GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Handle name == null in Emergency Access (#1100)

pull/1102/head
Oscar Hinton 5 years ago committed by GitHub
parent
001bbf2f2b
commit
48d14e8521
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/Api/Controllers/EmergencyAccessController.cs
  2. 4
      src/Core/Services/IEmergencyAccessService.cs
  3. 23
      src/Core/Services/Implementations/EmergencyAccessService.cs

4
src/Api/Controllers/EmergencyAccessController.cs
Unescape View File

@ -87,14 +87,14 @@ namespace Bit.Api.Controllers @@ -87,14 +87,14 @@ namespace Bit.Api.Controllers
public async Task Invite([FromBody] EmergencyAccessInviteRequestModel model)
{
var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.InviteAsync(user, user.Name, model.Email, model.Type.Value, model.WaitTimeDays);
await _emergencyAccessService.InviteAsync(user, model.Email, model.Type.Value, model.WaitTimeDays);
}
[HttpPost("{id}/reinvite")]
public async Task Reinvite(string id)
{
var user = await _userService.GetUserByPrincipalAsync(User);
await _emergencyAccessService.ResendInviteAsync(user.Id, new Guid(id), user.Name);
await _emergencyAccessService.ResendInviteAsync(user, new Guid(id));
}
[HttpPost("{id}/accept")]

4
src/Core/Services/IEmergencyAccessService.cs
Unescape View File

@ -9,8 +9,8 @@ namespace Bit.Core.Services @@ -9,8 +9,8 @@ namespace Bit.Core.Services
{
public interface IEmergencyAccessService
{
Task<EmergencyAccess> InviteAsync(User invitingUser, string invitingUsersName, string email, EmergencyAccessType type, int waitTime);
Task ResendInviteAsync(Guid invitingUserId, Guid emergencyAccessId, string invitingUsersName);
Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime);
Task ResendInviteAsync(User invitingUser, Guid emergencyAccessId);
Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService);
Task DeleteAsync(Guid emergencyAccessId, Guid grantorId);
Task<EmergencyAccess> ConfirmUserAsync(Guid emergencyAccessId, string key, Guid grantorId);

23
src/Core/Services/Implementations/EmergencyAccessService.cs
Unescape View File

@ -45,7 +45,7 @@ namespace Bit.Core.Services @@ -45,7 +45,7 @@ namespace Bit.Core.Services
_globalSettings = globalSettings;
}
public async Task<EmergencyAccess> InviteAsync(User invitingUser, string invitingUsersName, string email, EmergencyAccessType type, int waitTime)
public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime)
{
if (! await _userService.CanAccessPremium(invitingUser))
{
@ -64,7 +64,7 @@ namespace Bit.Core.Services @@ -64,7 +64,7 @@ namespace Bit.Core.Services
};
await _emergencyAccessRepository.CreateAsync(emergencyAccess);
await SendInviteAsync(emergencyAccess, invitingUsersName);
await SendInviteAsync(emergencyAccess, NameOrEmail(invitingUser));
return emergencyAccess;
}
@ -80,16 +80,16 @@ namespace Bit.Core.Services @@ -80,16 +80,16 @@ namespace Bit.Core.Services
return emergencyAccess;
}
public async Task ResendInviteAsync(Guid invitingUserId, Guid emergencyAccessId, string invitingUsersName)
public async Task ResendInviteAsync(User invitingUser, Guid emergencyAccessId)
{
var emergencyAccess = await _emergencyAccessRepository.GetByIdAsync(emergencyAccessId);
if (emergencyAccess == null || emergencyAccess.GrantorId != invitingUserId ||
if (emergencyAccess == null || emergencyAccess.GrantorId != invitingUser.Id ||
emergencyAccess.Status != EmergencyAccessStatusType.Invited)
{
throw new BadRequestException("Emergency Access not valid.");
}
await SendInviteAsync(emergencyAccess, invitingUsersName);
await SendInviteAsync(emergencyAccess, NameOrEmail(invitingUser));
}
public async Task<EmergencyAccess> AcceptUserAsync(Guid emergencyAccessId, User user, string token, IUserService userService)
@ -157,7 +157,7 @@ namespace Bit.Core.Services @@ -157,7 +157,7 @@ namespace Bit.Core.Services
emergencyAccess.KeyEncrypted = key;
emergencyAccess.Email = null;
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
await _mailService.SendEmergencyAccessConfirmedEmailAsync(grantor.Name, grantee.Email);
await _mailService.SendEmergencyAccessConfirmedEmailAsync(NameOrEmail(grantor), grantee.Email);
return emergencyAccess;
}
@ -191,7 +191,7 @@ namespace Bit.Core.Services @@ -191,7 +191,7 @@ namespace Bit.Core.Services
var grantor = await _userRepository.GetByIdAsync(emergencyAccess.GrantorId);
await _mailService.SendEmergencyAccessRecoveryInitiated(emergencyAccess, initiatingUser.Name, grantor.Email);
await _mailService.SendEmergencyAccessRecoveryInitiated(emergencyAccess, NameOrEmail(initiatingUser), grantor.Email);
}
public async Task ApproveAsync(Guid id, User approvingUser)
@ -208,7 +208,7 @@ namespace Bit.Core.Services @@ -208,7 +208,7 @@ namespace Bit.Core.Services
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value);
await _mailService.SendEmergencyAccessRecoveryApproved(emergencyAccess, approvingUser.Name, grantee.Email);
await _mailService.SendEmergencyAccessRecoveryApproved(emergencyAccess, NameOrEmail(approvingUser), grantee.Email);
}
public async Task RejectAsync(Guid id, User rejectingUser)
@ -226,7 +226,7 @@ namespace Bit.Core.Services @@ -226,7 +226,7 @@ namespace Bit.Core.Services
await _emergencyAccessRepository.ReplaceAsync(emergencyAccess);
var grantee = await _userRepository.GetByIdAsync(emergencyAccess.GranteeId.Value);
await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, rejectingUser.Name, grantee.Email);
await _mailService.SendEmergencyAccessRecoveryRejected(emergencyAccess, NameOrEmail(rejectingUser), grantee.Email);
}
public async Task<(EmergencyAccess, User)> TakeoverAsync(Guid id, User requestingUser)
@ -313,5 +313,10 @@ namespace Bit.Core.Services @@ -313,5 +313,10 @@ namespace Bit.Core.Services
var token = _dataProtector.Protect($"EmergencyAccessInvite {emergencyAccess.Id} {emergencyAccess.Email} {nowMillis}");
await _mailService.SendEmergencyAccessInviteEmailAsync(emergencyAccess, invitingUsersName, token);
}
private string NameOrEmail(User user)
{
return string.IsNullOrWhiteSpace(user.Name) ? user.Email : user.Name;
}
}
}

Write Preview
Loading…
Cancel
Save