2025-07-08 10:25:41 -04:00
|
|
|
|
// FIXME: Update this file to be null safe and then delete the line below
|
|
|
|
|
|
#nullable disable
|
|
|
|
|
|
|
|
|
|
|
|
using Bit.Api.AdminConsole.Models.Request.Organizations;
|
2024-11-11 09:52:42 -06:00
|
|
|
|
using Bit.Api.AdminConsole.Models.Response.Organizations;
|
2023-10-19 01:27:56 +10:00
|
|
|
|
using Bit.Api.Auth.Models.Request;
|
2023-04-14 13:25:56 -04:00
|
|
|
|
using Bit.Api.Auth.Models.Response;
|
2021-12-14 15:05:07 +00:00
|
|
|
|
using Bit.Api.Models.Response;
|
2023-03-02 13:23:38 -05:00
|
|
|
|
using Bit.Api.Vault.Models.Response;
|
2023-04-14 13:25:56 -04:00
|
|
|
|
using Bit.Core.Auth.Services;
|
2020-12-16 20:36:47 +01:00
|
|
|
|
using Bit.Core.Exceptions;
|
|
|
|
|
|
using Bit.Core.Repositories;
|
|
|
|
|
|
using Bit.Core.Services;
|
2021-12-14 15:05:07 +00:00
|
|
|
|
using Bit.Core.Settings;
|
2020-12-16 20:36:47 +01:00
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
|
2023-04-14 13:25:56 -04:00
|
|
|
|
namespace Bit.Api.Auth.Controllers;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[Route("emergency-access")]
|
2025-09-24 08:42:56 -04:00
|
|
|
|
[Authorize(Core.Auth.Identity.Policies.Application)]
|
2020-12-16 20:36:47 +01:00
|
|
|
|
public class EmergencyAccessController : Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly IUserService _userService;
|
|
|
|
|
|
private readonly IEmergencyAccessRepository _emergencyAccessRepository;
|
|
|
|
|
|
private readonly IEmergencyAccessService _emergencyAccessService;
|
2021-12-14 15:05:07 +00:00
|
|
|
|
private readonly IGlobalSettings _globalSettings;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
public EmergencyAccessController(
|
|
|
|
|
|
IUserService userService,
|
|
|
|
|
|
IEmergencyAccessRepository emergencyAccessRepository,
|
2021-12-14 15:05:07 +00:00
|
|
|
|
IEmergencyAccessService emergencyAccessService,
|
|
|
|
|
|
IGlobalSettings globalSettings)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
_userService = userService;
|
|
|
|
|
|
_emergencyAccessRepository = emergencyAccessRepository;
|
|
|
|
|
|
_emergencyAccessService = emergencyAccessService;
|
2021-12-14 15:05:07 +00:00
|
|
|
|
_globalSettings = globalSettings;
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("trusted")]
|
|
|
|
|
|
public async Task<ListResponseModel<EmergencyAccessGranteeDetailsResponseModel>> GetContacts()
|
2022-08-29 15:53:48 -04:00
|
|
|
|
{
|
2020-12-16 20:36:47 +01:00
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
|
|
|
|
|
var granteeDetails = await _emergencyAccessRepository.GetManyDetailsByGrantorIdAsync(userId.Value);
|
|
|
|
|
|
|
|
|
|
|
|
var responses = granteeDetails.Select(d =>
|
|
|
|
|
|
new EmergencyAccessGranteeDetailsResponseModel(d));
|
|
|
|
|
|
|
|
|
|
|
|
return new ListResponseModel<EmergencyAccessGranteeDetailsResponseModel>(responses);
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
2020-12-16 20:36:47 +01:00
|
|
|
|
|
|
|
|
|
|
[HttpGet("granted")]
|
|
|
|
|
|
public async Task<ListResponseModel<EmergencyAccessGrantorDetailsResponseModel>> GetGrantees()
|
2022-08-29 15:53:48 -04:00
|
|
|
|
{
|
2020-12-16 20:36:47 +01:00
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
|
|
|
|
|
var granteeDetails = await _emergencyAccessRepository.GetManyDetailsByGranteeIdAsync(userId.Value);
|
|
|
|
|
|
|
|
|
|
|
|
var responses = granteeDetails.Select(d => new EmergencyAccessGrantorDetailsResponseModel(d));
|
|
|
|
|
|
|
|
|
|
|
|
return new ListResponseModel<EmergencyAccessGrantorDetailsResponseModel>(responses);
|
|
|
|
|
|
}
|
2021-02-10 09:06:42 +10:00
|
|
|
|
|
|
|
|
|
|
[HttpGet("{id}")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task<EmergencyAccessGranteeDetailsResponseModel> Get(Guid id)
|
2021-02-10 09:06:42 +10:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
var result = await _emergencyAccessService.GetAsync(id, userId.Value);
|
2021-02-10 09:06:42 +10:00
|
|
|
|
return new EmergencyAccessGranteeDetailsResponseModel(result);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpGet("{id}/policies")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task<ListResponseModel<PolicyResponseModel>> Policies(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
var policies = await _emergencyAccessService.GetPoliciesAsync(id, user);
|
2025-06-25 09:30:51 -07:00
|
|
|
|
var responses = policies?.Select(policy => new PolicyResponseModel(policy));
|
2020-12-16 20:36:47 +01:00
|
|
|
|
return new ListResponseModel<PolicyResponseModel>(responses);
|
|
|
|
|
|
}
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPut("{id}")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Put(Guid id, [FromBody] EmergencyAccessUpdateRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2022-04-05 04:08:37 -04:00
|
|
|
|
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(id);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
if (emergencyAccess == null)
|
2022-08-29 15:53:48 -04:00
|
|
|
|
{
|
2020-12-16 20:36:47 +01:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2021-01-20 19:50:07 +01:00
|
|
|
|
await _emergencyAccessService.SaveAsync(model.ToEmergencyAccess(emergencyAccess), user);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-09-02 18:30:53 +02:00
|
|
|
|
[HttpPost("{id}")]
|
|
|
|
|
|
[Obsolete("This endpoint is deprecated. Use PUT /{id} instead.")]
|
|
|
|
|
|
public async Task Post(Guid id, [FromBody] EmergencyAccessUpdateRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
await Put(id, model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpDelete("{id}")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Delete(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.DeleteAsync(id, userId.Value);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-09-02 18:30:53 +02:00
|
|
|
|
[HttpPost("{id}/delete")]
|
|
|
|
|
|
[Obsolete("This endpoint is deprecated. Use DELETE /{id} instead.")]
|
|
|
|
|
|
public async Task PostDelete(Guid id)
|
|
|
|
|
|
{
|
|
|
|
|
|
await Delete(id);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPost("invite")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Invite([FromBody] EmergencyAccessInviteRequestModel model)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.InviteAsync(user, model.Email, model.Type.Value, model.WaitTimeDays);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("{id}/reinvite")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Reinvite(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.ResendInviteAsync(user, id);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("{id}/accept")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Accept(Guid id, [FromBody] OrganizationUserAcceptRequestModel model)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.AcceptUserAsync(id, user, model.Token, _userService);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("{id}/confirm")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Confirm(Guid id, [FromBody] OrganizationUserConfirmRequestModel model)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.ConfirmUserAsync(id, model.Key, userId.Value);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPost("{id}/initiate")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Initiate(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.InitiateAsync(id, user);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("{id}/approve")]
|
2025-09-02 18:30:53 +02:00
|
|
|
|
public async Task Approve(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.ApproveAsync(id, user);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPost("{id}/reject")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task Reject(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.RejectAsync(id, user);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
2021-12-16 15:35:09 +01:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPost("{id}/takeover")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task<EmergencyAccessTakeoverResponseModel> Takeover(Guid id)
|
2020-12-16 20:36:47 +01:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
var (result, grantor) = await _emergencyAccessService.TakeoverAsync(id, user);
|
|
|
|
|
|
return new EmergencyAccessTakeoverResponseModel(result, grantor);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
2021-03-30 18:41:14 -05:00
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPost("{id}/password")]
|
2021-12-14 15:05:07 +00:00
|
|
|
|
public async Task Password(Guid id, [FromBody] EmergencyAccessPasswordRequestModel model)
|
2022-08-29 14:53:16 -04:00
|
|
|
|
{
|
2022-01-18 16:05:12 +01:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
await _emergencyAccessService.PasswordAsync(id, user, model.NewMasterPasswordHash, model.Key);
|
2022-08-29 14:53:16 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-16 20:36:47 +01:00
|
|
|
|
[HttpPost("{id}/view")]
|
2021-12-14 15:05:07 +00:00
|
|
|
|
public async Task<EmergencyAccessViewResponseModel> ViewCiphers(Guid id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-12-16 20:36:47 +01:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2022-04-05 04:08:37 -04:00
|
|
|
|
var viewResult = await _emergencyAccessService.ViewAsync(id, user);
|
2025-03-10 15:27:30 +00:00
|
|
|
|
return new EmergencyAccessViewResponseModel(_globalSettings, viewResult.EmergencyAccess, viewResult.Ciphers, user);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-03-30 18:41:14 -05:00
|
|
|
|
[HttpGet("{id}/{cipherId}/attachment/{attachmentId}")]
|
2022-04-05 04:08:37 -04:00
|
|
|
|
public async Task<AttachmentResponseModel> GetAttachmentData(Guid id, Guid cipherId, string attachmentId)
|
2021-03-30 18:41:14 -05:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2021-12-14 15:05:07 +00:00
|
|
|
|
var result =
|
2022-04-05 04:08:37 -04:00
|
|
|
|
await _emergencyAccessService.GetAttachmentDownloadAsync(id, cipherId, attachmentId, user);
|
2022-02-07 15:46:20 +01:00
|
|
|
|
return new AttachmentResponseModel(result);
|
2020-12-16 20:36:47 +01:00
|
|
|
|
}
|
|
|
|
|
|
}
|
