[PM-30920] Server changes to encrypt send access email list (#6867)

* models, entity, and stored procs updated to work with EmailHashes with migrations * configure data protection for EmailHashes * update SendAuthenticationQuery to use EmailHashes and perform validation * respond to Claude's comments and update tests * fix send.sql alignment Co-authored-by: mkincaid-bw <mkincaid@bitwarden.com> --------- Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com> Co-authored-by: mkincaid-bw <mkincaid@bitwarden.com>
2026-02-13 15:04:03 +00:00 · 2026-01-28 07:13:25 -07:00
parent 2c39e336e0
commit fa06fe41ab
22 changed files with 11125 additions and 260 deletions
--- a/src/Api/Tools/Controllers/SendsController.cs
+++ b/src/Api/Tools/Controllers/SendsController.cs
@@ -239,12 +239,6 @@ public class SendsController : Controller
        {
            throw new BadRequestException("Could not locate send");
        }
-        if (send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
-            send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow || send.Disabled ||
-            send.DeletionDate < DateTime.UtcNow)
-        {
-            throw new NotFoundException();
-        }

        var sendResponse = new SendAccessResponseModel(send);
        if (send.UserId.HasValue && !send.HideEmail.GetValueOrDefault())
@@ -272,12 +266,6 @@ public class SendsController : Controller
        {
            throw new BadRequestException("Could not locate send");
        }
-        if (send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
-            send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow || send.Disabled ||
-            send.DeletionDate < DateTime.UtcNow)
-        {
-            throw new NotFoundException();
-        }

        var url = await _sendFileStorageService.GetSendFileDownloadUrlAsync(send, fileId);

--- a/src/Api/Tools/Models/Request/SendRequestModel.cs
+++ b/src/Api/Tools/Models/Request/SendRequestModel.cs
@@ -102,9 +102,17 @@ public class SendRequestModel
    /// Comma-separated list of emails that may access the send using OTP
    /// authentication. Mutually exclusive with <see cref="Password"/>.
    /// </summary>
-    [StringLength(4000)]
+    [EncryptedString]
+    [EncryptedStringLength(4000)]
    public string Emails { get; set; }

+    /// <summary>
+    /// Comma-separated list of email **hashes**  that may access the send using OTP
+    /// authentication. Mutually exclusive with <see cref="Password"/>.
+    /// </summary>
+    [StringLength(4000)]
+    public string EmailHashes { get; set; }
+
    /// <summary>
    /// When <see langword="true"/>, send access is disabled.
    /// Defaults to <see langword="false"/>.
@@ -253,6 +261,7 @@ public class SendRequestModel
            // normalize encoding
            var emails = Emails.Split(',', RemoveEmptyEntries | TrimEntries);
            existingSend.Emails = string.Join(",", emails);
+            existingSend.EmailHashes = EmailHashes;
            existingSend.Password = null;
            existingSend.AuthType = Core.Tools.Enums.AuthType.Email;
        }