserCanEditAsync(cipher, savingUserId)))
-												check user access permissions on collections edit

											
										
										
											2018-08-23 23:04:44 -04:00
+								                {
 								                    throw new BadRequestException("You do not have permissions to edit this.");
 								                }
-												renaming subvault => collection

											
										
										
											2017-04-27 09:19:30 -04:00
+								                await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds);
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								            }
-												cipher events

											
										
										
											2017-12-01 14:06:16 -05:00
+								            await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_UpdatedCollections);
-												update cipher subvaults

											
										
										
											2017-04-12 12:42:00 -04:00
+								            // push
-												send collection ids with cipher notification

											
										
										
											2018-08-21 09:29:38 -04:00
+								            await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds);
-												Move into and read ciphers from org subvaults

											
										
										
											2017-03-21 00:04:39 -04:00
+								        }
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								        public async Task ImportCiphersAsync(
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								            List<Folder> folders,
 								            List<CipherDetails> ciphers,
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								            IEnumerable<KeyValuePair<int, int>> folderRelationships)
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								        {
-												Enforce Personal Ownership policy when importing (#1565)


											
										
										
											2021-09-08 07:20:05 +10:00
+								            var userId = folders.FirstOrDefault()?.UserId ?? ciphers.FirstOrDefault()?.UserId;
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								            // Make sure the user can save new ciphers to their personal vault
 								            var personalOwnershipPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(userId.Value,
 								                PolicyType.PersonalOwnership);
 								            if (personalOwnershipPolicyCount > 0)
-												Enforce Personal Ownership policy when importing (#1565)


											
										
										
											2021-09-08 07:20:05 +10:00
+								            {
-												Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
											
										
										
											2021-09-28 06:54:28 +10:00
+								                throw new BadRequestException("You cannot import items into your personal vault because you are " +
 								                    "a member of an organization which forbids it.");
-												Enforce Personal Ownership policy when importing (#1565)


											
										
										
											2021-09-08 07:20:05 +10:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var cipher in ciphers)
-												import fixes for new folder/favorite schema

											
										
										
											2017-04-12 16:48:38 -04:00
+								            {
 								                cipher.SetNewId();
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher.UserId.HasValue && cipher.Favorite)
-												import fixes for new folder/favorite schema

											
										
										
											2017-04-12 16:48:38 -04:00
+								                {
-												convert fav and folder json to userid object

											
										
										
											2017-04-17 11:44:09 -04:00
+								                    cipher.Favorites = $"{{\"{cipher.UserId.ToString().ToUpperInvariant()}\":\"true\"}}";
-												import fixes for new folder/favorite schema

											
										
										
											2017-04-12 16:48:38 -04:00
+								                }
 								            }
 								            // Init. ids for folders
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var folder in folders)
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								            {
-												import fixes for new folder/favorite schema

											
										
										
											2017-04-12 16:48:38 -04:00
+								                folder.SetNewId();
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								            }
-												import fixes for new folder/favorite schema

											
										
										
											2017-04-12 16:48:38 -04:00
+								            // Create the folder associations based on the newly created folder ids
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var relationship in folderRelationships)
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								            {
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								                var cipher = ciphers.ElementAtOrDefault(relationship.Key);
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								                var folder = folders.ElementAtOrDefault(relationship.Value);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher == null || folder == null)
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								                {
 								                    continue;
 								                }
-												convert fav and folder json to userid object

											
										
										
											2017-04-17 11:44:09 -04:00
+								                cipher.Folders = $"{{\"{cipher.UserId.ToString().ToUpperInvariant()}\":" +
 								                    $"\"{folder.Id.ToString().ToUpperInvariant()}\"}}";
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								            }
-												import fixes for new folder/favorite schema

											
										
										
											2017-04-12 16:48:38 -04:00
+								            // Create it all
-												refactored cipherfolder and fav to JSON columns

											
										
										
											2017-04-15 22:26:45 -04:00
+								            await _cipherRepository.CreateAsync(ciphers, folders);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
 								            // push
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (userId.HasValue)
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            {
-												push nots. for ciphers, folders, keys, & settings

											
										
										
											2017-04-21 14:22:32 -04:00
+								                await _pushService.PushSyncVaultAsync(userId.Value);
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            }
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								        }
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								        public async Task ImportCiphersAsync(
 								            List<Collection> collections,
 								            List<CipherDetails> ciphers,
 								            IEnumerable<KeyValuePair<int, int>> collectionRelationships,
 								            Guid importingUserId)
 								        {
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								            var org = collections.Count > 0 ?
 								                await _organizationRepository.GetByIdAsync(collections[0].OrganizationId) :
 								                await _organizationRepository.GetByIdAsync(ciphers.FirstOrDefault(c => c.OrganizationId.HasValue).OrganizationId.Value);
 								            if (collections.Count > 0 && org != null && org.MaxCollections.HasValue)
-												check collection count on org import

											
										
										
											2018-07-17 13:34:12 -04:00
+								            {
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								                var collectionCount = await _collectionRepository.GetCountByOrganizationIdAsync(org.Id);
 								                if (org.MaxCollections.Value < (collectionCount + collections.Count))
-												check collection count on org import

											
										
										
											2018-07-17 13:34:12 -04:00
+								                {
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
+								                    throw new BadRequestException("This organization can only have a maximum of " +
 								                        $"{org.MaxCollections.Value} collections.");
-												check collection count on org import

											
										
										
											2018-07-17 13:34:12 -04:00
+								                }
 								            }
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								            // Init. ids for ciphers
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var cipher in ciphers)
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								            {
 								                cipher.SetNewId();
 								            }
 								            // Init. ids for collections
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var collection in collections)
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								            {
 								                collection.SetNewId();
 								            }
 								            // Create associations based on the newly assigned ids
 								            var collectionCiphers = new List<CollectionCipher>();
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            foreach (var relationship in collectionRelationships)
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								            {
 								                var cipher = ciphers.ElementAtOrDefault(relationship.Key);
 								                var collection = collections.ElementAtOrDefault(relationship.Value);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								                if (cipher == null || collection == null)
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								                {
 								                    continue;
 								                }
 								                collectionCiphers.Add(new CollectionCipher
 								                {
 								                    CipherId = cipher.Id,
 								                    CollectionId = collection.Id
 								                });
 								            }
 								            // Create it all
 								            await _cipherRepository.CreateAsync(ciphers, collections, collectionCiphers);
 								            // push
 								            await _pushService.PushSyncVaultAsync(importingUserId);
-												Added Several New Reference Events (#1500)

* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
											
										
										
											2021-08-10 14:38:58 -04:00
 								            if (org != null)
 								            {
 								                await _referenceEventService.RaiseEventAsync(
 								                    new ReferenceEvent(ReferenceEventType.VaultImported, org));
 								            }
-												organization cipher import with collections

											
										
										
											2017-09-05 17:49:34 -04:00
+								        }
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								        public async Task SoftDeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false)
 								        {
 								            if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId)))
 								            {
 								                throw new BadRequestException("You do not have permissions to soft delete this.");
 								            }
-												[Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update

											
										
										
											2020-04-01 16:39:27 -04:00
+								            if (cipher.DeletedDate.HasValue)
 								            {
 								                // Already soft-deleted, we can safely ignore this
 								                return;
 								            }
-												[Soft Delete] Update assignment of deleted and revision date to 1-liner

											
										
										
											2020-04-02 10:56:22 -04:00
+								            cipher.DeletedDate = cipher.RevisionDate = DateTime.UtcNow;
-												[Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update

											
										
										
											2020-04-01 16:39:27 -04:00
-												[Soft Delete] - fix Upsert calls based on cipher supertype

											
										
										
											2020-04-08 16:18:22 -04:00
+								            if (cipher is CipherDetails details)
 								            {
 								                await _cipherRepository.UpsertAsync(details);
 								            }
 								            else
 								            {
 								                await _cipherRepository.UpsertAsync(cipher);
 								            }
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								            await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted);
 								            // push
 								            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
 								        }
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								        public async Task SoftDeleteManyAsync(IEnumerable<Guid> cipherIds, Guid deletingUserId, Guid? organizationId, bool orgAdmin)
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								        {
 								            var cipherIdsSet = new HashSet<Guid>(cipherIds);
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								            var deletingCiphers = new List<Cipher>();
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								            if (orgAdmin && organizationId.HasValue)
 								            {
 								                var ciphers = await _cipherRepository.GetManyByOrganizationIdAsync(organizationId.Value);
 								                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id)).ToList();
 								                await _cipherRepository.SoftDeleteByIdsOrganizationIdAsync(deletingCiphers.Select(c => c.Id), organizationId.Value);
 								            }
 								            else
 								            {
 								                var ciphers = await _cipherRepository.GetManyByUserIdAsync(deletingUserId);
 								                deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(x => (Cipher)x).ToList();
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								                await _cipherRepository.SoftDeleteAsync(deletingCiphers.Select(c => c.Id), deletingUserId);
-												Feature.web.534.allow multi select in org vault (#830)

* Set up API methods for bulk admin delete
											
										
										
											2020-07-22 11:38:53 -05:00
+								            }
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
 								            var events = deletingCiphers.Select(c =>
 								                new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_SoftDeleted, null));
 								            foreach (var eventsBatch in events.Batch(100))
 								            {
 								                await _eventService.LogCipherEventsAsync(eventsBatch);
 								            }
 								            // push
 								            await _pushService.PushSyncCiphersAsync(deletingUserId);
 								        }
 								        public async Task RestoreAsync(Cipher cipher, Guid restoringUserId, bool orgAdmin = false)
 								        {
 								            if (!orgAdmin && !(await UserCanEditAsync(cipher, restoringUserId)))
 								            {
 								                throw new BadRequestException("You do not have permissions to delete this.");
 								            }
-												[Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update

											
										
										
											2020-04-01 16:39:27 -04:00
+								            if (!cipher.DeletedDate.HasValue)
 								            {
 								                // Already restored, we can safely ignore this
 								                return;
 								            }
 								            cipher.DeletedDate = null;
 								            cipher.RevisionDate = DateTime.UtcNow;
-												[Soft Delete] - fix Upsert calls based on cipher supertype

											
										
										
											2020-04-08 16:18:22 -04:00
+								            if (cipher is CipherDetails details)
 								            {
 								                await _cipherRepository.UpsertAsync(details);
 								            }
 								            else
 								            {
 								                await _cipherRepository.UpsertAsync(cipher);
 								            }
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								            await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_Restored);
 								            // push
 								            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
 								        }
-												Add cipher response to restore (#1072)

* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
											
										
										
											2021-01-08 08:52:42 -06:00
+								        public async Task RestoreManyAsync(IEnumerable<CipherDetails> ciphers, Guid restoringUserId)
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								        {
-												Add cipher response to restore (#1072)

* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
											
										
										
											2021-01-08 08:52:42 -06:00
+								            var revisionDate = await _cipherRepository.RestoreAsync(ciphers.Select(c => c.Id), restoringUserId);
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
-												Add cipher response to restore (#1072)

* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
											
										
										
											2021-01-08 08:52:42 -06:00
+								            var events = ciphers.Select(c =>
 								            {
 								                c.RevisionDate = revisionDate;
 								                c.DeletedDate = null;
 								                return new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Restored, null);
 								            });
-												[Soft Delete] - API updates for soft delete + retrieval

											
										
										
											2020-04-01 13:00:25 -04:00
+								            foreach (var eventsBatch in events.Batch(100))
 								            {
 								                await _eventService.LogCipherEventsAsync(eventsBatch);
 								            }
 								            // push
 								            await _pushService.PushSyncCiphersAsync(restoringUserId);
 								        }
-												validation checks on cipher move

											
										
										
											2017-03-25 16:25:10 -04:00
+								        private async Task<bool> UserCanEditAsync(Cipher cipher, Guid userId)
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								        {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								            if (!cipher.OrganizationId.HasValue && cipher.UserId.HasValue && cipher.UserId.Value == userId)
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            {
 								                return true;
 								            }
-												CipherDetails Edit property

											
										
										
											2017-05-06 23:23:01 -04:00
+								            return await _cipherRepository.GetCanEditByIdAsync(userId, cipher.Id);
-												user can edit responses and cipher partial updates

											
										
										
											2017-03-24 16:15:50 -04:00
+								        }
-												Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
											
										
										
											2020-11-23 08:48:05 -06:00
 								        private void ValidateCipherLastKnownRevisionDateAsync(Cipher cipher, DateTime? lastKnownRevisionDate)
 								        {
 								            if (cipher.Id == default || !lastKnownRevisionDate.HasValue)
 								            {
 								                return;
 								            }
 								            if ((cipher.RevisionDate - lastKnownRevisionDate.Value).Duration() > TimeSpan.FromSeconds(1))
 								            {
 								                throw new BadRequestException(
 								                    "The cipher you are updating is out of date. Please save your work, sync your vault, and try again."
 								                );
 								            }
 								        }
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
 								        private async Task DeleteAttachmentAsync(Cipher cipher, CipherAttachment.MetaData attachmentData)
 								        {
 								            if (attachmentData == null || string.IsNullOrWhiteSpace(attachmentData.AttachmentId))
 								            {
 								                return;
 								            }
-												Throw if collection Id does not exist on the organization (#1259)

Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
											
										
										
											2021-04-05 15:20:13 -05:00
-												Attachment blob upload (#1229)

* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
											
										
										
											2021-03-30 18:41:14 -05:00
+								            await _cipherRepository.DeleteAttachmentAsync(cipher.Id, attachmentData.AttachmentId);
 								            cipher.DeleteAttachment(attachmentData.AttachmentId);
 								            await _attachmentStorageService.DeleteAttachmentAsync(cipher.Id, attachmentData);
 								            await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_AttachmentDeleted);
 								            // push
 								            await _pushService.PushSyncCipherUpdateAsync(cipher, null);
 								        }
 								        private async Task ValidateCipherEditForAttachmentAsync(Cipher cipher, Guid savingUserId, bool orgAdmin,
 								            long requestLength)
 								        {
 								            if (!orgAdmin && !(await UserCanEditAsync(cipher, savingUserId)))
 								            {
 								                throw new BadRequestException("You do not have permissions to edit this.");
 								            }
 								            if (requestLength < 1)
 								            {
 								                throw new BadRequestException("No data to attach.");
 								            }
 								            var storageBytesRemaining = await StorageBytesRemainingForCipherAsync(cipher);
 								            if (storageBytesRemaining < requestLength)
 								            {
 								                throw new BadRequestException("Not enough storage available.");
 								            }
 								        }
 								        private async Task<long> StorageBytesRemainingForCipherAsync(Cipher cipher)
 								        {
 								            var storageBytesRemaining = 0L;
 								            if (cipher.UserId.HasValue)
 								            {
 								                var user = await _userRepository.GetByIdAsync(cipher.UserId.Value);
 								                if (!(await _userService.CanAccessPremium(user)))
 								                {
 								                    throw new BadRequestException("You must have premium status to use attachments.");
 								                }
 								                if (user.Premium)
 								                {
 								                    storageBytesRemaining = user.StorageBytesRemaining();
 								                }
 								                else
 								                {
 								                    // Users that get access to file storage/premium from their organization get the default
 								                    // 1 GB max storage.
 								                    storageBytesRemaining = user.StorageBytesRemaining(
 								                        _globalSettings.SelfHosted ? (short)10240 : (short)1);
 								                }
 								            }
 								            else if (cipher.OrganizationId.HasValue)
 								            {
 								                var org = await _organizationRepository.GetByIdAsync(cipher.OrganizationId.Value);
 								                if (!org.MaxStorageGb.HasValue)
 								                {
 								                    throw new BadRequestException("This organization cannot use attachments.");
 								                }
 								                storageBytesRemaining = org.StorageBytesRemaining();
 								            }
 								            return storageBytesRemaining;
 								        }
-												Added cipher service with bulk import to account controller

											
										
										
											2015-12-26 23:09:53 -05:00
+								    }
 								}