bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-08 11:33:26 +00:00
Code Issues Releases Wiki Activity

[AC-1139] Modified authorization handlers to not fail in case the resource is null

Browse Source
This commit is contained in:
Rui Tome
2023-11-02 14:00:02 +00:00
parent f82508f41a
commit 5a05eb36a0
7 changed files with 215 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Api/Vault/AuthorizationHandlers/Collections/BulkCollectionAuthorizationHandler.cs
View File

@@ -41,8 +41,15 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
}
// Acting user is not authenticated, fail
if (!_currentContext.UserId.HasValue)
{
context.Fail();
return;
}
// Establish pattern of authorization handler null checking passed resources
if (resources == null || !resources.Any() || !_currentContext.UserId.HasValue)
if (resources == null || !resources.Any())
{
return;
}

9
src/Api/Vault/AuthorizationHandlers/Collections/CollectionAuthorizationHandler.cs
View File

@@ -35,7 +35,14 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
}
if (!_currentContext.UserId.HasValue || requirement.OrganizationId == default)
// Acting user is not authenticated, fail
if (!_currentContext.UserId.HasValue)
{
context.Fail();
return;
}
if (requirement.OrganizationId == default)
{
return;
}

12
src/Api/Vault/AuthorizationHandlers/Groups/GroupAuthorizationHandler.cs
View File

@@ -35,20 +35,19 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
}
// Acting user is not authenticated, fail
if (!_currentContext.UserId.HasValue)
{
context.Fail();
return;
}
var targetOrganizationId = requirement.OrganizationId;
if (targetOrganizationId == default)
if (requirement.OrganizationId == default)
{
context.Fail();
return;
}
var org = _currentContext.GetOrganization(targetOrganizationId);
var org = _currentContext.GetOrganization(requirement.OrganizationId);
switch (requirement)
{
@@ -72,7 +71,6 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
org.Permissions.AccessImportExport)
{
context.Succeed(requirement);
return;
}
}
else
@@ -81,11 +79,7 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId))
{
context.Succeed(requirement);
return;
}
}
// Acting user is neither a member of the target organization or a provider user, fail
context.Fail();
}
}

11
src/Api/Vault/AuthorizationHandlers/OrganizationUsers/OrganizationUserAuthorizationHandler.cs
View File

@@ -41,14 +41,12 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
return;
}
var targetOrganizationId = requirement.OrganizationId;
if (targetOrganizationId == default)
if (requirement.OrganizationId == default)
{
context.Fail();
return;
}
var org = _currentContext.GetOrganization(targetOrganizationId);
var org = _currentContext.GetOrganization(requirement.OrganizationId);
switch (requirement)
{
@@ -71,7 +69,6 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
org.Permissions.DeleteAnyCollection)
{
context.Succeed(requirement);
return;
}
}
else
@@ -80,11 +77,7 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId))
{
context.Succeed(requirement);
return;
}
}
// Acting user is neither a member of the target organization or a provider user, fail
context.Fail();
}
}