bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-12 05:24:15 +00:00
Code Issues Releases Wiki Activity
Files
728cd1c0b5eff982351cab7bab32a38caa66ef71
server/src/Infrastructure.Dapper/Repositories/OrganizationDomainRepository.cs
Rui Tomé 21219262a2 [PM-3779] idor allow the attacker to delete the victim domain (#3308) 
* [PM-3779] Added IOrganizationDomainRepository.GetDomainByIdAndOrganizationIdAsync and SQL stored procedure

* [PM-3779] Changed GetOrganizationDomainByIdQuery to also take OrgId as a parameter. Updated existing unit tests and added new. Updated controller to match command changes

* [PM-3779] Removed type from url routes

* [PM-3779] Renamed IGetOrganizationDomainByIdAndOrganizationIdQuery to IGetOrganizationDomainByIdOrganizationIdQuery

* [PM-3779] Renamed GetOrganizationDomainByIdOrganizationIdQueryTests file and added more tests
2023-10-18 11:57:59 +01:00

125 lines
4.6 KiB
C#
Raw Blame History

using System.Data;
using Bit.Core.Entities;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Repositories;
using Bit.Core.Settings;
using Dapper;
using Microsoft.Data.SqlClient;
namespace Bit.Infrastructure.Dapper.Repositories;
public class OrganizationDomainRepository : Repository<OrganizationDomain, Guid>, IOrganizationDomainRepository
{
public OrganizationDomainRepository(GlobalSettings globalSettings)
: this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
{ }
public OrganizationDomainRepository(string connectionString, string readOnlyConnectionString)
: base(connectionString, readOnlyConnectionString)
{ }
public async Task<ICollection<OrganizationDomain>> GetClaimedDomainsByDomainNameAsync(string domainName)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<OrganizationDomain>(
$"[{Schema}].[OrganizationDomain_ReadByClaimedDomain]",
new { DomainName = domainName },
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<ICollection<OrganizationDomain>> GetDomainsByOrganizationIdAsync(Guid orgId)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<OrganizationDomain>(
$"[{Schema}].[OrganizationDomain_ReadByOrganizationId]",
new { OrganizationId = orgId },
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<ICollection<OrganizationDomain>> GetManyByNextRunDateAsync(DateTime date)
{
using var connection = new SqlConnection(ConnectionString);
var results = await connection.QueryAsync<OrganizationDomain>(
$"[{Schema}].[OrganizationDomain_ReadByNextRunDate]",
new { Date = date }, commandType: CommandType.StoredProcedure
);
return results.ToList();
}
public async Task<OrganizationDomainSsoDetailsData> GetOrganizationDomainSsoDetailsAsync(string email)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection
.QueryAsync<OrganizationDomainSsoDetailsData>(
$"[{Schema}].[OrganizationDomainSsoDetails_ReadByEmail]",
new { Email = email },
commandType: CommandType.StoredProcedure);
return results.SingleOrDefault();
}
}
public async Task<OrganizationDomain> GetDomainByIdOrganizationIdAsync(Guid id, Guid orgId)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection
.QueryAsync<OrganizationDomain>(
$"[{Schema}].[OrganizationDomain_ReadByIdOrganizationId]",
new { Id = id, OrganizationId = orgId },
commandType: CommandType.StoredProcedure);
return results.SingleOrDefault();
}
}
public async Task<OrganizationDomain> GetDomainByOrgIdAndDomainNameAsync(Guid orgId, string domainName)
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection
.QueryAsync<OrganizationDomain>(
$"[{Schema}].[OrganizationDomain_ReadDomainByOrgIdAndDomainName]",
new { OrganizationId = orgId, DomainName = domainName },
commandType: CommandType.StoredProcedure);
return results.SingleOrDefault();
}
}
public async Task<ICollection<OrganizationDomain>> GetExpiredOrganizationDomainsAsync()
{
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection
.QueryAsync<OrganizationDomain>(
$"[{Schema}].[OrganizationDomain_ReadIfExpired]",
null,
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<bool> DeleteExpiredAsync(int expirationPeriod)
{
using (var connection = new SqlConnection(ConnectionString))
{
return await connection.ExecuteAsync(
$"[{Schema}].[OrganizationDomain_DeleteIfExpired]",
new { ExpirationPeriod = expirationPeriod },
commandType: CommandType.StoredProcedure) > 0;
}
}
}
Reference in New Issue View Git Blame Copy Permalink