using System; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Mvc; using Bit.Core.Repositories; using Microsoft.AspNetCore.Authorization; using Bit.Core.Models.Api; using Bit.Core.Exceptions; using Bit.Core.Services; using Bit.Core; namespace Bit.Api.Controllers { [Route("logins")] // "sites" route is deprecated [Route("sites")] [Authorize("Application")] public class LoginsController : Controller { private readonly ICipherRepository _cipherRepository; private readonly ICipherService _cipherService; private readonly IUserService _userService; private readonly CurrentContext _currentContext; public LoginsController( ICipherRepository cipherRepository, ICipherService cipherService, IUserService userService, CurrentContext currentContext) { _cipherRepository = cipherRepository; _cipherService = cipherService; _userService = userService; _currentContext = currentContext; } [HttpGet("{id}")] public async Task Get(string id) { var userId = _userService.GetProperUserId(User).Value; var login = await _cipherRepository.GetFullDetailsByIdAsync(new Guid(id), userId); if(login == null || login.Type != Core.Enums.CipherType.Login) { throw new NotFoundException(); } var response = new LoginDetailsResponseModel(login); return response; } [HttpGet("{id}/admin")] public async Task GetAdmin(string id) { var login = await _cipherRepository.GetByIdAsync(new Guid(id)); if(login == null || !login.OrganizationId.HasValue || !_currentContext.OrganizationAdmin(login.OrganizationId.Value)) { throw new NotFoundException(); } var response = new LoginResponseModel(login); return response; } [HttpGet("")] public async Task> Get() { var userId = _userService.GetProperUserId(User).Value; var logins = await _cipherRepository.GetManyByTypeAndUserIdAsync(Core.Enums.CipherType.Login, userId); var responses = logins.Select(l => new LoginResponseModel(l)).ToList(); return new ListResponseModel(responses); } [HttpPost("")] public async Task Post([FromBody]LoginRequestModel model) { var userId = _userService.GetProperUserId(User).Value; var login = model.ToCipherDetails(userId); await _cipherService.SaveDetailsAsync(login, userId); var response = new LoginResponseModel(login); return response; } [HttpPost("admin")] public async Task PostAdmin([FromBody]LoginRequestModel model) { var login = model.ToOrganizationCipher(); if(!_currentContext.OrganizationAdmin(login.OrganizationId.Value)) { throw new NotFoundException(); } var userId = _userService.GetProperUserId(User).Value; await _cipherService.SaveAsync(login, userId, true); var response = new LoginResponseModel(login); return response; } [HttpPut("{id}")] [HttpPost("{id}")] public async Task Put(string id, [FromBody]LoginRequestModel model) { var userId = _userService.GetProperUserId(User).Value; var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId); if(login == null || login.Type != Core.Enums.CipherType.Login) { throw new NotFoundException(); } await _cipherService.SaveDetailsAsync(model.ToCipherDetails(login), userId); var response = new LoginResponseModel(login); return response; } [HttpPut("{id}/admin")] [HttpPost("{id}/admin")] public async Task PutAdmin(string id, [FromBody]LoginRequestModel model) { var login = await _cipherRepository.GetByIdAsync(new Guid(id)); if(login == null || !login.OrganizationId.HasValue || !_currentContext.OrganizationAdmin(login.OrganizationId.Value)) { throw new NotFoundException(); } var userId = _userService.GetProperUserId(User).Value; await _cipherService.SaveAsync(model.ToCipher(login), userId, true); var response = new LoginResponseModel(login); return response; } [HttpDelete("{id}")] [HttpPost("{id}/delete")] public async Task Delete(string id) { var userId = _userService.GetProperUserId(User).Value; var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId); if(login == null || login.Type != Core.Enums.CipherType.Login) { throw new NotFoundException(); } await _cipherService.DeleteAsync(login, userId); } } }