mirror of
https://github.com/bitwarden/server.git
synced 2026-01-16 23:01:09 +00:00
3cad054af1
* Adding new logging for secrets * fixing secrest controller tests * fixing the tests * Server side changes for adding ProjectId to Event table, adding Project event logging to projectsController * Rough draft with TODO's need to work on EventRepository.cs, and ProjectRepository.cs * Undoing changes to make projects soft delete, we want those to be fully deleted still. Adding GetManyTrashedSecretsByIds to secret repo so we can get soft deleted secrets, getSecrets in eventsController takes in orgdId, so that we can check the permission even if the secret was permanently deleted and doesn' thave the org Id set. Adding Secret Perm Deleted, and Restored to event logs * db changes * fixing the way we log events * Trying to undo some manual changes that should have been migrations * adding migration files * fixing test * setting up userid for project controller tests * adding sql * sql * Rename file * Trying to get it to for sure add the column before we try and update sprocs * Adding code to refresh the view to include ProjectId I hope * code improvements * Suggested changes * suggested changes * trying to fix sql issues * fixing swagger issue * Update src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> * Suggested changes --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
113 lines
4 KiB
C#
113 lines
4 KiB
C#
using Bit.Api.SecretsManager.Models.Response;
|
|
using Bit.Core.Context;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Exceptions;
|
|
using Bit.Core.Identity;
|
|
using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
|
|
using Bit.Core.SecretsManager.Entities;
|
|
using Bit.Core.SecretsManager.Repositories;
|
|
using Bit.Core.Services;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace Bit.Api.SecretsManager.Controllers;
|
|
|
|
[Authorize("secrets")]
|
|
public class TrashController : Controller
|
|
{
|
|
private readonly ICurrentContext _currentContext;
|
|
private readonly ISecretRepository _secretRepository;
|
|
private readonly IEmptyTrashCommand _emptyTrashCommand;
|
|
private readonly IRestoreTrashCommand _restoreTrashCommand;
|
|
private readonly IUserService _userService;
|
|
private readonly IEventService _eventService;
|
|
|
|
public TrashController(
|
|
ICurrentContext currentContext,
|
|
ISecretRepository secretRepository,
|
|
IEmptyTrashCommand emptyTrashCommand,
|
|
IRestoreTrashCommand restoreTrashCommand,
|
|
IUserService userService,
|
|
IEventService eventService)
|
|
{
|
|
_currentContext = currentContext;
|
|
_secretRepository = secretRepository;
|
|
_emptyTrashCommand = emptyTrashCommand;
|
|
_restoreTrashCommand = restoreTrashCommand;
|
|
_userService = userService;
|
|
_eventService = eventService;
|
|
}
|
|
|
|
[HttpGet("secrets/{organizationId}/trash")]
|
|
public async Task<SecretWithProjectsListResponseModel> ListByOrganizationAsync(Guid organizationId)
|
|
{
|
|
if (!_currentContext.AccessSecretsManager(organizationId))
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
if (!await _currentContext.OrganizationAdmin(organizationId))
|
|
{
|
|
throw new UnauthorizedAccessException();
|
|
}
|
|
|
|
var secrets = await _secretRepository.GetManyDetailsByOrganizationIdInTrashAsync(organizationId);
|
|
return new SecretWithProjectsListResponseModel(secrets);
|
|
}
|
|
|
|
[HttpPost("secrets/{organizationId}/trash/empty")]
|
|
public async Task EmptyTrashAsync(Guid organizationId, [FromBody] List<Guid> ids)
|
|
{
|
|
if (!_currentContext.AccessSecretsManager(organizationId))
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
if (!await _currentContext.OrganizationAdmin(organizationId))
|
|
{
|
|
throw new UnauthorizedAccessException();
|
|
}
|
|
|
|
var deletedSecrets = await _secretRepository.GetManyTrashedSecretsByIds(ids);
|
|
await _emptyTrashCommand.EmptyTrash(organizationId, ids);
|
|
await LogSecretsTrashEventAsync(deletedSecrets, EventType.Secret_Permanently_Deleted);
|
|
}
|
|
|
|
[HttpPost("secrets/{organizationId}/trash/restore")]
|
|
public async Task RestoreTrashAsync(Guid organizationId, [FromBody] List<Guid> ids)
|
|
{
|
|
if (!_currentContext.AccessSecretsManager(organizationId))
|
|
{
|
|
throw new NotFoundException();
|
|
}
|
|
|
|
if (!await _currentContext.OrganizationAdmin(organizationId))
|
|
{
|
|
throw new UnauthorizedAccessException();
|
|
}
|
|
|
|
await _restoreTrashCommand.RestoreTrash(organizationId, ids);
|
|
await LogSecretsTrashEventAsync(ids, EventType.Secret_Restored);
|
|
}
|
|
|
|
private async Task LogSecretsTrashEventAsync(IEnumerable<Guid> secretIds, EventType eventType)
|
|
{
|
|
var secrets = await _secretRepository.GetManyByIds(secretIds);
|
|
await LogSecretsTrashEventAsync(secrets, eventType);
|
|
}
|
|
|
|
private async Task LogSecretsTrashEventAsync(IEnumerable<Secret> secrets, EventType eventType)
|
|
{
|
|
var userId = _userService.GetProperUserId(User)!.Value;
|
|
|
|
switch (_currentContext.IdentityClientType)
|
|
{
|
|
case IdentityClientType.ServiceAccount:
|
|
await _eventService.LogServiceAccountSecretsEventAsync(userId, secrets, eventType);
|
|
break;
|
|
case IdentityClientType.User:
|
|
await _eventService.LogUserSecretsEventAsync(userId, secrets, eventType);
|
|
break;
|
|
}
|
|
}
|
|
}
|