vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 2f6aa3c36381f802bddf97fbb988020a302e7a2b
parent fcc485384f37583cb3261e833b5acc91e7f30c65
Author: Kumar Ankur <kankur@mobileiron.com>
Date:   Wed,  1 Aug 2018 11:21:05 +0530

Reverting removal of 'api/ciphers/move' POST as it is required for backward compatibility

Diffstat:
Msrc/api/core/ciphers.rs | 54+++++++++++++++++++++++++++++++++++++++++++++++++++++-
Msrc/api/core/mod.rs | 1+
2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs @@ -483,7 +483,7 @@ fn delete_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbCon Ok(()) } -#[put("/ciphers/move", data = "<data>")] +#[post("/ciphers/move", data = "<data>")] fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult { let data = data.into_inner().data; @@ -535,6 +535,58 @@ fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) Ok(()) } +#[put("/ciphers/move", data = "<data>")] +fn move_cipher_selected_put(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult { + let data = data.into_inner().data; + + let folder_id = match data.get("FolderId") { + Some(folder_id) => { + match folder_id.as_str() { + Some(folder_id) => { + match Folder::find_by_uuid(folder_id, &conn) { + Some(folder) => { + if folder.user_uuid != headers.user.uuid { + err!("Folder is not owned by user") + } + Some(folder.uuid) + } + None => err!("Folder doesn't exist") + } + } + None => err!("Folder id provided in wrong format") + } + } + None => None + }; + + let uuids = match data.get("Ids") { + Some(ids) => match ids.as_array() { + Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }), + None => err!("Posted ids field is not an array") + }, + None => err!("Request missing ids field") + }; + + for uuid in uuids { + let mut cipher = match Cipher::find_by_uuid(uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) { + err!("Cipher is not accessible by user") + } + + // Move cipher + if cipher.move_to_folder(folder_id.clone(), &headers.user.uuid, &conn).is_err() { + err!("Error saving the folder information") + } + cipher.save(&conn); + } + + Ok(()) +} + #[post("/ciphers/purge", data = "<data>")] fn delete_all(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult { let data: PasswordData = data.into_inner().data; diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs @@ -46,6 +46,7 @@ pub fn routes() -> Vec<Route> { delete_cipher_selected, delete_all, move_cipher_selected, + move_cipher_selected_put, get_folders, get_folder,