Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AC-2447] Owner/Admin Can Remove Last Accessible Collection From Item #3992

Closed
wants to merge 2 commits into from
Closed

[AC-2447] Owner/Admin Can Remove Last Accessible Collection From Item #3992

wants to merge 2 commits into from
+5 −0

Conversation

Jingo88
Copy link
Contributor

@Jingo88 Jingo88 commented Apr 15, 2024 

- [ X ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

When an owner/admin removes the last collections they have any access to from an item they were receiving an error. Updated the putCollections call to address this

Code changes

  • CiphersController - add throw error to putCollections call before return response

Screen Recording

AC-2447-owner-removes-last-access-collection.mov

@Jingo88 Jingo88 requested a review from a team as a code owner April 15, 2024 20:28
@codecov Codecov
Copy link

codecov bot commented Apr 15, 2024
edited

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 37.53%. Comparing base (64c2396) to head (a047488).
Report is 3 commits behind head on main.

Files Patch % Lines
src/Api/Vault/Controllers/CiphersController.cs 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3992      +/-   ##
==========================================
+ Coverage   37.51%   37.53%   +0.02%     
==========================================
  Files        1179     1179              
  Lines       57215    57227      +12     
  Branches     5488     5490       +2     
==========================================
+ Hits        21464    21480      +16     
+ Misses      34740    34736       -4     
  Partials     1011     1011

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 15, 2024
edited

Logo
Checkmarx One – Scan Summary & Details18eb2345-6b12-4601-a8e6-4d6eff1ceff3

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1052 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 151 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 135 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 135 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 135 Attack Vector
MEDIUM Privacy_Violation /src/Api/Vault/Controllers/CiphersController.cs: 871 Attack Vector
LOW Heap_Inspection /util/Setup/CertBuilder.cs: 103 Attack Vector
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 863 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 145
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 145
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 315
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 315
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 678
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 702
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 871
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 166
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 744
MEDIUM CSRF /src/Api/Vault/Controllers/FoldersController.cs: 45
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 51
MEDIUM CSRF /src/Api/Controllers/UsersController.cs: 22
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 70
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 57
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 69
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 49
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 92
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 49
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 142
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: 52
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 148
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 78
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 61
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: 50
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 161
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 288
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 362
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 669
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 191
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 228
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 403
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 858
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 303
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 268
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 900
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 147
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 147
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 571
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 175
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 205
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 526
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 174
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 188
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 220
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 586
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 433
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 410
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 323
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 726
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 97
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 164
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 282
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 205
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 77
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 114
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 223
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 324
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 570
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 82
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 200
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 282
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 300
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 408
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 825
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 374
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1027
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 366
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 313
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 159
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 688
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 570
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 570
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 570
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 993
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 993
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 570
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 970
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 970
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 303
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 959
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 228
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 758
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 268
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 191
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 128
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 539
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 539
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 583
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 583
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 526
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 220
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1047
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 184
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 410
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 283
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 944
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 944
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 613
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 374
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 188
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 144
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 222
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 744
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 807
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 111
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 66
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 50
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 560
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 889
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 196
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 125
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 156
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 124
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 72
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 50
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 56
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 64
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 187
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProviderOrganizationsController.cs: 38
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 130
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 101
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1047
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 626
MEDIUM CSRF

More results are available on AST platform

@Jingo88 Jingo88 removed the request for review from shane-melton April 16, 2024 14:20
@Jingo88 Jingo88 closed this May 10, 2024
@Jingo88 Jingo88 deleted the AC-2447-owner-remove-last-access-collection branch May 10, 2024 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LRNcardozoWDF LRNcardozoWDF LRNcardozoWDF approved these changes

Assignees
No one assigned
Labels
needs-qa
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Jingo88 @LRNcardozoWDF