server/src/Api/AdminConsole/Authorization/HttpContextExtensions.cs at a890524161ba95e8cd5f20068d021012a3ad0aed · bitwarden/server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
using Bit.Core.AdminConsole.Enums.Provider;
using Bit.Core.AdminConsole.Models.Data.Provider;
using Bit.Core.AdminConsole.Repositories;

namespace Bit.Api.AdminConsole.Authorization;

public static class HttpContextExtensions
{
    public const string NoOrgIdError =
        "A route decorated with with '[Authorize<IOrganizationRequirement>]' must include a route value named 'orgId' or 'organizationId' either through the [Controller] attribute or through a '[Http*]' attribute.";

    public const string NoProviderIdError =
        "A route decorated with '[Authorize<IProviderRequirement>]' must include a route value named 'providerId' either through the [Controller] attribute or through a '[Http*]' attribute.";

    /// <summary>
    /// Returns the result of the callback, caching it in HttpContext.Features for the lifetime of the request.
    /// Subsequent calls will retrieve the cached value.
    /// Results are stored by type and therefore must be of a unique type.
    /// </summary>
    public static async Task<T> WithFeaturesCacheAsync<T>(this HttpContext httpContext, Func<Task<T>> callback)
    {
        var cachedResult = httpContext.Features.Get<T>();
        if (cachedResult != null)
        {
            return cachedResult;
        }

        var result = await callback();
        httpContext.Features.Set(result);

        return result;
    }

    /// <summary>
    /// Returns true if the user is a ProviderUser for a Provider which manages the specified organization, otherwise false.
    /// </summary>
    /// <remarks>
    /// This data is fetched from the database and cached as a HttpContext Feature for the lifetime of the request.
    /// </remarks>
    public static async Task<bool> IsProviderUserForOrgAsync(
        this HttpContext httpContext,
        IProviderUserRepository providerUserRepository,
        Guid userId,
        Guid organizationId)
    {
        var organizations = await httpContext.GetProviderUserOrganizationsAsync(providerUserRepository, userId);
        return organizations.Any(o => o.OrganizationId == organizationId);
    }

    /// <summary>
    /// Returns the ProviderUserOrganizations for a user. These are the organizations the ProviderUser manages via their Provider, if any.
    /// </summary>
    /// <remarks>
    /// This data is fetched from the database and cached as a HttpContext Feature for the lifetime of the request.
    /// </remarks>
    private static async Task<IEnumerable<ProviderUserOrganizationDetails>> GetProviderUserOrganizationsAsync(
        this HttpContext httpContext,
        IProviderUserRepository providerUserRepository,
        Guid userId)
        => await httpContext.WithFeaturesCacheAsync(() =>
            providerUserRepository.GetManyOrganizationDetailsByUserAsync(userId, ProviderUserStatusType.Confirmed));


    /// <summary>
    /// Parses the {orgId} or {organizationId} route parameter into a Guid, or throws if neither are present or are not valid guids.
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    /// <exception cref="InvalidOperationException"></exception>
    public static Guid GetOrganizationId(this HttpContext httpContext)
    {
        var routeValues = httpContext.GetRouteData().Values;

        routeValues.TryGetValue("orgId", out var orgIdParam);
        if (orgIdParam != null && Guid.TryParse(orgIdParam.ToString(), out var orgId))
        {
            return orgId;
        }

        routeValues.TryGetValue("organizationId", out var organizationIdParam);
        if (organizationIdParam != null && Guid.TryParse(organizationIdParam.ToString(), out var organizationId))
        {
            return organizationId;
        }

        throw new InvalidOperationException(NoOrgIdError);
    }

    /// <summary>
    /// Parses the {providerId} route parameter into a Guid, or throws if it is not present or is not a valid Guid.
    /// </summary>
    /// <exception cref="InvalidOperationException"></exception>
    public static Guid GetProviderId(this HttpContext httpContext)
    {
        var routeValues = httpContext.GetRouteData().Values;

        if (routeValues.TryGetValue("providerId", out var providerIdParam) &&
            providerIdParam != null &&
            Guid.TryParse(providerIdParam.ToString(), out var providerId))
        {
            return providerId;
        }

        throw new InvalidOperationException(NoProviderIdError);
    }
}