Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SM-863] Add endpoint for fetching multiple secrets by IDs #3134

Merged
merged 23 commits into from
Aug 28, 2023
Merged

[SM-863] Add endpoint for fetching multiple secrets by IDs #3134

merged 23 commits into from
Aug 28, 2023

Conversation

Thomas-Avery
Copy link
Contributor

@Thomas-Avery Thomas-Avery commented Jul 25, 2023
edited
Loading

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Code changes

  • bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandler.cs:
    Adding CanReadSecret authorization.

  • src/Core/SecretsManager/AuthorizationRequirements/SecretOperationRequirement.cs:
    Adding read option.

  • bitwarden_license/test/Commercial.Core.Test/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandlerTests.cs:
    Adding unit tests for the CanReadSecret option.

  • bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/SecretRepository.cs:
    Bug fix since service accounts can have write access now.

  • src/Api/SecretsManager/Controllers/SecretsController.cs:
    Adding a new endpoint to fetch secrets given a list of secret IDs.

  • src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs:
    Request model for the new endpoint.

  • src/Api/SecretsManager/Models/Response/BaseSecretResponseModel.cs:
    src/Api/SecretsManager/Models/Response/SecretResponseModel.cs:
    Since we won't need to return access information (read, write) for the endpoint, separating out response models.

BaseSecretResponseModel will just have secret information and SecretResponseModel will have the extra access information.

  • src/Core/Services/IEventService.cs:
    src/Core/Services/Implementations/EventService.cs:
    src/Core/Services/NoopImplementations/NoopEventService.cs:

Adding a new method to the event service that will bulk insert many service account fetching secret events at once.

  • test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs:
    Integration tests for the new endpoint.

  • test/Api.Test/SecretsManager/Controllers/SecretsControllerTests.cs:
    Unit tests for the new endpoint.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@Thomas-Avery Thomas-Avery self-assigned this Jul 25, 2023
@bitwarden-bot
Copy link

bitwarden-bot commented Jul 25, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details618b1974-fe47-45ac-9ef1-cbba1282983e

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/SecretsManager/Controllers/SecretsController.cs: 212 Attack Vector

@Thomas-Avery Thomas-Avery marked this pull request as ready for review July 26, 2023 21:06
@Thomas-Avery Thomas-Avery requested a review from a team as a code owner July 26, 2023 21:06
@Thomas-Avery Thomas-Avery mentioned this pull request Aug 1, 2023
Merged
@Thomas-Avery Thomas-Avery mentioned this pull request Aug 2, 2023
Merged
cd-bitwarden
cd-bitwarden requested changes Aug 4, 2023
View reviewed changes
Copy link
Contributor

@cd-bitwarden cd-bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job @Thomas-Avery I just had 2 easy questions about the tests, other than that it looks great.

...al.Core.Test/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandlerTests.cs Show resolved Hide resolved
test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs Show resolved Hide resolved
cd-bitwarden
cd-bitwarden approved these changes Aug 8, 2023
View reviewed changes
Copy link
Contributor

@cd-bitwarden cd-bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Thomas :)

@Thomas-Avery Thomas-Avery merged commit 640cb68 into master Aug 28, 2023
@Thomas-Avery Thomas-Avery deleted the sm/sm-863 branch August 28, 2023 15:16
@tangowithfoxtrot tangowithfoxtrot mentioned this pull request Oct 25, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cd-bitwarden cd-bitwarden cd-bitwarden approved these changes

Assignees

@Thomas-Avery Thomas-Avery

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Thomas-Avery @bitwarden-bot @cd-bitwarden