Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-7029] Remove conditional logic for KeyRotationImprovements feature flag #4002

Merged
merged 7 commits into from
May 9, 2024
Merged

[PM-7029] Remove conditional logic for KeyRotationImprovements feature flag #4002

Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8047953
Removed business logic that references flag
trmartin4 Apr 18, 2024
e520168
Removed using statement.
trmartin4 Apr 18, 2024
10a87ce
Undid accidental keystroke.
trmartin4 Apr 18, 2024
539e744
Removed unused method.
trmartin4 Apr 24, 2024
63c98c5
Removed unused imports.
trmartin4 Apr 25, 2024
523badc
Merge branch 'main' into auth/pm-7029/remove-key-rotation-feature-flag
trmartin4 Apr 25, 2024
af63d1e
Merge branch 'main' into auth/pm-7029/remove-key-rotation-feature-flag
trmartin4 Apr 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
63 changes: 11 additions & 52 deletions src/Api/Auth/Controllers/AccountsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@
using Bit.Core.Vault.Entities;
using Bit.Core.Vault.Repositories;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;

namespace Bit.Api.Auth.Controllers;
Expand Down Expand Up @@ -438,59 +437,19 @@
throw new UnauthorizedAccessException();
}

IdentityResult result;
if (_featureService.IsEnabled(FeatureFlagKeys.KeyRotationImprovements))
var dataModel = new RotateUserKeyData

Check warning on line 440 in src/Api/Auth/Controllers/AccountsController.cs

View check run for this annotation

Codecov / codecov/patch

src/Api/Auth/Controllers/AccountsController.cs#L440 

Added line #L440 was not covered by tests
{
var dataModel = new RotateUserKeyData
{
MasterPasswordHash = model.MasterPasswordHash,
Key = model.Key,
PrivateKey = model.PrivateKey,
Ciphers = await _cipherValidator.ValidateAsync(user, model.Ciphers),
Folders = await _folderValidator.ValidateAsync(user, model.Folders),
Sends = await _sendValidator.ValidateAsync(user, model.Sends),
EmergencyAccesses = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
OrganizationUsers = await _organizationUserValidator.ValidateAsync(user, model.ResetPasswordKeys)
};

result = await _rotateUserKeyCommand.RotateUserKeyAsync(user, dataModel);
}
else
{
var ciphers = new List<Cipher>();
if (model.Ciphers.Any())
{
var existingCiphers = await _cipherRepository.GetManyByUserIdAsync(user.Id, useFlexibleCollections: UseFlexibleCollections);
ciphers.AddRange(existingCiphers
.Join(model.Ciphers, c => c.Id, c => c.Id, (existing, c) => c.ToCipher(existing)));
}

var folders = new List<Folder>();
if (model.Folders.Any())
{
var existingFolders = await _folderRepository.GetManyByUserIdAsync(user.Id);
folders.AddRange(existingFolders
.Join(model.Folders, f => f.Id, f => f.Id, (existing, f) => f.ToFolder(existing)));
}

var sends = new List<Send>();
if (model.Sends?.Any() == true)
{
var existingSends = await _sendRepository.GetManyByUserIdAsync(user.Id);
sends.AddRange(existingSends
.Join(model.Sends, s => s.Id, s => s.Id, (existing, s) => s.ToSend(existing, _sendService)));
}

result = await _userService.UpdateKeyAsync(
user,
model.MasterPasswordHash,
model.Key,
model.PrivateKey,
ciphers,
folders,
sends);
Comment on lines -484 to -491
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we remove this method too? I think this is only called here

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that I think about it, we also have code in the repository that needs to be removed as well. The good news is there's no actual sql, it should just be _cipherRepository.UpdateUserKeysAndCiphersAsync in both repos (assuming nothing else calls it of course)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch! Thank you. I've removed the methods.

}
MasterPasswordHash = model.MasterPasswordHash,
Key = model.Key,
PrivateKey = model.PrivateKey,
Ciphers = await _cipherValidator.ValidateAsync(user, model.Ciphers),
Folders = await _folderValidator.ValidateAsync(user, model.Folders),
Sends = await _sendValidator.ValidateAsync(user, model.Sends),
EmergencyAccesses = await _emergencyAccessValidator.ValidateAsync(user, model.EmergencyAccessKeys),
OrganizationUsers = await _organizationUserValidator.ValidateAsync(user, model.ResetPasswordKeys)
};

Check warning on line 450 in src/Api/Auth/Controllers/AccountsController.cs

View check run for this annotation

Codecov / codecov/patch

src/Api/Auth/Controllers/AccountsController.cs#L442-L450 

Added lines #L442 - L450 were not covered by tests

var result = await _rotateUserKeyCommand.RotateUserKeyAsync(user, dataModel);

Check warning on line 452 in src/Api/Auth/Controllers/AccountsController.cs

View check run for this annotation

Codecov / codecov/patch

src/Api/Auth/Controllers/AccountsController.cs#L452 

Added line #L452 was not covered by tests

if (result.Succeeded)
{
Expand Down