vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit eb5641b863938ad5a0dc0ec40d879abfcbdfbe3c
parent d3f357b7089fc649ff95eb067cd061e2fc3a608b
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Mon, 13 Aug 2018 20:16:34 +0200

Merge pull request #134 from mprasil/put_collections_admin

Add aliases for PUTs and DELETEs on collections, organizations and org users
Diffstat:
Msrc/api/core/ciphers.rs | 5+++++
Msrc/api/core/mod.rs | 7+++++++
Msrc/api/core/organizations.rs | 56+++++++++++++++++++++++++++++++++++++++++++-------------
3 files changed, 55 insertions(+), 13 deletions(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs @@ -291,6 +291,11 @@ fn post_collections_update(uuid: String, data: JsonUpcase<CollectionsAdminData>, post_collections_admin(uuid, data, headers, conn) } +#[put("/ciphers/<uuid>/collections-admin", data = "<data>")] +fn put_collections_admin(uuid: String, data: JsonUpcase<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult { + post_collections_admin(uuid, data, headers, conn) +} + #[post("/ciphers/<uuid>/collections-admin", data = "<data>")] fn post_collections_admin(uuid: String, data: JsonUpcase<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult { let data: CollectionsAdminData = data.into_inner().data; diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs @@ -78,6 +78,7 @@ pub fn routes() -> Vec<Route> { get_organization, create_organization, delete_organization, + post_delete_organization, leave_organization, get_user_collections, get_org_collections, @@ -85,18 +86,24 @@ pub fn routes() -> Vec<Route> { get_collection_users, post_organization, post_organization_collections, + delete_organization_collection_user, post_organization_collection_delete_user, post_organization_collection_update, + put_organization_collection_update, + delete_organization_collection, post_organization_collection_delete, post_collections_update, post_collections_admin, + put_collections_admin, get_org_details, get_org_users, send_invite, confirm_invite, get_user, edit_user, + put_organization_user, delete_user, + post_delete_user, clear_device_token, put_device_token, diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -55,7 +55,7 @@ fn create_organization(headers: Headers, data: JsonUpcase<OrgData>, conn: DbConn Ok(Json(org.to_json())) } -#[post("/organizations/<org_id>/delete", data = "<data>")] +#[delete("/organizations/<org_id>", data = "<data>")] fn delete_organization(org_id: String, data: JsonUpcase<PasswordData>, headers: OwnerHeaders, conn: DbConn) -> EmptyResult { let data: PasswordData = data.into_inner().data; let password_hash = data.MasterPasswordHash; @@ -73,6 +73,11 @@ fn delete_organization(org_id: String, data: JsonUpcase<PasswordData>, headers: } } +#[post("/organizations/<org_id>/delete", data = "<data>")] +fn post_delete_organization(org_id: String, data: JsonUpcase<PasswordData>, headers: OwnerHeaders, conn: DbConn) -> EmptyResult { + delete_organization(org_id, data, headers, conn) +} + #[post("/organizations/<org_id>/leave")] fn leave_organization(org_id: String, headers: Headers, conn: DbConn) -> EmptyResult { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { @@ -164,6 +169,11 @@ fn post_organization_collections(org_id: String, _headers: AdminHeaders, data: J Ok(Json(collection.to_json())) } +#[put("/organizations/<org_id>/collections/<col_id>", data = "<data>")] +fn put_organization_collection_update(org_id: String, col_id: String, headers: AdminHeaders, data: JsonUpcase<NewCollectionData>, conn: DbConn) -> JsonResult { + post_organization_collection_update(org_id, col_id, headers, data, conn) +} + #[post("/organizations/<org_id>/collections/<col_id>", data = "<data>")] fn post_organization_collection_update(org_id: String, col_id: String, _headers: AdminHeaders, data: JsonUpcase<NewCollectionData>, conn: DbConn) -> JsonResult { let data: NewCollectionData = data.into_inner().data; @@ -188,8 +198,9 @@ fn post_organization_collection_update(org_id: String, col_id: String, _headers: Ok(Json(collection.to_json())) } -#[post("/organizations/<org_id>/collections/<col_id>/delete-user/<org_user_id>")] -fn post_organization_collection_delete_user(org_id: String, col_id: String, org_user_id: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { + +#[delete("/organizations/<org_id>/collections/<col_id>/user/<org_user_id>")] +fn delete_organization_collection_user(org_id: String, col_id: String, org_user_id: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { let collection = match Collection::find_by_uuid(&col_id, &conn) { None => err!("Collection not found"), Some(collection) => if collection.org_uuid == org_id { @@ -215,17 +226,13 @@ fn post_organization_collection_delete_user(org_id: String, col_id: String, org_ } } -#[derive(Deserialize, Debug)] -#[allow(non_snake_case)] -struct DeleteCollectionData { - Id: String, - OrgId: String, +#[post("/organizations/<org_id>/collections/<col_id>/delete-user/<org_user_id>")] +fn post_organization_collection_delete_user(org_id: String, col_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { + delete_organization_collection_user(org_id, col_id, org_user_id, headers, conn) } -#[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<data>")] -fn post_organization_collection_delete(org_id: String, col_id: String, _headers: AdminHeaders, data: JsonUpcase<DeleteCollectionData>, conn: DbConn) -> EmptyResult { - let _data: DeleteCollectionData = data.into_inner().data; - +#[delete("/organizations/<org_id>/collections/<col_id>")] +fn delete_organization_collection(org_id: String, col_id: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { match Collection::find_by_uuid(&col_id, &conn) { None => err!("Collection not found"), Some(collection) => if collection.org_uuid == org_id { @@ -239,6 +246,18 @@ fn post_organization_collection_delete(org_id: String, col_id: String, _headers: } } +#[derive(Deserialize, Debug)] +#[allow(non_snake_case)] +struct DeleteCollectionData { + Id: String, + OrgId: String, +} + +#[post("/organizations/<org_id>/collections/<col_id>/delete", data = "<_data>")] +fn post_organization_collection_delete(org_id: String, col_id: String, headers: AdminHeaders, _data: JsonUpcase<DeleteCollectionData>, conn: DbConn) -> EmptyResult { + delete_organization_collection(org_id, col_id, headers, conn) +} + #[get("/organizations/<org_id>/collections/<coll_id>/details")] fn get_org_collection_detail(org_id: String, coll_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { match Collection::find_by_uuid_and_user(&coll_id, &headers.user.uuid, &conn) { @@ -428,6 +447,12 @@ struct EditUserData { AccessAll: bool, } + +#[put("/organizations/<org_id>/users/<user_id>", data = "<data>", rank = 1)] +fn put_organization_user(org_id: String, user_id: String, data: JsonUpcase<EditUserData>, headers: AdminHeaders, conn: DbConn) -> EmptyResult { + edit_user(org_id, user_id, data, headers, conn) +} + #[post("/organizations/<org_id>/users/<user_id>", data = "<data>", rank = 1)] fn edit_user(org_id: String, user_id: String, data: JsonUpcase<EditUserData>, headers: AdminHeaders, conn: DbConn) -> EmptyResult { let data: EditUserData = data.into_inner().data; @@ -494,7 +519,7 @@ fn edit_user(org_id: String, user_id: String, data: JsonUpcase<EditUserData>, he Ok(()) } -#[post("/organizations/<org_id>/users/<user_id>/delete")] +#[delete("/organizations/<org_id>/users/<user_id>")] fn delete_user(org_id: String, user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { let user_to_delete = match UserOrganization::find_by_uuid(&user_id, &conn) { Some(user) => user, @@ -521,4 +546,9 @@ fn delete_user(org_id: String, user_id: String, headers: AdminHeaders, conn: DbC Ok(()) => Ok(()), Err(_) => err!("Failed deleting user from organization") } +} + +#[post("/organizations/<org_id>/users/<user_id>/delete")] +fn post_delete_user(org_id: String, user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { + delete_user(org_id, user_id, headers, conn) } \ No newline at end of file