2022-06-29 19:46:41 -04:00
|
|
|
|
using System.Text.Json;
|
2021-11-30 19:47:56 +01:00
|
|
|
|
using Azure.Messaging.EventGrid;
|
2021-12-14 15:05:07 +00:00
|
|
|
|
using Bit.Api.Models.Request;
|
|
|
|
|
|
using Bit.Api.Models.Request.Accounts;
|
|
|
|
|
|
using Bit.Api.Models.Request.Organizations;
|
|
|
|
|
|
using Bit.Api.Models.Response;
|
2017-06-15 15:34:12 -04:00
|
|
|
|
using Bit.Api.Utilities;
|
2017-10-25 21:38:54 -04:00
|
|
|
|
using Bit.Core;
|
2021-02-04 12:54:21 -06:00
|
|
|
|
using Bit.Core.Context;
|
2022-01-11 10:40:51 +01:00
|
|
|
|
using Bit.Core.Entities;
|
2016-06-07 20:05:27 -04:00
|
|
|
|
using Bit.Core.Exceptions;
|
2021-03-30 18:41:14 -05:00
|
|
|
|
using Bit.Core.Models.Data;
|
2016-06-07 20:05:27 -04:00
|
|
|
|
using Bit.Core.Repositories;
|
|
|
|
|
|
using Bit.Core.Services;
|
2021-02-22 15:35:16 -06:00
|
|
|
|
using Bit.Core.Settings;
|
2021-08-11 08:14:28 +10:00
|
|
|
|
using Bit.Core.Utilities;
|
2021-03-30 18:41:14 -05:00
|
|
|
|
using Core.Models.Data;
|
2016-06-07 20:05:27 -04:00
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
|
|
|
|
|
|
namespace Bit.Api.Controllers;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2016-06-07 20:05:27 -04:00
|
|
|
|
[Route("ciphers")]
|
|
|
|
|
|
[Authorize("Application")]
|
|
|
|
|
|
public class CiphersController : Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly ICipherRepository _cipherRepository;
|
2017-04-27 09:19:30 -04:00
|
|
|
|
private readonly ICollectionCipherRepository _collectionCipherRepository;
|
2016-06-07 20:05:27 -04:00
|
|
|
|
private readonly ICipherService _cipherService;
|
2017-01-24 22:46:54 -05:00
|
|
|
|
private readonly IUserService _userService;
|
2021-02-22 15:35:16 -06:00
|
|
|
|
private readonly IAttachmentStorageService _attachmentStorageService;
|
2021-08-05 08:50:41 -04:00
|
|
|
|
private readonly IProviderService _providerService;
|
2021-02-04 12:54:21 -06:00
|
|
|
|
private readonly ICurrentContext _currentContext;
|
2021-03-30 18:41:14 -05:00
|
|
|
|
private readonly ILogger<CiphersController> _logger;
|
2017-06-30 23:01:41 -04:00
|
|
|
|
private readonly GlobalSettings _globalSettings;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2016-06-07 20:05:27 -04:00
|
|
|
|
public CiphersController(
|
|
|
|
|
|
ICipherRepository cipherRepository,
|
2017-04-27 09:19:30 -04:00
|
|
|
|
ICollectionCipherRepository collectionCipherRepository,
|
2016-06-07 20:05:27 -04:00
|
|
|
|
ICipherService cipherService,
|
2017-04-12 12:42:00 -04:00
|
|
|
|
IUserService userService,
|
2021-02-22 15:35:16 -06:00
|
|
|
|
IAttachmentStorageService attachmentStorageService,
|
2021-08-05 08:50:41 -04:00
|
|
|
|
IProviderService providerService,
|
2021-02-04 12:54:21 -06:00
|
|
|
|
ICurrentContext currentContext,
|
2021-03-30 18:41:14 -05:00
|
|
|
|
ILogger<CiphersController> logger,
|
2017-06-30 23:01:41 -04:00
|
|
|
|
GlobalSettings globalSettings)
|
2016-06-07 20:05:27 -04:00
|
|
|
|
{
|
|
|
|
|
|
_cipherRepository = cipherRepository;
|
2017-04-27 09:19:30 -04:00
|
|
|
|
_collectionCipherRepository = collectionCipherRepository;
|
2016-06-07 20:05:27 -04:00
|
|
|
|
_cipherService = cipherService;
|
2017-01-24 22:46:54 -05:00
|
|
|
|
_userService = userService;
|
2021-02-22 15:35:16 -06:00
|
|
|
|
_attachmentStorageService = attachmentStorageService;
|
2021-08-05 08:50:41 -04:00
|
|
|
|
_providerService = providerService;
|
2017-04-12 12:42:00 -04:00
|
|
|
|
_currentContext = currentContext;
|
2021-03-30 18:41:14 -05:00
|
|
|
|
_logger = logger;
|
2017-06-30 23:01:41 -04:00
|
|
|
|
_globalSettings = globalSettings;
|
2016-06-07 20:05:27 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-30 23:01:41 -04:00
|
|
|
|
[HttpGet("{id}")]
|
|
|
|
|
|
public async Task<CipherResponseModel> Get(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-30 23:01:41 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
|
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-30 23:01:41 -04:00
|
|
|
|
throw new NotFoundException();
|
2016-06-07 20:05:27 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-06 23:23:01 -04:00
|
|
|
|
return new CipherResponseModel(cipher, _globalSettings);
|
2017-04-04 17:22:47 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-04-27 09:19:30 -04:00
|
|
|
|
[HttpGet("{id}/admin")]
|
|
|
|
|
|
public async Task<CipherMiniResponseModel> GetAdmin(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id));
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!await _currentContext.ViewAllCollections(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
throw new NotFoundException();
|
2017-04-04 17:22:47 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-24 09:28:38 -05:00
|
|
|
|
return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
|
2016-06-07 20:05:27 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-20 23:52:45 -04:00
|
|
|
|
[HttpGet("{id}/full-details")]
|
2017-11-24 09:28:38 -05:00
|
|
|
|
[HttpGet("{id}/details")]
|
2017-09-20 23:52:45 -04:00
|
|
|
|
public async Task<CipherDetailsResponseModel> GetDetails(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipherId = new Guid(id);
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(cipherId, userId);
|
|
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
throw new NotFoundException();
|
2018-10-19 12:07:31 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-11-24 09:28:38 -05:00
|
|
|
|
var collectionCiphers = await _collectionCipherRepository.GetManyByUserIdCipherIdAsync(userId, cipherId);
|
2022-07-25 09:56:23 +01:00
|
|
|
|
return new CipherDetailsResponseModel(cipher, _globalSettings, collectionCiphers);
|
2018-10-19 12:07:31 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("")]
|
|
|
|
|
|
public async Task<ListResponseModel<CipherDetailsResponseModel>> Get()
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-10-19 12:07:31 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var hasOrgs = _currentContext.Organizations?.Any() ?? false;
|
|
|
|
|
|
// TODO: Use hasOrgs proper for cipher listing here?
|
|
|
|
|
|
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, true || hasOrgs);
|
|
|
|
|
|
Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict = null;
|
|
|
|
|
|
if (hasOrgs)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-10-19 12:07:31 -04:00
|
|
|
|
var collectionCiphers = await _collectionCipherRepository.GetManyByUserIdAsync(userId);
|
2022-07-25 09:56:23 +01:00
|
|
|
|
collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
|
2018-10-19 12:07:31 -04:00
|
|
|
|
}
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var responses = ciphers.Select(c => new CipherDetailsResponseModel(c, _globalSettings,
|
|
|
|
|
|
collectionCiphersGroupDict)).ToList();
|
|
|
|
|
|
return new ListResponseModel<CipherDetailsResponseModel>(responses);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-10-19 12:07:31 -04:00
|
|
|
|
[HttpPost("")]
|
2020-11-23 08:48:05 -06:00
|
|
|
|
public async Task<CipherResponseModel> Post([FromBody] CipherRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = model.ToCipherDetails(userId);
|
|
|
|
|
|
if (cipher.OrganizationId.HasValue && !await _currentContext.OrganizationUser(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
throw new NotFoundException();
|
2022-08-29 14:53:16 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
await _cipherService.SaveDetailsAsync(cipher, userId, model.LastKnownRevisionDate, null, cipher.OrganizationId.HasValue);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
var response = new CipherResponseModel(cipher, _globalSettings);
|
|
|
|
|
|
return response;
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-20 23:52:45 -04:00
|
|
|
|
[HttpPost("create")]
|
2021-07-08 17:05:32 +02:00
|
|
|
|
public async Task<CipherResponseModel> PostCreate([FromBody] CipherCreateRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = model.Cipher.ToCipherDetails(userId);
|
|
|
|
|
|
if (cipher.OrganizationId.HasValue && !await _currentContext.OrganizationUser(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2022-06-21 08:25:54 -04:00
|
|
|
|
throw new NotFoundException();
|
2017-09-20 23:52:45 -04:00
|
|
|
|
}
|
2022-08-29 14:53:16 -04:00
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
await _cipherService.SaveDetailsAsync(cipher, userId, model.Cipher.LastKnownRevisionDate, model.CollectionIds, cipher.OrganizationId.HasValue);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
var response = new CipherResponseModel(cipher, _globalSettings);
|
|
|
|
|
|
return response;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-20 23:52:45 -04:00
|
|
|
|
[HttpPost("admin")]
|
2020-11-23 08:48:05 -06:00
|
|
|
|
public async Task<CipherMiniResponseModel> PostAdmin([FromBody] CipherCreateRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var cipher = model.Cipher.ToOrganizationCipher();
|
|
|
|
|
|
if (!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 15:53:48 -04:00
|
|
|
|
{
|
2020-11-23 08:48:05 -06:00
|
|
|
|
throw new NotFoundException();
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.SaveAsync(cipher, userId, model.Cipher.LastKnownRevisionDate, model.CollectionIds, true, false);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var response = new CipherMiniResponseModel(cipher, _globalSettings, false);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
return response;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
|
|
|
|
|
[HttpPut("{id}")]
|
2022-06-21 08:25:54 -04:00
|
|
|
|
[HttpPost("{id}")]
|
2017-09-20 23:52:45 -04:00
|
|
|
|
public async Task<CipherResponseModel> Put(Guid id, [FromBody] CipherRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(id, userId);
|
|
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-06-21 08:25:54 -04:00
|
|
|
|
var collectionIds = (await _collectionCipherRepository.GetManyByUserIdCipherIdAsync(userId, id)).Select(c => c.CollectionId).ToList();
|
|
|
|
|
|
var modelOrgId = string.IsNullOrWhiteSpace(model.OrganizationId) ?
|
|
|
|
|
|
(Guid?)null : new Guid(model.OrganizationId);
|
|
|
|
|
|
if (cipher.OrganizationId != modelOrgId)
|
2017-09-20 23:52:45 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Organization mismatch. Re-sync if you recently moved this item, " +
|
|
|
|
|
|
"then try again.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-06-21 08:25:54 -04:00
|
|
|
|
await _cipherService.SaveDetailsAsync(model.ToCipherDetails(cipher), userId, model.LastKnownRevisionDate, collectionIds);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
2022-06-21 08:25:54 -04:00
|
|
|
|
var response = new CipherResponseModel(cipher, _globalSettings);
|
|
|
|
|
|
return response;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
|
|
|
|
|
[HttpPut("{id}/admin")]
|
2022-06-21 08:25:54 -04:00
|
|
|
|
[HttpPost("{id}/admin")]
|
2017-09-20 23:52:45 -04:00
|
|
|
|
public async Task<CipherMiniResponseModel> PutAdmin(Guid id, [FromBody] CipherRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(id);
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
2021-10-05 11:12:05 -05:00
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-06-21 08:25:54 -04:00
|
|
|
|
var collectionIds = (await _collectionCipherRepository.GetManyByUserIdCipherIdAsync(userId, id)).Select(c => c.CollectionId).ToList();
|
|
|
|
|
|
// object cannot be a descendant of CipherDetails, so let's clone it.
|
2020-03-27 14:36:37 -04:00
|
|
|
|
var cipherClone = model.ToCipher(cipher).Clone();
|
2021-10-05 11:12:05 -05:00
|
|
|
|
await _cipherService.SaveAsync(cipherClone, userId, model.LastKnownRevisionDate, collectionIds, true, false);
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
2022-06-21 08:25:54 -04:00
|
|
|
|
var response = new CipherMiniResponseModel(cipherClone, _globalSettings, cipher.OrganizationUseTotp);
|
|
|
|
|
|
return response;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2017-09-20 23:52:45 -04:00
|
|
|
|
|
|
|
|
|
|
[HttpGet("organization-details")]
|
|
|
|
|
|
public async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganizationCollections(
|
|
|
|
|
|
string organizationId)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-20 23:52:45 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var orgIdGuid = new Guid(organizationId);
|
|
|
|
|
|
|
2018-10-22 14:07:17 -04:00
|
|
|
|
(IEnumerable<CipherOrganizationDetails> orgCiphers, Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict) = await _cipherService.GetOrganizationCiphers(userId, orgIdGuid);
|
2017-04-17 17:01:23 -04:00
|
|
|
|
|
2022-07-25 09:56:23 +01:00
|
|
|
|
var responses = orgCiphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
|
|
|
|
|
|
collectionCiphersGroupDict, c.OrganizationUseTotp));
|
2022-03-14 15:34:22 -04:00
|
|
|
|
|
2022-09-09 13:20:59 +02:00
|
|
|
|
var providerId = await _currentContext.ProviderIdForOrg(orgIdGuid);
|
|
|
|
|
|
if (providerId.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _providerService.LogProviderAccessToOrganizationAsync(orgIdGuid);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-14 15:34:22 -04:00
|
|
|
|
return new ListResponseModel<CipherMiniDetailsResponseModel>(responses);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2022-06-07 16:52:07 +01:00
|
|
|
|
|
2017-05-06 23:45:29 -04:00
|
|
|
|
[HttpPost("import")]
|
2017-04-17 17:01:23 -04:00
|
|
|
|
public async Task PostImport([FromBody] ImportCiphersRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-17 17:01:23 -04:00
|
|
|
|
if (!_globalSettings.SelfHosted &&
|
|
|
|
|
|
(model.Ciphers.Count() > 6000 || model.FolderRelationships.Count() > 6000 ||
|
2019-01-23 22:40:19 -05:00
|
|
|
|
model.Folders.Count() > 1000))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-17 17:01:23 -04:00
|
|
|
|
throw new BadRequestException("You cannot import this much data at once.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-13 09:12:00 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var folders = model.Folders.Select(f => f.ToFolder(userId)).ToList();
|
|
|
|
|
|
var ciphers = model.Ciphers.Select(c => c.ToCipherDetails(userId, false)).ToList();
|
2017-04-17 17:01:23 -04:00
|
|
|
|
await _cipherService.ImportCiphersAsync(folders, ciphers, model.FolderRelationships);
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-05 17:49:34 -04:00
|
|
|
|
[HttpPost("import-organization")]
|
|
|
|
|
|
public async Task PostImport([FromQuery] string organizationId,
|
2019-03-15 11:29:07 -04:00
|
|
|
|
[FromBody] ImportOrganizationCiphersRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2019-03-15 11:29:07 -04:00
|
|
|
|
if (!_globalSettings.SelfHosted &&
|
|
|
|
|
|
(model.Ciphers.Count() > 6000 || model.CollectionRelationships.Count() > 12000 ||
|
|
|
|
|
|
model.Collections.Count() > 1000))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2019-03-15 11:29:07 -04:00
|
|
|
|
throw new BadRequestException("You cannot import this much data at once.");
|
2017-04-12 14:42:19 -04:00
|
|
|
|
}
|
2016-06-08 22:19:08 -04:00
|
|
|
|
|
2018-10-22 14:07:17 -04:00
|
|
|
|
var orgId = new Guid(organizationId);
|
|
|
|
|
|
if (!await _currentContext.AccessImportExport(orgId))
|
2017-09-05 17:49:34 -04:00
|
|
|
|
{
|
2017-10-09 16:58:37 -04:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-06 09:06:13 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-09-28 13:11:56 -04:00
|
|
|
|
var collections = model.Collections.Select(c => c.ToCollection(orgId)).ToList();
|
2017-09-06 09:06:13 -04:00
|
|
|
|
var ciphers = model.Ciphers.Select(l => l.ToOrganizationCipherDetails(orgId)).ToList();
|
2021-07-08 17:05:32 +02:00
|
|
|
|
await _cipherService.ImportCiphersAsync(collections, ciphers, model.CollectionRelationships, userId);
|
2017-09-05 17:49:34 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-24 16:15:50 -04:00
|
|
|
|
[HttpPut("{id}/partial")]
|
|
|
|
|
|
[HttpPost("{id}/partial")]
|
|
|
|
|
|
public async Task PutPartial(string id, [FromBody] CipherPartialRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-09-05 17:49:34 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2017-09-28 13:11:56 -04:00
|
|
|
|
var folderId = string.IsNullOrWhiteSpace(model.FolderId) ? null : (Guid?)new Guid(model.FolderId);
|
2017-09-05 17:49:34 -04:00
|
|
|
|
await _cipherRepository.UpdatePartialAsync(new Guid(id), userId, folderId, model.Favorite);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-24 16:15:50 -04:00
|
|
|
|
[HttpPut("{id}/share")]
|
|
|
|
|
|
[HttpPost("{id}/share")]
|
|
|
|
|
|
public async Task<CipherResponseModel> PutShare(string id, [FromBody] CipherShareRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-03-24 16:15:50 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2021-07-08 17:05:32 +02:00
|
|
|
|
var cipherId = new Guid(id);
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(cipherId);
|
|
|
|
|
|
if (cipher == null || cipher.UserId != userId ||
|
2017-03-24 16:15:50 -04:00
|
|
|
|
!await _currentContext.OrganizationUser(new Guid(model.Cipher.OrganizationId)))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-08 17:05:32 +02:00
|
|
|
|
var original = cipher.Clone();
|
|
|
|
|
|
await _cipherService.ShareAsync(original, model.Cipher.ToCipher(cipher), new Guid(model.Cipher.OrganizationId),
|
2017-03-21 00:04:39 -04:00
|
|
|
|
model.CollectionIds.Select(c => new Guid(c)), userId, model.Cipher.LastKnownRevisionDate);
|
|
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var sharedCipher = await _cipherRepository.GetByIdAsync(cipherId, userId);
|
|
|
|
|
|
var response = new CipherResponseModel(sharedCipher, _globalSettings);
|
2018-10-23 16:12:31 -04:00
|
|
|
|
return response;
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2018-10-23 16:12:31 -04:00
|
|
|
|
|
2017-04-27 09:19:30 -04:00
|
|
|
|
[HttpPut("{id}/collections")]
|
|
|
|
|
|
[HttpPost("{id}/collections")]
|
2018-10-23 16:12:31 -04:00
|
|
|
|
public async Task PutCollections(string id, [FromBody] CipherCollectionsRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-10-23 16:12:31 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!await _currentContext.OrganizationUser(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-10-23 16:12:31 -04:00
|
|
|
|
throw new NotFoundException();
|
2017-03-21 00:04:39 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-10-22 14:07:17 -04:00
|
|
|
|
await _cipherService.SaveCollectionsAsync(cipher,
|
|
|
|
|
|
model.CollectionIds.Select(c => new Guid(c)), userId, false);
|
2017-04-17 23:12:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-10-22 14:07:17 -04:00
|
|
|
|
[HttpPut("{id}/collections-admin")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("{id}/collections-admin")]
|
2017-04-27 09:19:30 -04:00
|
|
|
|
public async Task PutCollectionsAdmin(string id, [FromBody] CipherCollectionsRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-27 09:19:30 -04:00
|
|
|
|
throw new NotFoundException();
|
2017-04-17 23:12:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-06-07 20:05:27 -04:00
|
|
|
|
await _cipherService.SaveCollectionsAsync(cipher,
|
|
|
|
|
|
model.CollectionIds.Select(c => new Guid(c)), userId, true);
|
2017-04-12 12:42:00 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-21 21:13:20 -04:00
|
|
|
|
[HttpDelete("{id}")]
|
2017-04-19 16:00:47 -04:00
|
|
|
|
[HttpPost("{id}/delete")]
|
2017-03-24 09:27:15 -04:00
|
|
|
|
public async Task Delete(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-03-21 21:13:20 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
|
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-03-21 21:13:20 -04:00
|
|
|
|
throw new NotFoundException();
|
2016-06-07 20:05:27 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-10-22 14:07:17 -04:00
|
|
|
|
await _cipherService.DeleteAsync(cipher, userId);
|
2016-06-07 20:05:27 -04:00
|
|
|
|
}
|
2017-04-19 16:00:47 -04:00
|
|
|
|
|
2017-06-09 00:30:59 -04:00
|
|
|
|
[HttpDelete("{id}/admin")]
|
|
|
|
|
|
[HttpPost("{id}/delete-admin")]
|
2017-04-19 16:00:47 -04:00
|
|
|
|
public async Task DeleteAdmin(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-19 16:00:47 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-04-19 16:00:47 -04:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _cipherService.DeleteAsync(cipher, userId, true);
|
|
|
|
|
|
}
|
2017-06-09 00:30:59 -04:00
|
|
|
|
|
|
|
|
|
|
[HttpDelete("")]
|
|
|
|
|
|
[HttpPost("delete")]
|
|
|
|
|
|
public async Task DeleteMany([FromBody] CipherBulkDeleteRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-09 00:30:59 -04:00
|
|
|
|
if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-09 00:30:59 -04:00
|
|
|
|
throw new BadRequestException("You can only delete up to 500 items at a time. " +
|
|
|
|
|
|
"Consider using the \"Purge Vault\" option instead.");
|
2017-10-09 16:58:37 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-09 00:30:59 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.DeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId);
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-09 00:30:59 -04:00
|
|
|
|
[HttpDelete("admin")]
|
2021-10-05 11:12:05 -05:00
|
|
|
|
[HttpPost("delete-admin")]
|
|
|
|
|
|
public async Task DeleteManyAdmin([FromBody] CipherBulkDeleteRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-10-05 11:12:05 -05:00
|
|
|
|
if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-10-05 11:12:05 -05:00
|
|
|
|
throw new BadRequestException("You can only delete up to 500 items at a time. " +
|
|
|
|
|
|
"Consider using the \"Purge Vault\" option instead.");
|
2017-06-09 00:30:59 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-07-22 11:38:53 -05:00
|
|
|
|
if (model == null || string.IsNullOrWhiteSpace(model.OrganizationId) ||
|
|
|
|
|
|
!await _currentContext.EditAnyCollection(new Guid(model.OrganizationId)))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-05 11:12:05 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.DeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId, new Guid(model.OrganizationId), true);
|
2020-07-22 11:38:53 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-01 13:00:25 -04:00
|
|
|
|
[HttpPut("{id}/delete")]
|
|
|
|
|
|
public async Task PutDelete(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-07-22 11:38:53 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
2020-04-01 13:00:25 -04:00
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-07-22 11:38:53 -05:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
2020-04-01 13:00:25 -04:00
|
|
|
|
await _cipherService.SoftDeleteAsync(cipher, userId);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2020-07-22 11:38:53 -05:00
|
|
|
|
|
2020-04-01 13:00:25 -04:00
|
|
|
|
[HttpPut("{id}/delete-admin")]
|
|
|
|
|
|
public async Task PutDeleteAdmin(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-04-01 13:00:25 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _cipherService.SoftDeleteAsync(cipher, userId, true);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("delete")]
|
2020-07-22 11:38:53 -05:00
|
|
|
|
public async Task PutDeleteMany([FromBody] CipherBulkDeleteRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-07-22 11:38:53 -05:00
|
|
|
|
if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-07-22 11:38:53 -05:00
|
|
|
|
throw new BadRequestException("You can only delete up to 500 items at a time.");
|
2020-04-01 13:00:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.SoftDeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId);
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-07-22 11:38:53 -05:00
|
|
|
|
[HttpPut("delete-admin")]
|
2021-10-05 11:12:05 -05:00
|
|
|
|
public async Task PutDeleteManyAdmin([FromBody] CipherBulkDeleteRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-10-05 11:12:05 -05:00
|
|
|
|
if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-10-05 11:12:05 -05:00
|
|
|
|
throw new BadRequestException("You can only delete up to 500 items at a time.");
|
2020-04-01 13:00:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-07-22 11:38:53 -05:00
|
|
|
|
if (model == null || string.IsNullOrWhiteSpace(model.OrganizationId) ||
|
|
|
|
|
|
!await _currentContext.EditAnyCollection(new Guid(model.OrganizationId)))
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-05 11:12:05 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.SoftDeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId, new Guid(model.OrganizationId), true);
|
2020-07-22 11:38:53 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-01 13:00:25 -04:00
|
|
|
|
[HttpPut("{id}/restore")]
|
|
|
|
|
|
public async Task<CipherResponseModel> PutRestore(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-07-22 11:38:53 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
2020-04-01 13:00:25 -04:00
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-07-22 11:38:53 -05:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-10-22 14:07:17 -04:00
|
|
|
|
await _cipherService.RestoreAsync(cipher, userId);
|
2021-01-08 08:52:42 -06:00
|
|
|
|
return new CipherResponseModel(cipher, _globalSettings);
|
2020-04-01 13:00:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("{id}/restore-admin")]
|
2021-01-08 08:52:42 -06:00
|
|
|
|
public async Task<CipherMiniResponseModel> PutRestoreAdmin(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-01-08 08:52:42 -06:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id));
|
|
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
|
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-01-08 08:52:42 -06:00
|
|
|
|
throw new NotFoundException();
|
2020-04-01 13:00:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _cipherService.RestoreAsync(cipher, userId, true);
|
2021-01-08 08:52:42 -06:00
|
|
|
|
return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-08 08:52:42 -06:00
|
|
|
|
[HttpPut("restore")]
|
|
|
|
|
|
public async Task<ListResponseModel<CipherResponseModel>> PutRestoreMany([FromBody] CipherBulkRestoreRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-01-08 08:52:42 -06:00
|
|
|
|
if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-01-08 08:52:42 -06:00
|
|
|
|
throw new BadRequestException("You can only restore up to 500 items at a time.");
|
2020-04-01 13:00:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-01-08 08:52:42 -06:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipherIdsToRestore = new HashSet<Guid>(model.Ids.Select(i => new Guid(i)));
|
2020-04-01 13:00:25 -04:00
|
|
|
|
|
|
|
|
|
|
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId);
|
2021-01-08 08:52:42 -06:00
|
|
|
|
var restoringCiphers = ciphers.Where(c => cipherIdsToRestore.Contains(c.Id) && c.Edit);
|
|
|
|
|
|
|
|
|
|
|
|
await _cipherService.RestoreManyAsync(restoringCiphers, userId);
|
|
|
|
|
|
var responses = restoringCiphers.Select(c => new CipherResponseModel(c, _globalSettings));
|
|
|
|
|
|
return new ListResponseModel<CipherResponseModel>(responses);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2021-01-08 08:52:42 -06:00
|
|
|
|
|
2017-06-09 00:30:59 -04:00
|
|
|
|
[HttpPut("move")]
|
2021-01-08 08:52:42 -06:00
|
|
|
|
[HttpPost("move")]
|
|
|
|
|
|
public async Task MoveMany([FromBody] CipherBulkMoveRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-01-08 08:52:42 -06:00
|
|
|
|
if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-01-08 08:52:42 -06:00
|
|
|
|
throw new BadRequestException("You can only move up to 500 items at a time.");
|
2020-04-01 13:00:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-09 09:48:44 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
await _cipherService.MoveManyAsync(model.Ids.Select(i => new Guid(i)),
|
|
|
|
|
|
string.IsNullOrWhiteSpace(model.FolderId) ? (Guid?)null : new Guid(model.FolderId), userId);
|
2017-06-09 00:30:59 -04:00
|
|
|
|
}
|
2017-06-15 15:34:12 -04:00
|
|
|
|
|
2018-06-13 14:03:44 -04:00
|
|
|
|
[HttpPut("share")]
|
|
|
|
|
|
[HttpPost("share")]
|
|
|
|
|
|
public async Task PutShareMany([FromBody] CipherBulkShareRequestModel model)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-06-13 14:03:44 -04:00
|
|
|
|
var organizationId = new Guid(model.Ciphers.First().OrganizationId);
|
|
|
|
|
|
if (!await _currentContext.OrganizationUser(organizationId))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-06-13 14:03:44 -04:00
|
|
|
|
throw new NotFoundException();
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
2022-08-29 14:53:16 -04:00
|
|
|
|
|
2018-06-13 14:03:44 -04:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, false);
|
|
|
|
|
|
var ciphersDict = ciphers.ToDictionary(c => c.Id);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2018-06-13 14:03:44 -04:00
|
|
|
|
var shareCiphers = new List<(Cipher, DateTime?)>();
|
|
|
|
|
|
foreach (var cipher in model.Ciphers)
|
|
|
|
|
|
{
|
2021-07-08 17:05:32 +02:00
|
|
|
|
if (!ciphersDict.ContainsKey(cipher.Id.Value))
|
2018-06-13 14:03:44 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Trying to move ciphers that you do not own.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
shareCiphers.Add((cipher.ToCipher(ciphersDict[cipher.Id.Value]), cipher.LastKnownRevisionDate));
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2018-06-13 14:03:44 -04:00
|
|
|
|
|
2020-11-23 08:48:05 -06:00
|
|
|
|
await _cipherService.ShareManyAsync(shareCiphers, organizationId,
|
2021-06-21 19:27:11 -04:00
|
|
|
|
model.CollectionIds.Select(c => new Guid(c)), userId);
|
2018-06-13 14:03:44 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-25 21:26:09 -04:00
|
|
|
|
[HttpPost("purge")]
|
2020-11-23 08:48:05 -06:00
|
|
|
|
public async Task PostPurge([FromBody] SecretVerificationRequestModel model, string organizationId = null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-11-23 08:48:05 -06:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (user == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-11-23 08:48:05 -06:00
|
|
|
|
throw new UnauthorizedAccessException();
|
2018-06-13 14:03:44 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!await _userService.VerifySecretAsync(user, model.Secret))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-06-13 14:03:44 -04:00
|
|
|
|
ModelState.AddModelError(string.Empty, "User verification failed.");
|
2021-11-09 16:37:32 +01:00
|
|
|
|
await Task.Delay(2000);
|
2018-06-13 14:03:44 -04:00
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-11-09 16:37:32 +01:00
|
|
|
|
if (string.IsNullOrWhiteSpace(organizationId))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-11-09 16:37:32 +01:00
|
|
|
|
await _cipherRepository.DeleteByUserIdAsync(user.Id);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2021-11-09 16:37:32 +01:00
|
|
|
|
else
|
2017-10-25 21:26:09 -04:00
|
|
|
|
{
|
2017-10-25 21:38:54 -04:00
|
|
|
|
var orgId = new Guid(organizationId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!await _currentContext.EditAnyCollection(orgId))
|
2017-10-25 21:38:54 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
2018-09-25 09:12:50 -04:00
|
|
|
|
await _cipherService.PurgeAsync(orgId);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-10-25 21:38:54 -04:00
|
|
|
|
|
2021-11-09 16:37:32 +01:00
|
|
|
|
[HttpPost("{id}/attachment/v2")]
|
|
|
|
|
|
public async Task<AttachmentUploadDataResponseModel> PostAttachment(string id, [FromBody] AttachmentRequestModel request)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-11-09 16:37:32 +01:00
|
|
|
|
var idGuid = new Guid(id);
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = request.AdminRequest ?
|
|
|
|
|
|
await _cipherRepository.GetOrganizationDetailsByIdAsync(idGuid) :
|
|
|
|
|
|
await _cipherRepository.GetByIdAsync(idGuid, userId);
|
2017-10-25 21:38:54 -04:00
|
|
|
|
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (cipher == null || (request.AdminRequest && (!cipher.OrganizationId.HasValue ||
|
2021-10-05 11:12:05 -05:00
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))))
|
2018-09-25 09:12:50 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new NotFoundException();
|
2017-10-25 21:26:09 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-03-30 18:41:14 -05:00
|
|
|
|
if (request.FileSize > CipherService.MAX_FILE_SIZE)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException($"Max file size is {CipherService.MAX_FILE_SIZE_READABLE}.");
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2021-03-30 18:41:14 -05:00
|
|
|
|
|
|
|
|
|
|
var (attachmentId, uploadUrl) = await _cipherService.CreateAttachmentForDelayedUploadAsync(cipher,
|
2021-12-14 15:05:07 +00:00
|
|
|
|
request.Key, request.FileName, request.FileSize, request.AdminRequest, userId);
|
|
|
|
|
|
return new AttachmentUploadDataResponseModel
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-12-14 15:05:07 +00:00
|
|
|
|
AttachmentId = attachmentId,
|
2021-03-30 18:41:14 -05:00
|
|
|
|
Url = uploadUrl,
|
2021-12-14 15:05:07 +00:00
|
|
|
|
FileUploadType = _attachmentStorageService.FileUploadType,
|
2021-03-30 18:41:14 -05:00
|
|
|
|
CipherResponse = request.AdminRequest ? null : new CipherResponseModel((CipherDetails)cipher, _globalSettings),
|
|
|
|
|
|
CipherMiniResponse = request.AdminRequest ? new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp) : null,
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("{id}/attachment/{attachmentId}/renew")]
|
|
|
|
|
|
public async Task<AttachmentUploadDataResponseModel> RenewFileUploadUrl(string id, string attachmentId)
|
|
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipherId = new Guid(id);
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(cipherId, userId);
|
|
|
|
|
|
var attachments = cipher?.GetAttachments();
|
|
|
|
|
|
|
2021-12-14 15:05:07 +00:00
|
|
|
|
if (attachments == null || !attachments.ContainsKey(attachmentId) || attachments[attachmentId].Validated)
|
2022-08-29 15:53:48 -04:00
|
|
|
|
{
|
2021-03-30 18:41:14 -05:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return new AttachmentUploadDataResponseModel
|
|
|
|
|
|
{
|
|
|
|
|
|
Url = await _attachmentStorageService.GetAttachmentUploadUrlAsync(cipher, attachments[attachmentId]),
|
|
|
|
|
|
FileUploadType = _attachmentStorageService.FileUploadType,
|
|
|
|
|
|
};
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2021-03-30 18:41:14 -05:00
|
|
|
|
|
2021-04-26 14:36:06 -05:00
|
|
|
|
[HttpPost("{id}/attachment/{attachmentId}")]
|
|
|
|
|
|
[SelfHosted(SelfHostedOnly = true)]
|
|
|
|
|
|
[RequestSizeLimit(Constants.FileSize501mb)]
|
|
|
|
|
|
[DisableFormValueModelBinding]
|
|
|
|
|
|
public async Task PostFileForExistingAttachment(string id, string attachmentId)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-04-26 14:36:06 -05:00
|
|
|
|
if (!Request?.ContentType.Contains("multipart/") ?? true)
|
2022-08-29 14:53:16 -04:00
|
|
|
|
{
|
2021-03-30 18:41:14 -05:00
|
|
|
|
throw new BadRequestException("Invalid content.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
|
|
|
|
|
var attachments = cipher?.GetAttachments();
|
|
|
|
|
|
if (attachments == null || !attachments.ContainsKey(attachmentId))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-03-30 18:41:14 -05:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
var attachmentData = attachments[attachmentId];
|
|
|
|
|
|
|
|
|
|
|
|
await Request.GetFileAsync(async (stream) =>
|
|
|
|
|
|
{
|
|
|
|
|
|
await _cipherService.UploadFileForExistingAttachmentAsync(stream, cipher, attachmentData);
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("{id}/attachment")]
|
|
|
|
|
|
[Obsolete("Deprecated Attachments API", false)]
|
|
|
|
|
|
[RequestSizeLimit(Constants.FileSize101mb)]
|
2017-06-15 15:34:12 -04:00
|
|
|
|
[DisableFormValueModelBinding]
|
2021-03-30 18:41:14 -05:00
|
|
|
|
public async Task<CipherResponseModel> PostAttachment(string id)
|
|
|
|
|
|
{
|
|
|
|
|
|
ValidateAttachment();
|
|
|
|
|
|
|
|
|
|
|
|
var idGuid = new Guid(id);
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(idGuid, userId);
|
2017-07-10 14:30:12 -04:00
|
|
|
|
if (cipher == null)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-03-30 18:41:14 -05:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-12 14:42:39 -04:00
|
|
|
|
await Request.GetFileAsync(async (stream, fileName, key) =>
|
2017-06-15 15:34:12 -04:00
|
|
|
|
{
|
2017-07-10 14:30:12 -04:00
|
|
|
|
await _cipherService.CreateAttachmentAsync(cipher, stream, fileName, key,
|
|
|
|
|
|
Request.ContentLength.GetValueOrDefault(0), userId);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
});
|
2017-07-10 14:30:12 -04:00
|
|
|
|
|
|
|
|
|
|
return new CipherResponseModel(cipher, _globalSettings);
|
2017-06-15 15:34:12 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-11-14 17:19:04 -05:00
|
|
|
|
[HttpPost("{id}/attachment-admin")]
|
|
|
|
|
|
[RequestSizeLimit(Constants.FileSize101mb)]
|
|
|
|
|
|
[DisableFormValueModelBinding]
|
|
|
|
|
|
public async Task<CipherMiniResponseModel> PostAttachmentAdmin(string id)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-07-10 14:30:12 -04:00
|
|
|
|
ValidateAttachment();
|
2017-07-12 14:42:39 -04:00
|
|
|
|
|
|
|
|
|
|
var idGuid = new Guid(id);
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(idGuid);
|
2019-05-01 09:38:13 -04:00
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
2017-07-12 14:42:39 -04:00
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2019-05-01 09:38:13 -04:00
|
|
|
|
throw new NotFoundException();
|
2017-07-10 14:30:12 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-05-01 09:38:13 -04:00
|
|
|
|
await Request.GetFileAsync(async (stream, fileName, key) =>
|
2018-02-24 14:29:11 -05:00
|
|
|
|
{
|
|
|
|
|
|
await _cipherService.CreateAttachmentAsync(cipher, stream, fileName, key,
|
|
|
|
|
|
Request.ContentLength.GetValueOrDefault(0), userId, true);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
});
|
2018-02-24 14:29:11 -05:00
|
|
|
|
|
2019-05-01 09:38:13 -04:00
|
|
|
|
return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
|
2018-02-24 14:29:11 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-22 15:35:16 -06:00
|
|
|
|
[HttpGet("{id}/attachment/{attachmentId}")]
|
2018-11-14 17:19:04 -05:00
|
|
|
|
public async Task<AttachmentResponseModel> GetAttachmentData(string id, string attachmentId)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-11-14 17:19:04 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
|
|
|
|
|
var result = await _cipherService.GetAttachmentDownloadDataAsync(cipher, attachmentId);
|
2019-02-12 11:49:35 -05:00
|
|
|
|
return new AttachmentResponseModel(result);
|
2018-02-24 14:29:11 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-05-01 09:38:13 -04:00
|
|
|
|
[HttpPost("{id}/attachment/{attachmentId}/share")]
|
|
|
|
|
|
[RequestSizeLimit(Constants.FileSize101mb)]
|
|
|
|
|
|
[DisableFormValueModelBinding]
|
|
|
|
|
|
public async Task PostAttachmentShare(string id, string attachmentId, Guid organizationId)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2019-05-01 09:38:13 -04:00
|
|
|
|
ValidateAttachment();
|
2018-02-24 14:29:11 -05:00
|
|
|
|
|
2021-02-22 15:35:16 -06:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
|
|
|
|
|
if (cipher == null || cipher.UserId != userId || !await _currentContext.OrganizationUser(organizationId))
|
|
|
|
|
|
{
|
2022-02-07 15:46:20 +01:00
|
|
|
|
throw new NotFoundException();
|
2021-02-22 15:35:16 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-10 14:30:12 -04:00
|
|
|
|
await Request.GetFileAsync(async (stream, fileName, key) =>
|
|
|
|
|
|
{
|
2018-02-24 14:29:11 -05:00
|
|
|
|
await _cipherService.CreateAttachmentShareAsync(cipher, stream,
|
|
|
|
|
|
Request.ContentLength.GetValueOrDefault(0), attachmentId, organizationId);
|
2022-08-29 15:53:48 -04:00
|
|
|
|
});
|
2018-02-24 14:29:11 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpDelete("{id}/attachment/{attachmentId}")]
|
|
|
|
|
|
[HttpPost("{id}/attachment/{attachmentId}/delete")]
|
2019-02-12 11:49:35 -05:00
|
|
|
|
public async Task DeleteAttachment(string id, string attachmentId)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2017-06-15 15:34:12 -04:00
|
|
|
|
var idGuid = new Guid(id);
|
2019-02-12 11:49:35 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
2018-11-14 17:19:04 -05:00
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(idGuid, userId);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (cipher == null)
|
2022-08-29 14:53:16 -04:00
|
|
|
|
{
|
2018-02-24 14:29:11 -05:00
|
|
|
|
throw new NotFoundException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-07 11:07:22 -04:00
|
|
|
|
await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, false);
|
2022-08-29 14:53:16 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-15 15:34:12 -04:00
|
|
|
|
[HttpDelete("{id}/attachment/{attachmentId}/admin")]
|
|
|
|
|
|
[HttpPost("{id}/attachment/{attachmentId}/delete-admin")]
|
2021-03-30 18:41:14 -05:00
|
|
|
|
public async Task DeleteAttachmentAdmin(string id, string attachmentId)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-02-24 14:29:11 -05:00
|
|
|
|
var idGuid = new Guid(id);
|
2021-03-30 18:41:14 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User).Value;
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(idGuid);
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (cipher == null || !cipher.OrganizationId.HasValue ||
|
2021-03-30 18:41:14 -05:00
|
|
|
|
!await _currentContext.EditAnyCollection(cipher.OrganizationId.Value))
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2018-02-24 14:29:11 -05:00
|
|
|
|
throw new NotFoundException();
|
2022-08-29 15:53:48 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-07 11:07:22 -04:00
|
|
|
|
await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, true);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-03-30 18:41:14 -05:00
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[HttpPost("attachment/validate/azure")]
|
|
|
|
|
|
public async Task<ObjectResult> AzureValidateFile()
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-03-30 18:41:14 -05:00
|
|
|
|
return await ApiHelpers.HandleAzureEvents(Request, new Dictionary<string, Func<EventGridEvent, Task>>
|
|
|
|
|
|
{
|
|
|
|
|
|
{
|
|
|
|
|
|
"Microsoft.Storage.BlobCreated", async (eventGridEvent) =>
|
|
|
|
|
|
{
|
2022-08-29 16:06:55 -04:00
|
|
|
|
try
|
2021-03-30 18:41:14 -05:00
|
|
|
|
{
|
|
|
|
|
|
var blobName = eventGridEvent.Subject.Split($"{AzureAttachmentStorageService.EventGridEnabledContainerName}/blobs/")[1];
|
|
|
|
|
|
var (cipherId, organizationId, attachmentId) = AzureAttachmentStorageService.IdentifiersFromBlobName(blobName);
|
|
|
|
|
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(cipherId));
|
|
|
|
|
|
var attachments = cipher?.GetAttachments() ?? new Dictionary<string, CipherAttachment.MetaData>();
|
2022-08-29 15:53:48 -04:00
|
|
|
|
|
2021-03-30 18:41:14 -05:00
|
|
|
|
if (cipher == null || !attachments.ContainsKey(attachmentId) || attachments[attachmentId].Validated)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2021-03-30 18:41:14 -05:00
|
|
|
|
if (_attachmentStorageService is AzureSendFileStorageService azureFileStorageService)
|
|
|
|
|
|
{
|
|
|
|
|
|
await azureFileStorageService.DeleteBlobAsync(blobName);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2022-08-29 16:06:55 -04:00
|
|
|
|
|
2021-03-30 18:41:14 -05:00
|
|
|
|
await _cipherService.ValidateCipherAttachmentFile(cipher, attachments[attachmentId]);
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2021-03-30 18:41:14 -05:00
|
|
|
|
catch (Exception e)
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2022-01-21 09:36:25 -05:00
|
|
|
|
_logger.LogError(e, $"Uncaught exception occurred while handling event grid event: {JsonSerializer.Serialize(eventGridEvent)}");
|
2022-08-29 16:06:55 -04:00
|
|
|
|
return;
|
2021-03-30 18:41:14 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-08-29 16:06:55 -04:00
|
|
|
|
}
|
2021-03-30 18:41:14 -05:00
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-10 14:30:12 -04:00
|
|
|
|
private void ValidateAttachment()
|
2022-08-29 16:06:55 -04:00
|
|
|
|
{
|
2020-03-27 14:36:37 -04:00
|
|
|
|
if (!Request?.ContentType.Contains("multipart/") ?? true)
|
2017-07-10 14:30:12 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid content.");
|
|
|
|
|
|
}
|
2016-06-07 20:05:27 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
