admin/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-01-31 22:23:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb73056c42aacfd2e7280f186d625e7527e77e57
server/src/Infrastructure.Dapper/Repositories/OrganizationConnectionRepository.cs
Rui Tomé cb73056c42 [AC-1654] idor allow the attacker to disable any one scim provising (#3325) 
* [AC-1654] Added IOrganizationConnectionRepository.GetByIdOrganizationIdAsync and modified OrganizationConnectionsController to use it to get a connection matching both Id and OrganizationId

* [AC-1654] Fixed unit tests
2023-10-18 11:39:00 +01:00

54 lines
2.0 KiB
C#
Raw Blame History

using System.Data;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Repositories;
using Bit.Core.Settings;
using Dapper;
using Microsoft.Data.SqlClient;
namespace Bit.Infrastructure.Dapper.Repositories;
public class OrganizationConnectionRepository : Repository<OrganizationConnection, Guid>, IOrganizationConnectionRepository
{
public OrganizationConnectionRepository(GlobalSettings globalSettings)
: base(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
{ }
public async Task<OrganizationConnection> GetByIdOrganizationIdAsync(Guid id, Guid organizationId)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<OrganizationConnection>(
$"[{Schema}].[OrganizationConnection_ReadByIdOrganizationId]",
new
{
Id = id,
OrganizationId = organizationId
},
commandType: CommandType.StoredProcedure);
return results.FirstOrDefault();
}
}
public async Task<ICollection<OrganizationConnection>> GetByOrganizationIdTypeAsync(Guid organizationId, OrganizationConnectionType type)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<OrganizationConnection>(
$"[{Schema}].[OrganizationConnection_ReadByOrganizationIdType]",
new
{
OrganizationId = organizationId,
Type = type
},
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<ICollection<OrganizationConnection>> GetEnabledByOrganizationIdTypeAsync(Guid organizationId, OrganizationConnectionType type) =>
(await GetByOrganizationIdTypeAsync(organizationId, type)).Where(c => c.Enabled).ToList();
}
Reference in New Issue View Git Blame Copy Permalink