src/Api/Controllers/LoginsController.cs

using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Bit.Core.Repositories;
using Microsoft.AspNetCore.Authorization;
using Bit.Core.Models.Api;
using Bit.Core.Exceptions;
using Bit.Core.Services;
using Bit.Core;

namespace Bit.Api.Controllers
{
    [Route("logins")]
    // "sites" route is deprecated
    [Route("sites")]
    [Authorize("Application")]
    public class LoginsController : Controller
    {
        private readonly ICipherRepository _cipherRepository;
        private readonly ICipherService _cipherService;
        private readonly IUserService _userService;
        private readonly CurrentContext _currentContext;
        private readonly GlobalSettings _globalSettings;

        public LoginsController(
            ICipherRepository cipherRepository,
            ICipherService cipherService,
            IUserService userService,
            CurrentContext currentContext,
            GlobalSettings globalSettings)
        {
            _cipherRepository = cipherRepository;
            _cipherService = cipherService;
            _userService = userService;
            _currentContext = currentContext;
            _globalSettings = globalSettings;
        }

        [HttpGet("{id}")]
        public async Task<LoginResponseModel> Get(string id)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
            if(login == null || login.Type != Core.Enums.CipherType.Login)
            {
                throw new NotFoundException();
            }

            var response = new LoginResponseModel(login, _globalSettings);
            return response;
        }

        [HttpGet("{id}/admin")]
        public async Task<LoginResponseModel> GetAdmin(string id)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
            if(login == null || !login.OrganizationId.HasValue ||
                !_currentContext.OrganizationAdmin(login.OrganizationId.Value))
            {
                throw new NotFoundException();
            }

            var response = new LoginResponseModel(login, _globalSettings, login.OrganizationUseTotp);
            return response;
        }

        [HttpGet("")]
        public async Task<ListResponseModel<LoginResponseModel>> Get(string[] expand = null)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var logins = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Login, userId);
            var responses = logins.Select(l => new LoginResponseModel(l, _globalSettings)).ToList();
            return new ListResponseModel<LoginResponseModel>(responses);
        }

        [HttpPost("")]
        public async Task<LoginResponseModel> Post([FromBody]LoginRequestModel model)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = model.ToCipherDetails(userId);
            await _cipherService.SaveDetailsAsync(login, userId);

            var response = new LoginResponseModel(login, _globalSettings);
            return response;
        }

        [HttpPost("admin")]
        public async Task<LoginResponseModel> PostAdmin([FromBody]LoginRequestModel model)
        {
            var login = model.ToOrganizationCipher();
            if(!_currentContext.OrganizationAdmin(login.OrganizationId.Value))
            {
                throw new NotFoundException();
            }

            var userId = _userService.GetProperUserId(User).Value;
            await _cipherService.SaveAsync(login, userId, true);

            var response = new LoginResponseModel(login, _globalSettings, false);
            return response;
        }

        [HttpPut("{id}")]
        [HttpPost("{id}")]
        public async Task<LoginResponseModel> Put(string id, [FromBody]LoginRequestModel model)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
            if(login == null || login.Type != Core.Enums.CipherType.Login)
            {
                throw new NotFoundException();
            }

            var modelOrgId = string.IsNullOrWhiteSpace(model.OrganizationId) ? (Guid?)null : new Guid(model.OrganizationId);
            if(login.OrganizationId != modelOrgId)
            {
                throw new BadRequestException("Organization mismatch. Re-sync if you recently shared this login, " +
                    "then try again.");
            }

            await _cipherService.SaveDetailsAsync(model.ToCipherDetails(login), userId);

            var response = new LoginResponseModel(login, _globalSettings);
            return response;
        }

        [HttpPut("{id}/admin")]
        [HttpPost("{id}/admin")]
        public async Task<LoginResponseModel> PutAdmin(string id, [FromBody]LoginRequestModel model)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
            if(login == null || !login.OrganizationId.HasValue ||
                !_currentContext.OrganizationAdmin(login.OrganizationId.Value))
            {
                throw new NotFoundException();
            }

            // object cannot be a descendant of CipherDetails, so let's clone it.
            var cipher = Core.Utilities.CoreHelpers.CloneObject(model.ToCipher(login));
            await _cipherService.SaveAsync(cipher, userId, true);

            var response = new LoginResponseModel(cipher, _globalSettings, login.OrganizationUseTotp);
            return response;
        }

        [HttpDelete("{id}")]
        [HttpPost("{id}/delete")]
        public async Task Delete(string id)
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
            if(login == null || login.Type != Core.Enums.CipherType.Login)
            {
                throw new NotFoundException();
            }

            await _cipherService.DeleteAsync(login, userId);
        }
    }
}
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								using System;
 								using System.Linq;
 								using System.Threading.Tasks;
-												Upgrade to ASP.NET Core RC2 release.

											
										
										
											2016-05-19 19:10:24 -04:00
+								using Microsoft.AspNetCore.Mvc;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								using Bit.Core.Repositories;
-												Upgrade to ASP.NET Core RC2 release.

											
										
										
											2016-05-19 19:10:24 -04:00
+								using Microsoft.AspNetCore.Authorization;
-												move all models into core

											
										
										
											2017-03-08 21:55:08 -05:00
+								using Bit.Core.Models.Api;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								using Bit.Core.Exceptions;
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								using Bit.Core.Services;
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								using Bit.Core;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
 								namespace Bit.Api.Controllers
 								{
-												Refactor naming: Sites => Logins

											
										
										
											2017-01-02 21:52:13 -05:00
+								    [Route("logins")]
-												equivalent domains APIs and data models

											
										
										
											2017-01-09 22:20:34 -05:00
+								    // "sites" route is deprecated
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    [Route("sites")]
 								    [Authorize("Application")]
-												Refactor naming: Sites => Logins

											
										
										
											2017-01-02 21:52:13 -05:00
+								    public class LoginsController : Controller
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    {
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								        private readonly ICipherRepository _cipherRepository;
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								        private readonly ICipherService _cipherService;
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        private readonly IUserService _userService;
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								        private readonly CurrentContext _currentContext;
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								        private readonly GlobalSettings _globalSettings;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												Refactor naming: Sites => Logins

											
										
										
											2017-01-02 21:52:13 -05:00
+								        public LoginsController(
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								            ICipherRepository cipherRepository,
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            ICipherService cipherService,
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            IUserService userService,
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								            CurrentContext currentContext,
 								            GlobalSettings globalSettings)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												refactored data storage to use cipher table. added history table and insert triggers.

											
										
										
											2016-05-21 17:16:22 -04:00
+								            _cipherRepository = cipherRepository;
-												added push events and moved cipher writing to cipher service.

											
										
										
											2016-06-29 01:15:37 -04:00
+								            _cipherService = cipherService;
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            _userService = userService;
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            _currentContext = currentContext;
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								            _globalSettings = globalSettings;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        }
 								        [HttpGet("{id}")]
-												CipherDetails Edit property

											
										
										
											2017-05-06 23:23:01 -04:00
+								        public async Task<LoginResponseModel> Get(string id)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												cipher share data and key response

											
										
										
											2017-02-18 01:17:09 -05:00
+								            var userId = _userService.GetProperUserId(User).Value;
-												CipherDetails Edit property

											
										
										
											2017-05-06 23:23:01 -04:00
+								            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
-												Refactor naming: Sites => Logins

											
										
										
											2017-01-02 21:52:13 -05:00
+								            if(login == null || login.Type != Core.Enums.CipherType.Login)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								            var response = new LoginResponseModel(login, _globalSettings);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            return response;
 								        }
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								        [HttpGet("{id}/admin")]
 								        public async Task<LoginResponseModel> GetAdmin(string id)
 								        {
-												org totp and storage flags

											
										
										
											2017-07-07 14:08:30 -04:00
+								            var userId = _userService.GetProperUserId(User).Value;
 								            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            if(login == null || !login.OrganizationId.HasValue ||
 								                !_currentContext.OrganizationAdmin(login.OrganizationId.Value))
 								            {
 								                throw new NotFoundException();
 								            }
-												org totp and storage flags

											
										
										
											2017-07-07 14:08:30 -04:00
+								            var response = new LoginResponseModel(login, _globalSettings, login.OrganizationUseTotp);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            return response;
 								        }
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        [HttpGet("")]
-												add back folder expand for backwards compat.

											
										
										
											2017-04-28 16:06:25 -04:00
+								        public async Task<ListResponseModel<LoginResponseModel>> Get(string[] expand = null)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												cipher share data and key response

											
										
										
											2017-02-18 01:17:09 -05:00
+								            var userId = _userService.GetProperUserId(User).Value;
-												remove deprecated code

											
										
										
											2017-06-13 09:12:00 -04:00
+								            var logins = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Login, userId);
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								            var responses = logins.Select(l => new LoginResponseModel(l, _globalSettings)).ToList();
-												remove old share solution code

											
										
										
											2017-02-28 22:51:29 -05:00
+								            return new ListResponseModel<LoginResponseModel>(responses);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        }
 								        [HttpPost("")]
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								        public async Task<LoginResponseModel> Post([FromBody]LoginRequestModel model)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												cipher share data and key response

											
										
										
											2017-02-18 01:17:09 -05:00
+								            var userId = _userService.GetProperUserId(User).Value;
-												cipher details create/update

											
										
										
											2017-03-18 23:41:46 -04:00
+								            var login = model.ToCipherDetails(userId);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            await _cipherService.SaveDetailsAsync(login, userId);
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								            var response = new LoginResponseModel(login, _globalSettings);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            return response;
 								        }
 								        [HttpPost("admin")]
 								        public async Task<LoginResponseModel> PostAdmin([FromBody]LoginRequestModel model)
 								        {
 								            var login = model.ToOrganizationCipher();
 								            if(!_currentContext.OrganizationAdmin(login.OrganizationId.Value))
 								            {
 								                throw new NotFoundException();
 								            }
 								            var userId = _userService.GetProperUserId(User).Value;
 								            await _cipherService.SaveAsync(login, userId, true);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												org totp and storage flags

											
										
										
											2017-07-07 14:08:30 -04:00
+								            var response = new LoginResponseModel(login, _globalSettings, false);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            return response;
 								        }
 								        [HttpPut("{id}")]
-												Added POST route endpoints for all PUT and DELETE operations to allow for vault to avoid preflight.

											
										
										
											2016-07-13 21:43:48 -04:00
+								        [HttpPost("{id}")]
-												refactor for cipher details, folders, favorites

											
										
										
											2017-03-18 11:58:02 -04:00
+								        public async Task<LoginResponseModel> Put(string id, [FromBody]LoginRequestModel model)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
-												cipher share data and key response

											
										
										
											2017-02-18 01:17:09 -05:00
+								            var userId = _userService.GetProperUserId(User).Value;
-												user can edit responses and cipher partial updates

											
										
										
											2017-03-24 16:15:50 -04:00
+								            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
-												Refactor naming: Sites => Logins

											
										
										
											2017-01-02 21:52:13 -05:00
+								            if(login == null || login.Type != Core.Enums.CipherType.Login)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
-												add check for org id mismatch

											
										
										
											2017-05-07 00:08:23 -04:00
+								            var modelOrgId = string.IsNullOrWhiteSpace(model.OrganizationId) ? (Guid?)null : new Guid(model.OrganizationId);
 								            if(login.OrganizationId != modelOrgId)
 								            {
 								                throw new BadRequestException("Organization mismatch. Re-sync if you recently shared this login, " +
 								                    "then try again.");
 								            }
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            await _cipherService.SaveDetailsAsync(model.ToCipherDetails(login), userId);
-												return attachments from API

											
										
										
											2017-06-30 23:01:41 -04:00
+								            var response = new LoginResponseModel(login, _globalSettings);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            return response;
 								        }
 								        [HttpPut("{id}/admin")]
 								        [HttpPost("{id}/admin")]
 								        public async Task<LoginResponseModel> PutAdmin(string id, [FromBody]LoginRequestModel model)
 								        {
-												org totp and storage flags

											
										
										
											2017-07-07 14:08:30 -04:00
+								            var userId = _userService.GetProperUserId(User).Value;
 								            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
-												admin login apis

											
										
										
											2017-04-27 14:50:22 -04:00
+								            if(login == null || !login.OrganizationId.HasValue ||
 								                !_currentContext.OrganizationAdmin(login.OrganizationId.Value))
 								            {
 								                throw new NotFoundException();
 								            }
-												fix cipher too many args for sql

											
										
										
											2017-07-11 14:43:43 -04:00
+								            // object cannot be a descendant of CipherDetails, so let's clone it.
 								            var cipher = Core.Utilities.CoreHelpers.CloneObject(model.ToCipher(login));
 								            await _cipherService.SaveAsync(cipher, userId, true);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
-												fix cipher too many args for sql

											
										
										
											2017-07-11 14:43:43 -04:00
+								            var response = new LoginResponseModel(cipher, _globalSettings, login.OrganizationUseTotp);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            return response;
 								        }
 								        [HttpDelete("{id}")]
-												Added POST route endpoints for all PUT and DELETE operations to allow for vault to avoid preflight.

											
										
										
											2016-07-13 21:43:48 -04:00
+								        [HttpPost("{id}/delete")]
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        public async Task Delete(string id)
 								        {
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            var userId = _userService.GetProperUserId(User).Value;
 								            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
-												Refactor naming: Sites => Logins

											
										
										
											2017-01-02 21:52:13 -05:00
+								            if(login == null || login.Type != Core.Enums.CipherType.Login)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            {
 								                throw new NotFoundException();
 								            }
-												permission checks for cipher crud operations

											
										
										
											2017-03-24 09:27:15 -04:00
+								            await _cipherService.DeleteAsync(login, userId);
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        }
 								    }
 								}