[SG-763] Store the fact that a Passwordless request was denied in the AuthRequest table (#2363)

* Added migrations for sqlserver and mysql * Added migrations for postgres * renamed mysql migration script to make naming uniform * introduced approved field to the update auth request controller;This change would keep track of denied passwordless requests * Recreated the authRequestView, introduced the approved field to the create procedure and updated the response model * Formatted code * fixed incorrect syntax in the AuthRequest_Create.sql SP
3 years ago · 351f62866b
15 changed files with 3591 additions and 12 deletions
--- a/src/Api/Controllers/AuthRequestsController.cs
+++ b/src/Api/Controllers/AuthRequestsController.cs
@ -131,15 +131,13 @@ public class AuthRequestsController : Controller
				@@ -131,15 +131,13 @@ public class AuthRequestsController : Controller
            throw new BadRequestException("Invalid device.");
        }

-        if (model.RequestApproved)
-        {
-            authRequest.Key = model.Key;
-            authRequest.MasterPasswordHash = model.MasterPasswordHash;
-            authRequest.ResponseDeviceId = device.Id;
-            authRequest.ResponseDate = DateTime.UtcNow;
-            await _authRequestRepository.ReplaceAsync(authRequest);
-            await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);
-        }
+        authRequest.Key = model.Key;
+        authRequest.MasterPasswordHash = model.MasterPasswordHash;
+        authRequest.ResponseDeviceId = device.Id;
+        authRequest.ResponseDate = DateTime.UtcNow;
+        authRequest.Approved = model.RequestApproved;
+        await _authRequestRepository.ReplaceAsync(authRequest);
+        await _pushNotificationService.PushAuthRequestResponseAsync(authRequest);

        return new AuthRequestResponseModel(authRequest, _globalSettings.BaseServiceUri.Vault);
    }
--- a/src/Api/Models/Response/AuthRequestResponseModel.cs
+++ b/src/Api/Models/Response/AuthRequestResponseModel.cs
@ -1,7 +1,6 @@
				@@ -1,7 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 using System.Reflection;
 using Bit.Core.Entities;
-using Bit.Core.Enums;
 using Bit.Core.Models.Api;

 namespace Bit.Api.Models.Response;
@ -25,8 +24,7 @@ public class AuthRequestResponseModel : ResponseModel
				@@ -25,8 +24,7 @@ public class AuthRequestResponseModel : ResponseModel
        Key = authRequest.Key;
        MasterPasswordHash = authRequest.MasterPasswordHash;
        CreationDate = authRequest.CreationDate;
-        RequestApproved = !string.IsNullOrWhiteSpace(Key) &&
-            (authRequest.Type == AuthRequestType.Unlock || !string.IsNullOrWhiteSpace(MasterPasswordHash));
+        RequestApproved = authRequest.Approved ?? false;
        Origin = new Uri(vaultUri).Host;
    }

--- a/src/Core/Entities/AuthRequest.cs
+++ b/src/Core/Entities/AuthRequest.cs
@ -20,6 +20,7 @@ public class AuthRequest : ITableObject<Guid>
				@@ -20,6 +20,7 @@ public class AuthRequest : ITableObject<Guid>
    public string PublicKey { get; set; }
    public string Key { get; set; }
    public string MasterPasswordHash { get; set; }
+    public bool? Approved { get; set; }
    public DateTime CreationDate { get; set; } = DateTime.UtcNow;
    public DateTime? ResponseDate { get; set; }
    public DateTime? AuthenticationDate { get; set; }
--- a/Procedures/AuthRequest_Create.sql
+++ b/Procedures/AuthRequest_Create.sql
@ -11,6 +11,7 @@
				@@ -11,6 +11,7 @@
    @PublicKey VARCHAR(MAX),
    @Key VARCHAR(MAX),
    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
    @CreationDate DATETIME2(7),
    @ResponseDate DATETIME2(7),
    @AuthenticationDate DATETIME2(7)
@ -32,6 +33,7 @@ BEGIN
				@@ -32,6 +33,7 @@ BEGIN
        [PublicKey],
        [Key],
        [MasterPasswordHash],
+        [Approved],
        [CreationDate],
        [ResponseDate],
        [AuthenticationDate]
@ -50,6 +52,7 @@ BEGIN
				@@ -50,6 +52,7 @@ BEGIN
        @PublicKey,
        @Key,
        @MasterPasswordHash,
+        @Approved,
        @CreationDate,
        @ResponseDate,
        @AuthenticationDate
--- a/Procedures/AuthRequest_Update.sql
+++ b/Procedures/AuthRequest_Update.sql
@ -11,6 +11,7 @@
				@@ -11,6 +11,7 @@
    @PublicKey VARCHAR(MAX),
    @Key VARCHAR(MAX),
    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
    @CreationDate DATETIME2 (7),
    @ResponseDate DATETIME2 (7),
    @AuthenticationDate DATETIME2 (7)    
@ -32,6 +33,7 @@ BEGIN
				@@ -32,6 +33,7 @@ BEGIN
        [PublicKey] = @PublicKey,
        [Key] = @Key,
        [MasterPasswordHash] = @MasterPasswordHash,
+        [Approved] = @Approved,
        [CreationDate] = @CreationDate,
        [ResponseDate] = @ResponseDate,
        [AuthenticationDate] = @AuthenticationDate
--- a/src/Sql/dbo/Tables/AuthRequest.sql
+++ b/src/Sql/dbo/Tables/AuthRequest.sql
@ -11,6 +11,7 @@
				@@ -11,6 +11,7 @@
    [PublicKey]                 VARCHAR(MAX)     NOT NULL,
    [Key]                       VARCHAR(MAX)     NULL,
    [MasterPasswordHash]        VARCHAR(MAX)     NULL,
+    [Approved]                  BIT              NULL,
    [CreationDate]              DATETIME2 (7)    NOT NULL,
    [ResponseDate]              DATETIME2 (7)    NULL,
    [AuthenticationDate]        DATETIME2 (7)    NULL,
--- a/util/Migrator/DbScripts/2022-10-24_00_AuthRequestAddApprovedColumn.sql
+++ b/util/Migrator/DbScripts/2022-10-24_00_AuthRequestAddApprovedColumn.sql
@ -0,0 +1,145 @@
				@@ -0,0 +1,145 @@
+--Add Column
+IF COL_LENGTH('[dbo].[AuthRequest]', 'Approved') IS NULL
+    BEGIN
+        ALTER TABLE
+            [dbo].[AuthRequest]
+        ADD
+            [Approved] BIT NULL
+    END
+GO
+
+-- Drop and recreate view
+IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'AuthRequestView')
+    BEGIN
+        DROP VIEW [dbo].[AuthRequestView]
+    END
+GO
+
+CREATE VIEW [dbo].[AuthRequestView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[AuthRequest]
+GO
+
+--Drop existing SPROC
+IF OBJECT_ID('[dbo].[AuthRequest_Update]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[AuthRequest_Update]
+    END
+GO
+
+--Create SPROC with new column
+CREATE PROCEDURE [dbo].[AuthRequest_Update]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @Type SMALLINT, 
+    @RequestDeviceIdentifier NVARCHAR(50),
+    @RequestDeviceType SMALLINT,
+    @RequestIpAddress VARCHAR(50),
+    @RequestFingerprint VARCHAR(MAX),
+    @ResponseDeviceId UNIQUEIDENTIFIER,
+    @AccessCode VARCHAR(25),
+    @PublicKey VARCHAR(MAX),
+    @Key VARCHAR(MAX),
+    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
+    @CreationDate DATETIME2 (7),
+    @ResponseDate DATETIME2 (7),
+    @AuthenticationDate DATETIME2 (7)    
+AS
+BEGIN
+    SET NOCOUNT ON
+
+UPDATE
+    [dbo].[AuthRequest]
+SET
+    [UserId] = @UserId,
+    [Type] = @Type,
+    [RequestDeviceIdentifier] = @RequestDeviceIdentifier,
+    [RequestDeviceType] = @RequestDeviceType,
+    [RequestIpAddress] = @RequestIpAddress,
+    [RequestFingerprint] = @RequestFingerprint,
+    [ResponseDeviceId] = @ResponseDeviceId,
+    [AccessCode] = @AccessCode,
+    [PublicKey] = @PublicKey,
+    [Key] = @Key,
+    [MasterPasswordHash] = @MasterPasswordHash,
+    [Approved] = @Approved,
+    [CreationDate] = @CreationDate,
+    [ResponseDate] = @ResponseDate,
+    [AuthenticationDate] = @AuthenticationDate
+WHERE
+    [Id] = @Id
+END
+GO
+
+--Drop existing SPROC
+IF OBJECT_ID('[dbo].[AuthRequest_Create]') IS NOT NULL
+BEGIN
+        DROP PROCEDURE [dbo].[AuthRequest_Create]
+END
+GO
+
+--Create SPROC with new column
+CREATE PROCEDURE [dbo].[AuthRequest_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @Type TINYINT,
+    @RequestDeviceIdentifier NVARCHAR(50),
+    @RequestDeviceType TINYINT,
+    @RequestIpAddress VARCHAR(50),
+    @RequestFingerprint VARCHAR(MAX),
+    @ResponseDeviceId UNIQUEIDENTIFIER,
+    @AccessCode VARCHAR(25),
+    @PublicKey VARCHAR(MAX),
+    @Key VARCHAR(MAX),
+    @MasterPasswordHash VARCHAR(MAX),
+    @Approved BIT,
+    @CreationDate DATETIME2(7),
+    @ResponseDate DATETIME2(7),
+    @AuthenticationDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[AuthRequest]
+    (
+        [Id],
+        [UserId],
+        [Type],
+        [RequestDeviceIdentifier],
+        [RequestDeviceType],
+        [RequestIpAddress],
+        [RequestFingerprint],
+        [ResponseDeviceId],
+        [AccessCode],
+        [PublicKey],
+        [Key],
+        [MasterPasswordHash],
+        [Approved],
+        [CreationDate],
+        [ResponseDate],
+        [AuthenticationDate]
+    )
+    VALUES
+    (
+        @Id,
+        @UserId,
+        @Type,
+        @RequestDeviceIdentifier,
+        @RequestDeviceType,
+        @RequestIpAddress,
+        @RequestFingerprint,
+        @ResponseDeviceId,
+        @AccessCode,
+        @PublicKey,
+        @Key,
+        @MasterPasswordHash,
+        @Approved,
+        @CreationDate,
+        @ResponseDate,
+        @AuthenticationDate
+    )
+END
--- a/util/MySqlMigrations/Migrations/20221024210500_PasswordlessAuthRequestAddApprovedColumn.Designer.cs
+++ b/util/MySqlMigrations/Migrations/20221024210500_PasswordlessAuthRequestAddApprovedColumn.Designer.cs
--- a/util/MySqlMigrations/Migrations/20221024210500_PasswordlessAuthRequestAddApprovedColumn.cs
+++ b/util/MySqlMigrations/Migrations/20221024210500_PasswordlessAuthRequestAddApprovedColumn.cs
@ -0,0 +1,24 @@
				@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.MySqlMigrations.Migrations;
+
+public partial class PasswordlessAuthRequestAddApprovedColumn : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "Approved",
+            table: "AuthRequest",
+            type: "tinyint(1)",
+            nullable: true);
+    }
+
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropColumn(
+            name: "Approved",
+            table: "AuthRequest");
+    }
+}
--- a/util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
+++ b/util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
@ -28,6 +28,9 @@ namespace Bit.MySqlMigrations.Migrations
				@@ -28,6 +28,9 @@ namespace Bit.MySqlMigrations.Migrations
                        .HasMaxLength(25)
                        .HasColumnType("varchar(25)");

+                    b.Property<bool?>("Approved")
+                        .HasColumnType("tinyint(1)");
+
                    b.Property<DateTime?>("AuthenticationDate")
                        .HasColumnType("datetime(6)");

--- a/util/MySqlMigrations/Scripts/2022-10-24_00_PasswordlessAuthRequestAddApprovedColumn.sql
+++ b/util/MySqlMigrations/Scripts/2022-10-24_00_PasswordlessAuthRequestAddApprovedColumn.sql
@ -0,0 +1,8 @@
				@@ -0,0 +1,8 @@
+START TRANSACTION;
+
+ALTER TABLE `AuthRequest` ADD `Approved` tinyint(1) NULL;
+
+INSERT INTO `__EFMigrationsHistory` (`MigrationId`, `ProductVersion`)
+VALUES ('20221024210500_PasswordlessAuthRequestAddApprovedColumn', '6.0.4');
+
+COMMIT;
--- a/util/PostgresMigrations/Migrations/20221025033204_PasswordlessAuthRequestAddApprovedColumn.Designer.cs
+++ b/util/PostgresMigrations/Migrations/20221025033204_PasswordlessAuthRequestAddApprovedColumn.Designer.cs
--- a/util/PostgresMigrations/Migrations/20221025033204_PasswordlessAuthRequestAddApprovedColumn.cs
+++ b/util/PostgresMigrations/Migrations/20221025033204_PasswordlessAuthRequestAddApprovedColumn.cs
@ -0,0 +1,24 @@
				@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.PostgresMigrations.Migrations;
+
+public partial class PasswordlessAuthRequestAddApprovedColumn : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "Approved",
+            table: "AuthRequest",
+            type: "boolean",
+            nullable: true);
+    }
+
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropColumn(
+            name: "Approved",
+            table: "AuthRequest");
+    }
+}
--- a/util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
+++ b/util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
@ -30,6 +30,9 @@ namespace Bit.PostgresMigrations.Migrations
				@@ -30,6 +30,9 @@ namespace Bit.PostgresMigrations.Migrations

                    b.Property<string>("AccessCode")
                        .HasColumnType("text");
+                    
+                    b.Property<bool?>("Approved")
+                        .HasColumnType("boolean");

                    b.Property<DateTime?>("AuthenticationDate")
                        .HasColumnType("timestamp with time zone");
--- a/util/PostgresMigrations/Scripts/2022-10-24_00_PasswordlessAuthRequestAddApprovedColumn.psql
+++ b/util/PostgresMigrations/Scripts/2022-10-24_00_PasswordlessAuthRequestAddApprovedColumn.psql
@ -0,0 +1,8 @@
				@@ -0,0 +1,8 @@
+START TRANSACTION;
+
+ALTER TABLE "AuthRequest" ADD "Approved" boolean NULL;
+
+INSERT INTO "__EFMigrationsHistory" ("MigrationId", "ProductVersion")
+VALUES ('20221025033204_PasswordlessAuthRequestAddApprovedColumn', '6.0.4');
+
+COMMIT;