cancel_me

dani-garcia · Mar 12, 2023 · 97d7792 · 97d7792
1 parent 337cbfa
commit 97d7792
Show file tree

Hide file tree

Showing 26 changed files with 541 additions and 78 deletions.
diff --git a/.env.template b/.env.template
@@ -72,6 +72,12 @@
 # WEBSOCKET_ADDRESS=0.0.0.0
 # WEBSOCKET_PORT=3012
 
+## Enables push notifications, get key and id from https://bitwarden.com/host
+# PUSH_ENABLED=true
+# PUSH_RELAY_URI=https://push.bitwarden.com
+# PUSH_INSTALLATION_ID=CHANGEME
+# PUSH_INSTALLATION_KEY=CHANGEME
+
 ## Controls whether users are allowed to create Bitwarden Sends.
 ## This setting applies globally to all users.
 ## To control this on a per-org basis instead, use the "Disable Send" org policy.

diff --git a/migrations/mysql/2023-02-18-125735_uuid_table/down.sql b/migrations/mysql/2023-02-18-125735_uuid_table/down.sql
diff --git a/migrations/mysql/2023-02-18-125735_uuid_table/up.sql b/migrations/mysql/2023-02-18-125735_uuid_table/up.sql
@@ -0,0 +1 @@
+ALTER TABLE devices CREATE COLUMN push_uuid TEXT;
diff --git a/migrations/postgresql/2023-02-18-125735_uuid_table/down.sql b/migrations/postgresql/2023-02-18-125735_uuid_table/down.sql
diff --git a/migrations/postgresql/2023-02-18-125735_uuid_table/up.sql b/migrations/postgresql/2023-02-18-125735_uuid_table/up.sql
@@ -0,0 +1 @@
+ALTER TABLE devices CREATE COLUMN push_uuid TEXT;
diff --git a/migrations/sqlite/2023-02-18-125735_uuid_table/down.sql b/migrations/sqlite/2023-02-18-125735_uuid_table/down.sql
diff --git a/migrations/sqlite/2023-02-18-125735_uuid_table/up.sql b/migrations/sqlite/2023-02-18-125735_uuid_table/up.sql
@@ -0,0 +1 @@
+ALTER TABLE devices CREATE COLUMN push_uuid TEXT;   
diff --git a/src/api/admin.rs b/src/api/admin.rs
@@ -13,7 +13,7 @@ use rocket::{
 };
 
 use crate::{
-    api::{core::log_event, ApiResult, EmptyResult, JsonResult, Notify, NumberOrString},
+    api::{core::log_event, ApiResult, EmptyResult, JsonResult, Notify, NumberOrString, push_logout, unregister_push_device},
     auth::{decode_admin, encode_jwt, generate_admin_claims, ClientIp},
     config::ConfigBuilder,
     db::{backup_database, get_sql_server_version, models::*, DbConn, DbConnType},
@@ -382,13 +382,22 @@ async fn delete_user(uuid: String, _token: AdminToken, mut conn: DbConn, ip: Cli
 #[post("/users/<uuid>/deauth")]
 async fn deauth_user(uuid: String, _token: AdminToken, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
     let mut user = get_user_or_404(&uuid, &mut conn).await?;
+    nt.send_logout(&user, None).await;
+    push_logout(&user, None, &mut conn).await; // Send logout notifications before deleting devices
+
+    match Device::find_push_device_by_user(&user.uuid, &mut conn).await {
+        Some(d) => {
+            match unregister_push_device(d.uuid).await {
+                Ok(r) => r,
+                Err(e) => error!("Unable to unregister devices from Bitwarden server: {}", e),
+            };
+        }
+        None => debug!("No device to unregister for {}", &user.email),
+    };
     Device::delete_all_by_user(&user.uuid, &mut conn).await?;
     user.reset_security_stamp();
-
     let save_result = user.save(&mut conn).await;
 
-    nt.send_logout(&user, None).await;
-
     save_result
 }
 
@@ -402,6 +411,7 @@ async fn disable_user(uuid: String, _token: AdminToken, mut conn: DbConn, nt: No
     let save_result = user.save(&mut conn).await;
 
     nt.send_logout(&user, None).await;
+    push_logout(&user, None, &mut conn).await;
 
     save_result
 }

diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
@@ -5,11 +5,14 @@ use serde_json::Value;
 use crate::{
     api::{
         core::log_user_event, EmptyResult, JsonResult, JsonUpcase, Notify, NumberOrString, PasswordData, UpdateType,
+            register_push_device, unregister_push_device, push_logout
     },
     auth::{decode_delete, decode_invite, decode_verify_email, ClientIp, Headers},
     crypto,
     db::{models::*, DbConn},
-    mail, CONFIG,
+    mail,
+    //push::{self, push_logout},
+    CONFIG,
 };
 
 pub fn routes() -> Vec<rocket::Route> {
@@ -40,6 +43,9 @@ pub fn routes() -> Vec<rocket::Route> {
         rotate_api_key,
         get_known_device,
         put_avatar,
+        put_device_token,
+        clear_device_token,
+        clear_device_token_post,
     ]
 }
 
@@ -332,7 +338,8 @@ async fn post_password(
     // Prevent loging out the client where the user requested this endpoint from.
     // If you do logout the user it will causes issues at the client side.
     // Adding the device uuid will prevent this.
-    nt.send_logout(&user, Some(headers.device.uuid)).await;
+    nt.send_logout(&user, Some(headers.device.uuid.clone())).await;
+    push_logout(&user, Some(headers.device.uuid.clone()), &mut conn).await;
 
     save_result
 }
@@ -389,7 +396,8 @@ async fn post_kdf(data: JsonUpcase<ChangeKdfData>, headers: Headers, mut conn: D
     user.set_password(&data.NewMasterPasswordHash, Some(data.Key), true, None);
     let save_result = user.save(&mut conn).await;
 
-    nt.send_logout(&user, Some(headers.device.uuid)).await;
+    nt.send_logout(&user, Some(headers.device.uuid.clone())).await;
+    push_logout(&user, Some(headers.device.uuid.clone()), &mut conn).await;
 
     save_result
 }
@@ -482,7 +490,8 @@ async fn post_rotatekey(
     // Prevent loging out the client where the user requested this endpoint from.
     // If you do logout the user it will causes issues at the client side.
     // Adding the device uuid will prevent this.
-    nt.send_logout(&user, Some(headers.device.uuid)).await;
+    nt.send_logout(&user, Some(headers.device.uuid.clone())).await;
+    push_logout(&user, Some(headers.device.uuid.clone()), &mut conn).await;
 
     save_result
 }
@@ -506,6 +515,7 @@ async fn post_sstamp(
     let save_result = user.save(&mut conn).await;
 
     nt.send_logout(&user, None).await;
+    push_logout(&user, None, &mut conn).await;
 
     save_result
 }
@@ -609,6 +619,7 @@ async fn post_email(
     let save_result = user.save(&mut conn).await;
 
     nt.send_logout(&user, None).await;
+    push_logout(&user, None, &mut conn).await;
 
     save_result
 }
@@ -881,3 +892,68 @@ async fn get_known_device(email: String, uuid: String, mut conn: DbConn) -> Json
     }
     Ok(Json(json!(result)))
 }
+
+#[derive(Deserialize, Debug)]
+#[allow(non_snake_case)]
+struct PushTokenData {
+    pushToken: String,
+}
+
+#[put("/devices/identifier/<uuid>/token", data = "<data>")]
+async fn put_device_token(
+    uuid: String,
+    data: Json<PushTokenData>,
+    headers: Headers,
+    mut conn: DbConn,
+) -> EmptyResult {
+    let data: PushTokenData = data.into_inner();
+    let token = data.pushToken.clone();
+    let mut device =
+        match Device::find_by_uuid_and_user(&headers.device.uuid, &headers.user.uuid, &mut conn).await {
+            Some(device) => device,
+            None => Device::new(uuid, headers.user.uuid.clone(), headers.device.name, headers.device.atype),
+        };
+    device.push_token = Some(token);
+    if !device.push_uuid.is_some() {
+        device.push_uuid = Some(uuid::Uuid::new_v4().to_string());
+    }
+    if let Err(e) = device.save(&mut conn).await {
+        error!("An error occured while trying to save the device push token: {}", e);
+        return Err(e);
+    }
+    if CONFIG.push_enabled() {
+        if let Err(e) = register_push_device(headers.user.uuid, device).await {
+            error!("An error occured while proceeding registration of a device: {}", e);
+        };
+    }
+
+    Ok(())
+}
+
+#[put("/devices/identifier/<uuid>/clear-token")]
+async fn clear_device_token(uuid: String, mut conn: DbConn) -> &'static str {
+    // This only clears push token
+    // https://github.com/bitwarden/core/blob/master/src/Api/Controllers/DevicesController.cs#L109
+    // https://github.com/bitwarden/core/blob/master/src/Core/Services/Implementations/DeviceService.cs#L37
+    // This is somehow not implemented in any app, added it in case it is required
+    match Device::delete_token_by_uuid(&uuid, &mut conn).await {
+        Err(e) => error!("{}", e),
+        Ok(_r) => (),
+    };
+    let device = match Device::find_by_uuid(&uuid, &mut conn).await {
+        Some(device) => device,
+        None => return "",
+    };
+    match unregister_push_device(device.uuid).await {
+        Err(e) => error!("{}", e),
+        Ok(_r) => (),
+    };
+    ""
+}
+
+// On upstream server, both PUT and POST are declared. Sadly Rocket doesn't allows to put multiple methods on the same function, so we call the function manually
+#[post("/devices/identifier/<uuid>/clear-token")]
+async fn clear_device_token_post(uuid: String, conn: DbConn) -> &'static str {
+    clear_device_token(uuid, conn).await;
+    ""
+}
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -9,11 +9,13 @@ use rocket::{
 };
 use serde_json::Value;
 
+use crate::push::push_user_update;
 use crate::{
     api::{self, core::log_event, EmptyResult, JsonResult, JsonUpcase, Notify, PasswordData, UpdateType},
     auth::{ClientIp, Headers},
     crypto,
     db::{models::*, DbConn, DbPool},
+    notificationsender::cipher_update,
     CONFIG,
 };
 
@@ -522,10 +524,8 @@ pub async fn update_cipher_from_data(
             )
             .await;
         }
-
-        nt.send_cipher_update(ut, cipher, &cipher.update_users_revision(conn).await, &headers.device.uuid).await;
+        cipher_update(ut, &cipher, &cipher.update_users_revision(conn).await, &headers.device.uuid, nt, &conn).await;
     }
-
     Ok(())
 }
 
@@ -592,7 +592,8 @@ async fn post_ciphers_import(
 
     let mut user = headers.user;
     user.update_revision(&mut conn).await?;
-    nt.send_user_update(UpdateType::SyncVault, &user).await;
+    nt.send_user_update(UpdateType::SyncVault as i32, &user).await;
+    push_user_update(UpdateType::SyncVault as i32, &user).await;
     Ok(())
 }
 
@@ -1130,12 +1131,13 @@ async fn save_attachment(
     }
 
     nt.send_cipher_update(
-        UpdateType::SyncCipherUpdate,
+        UpdateType::SyncCipherUpdate as i32,
         &cipher,
         &cipher.update_users_revision(&mut conn).await,
         &headers.device.uuid,
     )
     .await;
+    push_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &headers.device.uuid, &mut conn).await;
 
     if let Some(org_uuid) = &cipher.organization_uuid {
         log_event(
@@ -1471,7 +1473,9 @@ async fn move_cipher_selected(
         // Move cipher
         cipher.move_to_folder(data.FolderId.clone(), &user_uuid, &mut conn).await?;
 
-        nt.send_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &[user_uuid.clone()], &headers.device.uuid).await;
+        nt.send_cipher_update(UpdateType::SyncCipherUpdate as i32, &cipher, &[user_uuid.clone()], &headers.device.uuid)
+            .await;
+        push_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &headers.device.uuid, &mut conn).await;
     }
 
     Ok(())
@@ -1519,7 +1523,8 @@ async fn delete_all(
                 Some(user_org) => {
                     if user_org.atype == UserOrgType::Owner {
                         Cipher::delete_all_by_organization(&org_data.org_id, &mut conn).await?;
-                        nt.send_user_update(UpdateType::SyncVault, &user).await;
+                        nt.send_user_update(UpdateType::SyncVault as i32, &user).await;
+                        push_user_update(UpdateType::SyncVault as i32, &user).await;
 
                         log_event(
                             EventType::OrganizationPurgedVault as i32,
@@ -1552,7 +1557,8 @@ async fn delete_all(
             }
 
             user.update_revision(&mut conn).await?;
-            nt.send_user_update(UpdateType::SyncVault, &user).await;
+            nt.send_user_update(UpdateType::SyncVault as i32, &user).await;
+            push_user_update(UpdateType::SyncVault as i32, &user).await;
             Ok(())
         }
     }
@@ -1579,21 +1585,23 @@ async fn _delete_cipher_by_uuid(
         cipher.deleted_at = Some(Utc::now().naive_utc());
         cipher.save(conn).await?;
         nt.send_cipher_update(
-            UpdateType::SyncCipherUpdate,
+            UpdateType::SyncCipherUpdate as i32,
             &cipher,
             &cipher.update_users_revision(conn).await,
             &headers.device.uuid,
         )
         .await;
+        push_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &headers.device.uuid, conn).await;
     } else {
         cipher.delete(conn).await?;
         nt.send_cipher_update(
-            UpdateType::SyncCipherDelete,
+            UpdateType::SyncCipherDelete as i32,
             &cipher,
             &cipher.update_users_revision(conn).await,
             &headers.device.uuid,
         )
         .await;
+        push_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &headers.device.uuid, conn).await;
     }
 
     if let Some(org_uuid) = cipher.organization_uuid {
@@ -1656,12 +1664,14 @@ async fn _restore_cipher_by_uuid(
     cipher.save(conn).await?;
 
     nt.send_cipher_update(
-        UpdateType::SyncCipherUpdate,
+        UpdateType::SyncCipherUpdate as i32,
         &cipher,
         &cipher.update_users_revision(conn).await,
         &headers.device.uuid,
     )
     .await;
+    push_cipher_update(UpdateType::SyncCipherUpdate, &cipher, &headers.device.uuid, conn).await;
+
     if let Some(org_uuid) = &cipher.organization_uuid {
         log_event(
             EventType::CipherRestored as i32,
@@ -1739,12 +1749,14 @@ async fn _delete_cipher_attachment_by_id(
     // Delete attachment
     attachment.delete(conn).await?;
     nt.send_cipher_update(
-        UpdateType::SyncCipherUpdate,
+        UpdateType::SyncCipherUpdate as i32,
         &cipher,
         &cipher.update_users_revision(conn).await,
         &headers.device.uuid,
     )
     .await;
+    push_cipher_update(UpdateType::SyncCipherUpdate as i32, &cipher, &headers.device.uuid, conn).await;
+
     if let Some(org_uuid) = cipher.organization_uuid {
         log_event(
             EventType::CipherAttachmentDeleted as i32,

diff --git a/src/api/core/folders.rs b/src/api/core/folders.rs
@@ -2,7 +2,7 @@ use rocket::serde::json::Json;
 use serde_json::Value;
 
 use crate::{
-    api::{EmptyResult, JsonResult, JsonUpcase, Notify, UpdateType},
+    api::{EmptyResult, JsonResult, JsonUpcase, Notify, UpdateType, push_folder_update},
     auth::Headers,
     db::{models::*, DbConn},
 };
@@ -50,7 +50,8 @@ async fn post_folders(data: JsonUpcase<FolderData>, headers: Headers, mut conn:
     let mut folder = Folder::new(headers.user.uuid, data.Name);
 
     folder.save(&mut conn).await?;
-    nt.send_folder_update(UpdateType::SyncFolderCreate, &folder, &headers.device.uuid).await;
+    nt.send_folder_update(UpdateType::SyncFolderCreate as i32, &folder, &headers.device.uuid).await;
+    push_folder_update(UpdateType::SyncFolderCreate as i32, &folder, &headers.device.uuid, &mut conn).await;
 
     Ok(Json(folder.to_json()))
 }
@@ -88,7 +89,8 @@ async fn put_folder(
     folder.name = data.Name;
 
     folder.save(&mut conn).await?;
-    nt.send_folder_update(UpdateType::SyncFolderUpdate, &folder, &headers.device.uuid).await;
+    nt.send_folder_update(UpdateType::SyncFolderUpdate as i32, &folder, &headers.device.uuid).await;
+    push_folder_update(UpdateType::SyncFolderUpdate as i32, &folder, &headers.device.uuid, &mut conn).await;
 
     Ok(Json(folder.to_json()))
 }
@@ -112,6 +114,7 @@ async fn delete_folder(uuid: String, headers: Headers, mut conn: DbConn, nt: Not
     // Delete the actual folder entry
     folder.delete(&mut conn).await?;
 
-    nt.send_folder_update(UpdateType::SyncFolderDelete, &folder, &headers.device.uuid).await;
+    nt.send_folder_update(UpdateType::SyncFolderDelete as i32, &folder, &headers.device.uuid).await;
+    push_folder_update(UpdateType::SyncFolderDelete as i32, &folder, &headers.device.uuid, &mut conn).await;
     Ok(())
 }