[PM-20348] Add pending auth request endpoint (#5957)

* Feat(pm-20348): * Add migration scripts for Read Pending Auth Requests by UserId stored procedure and new `view` for pending AuthRequest. * View only returns the most recent pending authRequest, or none at all if the most recent is answered. * Implement stored procedure in AuthRequestRepository for both Dapper and Entity Framework. * Update AuthRequestController to query the new View to get a user's most recent pending auth requests response includes the requesting deviceId. * Doc: * Move summary xml comments to interface. * Added comments for the AuthRequestService. * Test: * Added testing for AuthRequestsController. * Added testing for repositories. * Added integration tests for multiple auth requests but only returning the most recent.
2025-12-13 23:03:36 +00:00 · 2025-06-30 13:17:51 -04:00
parent 899ff1b660
commit 20bf1455cf
14 changed files with 752 additions and 50 deletions
--- a/src/Api/Auth/Controllers/AuthRequestsController.cs
+++ b/src/Api/Auth/Controllers/AuthRequestsController.cs
@@ -1,5 +1,6 @@
 using Bit.Api.Auth.Models.Response;
 using Bit.Api.Models.Response;
+using Bit.Core;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Api.Request.AuthRequest;
 using Bit.Core.Auth.Services;
@@ -7,6 +8,7 @@ using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
+using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

@@ -14,31 +16,23 @@ namespace Bit.Api.Auth.Controllers;

 [Route("auth-requests")]
 [Authorize("Application")]
-public class AuthRequestsController : Controller
+public class AuthRequestsController(
+    IUserService userService,
+    IAuthRequestRepository authRequestRepository,
+    IGlobalSettings globalSettings,
+    IAuthRequestService authRequestService) : Controller
 {
-    private readonly IUserService _userService;
-    private readonly IAuthRequestRepository _authRequestRepository;
-    private readonly IGlobalSettings _globalSettings;
-    private readonly IAuthRequestService _authRequestService;
-
-    public AuthRequestsController(
-        IUserService userService,
-        IAuthRequestRepository authRequestRepository,
-        IGlobalSettings globalSettings,
-        IAuthRequestService authRequestService)
-    {
-        _userService = userService;
-        _authRequestRepository = authRequestRepository;
-        _globalSettings = globalSettings;
-        _authRequestService = authRequestService;
-    }
+    private readonly IUserService _userService = userService;
+    private readonly IAuthRequestRepository _authRequestRepository = authRequestRepository;
+    private readonly IGlobalSettings _globalSettings = globalSettings;
+    private readonly IAuthRequestService _authRequestService = authRequestService;

    [HttpGet("")]
    public async Task<ListResponseModel<AuthRequestResponseModel>> Get()
    {
        var userId = _userService.GetProperUserId(User).Value;
        var authRequests = await _authRequestRepository.GetManyByUserIdAsync(userId);
-        var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.BaseServiceUri.Vault)).ToList();
+        var responses = authRequests.Select(a => new AuthRequestResponseModel(a, _globalSettings.BaseServiceUri.Vault));
        return new ListResponseModel<AuthRequestResponseModel>(responses);
    }

@@ -56,6 +50,16 @@ public class AuthRequestsController : Controller
        return new AuthRequestResponseModel(authRequest, _globalSettings.BaseServiceUri.Vault);
    }

+    [HttpGet("pending")]
+    [RequireFeature(FeatureFlagKeys.BrowserExtensionLoginApproval)]
+    public async Task<ListResponseModel<PendingAuthRequestResponseModel>> GetPendingAuthRequestsAsync()
+    {
+        var userId = _userService.GetProperUserId(User).Value;
+        var rawResponse = await _authRequestRepository.GetManyPendingAuthRequestByUserId(userId);
+        var responses = rawResponse.Select(a => new PendingAuthRequestResponseModel(a, _globalSettings.BaseServiceUri.Vault));
+        return new ListResponseModel<PendingAuthRequestResponseModel>(responses);
+    }
+
    [HttpGet("{id}/response")]
    [AllowAnonymous]
    public async Task<AuthRequestResponseModel> GetResponse(Guid id, [FromQuery] string code)