src/Api/Controllers/DevicesController.cs

using Bit.Api.Models.Request;
using Bit.Api.Models.Response;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace Bit.Api.Controllers;

[Route("devices")]
[Authorize("Application")]
public class DevicesController : Controller
{
    private readonly IDeviceRepository _deviceRepository;
    private readonly IDeviceService _deviceService;
    private readonly IUserService _userService;
    private readonly IUserRepository _userRepository;

    public DevicesController(
        IDeviceRepository deviceRepository,
        IDeviceService deviceService,
        IUserService userService,
        IUserRepository userRepository)
    {
        _deviceRepository = deviceRepository;
        _deviceService = deviceService;
        _userService = userService;
        _userRepository = userRepository;
    }

    [HttpGet("{id}")]
    public async Task<DeviceResponseModel> Get(string id)
    {
        var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
        if (device == null)
        {
            throw new NotFoundException();
        }

        var response = new DeviceResponseModel(device);
        return response;
    }

    [HttpGet("identifier/{identifier}")]
    public async Task<DeviceResponseModel> GetByIdentifier(string identifier)
    {
        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
        if (device == null)
        {
            throw new NotFoundException();
        }

        var response = new DeviceResponseModel(device);
        return response;
    }

    [HttpGet("")]
    public async Task<ListResponseModel<DeviceResponseModel>> Get()
    {
        ICollection<Device> devices = await _deviceRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
        var responses = devices.Select(d => new DeviceResponseModel(d));
        return new ListResponseModel<DeviceResponseModel>(responses);
    }

    [HttpPost("exist-by-types")]
    public async Task<ActionResult<bool>> GetExistenceByTypes([FromBody] DeviceType[] deviceTypes)
    {
        var userId = _userService.GetProperUserId(User).Value;
        var devices = await _deviceRepository.GetManyByUserIdAsync(userId);
        var userHasDeviceOfTypes = devices.Any(d => deviceTypes.Contains(d.Type));
        return Ok(userHasDeviceOfTypes);
    }

    [HttpPost("")]
    public async Task<DeviceResponseModel> Post([FromBody] DeviceRequestModel model)
    {
        var device = model.ToDevice(_userService.GetProperUserId(User));
        await _deviceService.SaveAsync(device);

        var response = new DeviceResponseModel(device);
        return response;
    }

    [HttpPut("{id}")]
    [HttpPost("{id}")]
    public async Task<DeviceResponseModel> Put(string id, [FromBody] DeviceRequestModel model)
    {
        var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
        if (device == null)
        {
            throw new NotFoundException();
        }

        await _deviceService.SaveAsync(model.ToDevice(device));

        var response = new DeviceResponseModel(device);
        return response;
    }

    [HttpPut("{identifier}/keys")]
    [HttpPost("{identifier}/keys")]
    public async Task<DeviceResponseModel> PutKeys(string identifier, [FromBody] DeviceKeysRequestModel model)
    {
        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
        if (device == null)
        {
            throw new NotFoundException();
        }

        await _deviceService.SaveAsync(model.ToDevice(device));

        var response = new DeviceResponseModel(device);
        return response;
    }

    [HttpPut("identifier/{identifier}/token")]
    [HttpPost("identifier/{identifier}/token")]
    public async Task PutToken(string identifier, [FromBody] DeviceTokenRequestModel model)
    {
        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
        if (device == null)
        {
            throw new NotFoundException();
        }

        await _deviceService.SaveAsync(model.ToDevice(device));
    }

    [AllowAnonymous]
    [HttpPut("identifier/{identifier}/clear-token")]
    [HttpPost("identifier/{identifier}/clear-token")]
    public async Task PutClearToken(string identifier)
    {
        var device = await _deviceRepository.GetByIdentifierAsync(identifier);
        if (device == null)
        {
            throw new NotFoundException();
        }

        await _deviceService.ClearTokenAsync(device);
    }

    [HttpDelete("{id}")]
    [HttpPost("{id}/delete")]
    public async Task Delete(string id)
    {
        var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
        if (device == null)
        {
            throw new NotFoundException();
        }

        await _deviceService.DeleteAsync(device);
    }

    [AllowAnonymous]
    [HttpGet("knowndevice")]
    public async Task<bool> GetByIdentifierQuery(
        [FromHeader(Name = "X-Request-Email")] string email,
        [FromHeader(Name = "X-Device-Identifier")] string deviceIdentifier)
        => await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(email), deviceIdentifier);

    [Obsolete("Path is deprecated due to encoding issues, use /knowndevice instead.")]
    [AllowAnonymous]
    [HttpGet("knowndevice/{email}/{identifier}")]
    public async Task<bool> GetByIdentifier(string email, string identifier)
    {
        if (string.IsNullOrWhiteSpace(email) || string.IsNullOrWhiteSpace(identifier))
        {
            throw new BadRequestException("Please provide an email and device identifier");
        }

        var user = await _userRepository.GetByEmailAsync(email);
        if (user == null)
        {
            return false;
        }

        var device = await _deviceRepository.GetByIdentifierAsync(identifier, user.Id);
        return device != null;
    }
}
-												Turn On `ImplicitUsings` (#2079)

* Turn on ImplicitUsings

* Fix formatting

* Run linter
											
										
										
											2022-06-29 19:46:41 -04:00
+								using Bit.Api.Models.Request;
-												Move request/response models (#1754)


											
										
										
											2021-12-14 15:05:07 +00:00
+								using Bit.Api.Models.Response;
-												Split out repositories to Infrastructure.Dapper / EntityFramework (#1759)


											
										
										
											2022-01-11 10:40:51 +01:00
+								using Bit.Core.Entities;
-												PM-2731 - DevicesController.cs - Add new method GetExistenceByTypes  (#3039)

* PM-2731 - DevicesController.cs - Add new method HasDevicesOfTypes to accept an array of DeviceType values and return a boolean if the authN user has at least a device of one of the given types.

* Dotnet format to pass lint rules

* PM-2731 - Update naming of HasDevicesOfTypes to be GetExistenceByTypes for increased clarity per PR feedback.

* PM-2731-Make GetExistenceByTypes route singular

* Update src/Api/Controllers/DevicesController.cs to use var

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
											
										
										
											2023-06-22 20:27:59 -04:00
+								using Bit.Core.Enums;
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								using Bit.Core.Exceptions;
 								using Bit.Core.Repositories;
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								using Bit.Core.Services;
-												Use encoded query parameters over path (#2682)

* Use encoded query parameters over path

* Prefer POST for requests with sensitive information

* Send private information in headers over query

* B64 encode email
											
										
										
											2023-03-07 13:49:29 -05:00
+								using Bit.Core.Utilities;
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								using Microsoft.AspNetCore.Authorization;
 								using Microsoft.AspNetCore.Mvc;
 								namespace Bit.Api.Controllers;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								[Route("devices")]
 								[Authorize("Application")]
 								public class DevicesController : Controller
 								{
 								    private readonly IDeviceRepository _deviceRepository;
 								    private readonly IDeviceService _deviceService;
 								    private readonly IUserService _userService;
-												[SG-167] Implement Passwordless Authentication via Notifications (#2276)

* [SG-549] Commit Initial AuthRequest Repository (#2174)

* Model Passwordless

* Scaffold database for Passwordless

* Implement SQL Repository

* [SG-167] Base Passwordless API (#2185)

* Implement Passwordless notifications

* Implement Controller

* Add documentation to BaseRequestValidator

* Register AuthRequestRepo

* Remove ExpirationDate from the AuthRequest table

* [SG-407] Create job to delete expired requests (#2187)

* chore: init

* remove exp date

* fix: log name

* [SG-167] Added fingerprint phrase to response model. (#2233)

* Remove FailedLoginAttempt logic

* Block unknown devices

* Add EF Support for passwordless

* Got SignalR working for responses

* Added delete job method to EF repo

* Implement a GetMany API endpoint for AuthRequests

* Ran dotnet format

* Fix a merge issues

* Redated migration scripts

* tried sorting sqlproj

* Remove FailedLoginAttempts from SQL

* Groom Postgres script

* Remove extra commas from migration script

* Correct isSpent()

* [SG-167] Adde identity validation for passwordless requests. Registered IAuthRepository.

* [SG-167] Added origin of the request to response model

* Use display name for device identifier in response

* Add datetime conversions back to postgres migration script

* [SG-655] Add anonymous endpoint for checking if a device & user combo match

* [review] Consolidate error conditions

Co-authored-by: Brandon Maharaj <107377945+BrandonM-Bitwarden@users.noreply.github.com>
Co-authored-by: André Filipe da Silva Bispo <andrefsbispo@hotmail.com>
Co-authored-by: André Bispo <abispo@bitwarden.com>
											
										
										
											2022-09-26 13:21:13 -04:00
+								    private readonly IUserRepository _userRepository;
-												[SG-823] Undid changes to capture device push token on login (#2427)

* Revert "Set Id property on existing devices so we don't try to create a new one instead of updating existing. (#2420)"

This reverts commit 02e4b10ae86f7bec6beb3e9e9938a761d2f004fc.

* Revert "Update push token on login to allow multiple users on mobile devices (#2404)"

This reverts commit 24469e2267a7b77d18c518d1848ab9bfa70110cd.

* Added back test changes.
											
										
										
											2022-12-12 15:51:41 -05:00
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    public DevicesController(
 								        IDeviceRepository deviceRepository,
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        IDeviceService deviceService,
-												[SG-167] Implement Passwordless Authentication via Notifications (#2276)

* [SG-549] Commit Initial AuthRequest Repository (#2174)

* Model Passwordless

* Scaffold database for Passwordless

* Implement SQL Repository

* [SG-167] Base Passwordless API (#2185)

* Implement Passwordless notifications

* Implement Controller

* Add documentation to BaseRequestValidator

* Register AuthRequestRepo

* Remove ExpirationDate from the AuthRequest table

* [SG-407] Create job to delete expired requests (#2187)

* chore: init

* remove exp date

* fix: log name

* [SG-167] Added fingerprint phrase to response model. (#2233)

* Remove FailedLoginAttempt logic

* Block unknown devices

* Add EF Support for passwordless

* Got SignalR working for responses

* Added delete job method to EF repo

* Implement a GetMany API endpoint for AuthRequests

* Ran dotnet format

* Fix a merge issues

* Redated migration scripts

* tried sorting sqlproj

* Remove FailedLoginAttempts from SQL

* Groom Postgres script

* Remove extra commas from migration script

* Correct isSpent()

* [SG-167] Adde identity validation for passwordless requests. Registered IAuthRepository.

* [SG-167] Added origin of the request to response model

* Use display name for device identifier in response

* Add datetime conversions back to postgres migration script

* [SG-655] Add anonymous endpoint for checking if a device & user combo match

* [review] Consolidate error conditions

Co-authored-by: Brandon Maharaj <107377945+BrandonM-Bitwarden@users.noreply.github.com>
Co-authored-by: André Filipe da Silva Bispo <andrefsbispo@hotmail.com>
Co-authored-by: André Bispo <abispo@bitwarden.com>
											
										
										
											2022-09-26 13:21:13 -04:00
+								        IUserService userService,
 								        IUserRepository userRepository)
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    {
 								        _deviceRepository = deviceRepository;
 								        _deviceService = deviceService;
 								        _userService = userService;
-												[SG-167] Implement Passwordless Authentication via Notifications (#2276)

* [SG-549] Commit Initial AuthRequest Repository (#2174)

* Model Passwordless

* Scaffold database for Passwordless

* Implement SQL Repository

* [SG-167] Base Passwordless API (#2185)

* Implement Passwordless notifications

* Implement Controller

* Add documentation to BaseRequestValidator

* Register AuthRequestRepo

* Remove ExpirationDate from the AuthRequest table

* [SG-407] Create job to delete expired requests (#2187)

* chore: init

* remove exp date

* fix: log name

* [SG-167] Added fingerprint phrase to response model. (#2233)

* Remove FailedLoginAttempt logic

* Block unknown devices

* Add EF Support for passwordless

* Got SignalR working for responses

* Added delete job method to EF repo

* Implement a GetMany API endpoint for AuthRequests

* Ran dotnet format

* Fix a merge issues

* Redated migration scripts

* tried sorting sqlproj

* Remove FailedLoginAttempts from SQL

* Groom Postgres script

* Remove extra commas from migration script

* Correct isSpent()

* [SG-167] Adde identity validation for passwordless requests. Registered IAuthRepository.

* [SG-167] Added origin of the request to response model

* Use display name for device identifier in response

* Add datetime conversions back to postgres migration script

* [SG-655] Add anonymous endpoint for checking if a device & user combo match

* [review] Consolidate error conditions

Co-authored-by: Brandon Maharaj <107377945+BrandonM-Bitwarden@users.noreply.github.com>
Co-authored-by: André Filipe da Silva Bispo <andrefsbispo@hotmail.com>
Co-authored-by: André Bispo <abispo@bitwarden.com>
											
										
										
											2022-09-26 13:21:13 -04:00
+								        _userRepository = userRepository;
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    }
 								    [HttpGet("{id}")]
 								    public async Task<DeviceResponseModel> Get(string id)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (device == null)
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        {
 								            throw new NotFoundException();
 								        }
 								        var response = new DeviceResponseModel(device);
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        return response;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
-												Added device identifier, APIs for updating token by identifier, Device creation/update upon signin.

											
										
										
											2016-06-21 00:08:22 -04:00
+								    [HttpGet("identifier/{identifier}")]
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    public async Task<DeviceResponseModel> GetByIdentifier(string identifier)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (device == null)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								            throw new NotFoundException();
 								        }
 								        var response = new DeviceResponseModel(device);
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        return response;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								    [HttpGet("")]
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    public async Task<ListResponseModel<DeviceResponseModel>> Get()
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								        ICollection<Device> devices = await _deviceRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
 								        var responses = devices.Select(d => new DeviceResponseModel(d));
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        return new ListResponseModel<DeviceResponseModel>(responses);
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
-												PM-2731 - DevicesController.cs - Add new method GetExistenceByTypes  (#3039)

* PM-2731 - DevicesController.cs - Add new method HasDevicesOfTypes to accept an array of DeviceType values and return a boolean if the authN user has at least a device of one of the given types.

* Dotnet format to pass lint rules

* PM-2731 - Update naming of HasDevicesOfTypes to be GetExistenceByTypes for increased clarity per PR feedback.

* PM-2731-Make GetExistenceByTypes route singular

* Update src/Api/Controllers/DevicesController.cs to use var

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
											
										
										
											2023-06-22 20:27:59 -04:00
+								    [HttpPost("exist-by-types")]
 								    public async Task<ActionResult<bool>> GetExistenceByTypes([FromBody] DeviceType[] deviceTypes)
 								    {
 								        var userId = _userService.GetProperUserId(User).Value;
 								        var devices = await _deviceRepository.GetManyByUserIdAsync(userId);
 								        var userHasDeviceOfTypes = devices.Any(d => deviceTypes.Contains(d.Type));
 								        return Ok(userHasDeviceOfTypes);
 								    }
-												Added POST route endpoints for all PUT and DELETE operations to allow for vault to avoid preflight.

											
										
										
											2016-07-13 21:43:48 -04:00
+								    [HttpPost("")]
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    public async Task<DeviceResponseModel> Post([FromBody] DeviceRequestModel model)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        var device = model.ToDevice(_userService.GetProperUserId(User));
 								        await _deviceService.SaveAsync(device);
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        var response = new DeviceResponseModel(device);
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        return response;
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Added device identifier, APIs for updating token by identifier, Device creation/update upon signin.

											
										
										
											2016-06-21 00:08:22 -04:00
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    [HttpPut("{id}")]
-												Added POST route endpoints for all PUT and DELETE operations to allow for vault to avoid preflight.

											
										
										
											2016-07-13 21:43:48 -04:00
+								    [HttpPost("{id}")]
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								    public async Task<DeviceResponseModel> Put(string id, [FromBody] DeviceRequestModel model)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								        var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
 								        if (device == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								            throw new NotFoundException();
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								        }
-												Revert device id in jwt token and moved to reading from header. Added clear token by identifier API/repo/sproc so that token can be cleared after logout.

											
										
										
											2016-08-06 15:15:11 -04:00
+								        await _deviceService.SaveAsync(model.ToDevice(device));
-												Added device identifier, APIs for updating token by identifier, Device creation/update upon signin.

											
										
										
											2016-06-21 00:08:22 -04:00
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        var response = new DeviceResponseModel(device);
-												Added device identifier, APIs for updating token by identifier, Device creation/update upon signin.

											
										
										
											2016-06-21 00:08:22 -04:00
+								        return response;
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								    }
-												[PM-1380] Modify Device Table (#2937)

* Update Models

- Add Controller Method

* Add MSSQL Migration

* Update SQL Proj

* Update SQL Migration

* Update Models

* Update SQL Project

* Add EF Migrations

* Switch to using Identifier

* Update Code Comment
											
										
										
											2023-06-09 21:36:12 -04:00
+								    [HttpPut("{identifier}/keys")]
 								    [HttpPost("{identifier}/keys")]
 								    public async Task<DeviceResponseModel> PutKeys(string identifier, [FromBody] DeviceKeysRequestModel model)
 								    {
 								        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
 								        if (device == null)
 								        {
 								            throw new NotFoundException();
 								        }
 								        await _deviceService.SaveAsync(model.ToDevice(device));
 								        var response = new DeviceResponseModel(device);
 								        return response;
 								    }
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    [HttpPut("identifier/{identifier}/token")]
-												Added POST route endpoints for all PUT and DELETE operations to allow for vault to avoid preflight.

											
										
										
											2016-07-13 21:43:48 -04:00
+								    [HttpPost("identifier/{identifier}/token")]
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    public async Task PutToken(string identifier, [FromBody] DeviceTokenRequestModel model)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        var device = await _deviceRepository.GetByIdentifierAsync(identifier, _userService.GetProperUserId(User).Value);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (device == null)
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        {
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            throw new NotFoundException();
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								        }
-												notification hub push registration service

											
										
										
											2017-05-26 00:50:27 -04:00
+								        await _deviceService.SaveAsync(model.ToDevice(device));
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    }
-												Revert device id in jwt token and moved to reading from header. Added clear token by identifier API/repo/sproc so that token can be cleared after logout.

											
										
										
											2016-08-06 15:15:11 -04:00
+								    [AllowAnonymous]
-												notification hub push registration service

											
										
										
											2017-05-26 00:50:27 -04:00
+								    [HttpPut("identifier/{identifier}/clear-token")]
-												Added POST route endpoints for all PUT and DELETE operations to allow for vault to avoid preflight.

											
										
										
											2016-07-13 21:43:48 -04:00
+								    [HttpPost("identifier/{identifier}/clear-token")]
-												No response for device put token API.

											
										
										
											2016-08-06 18:46:02 -04:00
+								    public async Task PutClearToken(string identifier)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												No response for device put token API.

											
										
										
											2016-08-06 18:46:02 -04:00
+								        var device = await _deviceRepository.GetByIdentifierAsync(identifier);
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 14:36:37 -04:00
+								        if (device == null)
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
+								        {
-												notification hub push registration service

											
										
										
											2017-05-26 00:50:27 -04:00
+								            throw new NotFoundException();
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        }
-												notification hub push registration service

											
										
										
											2017-05-26 00:50:27 -04:00
+								        await _deviceService.ClearTokenAsync(device);
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    }
-												Turn on file scoped namespaces (#2225)


											
										
										
											2022-08-29 14:53:16 -04:00
-												notification hub push registration service

											
										
										
											2017-05-26 00:50:27 -04:00
+								    [HttpDelete("{id}")]
-												Added device service. Added API for clearing out token for a device identifier (used for push unregister).

											
										
										
											2016-08-05 23:59:59 -04:00
+								    [HttpPost("{id}/delete")]
-												Revert device id in jwt token and moved to reading from header. Added clear token by identifier API/repo/sproc so that token can be cleared after logout.

											
										
										
											2016-08-06 15:15:11 -04:00
+								    public async Task Delete(string id)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								    {
-												notification hub push registration service

											
										
										
											2017-05-26 00:50:27 -04:00
+								        var device = await _deviceRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
 								        if (device == null)
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
+								        {
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								            throw new NotFoundException();
-												Revert filescoped (#2227)

* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
											
										
										
											2022-08-29 15:53:48 -04:00
+								        }
-												Run formatting (#2230)


											
										
										
											2022-08-29 16:06:55 -04:00
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        await _deviceService.DeleteAsync(device);
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								    }
-												[SG-167] Implement Passwordless Authentication via Notifications (#2276)

* [SG-549] Commit Initial AuthRequest Repository (#2174)

* Model Passwordless

* Scaffold database for Passwordless

* Implement SQL Repository

* [SG-167] Base Passwordless API (#2185)

* Implement Passwordless notifications

* Implement Controller

* Add documentation to BaseRequestValidator

* Register AuthRequestRepo

* Remove ExpirationDate from the AuthRequest table

* [SG-407] Create job to delete expired requests (#2187)

* chore: init

* remove exp date

* fix: log name

* [SG-167] Added fingerprint phrase to response model. (#2233)

* Remove FailedLoginAttempt logic

* Block unknown devices

* Add EF Support for passwordless

* Got SignalR working for responses

* Added delete job method to EF repo

* Implement a GetMany API endpoint for AuthRequests

* Ran dotnet format

* Fix a merge issues

* Redated migration scripts

* tried sorting sqlproj

* Remove FailedLoginAttempts from SQL

* Groom Postgres script

* Remove extra commas from migration script

* Correct isSpent()

* [SG-167] Adde identity validation for passwordless requests. Registered IAuthRepository.

* [SG-167] Added origin of the request to response model

* Use display name for device identifier in response

* Add datetime conversions back to postgres migration script

* [SG-655] Add anonymous endpoint for checking if a device & user combo match

* [review] Consolidate error conditions

Co-authored-by: Brandon Maharaj <107377945+BrandonM-Bitwarden@users.noreply.github.com>
Co-authored-by: André Filipe da Silva Bispo <andrefsbispo@hotmail.com>
Co-authored-by: André Bispo <abispo@bitwarden.com>
											
										
										
											2022-09-26 13:21:13 -04:00
-												Use encoded query parameters over path (#2682)

* Use encoded query parameters over path

* Prefer POST for requests with sensitive information

* Send private information in headers over query

* B64 encode email
											
										
										
											2023-03-07 13:49:29 -05:00
+								    [AllowAnonymous]
 								    [HttpGet("knowndevice")]
 								    public async Task<bool> GetByIdentifierQuery(
 								        [FromHeader(Name = "X-Request-Email")] string email,
 								        [FromHeader(Name = "X-Device-Identifier")] string deviceIdentifier)
 								        => await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(email), deviceIdentifier);
 								    [Obsolete("Path is deprecated due to encoding issues, use /knowndevice instead.")]
-												[SG-167] Implement Passwordless Authentication via Notifications (#2276)

* [SG-549] Commit Initial AuthRequest Repository (#2174)

* Model Passwordless

* Scaffold database for Passwordless

* Implement SQL Repository

* [SG-167] Base Passwordless API (#2185)

* Implement Passwordless notifications

* Implement Controller

* Add documentation to BaseRequestValidator

* Register AuthRequestRepo

* Remove ExpirationDate from the AuthRequest table

* [SG-407] Create job to delete expired requests (#2187)

* chore: init

* remove exp date

* fix: log name

* [SG-167] Added fingerprint phrase to response model. (#2233)

* Remove FailedLoginAttempt logic

* Block unknown devices

* Add EF Support for passwordless

* Got SignalR working for responses

* Added delete job method to EF repo

* Implement a GetMany API endpoint for AuthRequests

* Ran dotnet format

* Fix a merge issues

* Redated migration scripts

* tried sorting sqlproj

* Remove FailedLoginAttempts from SQL

* Groom Postgres script

* Remove extra commas from migration script

* Correct isSpent()

* [SG-167] Adde identity validation for passwordless requests. Registered IAuthRepository.

* [SG-167] Added origin of the request to response model

* Use display name for device identifier in response

* Add datetime conversions back to postgres migration script

* [SG-655] Add anonymous endpoint for checking if a device & user combo match

* [review] Consolidate error conditions

Co-authored-by: Brandon Maharaj <107377945+BrandonM-Bitwarden@users.noreply.github.com>
Co-authored-by: André Filipe da Silva Bispo <andrefsbispo@hotmail.com>
Co-authored-by: André Bispo <abispo@bitwarden.com>
											
										
										
											2022-09-26 13:21:13 -04:00
+								    [AllowAnonymous]
 								    [HttpGet("knowndevice/{email}/{identifier}")]
 								    public async Task<bool> GetByIdentifier(string email, string identifier)
 								    {
 								        if (string.IsNullOrWhiteSpace(email) || string.IsNullOrWhiteSpace(identifier))
 								        {
 								            throw new BadRequestException("Please provide an email and device identifier");
 								        }
 								        var user = await _userRepository.GetByEmailAsync(email);
 								        if (user == null)
 								        {
 								            return false;
 								        }
 								        var device = await _deviceRepository.GetByIdentifierAsync(identifier, user.Id);
 								        return device != null;
 								    }
-												device apis and models

											
										
										
											2016-06-18 16:03:33 -04:00
+								}