admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-31 14:13:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix permanent deletion of orphaned organization ciphers

Browse Source 
When a cipher's collection is deleted, the cipher becomes orphaned and
cannot be permanently deleted. Changed DeleteAdmin to use GetByIdAsyncAdmin
to bypass collection-based filtering, consistent with other admin endpoints.
This commit is contained in:
Rui Tome
2026-01-15 13:53:50 +00:00
parent 2e0e103076
commit 1d96c43c59
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Vault/Controllers/CiphersController.cs
View File

@@ -976,14 +976,14 @@ public class CiphersController : Controller
public async Task DeleteAdmin(Guid id)
{
var userId = _userService.GetProperUserId(User).Value;
var cipher = await GetByIdAsync(id, userId);
var cipher = await GetByIdAsyncAdmin(id);
if (cipher == null || !cipher.OrganizationId.HasValue ||
!await CanDeleteOrRestoreCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id }))
{
throw new NotFoundException();
}
await _cipherService.DeleteAsync(cipher, userId, true);
await _cipherService.DeleteAsync(new CipherDetails(cipher), userId, true);
}
[HttpPost("{id}/delete-admin")]