GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Implement User-based API Keys (#981) 

* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
pull/989/head
Addison Beck 5 years ago committed by GitHub
parent
d9cd7551fe
commit
25a9991908
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 540 additions and 59 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 43
      src/Api/Controllers/AccountsController.cs
  2. 59
      src/Core/IdentityServer/ClientStore.cs
  3. 8
      src/Core/IdentityServer/CustomTokenRequestValidator.cs
  4. 56
      src/Core/IdentityServer/ProfileService.cs
  5. 10
      src/Core/Models/Api/Response/ApiKeyResponseModel.cs
  6. 3
      src/Core/Models/Table/User.cs
  7. 1
      src/Core/Services/IUserService.cs
  8. 8
      src/Core/Services/Implementations/UserService.cs
  9. 56
      src/Core/Utilities/CoreHelpers.cs
  10. 9
      src/Sql/dbo/Stored Procedures/User_Create.sql
  11. 6
      src/Sql/dbo/Stored Procedures/User_Update.sql
  12. 1
      src/Sql/dbo/Tables/User.sql
  13. 60
      test/Api.Test/Controllers/AccountsControllerTests.cs
  14. 279
      util/Migrator/DbScripts/2020-10-28_00_UserApiKey.sql

43
src/Api/Controllers/AccountsController.cs
Unescape View File

@ -734,5 +734,48 @@ namespace Bit.Api.Controllers @@ -734,5 +734,48 @@ namespace Bit.Api.Controllers
var userIdentifier = $"{user.Id},{token}";
return userIdentifier;
}
[HttpPost("api-key")]
public async Task<ApiKeyResponseModel> ApiKey([FromBody]ApiKeyRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
if (user == null)
{
throw new UnauthorizedAccessException();
}
if (!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
else
{
var response = new ApiKeyResponseModel(user);
return response;
}
}
[HttpPost("rotate-api-key")]
public async Task<ApiKeyResponseModel> RotateApiKey([FromBody]ApiKeyRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
if (user == null)
{
throw new UnauthorizedAccessException();
}
if (!await _userService.CheckPasswordAsync(user, model.MasterPasswordHash))
{
await Task.Delay(2000);
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
}
else
{
await _userService.RotateApiKeyAsync(user);
var response = new ApiKeyResponseModel(user);
return response;
}
}
}
}

59
src/Core/IdentityServer/ClientStore.cs
Unescape View File

@ -1,4 +1,5 @@ @@ -1,4 +1,5 @@
using IdentityServer4.Stores;
using System.Linq;
using IdentityServer4.Stores;
using System.Threading.Tasks;
using IdentityServer4.Models;
using System.Collections.Generic;
@ -6,6 +7,9 @@ using Bit.Core.Repositories; @@ -6,6 +7,9 @@ using Bit.Core.Repositories;
using System;
using IdentityModel;
using Bit.Core.Utilities;
using System.Security.Claims;
using Bit.Core.Services;
using System.Collections.ObjectModel;
namespace Bit.Core.IdentityServer
{
@ -13,19 +17,31 @@ namespace Bit.Core.IdentityServer @@ -13,19 +17,31 @@ namespace Bit.Core.IdentityServer
{
private readonly IInstallationRepository _installationRepository;
private readonly IOrganizationRepository _organizationRepository;
private readonly IUserRepository _userRepository;
private readonly GlobalSettings _globalSettings;
private readonly StaticClientStore _staticClientStore;
private readonly ILicensingService _licensingService;
private readonly CurrentContext _currentContext;
private readonly IOrganizationUserRepository _organizationUserRepository;
public ClientStore(
IInstallationRepository installationRepository,
IOrganizationRepository organizationRepository,
IUserRepository userRepository,
GlobalSettings globalSettings,
StaticClientStore staticClientStore)
StaticClientStore staticClientStore,
ILicensingService licensingService,
CurrentContext currentContext,
IOrganizationUserRepository organizationUserRepository)
{
_installationRepository = installationRepository;
_organizationRepository = organizationRepository;
_userRepository = userRepository;
_globalSettings = globalSettings;
_staticClientStore = staticClientStore;
_licensingService = licensingService;
_currentContext = currentContext;
_organizationUserRepository = organizationUserRepository;
}
public async Task<Client> FindClientByIdAsync(string clientId)
@ -106,6 +122,45 @@ namespace Bit.Core.IdentityServer @@ -106,6 +122,45 @@ namespace Bit.Core.IdentityServer
}
}
}
else if (clientId.StartsWith("user."))
{
var idParts = clientId.Split('.');
if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
{
var user = await _userRepository.GetByIdAsync(id);
if (user != null)
{
var claims = new Collection<ClientClaim>()
{
new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()),
new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")
};
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
claims.Add(isBool ?
new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new ClientClaim(claim.Key, claim.Value)
);
}
return new Client
{
ClientId = clientId,
RequireClientSecret = true,
ClientSecrets = { new Secret(user.ApiKey.Sha256()) },
AllowedScopes = new string[] { "api" },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AccessTokenLifetime = 3600 * 1,
ClientClaimsPrefix = null,
Claims = claims
};
}
}
}
return _staticClientStore.ApiClients.ContainsKey(clientId) ?
_staticClientStore.ApiClients[clientId] : null;

8
src/Core/IdentityServer/CustomTokenRequestValidator.cs
Unescape View File

@ -10,6 +10,7 @@ using System.Linq; @@ -10,6 +10,7 @@ using System.Linq;
using Bit.Core.Identity;
using Microsoft.Extensions.Logging;
using IdentityServer4.Extensions;
using IdentityModel;
namespace Bit.Core.IdentityServer
{
@ -42,7 +43,8 @@ namespace Bit.Core.IdentityServer @@ -42,7 +43,8 @@ namespace Bit.Core.IdentityServer
public async Task ValidateAsync(CustomTokenRequestValidationContext context)
{
if (context.Result.ValidatedRequest.GrantType != "authorization_code")
string[] allowedGrantTypes = { "authorization_code", "client_credentials" };
if (!allowedGrantTypes.Contains(context.Result.ValidatedRequest.GrantType))
{
return;
}
@ -51,7 +53,9 @@ namespace Bit.Core.IdentityServer @@ -51,7 +53,9 @@ namespace Bit.Core.IdentityServer
protected async override Task<(User, bool)> ValidateContextAsync(CustomTokenRequestValidationContext context)
{
var user = await _userManager.FindByEmailAsync(context.Result.ValidatedRequest.Subject.GetDisplayName());
var email = context.Result.ValidatedRequest.Subject?.GetDisplayName()
?? context.Result.ValidatedRequest.ClientClaims.FirstOrDefault(claim => claim.Type == JwtClaimTypes.Email).Value;
var user = await _userManager.FindByEmailAsync(email);
return (user, user != null);
}

56
src/Core/IdentityServer/ProfileService.cs
Unescape View File

@ -8,6 +8,7 @@ using System.Collections.Generic; @@ -8,6 +8,7 @@ using System.Collections.Generic;
using System.Linq;
using System;
using IdentityModel;
using Bit.Core.Utilities;
namespace Bit.Core.IdentityServer
{
@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer @@ -39,56 +40,15 @@ namespace Bit.Core.IdentityServer
if (user != null)
{
var isPremium = await _licensingService.ValidateUserPremiumAsync(user);
newClaims.AddRange(new List<Claim>
{
new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.Email, user.Email),
new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false",
ClaimValueTypes.Boolean),
new Claim("sstamp", user.SecurityStamp)
});
if (!string.IsNullOrWhiteSpace(user.Name))
{
newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name));
}
// Orgs that this user belongs to
var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);
if (orgs.Any())
foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, isPremium))
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
newClaims.Add(new Claim("orgowner", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
newClaims.Add(new Claim("orgadmin", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
newClaims.Add(new Claim("orgmanager", org.Id.ToString()));
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
newClaims.Add(new Claim("orguser", org.Id.ToString()));
}
break;
default:
break;
}
}
var upperValue = claim.Value.ToUpperInvariant();
var isBool = upperValue == "TRUE" || upperValue == "FALSE";
newClaims.Add(isBool ?
new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
new Claim(claim.Key, claim.Value)
);
}
}

10
src/Core/Models/Api/Response/ApiKeyResponseModel.cs
Unescape View File

@ -15,6 +15,16 @@ namespace Bit.Core.Models.Api @@ -15,6 +15,16 @@ namespace Bit.Core.Models.Api
ApiKey = organization.ApiKey;
}
public ApiKeyResponseModel(User user, string obj = "apiKey")
: base(obj)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
ApiKey = user.ApiKey;
}
public string ApiKey { get; set; }
}
}

3
src/Core/Models/Table/User.cs
Unescape View File

@ -3,8 +3,6 @@ using Bit.Core.Enums; @@ -3,8 +3,6 @@ using Bit.Core.Enums;
using Bit.Core.Utilities;
using System.Collections.Generic;
using Newtonsoft.Json;
using Bit.Core.Services;
using Bit.Core.Exceptions;
using Microsoft.AspNetCore.Identity;
namespace Bit.Core.Models.Table
@ -39,6 +37,7 @@ namespace Bit.Core.Models.Table @@ -39,6 +37,7 @@ namespace Bit.Core.Models.Table
public string GatewaySubscriptionId { get; set; }
public string ReferenceData { get; set; }
public string LicenseKey { get; set; }
public string ApiKey { get; set; }
public KdfType Kdf { get; set; } = KdfType.PBKDF2_SHA256;
public int KdfIterations { get; set; } = 5000;
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;

1
src/Core/Services/IUserService.cs
Unescape View File

@ -69,5 +69,6 @@ namespace Bit.Core.Services @@ -69,5 +69,6 @@ namespace Bit.Core.Services
Task<bool> TwoFactorProviderIsEnabledAsync(TwoFactorProviderType provider, ITwoFactorProvidersUser user);
Task<string> GenerateEnterprisePortalSignInTokenAsync(User user);
Task<string> GenerateSignInTokenAsync(User user, string purpose);
Task RotateApiKeyAsync(User user);
}
}

8
src/Core/Services/Implementations/UserService.cs
Unescape View File

@ -292,6 +292,7 @@ namespace Bit.Core.Services @@ -292,6 +292,7 @@ namespace Bit.Core.Services
}
}
user.ApiKey = CoreHelpers.SecureRandomString(30);
var result = await base.CreateAsync(user, masterPassword);
if (result == IdentityResult.Success)
{
@ -1204,5 +1205,12 @@ namespace Bit.Core.Services @@ -1204,5 +1205,12 @@ namespace Bit.Core.Services
}
return result;
}
public async Task RotateApiKeyAsync(User user)
{
user.ApiKey = CoreHelpers.SecureRandomString(30);
user.RevisionDate = DateTime.UtcNow;
await _userRepository.ReplaceAsync(user);
}
}
}

56
src/Core/Utilities/CoreHelpers.cs
Unescape View File

@ -18,6 +18,8 @@ using Bit.Core.Enums; @@ -18,6 +18,8 @@ using Bit.Core.Enums;
using System.Threading.Tasks;
using Microsoft.Azure.Storage;
using Microsoft.Azure.Storage.Blob;
using Bit.Core.Models.Table;
using IdentityModel;
namespace Bit.Core.Utilities
{
@ -670,5 +672,59 @@ namespace Bit.Core.Utilities @@ -670,5 +672,59 @@ namespace Bit.Core.Utilities
}
return configDict;
}
public static Dictionary<string, string> BuildIdentityClaims(User user, ICollection<CurrentContext.CurrentContentOrganization> orgs, bool isPremium)
{
var claims = new Dictionary<string, string>()
{
{"premium", isPremium ? "true" : "false"},
{JwtClaimTypes.Email, user.Email},
{JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false"},
{"sstamp", user.SecurityStamp}
};
if (!string.IsNullOrWhiteSpace(user.Name))
{
claims.Add(JwtClaimTypes.Name, user.Name);
}
// Orgs that this user belongs to
if (orgs.Any())
{
foreach (var group in orgs.GroupBy(o => o.Type))
{
switch (group.Key)
{
case Enums.OrganizationUserType.Owner:
foreach (var org in group)
{
claims.Add("orgowner", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Admin:
foreach (var org in group)
{
claims.Add("orgadmin", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.Manager:
foreach (var org in group)
{
claims.Add("orgmanager", org.Id.ToString());
}
break;
case Enums.OrganizationUserType.User:
foreach (var org in group)
{
claims.Add("orguser", org.Id.ToString());
}
break;
default:
break;
}
}
}
return claims;
}
}
}

9
src/Sql/dbo/Stored Procedures/User_Create.sql
Unescape View File

@ -28,7 +28,8 @@ @@ -28,7 +28,8 @@
@Kdf TINYINT,
@KdfIterations INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7)
@RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS
BEGIN
SET NOCOUNT ON
@ -64,7 +65,8 @@ BEGIN @@ -64,7 +65,8 @@ BEGIN
[Kdf],
[KdfIterations],
[CreationDate],
[RevisionDate]
[RevisionDate],
[ApiKey]
)
VALUES
(
@ -97,6 +99,7 @@ BEGIN @@ -97,6 +99,7 @@ BEGIN
@Kdf,
@KdfIterations,
@CreationDate,
@RevisionDate
@RevisionDate,
@ApiKey
)
END

6
src/Sql/dbo/Stored Procedures/User_Update.sql
Unescape View File

@ -28,7 +28,8 @@ @@ -28,7 +28,8 @@
@Kdf TINYINT,
@KdfIterations INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7)
@RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS
BEGIN
SET NOCOUNT ON
@ -64,7 +65,8 @@ BEGIN @@ -64,7 +65,8 @@ BEGIN
[Kdf] = @Kdf,
[KdfIterations] = @KdfIterations,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate
[RevisionDate] = @RevisionDate,
[ApiKey] = @ApiKey
WHERE
[Id] = @Id
END

1
src/Sql/dbo/Tables/User.sql
Unescape View File

@ -29,6 +29,7 @@ @@ -29,6 +29,7 @@
[KdfIterations] INT NOT NULL,
[CreationDate] DATETIME2 (7) NOT NULL,
[RevisionDate] DATETIME2 (7) NOT NULL,
[ApiKey] VARCHAR (30) NOT NULL,
CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ([Id] ASC)
);

60
test/Api.Test/Controllers/AccountsControllerTests.cs
Unescape View File

@ -304,6 +304,66 @@ namespace Bit.Api.Test.Controllers @@ -304,6 +304,66 @@ namespace Bit.Api.Test.Controllers
);
}
[Fact]
public async Task GetApiKey_ShouldReturnApiKeyResponse()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToAcceptPasswordFor(user);
await _sut.ApiKey(new ApiKeyRequestModel());
}
[Fact]
public async Task GetApiKey_WhenUserDoesNotExist_ShouldThrowUnauthorizedAccessException()
{
ConfigureUserServiceToReturnNullPrincipal();
await Assert.ThrowsAsync<UnauthorizedAccessException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
[Fact]
public async Task GetApiKey_WhenPasswordCheckFails_ShouldThrowBadRequestException()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToRejectPasswordFor(user);
await Assert.ThrowsAsync<BadRequestException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
[Fact]
public async Task PostRotateApiKey_ShouldRotateApiKey()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToAcceptPasswordFor(user);
await _sut.RotateApiKey(new ApiKeyRequestModel());
}
[Fact]
public async Task PostRotateApiKey_WhenUserDoesNotExist_ShouldThrowUnauthorizedAccessException()
{
ConfigureUserServiceToReturnNullPrincipal();
await Assert.ThrowsAsync<UnauthorizedAccessException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
[Fact]
public async Task PostRotateApiKey_WhenPasswordCheckFails_ShouldThrowBadRequestException()
{
var user = GenerateExampleUser();
ConfigureUserServiceToReturnValidPrincipalFor(user);
ConfigureUserServiceToRejectPasswordFor(user);
await Assert.ThrowsAsync<BadRequestException>(
() => _sut.ApiKey(new ApiKeyRequestModel())
);
}
// Below are helper functions that currently belong to this
// test class, but ultimately may need to be split out into
// something greater in order to share common test steps with

279
util/Migrator/DbScripts/2020-10-28_00_UserApiKey.sql
Unescape View File

@ -0,0 +1,279 @@ @@ -0,0 +1,279 @@
-- Add ApiKey column to dbo.User, nullable for now but will be not null after backfilling
IF COL_LENGTH('[dbo].[User]', 'ApiKey') IS NULL
BEGIN
ALTER TABLE
[dbo].[User]
ADD
[ApiKey] VARCHAR (30) NULL
END
GO
-- Setup for random string generation to backfill dbo.User.ApiKey
CREATE VIEW [dbo].[SecureRandomBytes]
AS
SELECT [RandBytes] = CRYPT_GEN_RANDOM(2)
GO
CREATE FUNCTION [dbo].[SecureRandomString]()
RETURNS varchar(30)
AS
BEGIN
declare @sLength tinyint
declare @randomString varchar(30)
declare @counter tinyint
declare @nextChar char(1)
declare @rnd as float
declare @bytes binary(2)
set @sLength = 30
set @counter = 1
set @randomString = ''
while @counter <= @sLength
begin
select @bytes = [RandBytes] from [dbo].[SecureRandomBytes]
select @rnd = cast(cast(cast(@bytes as int) as float) / 65535 as float)
select @nextChar = char(48 + convert(int, (122-48+1) * @rnd))
if ascii(@nextChar) not in (58,59,60,61,62,63,64,91,92,93,94,95,96)
begin
select @randomString = @randomString + @nextChar
set @counter = @counter + 1
end
end
return @randomString
END
GO
-- Backfill dbo.User.ApiKey
UPDATE
[dbo].[User]
SET
[ApiKey] = (SELECT [dbo].[SecureRandomString]())
GO
-- Change dbo.User.ApiKey to not null to enforece all future users to have one on create
ALTER TABLE
[dbo].[User]
ALTER COLUMN
[ApiKey] VARCHAR(30) NOT NULL
GO
-- Cleanup random string generation
DROP VIEW [dbo].[SecureRandomBytes]
GO
DROP FUNCTION [dbo].[SecureRandomString]
GO
-- Update dbo.User_Create to account for ApiKey
IF OBJECT_ID('[dbo].[User_Create]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[User_Create]
END
GO
CREATE PROCEDURE [dbo].[User_Create]
@Id UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@Email NVARCHAR(50),
@EmailVerified BIT,
@MasterPassword NVARCHAR(300),
@MasterPasswordHint NVARCHAR(50),
@Culture NVARCHAR(10),
@SecurityStamp NVARCHAR(50),
@TwoFactorProviders NVARCHAR(MAX),
@TwoFactorRecoveryCode NVARCHAR(32),
@EquivalentDomains NVARCHAR(MAX),
@ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
@AccountRevisionDate DATETIME2(7),
@Key NVARCHAR(MAX),
@PublicKey NVARCHAR(MAX),
@PrivateKey NVARCHAR(MAX),
@Premium BIT,
@PremiumExpirationDate DATETIME2(7),
@RenewalReminderDate DATETIME2(7),
@Storage BIGINT,
@MaxStorageGb SMALLINT,
@Gateway TINYINT,
@GatewayCustomerId VARCHAR(50),
@GatewaySubscriptionId VARCHAR(50),
@ReferenceData VARCHAR(MAX),
@LicenseKey VARCHAR(100),
@Kdf TINYINT,
@KdfIterations INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[User]
(
[Id],
[Name],
[Email],
[EmailVerified],
[MasterPassword],
[MasterPasswordHint],
[Culture],
[SecurityStamp],
[TwoFactorProviders],
[TwoFactorRecoveryCode],
[EquivalentDomains],
[ExcludedGlobalEquivalentDomains],
[AccountRevisionDate],
[Key],
[PublicKey],
[PrivateKey],
[Premium],
[PremiumExpirationDate],
[RenewalReminderDate],
[Storage],
[MaxStorageGb],
[Gateway],
[GatewayCustomerId],
[GatewaySubscriptionId],
[ReferenceData],
[LicenseKey],
[Kdf],
[KdfIterations],
[CreationDate],
[RevisionDate],
[ApiKey]
)
VALUES
(
@Id,
@Name,
@Email,
@EmailVerified,
@MasterPassword,
@MasterPasswordHint,
@Culture,
@SecurityStamp,
@TwoFactorProviders,
@TwoFactorRecoveryCode,
@EquivalentDomains,
@ExcludedGlobalEquivalentDomains,
@AccountRevisionDate,
@Key,
@PublicKey,
@PrivateKey,
@Premium,
@PremiumExpirationDate,
@RenewalReminderDate,
@Storage,
@MaxStorageGb,
@Gateway,
@GatewayCustomerId,
@GatewaySubscriptionId,
@ReferenceData,
@LicenseKey,
@Kdf,
@KdfIterations,
@CreationDate,
@RevisionDate,
@ApiKey
)
END
GO
-- Update dbo.User_Update to account for ApiKey
IF OBJECT_ID('[dbo].[User_Update]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[User_Update]
END
GO
CREATE PROCEDURE [dbo].[User_Update]
@Id UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@Email NVARCHAR(50),
@EmailVerified BIT,
@MasterPassword NVARCHAR(300),
@MasterPasswordHint NVARCHAR(50),
@Culture NVARCHAR(10),
@SecurityStamp NVARCHAR(50),
@TwoFactorProviders NVARCHAR(MAX),
@TwoFactorRecoveryCode NVARCHAR(32),
@EquivalentDomains NVARCHAR(MAX),
@ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
@AccountRevisionDate DATETIME2(7),
@Key NVARCHAR(MAX),
@PublicKey NVARCHAR(MAX),
@PrivateKey NVARCHAR(MAX),
@Premium BIT,
@PremiumExpirationDate DATETIME2(7),
@RenewalReminderDate DATETIME2(7),
@Storage BIGINT,
@MaxStorageGb SMALLINT,
@Gateway TINYINT,
@GatewayCustomerId VARCHAR(50),
@GatewaySubscriptionId VARCHAR(50),
@ReferenceData VARCHAR(MAX),
@LicenseKey VARCHAR(100),
@Kdf TINYINT,
@KdfIterations INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@ApiKey VARCHAR(30)
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[User]
SET
[Name] = @Name,
[Email] = @Email,
[EmailVerified] = @EmailVerified,
[MasterPassword] = @MasterPassword,
[MasterPasswordHint] = @MasterPasswordHint,
[Culture] = @Culture,
[SecurityStamp] = @SecurityStamp,
[TwoFactorProviders] = @TwoFactorProviders,
[TwoFactorRecoveryCode] = @TwoFactorRecoveryCode,
[EquivalentDomains] = @EquivalentDomains,
[ExcludedGlobalEquivalentDomains] = @ExcludedGlobalEquivalentDomains,
[AccountRevisionDate] = @AccountRevisionDate,
[Key] = @Key,
[PublicKey] = @PublicKey,
[PrivateKey] = @PrivateKey,
[Premium] = @Premium,
[PremiumExpirationDate] = @PremiumExpirationDate,
[RenewalReminderDate] = @RenewalReminderDate,
[Storage] = @Storage,
[MaxStorageGb] = @MaxStorageGb,
[Gateway] = @Gateway,
[GatewayCustomerId] = @GatewayCustomerId,
[GatewaySubscriptionId] = @GatewaySubscriptionId,
[ReferenceData] = @ReferenceData,
[LicenseKey] = @LicenseKey,
[Kdf] = @Kdf,
[KdfIterations] = @KdfIterations,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate,
[ApiKey] = @ApiKey
WHERE
[Id] = @Id
END
GO
-- Refresh dbo.UserView so it has access to ApiKey
IF OBJECT_ID('[dbo].[UserView]') IS NOT NULL
BEGIN
DROP VIEW [dbo].[UserView]
END
GO
CREATE VIEW [dbo].[UserView]
AS
SELECT
*
FROM
[dbo].[User]
GO
Write Preview
Loading…
Cancel
Save