diff options
author | BlackDex <[email protected]> | 2022-11-07 17:13:34 +0100 |
---|---|---|
committer | BlackDex <[email protected]> | 2022-11-07 17:13:34 +0100 |
commit | c9ec389b244c98d5cc57852f29130923fe9d6ce6 (patch) | |
tree | ed190965725a1703a603648ef7db47ec282dce9b | |
parent | f60a6929a9a289bd39c38eeb793ebf54c4d88199 (diff) | |
download | vaultwarden-c9ec389b244c98d5cc57852f29130923fe9d6ce6.tar.gz vaultwarden-c9ec389b244c98d5cc57852f29130923fe9d6ce6.zip |
Support Org Export for v2022.11 clients
Since v2022.9.x the org export uses a different endpoint.
But, since v2022.11.x this endpoint will return a different format.
See: https://github.com/bitwarden/clients/pull/3641 and https://github.com/bitwarden/server/pull/2316
To support both version in the case of users having an older client
either web-vault or cli this PR checks the version and responds using
the correct format. If no version can be determined it will use the new
format as a default.
-rw-r--r-- | Cargo.lock | 7 | ||||
-rw-r--r-- | Cargo.toml | 3 | ||||
-rw-r--r-- | src/api/core/organizations.rs | 69 | ||||
-rw-r--r-- | src/auth.rs | 3 |
4 files changed, 61 insertions, 21 deletions
@@ -2467,6 +2467,12 @@ dependencies = [ ] [[package]] +name = "semver" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e25dfac463d778e353db5be2449d1cce89bd6fd23c9f1ea21310ce6e5a1b29c4" + +[[package]] name = "serde" version = "1.0.147" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3201,6 +3207,7 @@ dependencies = [ "ring", "rmpv", "rocket", + "semver", "serde", "serde_json", "syslog", @@ -142,6 +142,9 @@ governor = "0.5.0" # Capture CTRL+C ctrlc = { version = "3.2.3", features = ["termination"] } +# Check client versions for specific features. +semver = "1.0.14" + # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow mimalloc = { version = "0.1.30", features = ["secure"], default-features = false, optional = true } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 0de6feb9..532cdda0 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -273,19 +273,15 @@ async fn get_user_collections(headers: Headers, mut conn: DbConn) -> Json<Value> #[get("/organizations/<org_id>/collections")] async fn get_org_collections(org_id: String, _headers: ManagerHeadersLoose, mut conn: DbConn) -> Json<Value> { - Json(_get_org_collections(&org_id, &mut conn).await) + Json(json!({ + "Data": _get_org_collections(&org_id, &mut conn).await, + "Object": "list", + "ContinuationToken": null, + })) } async fn _get_org_collections(org_id: &str, conn: &mut DbConn) -> Value { - json!({ - "Data": - Collection::find_by_organization(org_id, conn).await - .iter() - .map(Collection::to_json) - .collect::<Value>(), - "Object": "list", - "ContinuationToken": null, - }) + Collection::find_by_organization(org_id, conn).await.iter().map(Collection::to_json).collect::<Value>() } #[post("/organizations/<org_id>/collections", data = "<data>")] @@ -550,7 +546,11 @@ struct OrgIdData { #[get("/ciphers/organization-details?<data..>")] async fn get_org_details(data: OrgIdData, headers: Headers, mut conn: DbConn) -> Json<Value> { - Json(_get_org_details(&data.organization_id, &headers.host, &headers.user.uuid, &mut conn).await) + Json(json!({ + "Data": _get_org_details(&data.organization_id, &headers.host, &headers.user.uuid, &mut conn).await, + "Object": "list", + "ContinuationToken": null, + })) } async fn _get_org_details(org_id: &str, host: &str, user_uuid: &str, conn: &mut DbConn) -> Value { @@ -561,12 +561,7 @@ async fn _get_org_details(org_id: &str, host: &str, user_uuid: &str, conn: &mut for c in ciphers { ciphers_json.push(c.to_json(host, user_uuid, Some(&cipher_sync_data), conn).await); } - - json!({ - "Data": ciphers_json, - "Object": "list", - "ContinuationToken": null, - }) + json!(ciphers_json) } #[get("/organizations/<org_id>/users")] @@ -2079,9 +2074,41 @@ async fn delete_group_user( // Else the export will be just an empty JSON file. #[get("/organizations/<org_id>/export")] async fn get_org_export(org_id: String, headers: AdminHeaders, mut conn: DbConn) -> Json<Value> { + use semver::{Version, VersionReq}; + + // Since version v2022.11.0 the format of the export is different. + // Also, this endpoint was created since v2022.9.0. + // Therefore, we will check for any version smaller then 2022.11.0 and return a different response. + // If we can't determine the version, we will use the latest default v2022.11.0 and higher. + // https://github.com/bitwarden/server/blob/8a6f780d55cf0768e1869f1f097452328791983e/src/Api/Controllers/OrganizationExportController.cs#L44-L45 + let use_list_response_model = if let Some(client_version) = headers.client_version { + let ver_match = VersionReq::parse("<2022.11.0").unwrap(); + let client_version = Version::parse(&client_version).unwrap(); + ver_match.matches(&client_version) + } else { + false + }; + // Also both main keys here need to be lowercase, else the export will fail. - Json(json!({ - "collections": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await), - "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await), - })) + if use_list_response_model { + // Backwards compatible pre v2022.11.0 response + Json(json!({ + "collections": { + "data": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await), + "object": "list", + "continuationToken": null, + }, + "ciphers": { + "data": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await), + "object": "list", + "continuationToken": null, + } + })) + } else { + // v2022.11.0 and newer response + Json(json!({ + "collections": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await), + "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await), + })) + } } diff --git a/src/auth.rs b/src/auth.rs index eb8fe1ad..ac407ecb 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -481,6 +481,7 @@ pub struct AdminHeaders { pub device: Device, pub user: User, pub org_user_type: UserOrgType, + pub client_version: Option<String>, } #[rocket::async_trait] @@ -489,12 +490,14 @@ impl<'r> FromRequest<'r> for AdminHeaders { async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> { let headers = try_outcome!(OrgHeaders::from_request(request).await); + let client_version = request.headers().get_one("Bitwarden-Client-Version").map(String::from); if headers.org_user_type >= UserOrgType::Admin { Outcome::Success(Self { host: headers.host, device: headers.device, user: headers.user, org_user_type: headers.org_user_type, + client_version, }) } else { err_handler!("You need to be Admin or Owner to call this endpoint") |