aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel García <[email protected]>2018-07-31 20:08:05 +0200
committerGitHub <[email protected]>2018-07-31 20:08:05 +0200
commit56b3afa77ca12aba6c3d11edf30b8b16378cbfe5 (patch)
treea90b71f11881bcdebe3c7d5511eea3cbb7e0fb63
parentd7df54507807b15b6caef6241a675b1cf23921d8 (diff)
parentd335f45e34e566bee01a6c754eea61bb3c17e016 (diff)
downloadvaultwarden-56b3afa77ca12aba6c3d11edf30b8b16378cbfe5.tar.gz
vaultwarden-56b3afa77ca12aba6c3d11edf30b8b16378cbfe5.zip
Merge pull request #107 from shauder/bug/attachments_for_orgs0.12.0
Bug/attachments for orgs
-rw-r--r--Cargo.toml2
-rw-r--r--src/api/core/ciphers.rs66
-rw-r--r--src/api/core/mod.rs3
-rw-r--r--src/db/models/attachment.rs31
-rw-r--r--src/main.rs5
5 files changed, 77 insertions, 30 deletions
diff --git a/Cargo.toml b/Cargo.toml
index 31445dd1..fb5adafb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
[package]
name = "bitwarden_rs"
-version = "0.11.0"
+version = "0.12.0"
authors = ["Daniel García <[email protected]>"]
[dependencies]
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index 29f9e8c6..ec1227bf 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -415,6 +415,22 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
}
+#[post("/ciphers/<uuid>/attachment-admin", format = "multipart/form-data", data = "<data>")]
+fn post_attachment_admin(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {
+ post_attachment(uuid, data, content_type, headers, conn)
+}
+
+#[post("/ciphers/<uuid>/attachment/<attachment_id>/share", format = "multipart/form-data", data = "<data>")]
+fn post_attachment_share(uuid: String, attachment_id: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {
+ _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn)?;
+ post_attachment(uuid, data, content_type, headers, conn)
+}
+
+#[post("/ciphers/<uuid>/attachment/<attachment_id>/delete-admin")]
+fn delete_attachment_post_admin(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
+ delete_attachment(uuid, attachment_id, headers, conn)
+}
+
#[post("/ciphers/<uuid>/attachment/<attachment_id>/delete")]
fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
delete_attachment(uuid, attachment_id, headers, conn)
@@ -422,29 +438,7 @@ fn delete_attachment_post(uuid: String, attachment_id: String, headers: Headers,
#[delete("/ciphers/<uuid>/attachment/<attachment_id>")]
fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
- let attachment = match Attachment::find_by_id(&attachment_id, &conn) {
- Some(attachment) => attachment,
- None => err!("Attachment doesn't exist")
- };
-
- if attachment.cipher_uuid != uuid {
- err!("Attachment from other cipher")
- }
-
- let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
- Some(cipher) => cipher,
- None => err!("Cipher doesn't exist")
- };
-
- if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
- err!("Cipher cannot be deleted by user")
- }
-
- // Delete attachment
- match attachment.delete(&conn) {
- Ok(()) => Ok(()),
- Err(_) => err!("Deleting attachement failed")
- }
+ _delete_cipher_attachment_by_id(&uuid, &attachment_id, &headers, &conn)
}
#[post("/ciphers/<uuid>/delete")]
@@ -578,3 +572,29 @@ fn _delete_cipher_by_uuid(uuid: &str, headers: &Headers, conn: &DbConn) -> Empty
Err(_) => err!("Failed deleting cipher")
}
}
+
+fn _delete_cipher_attachment_by_id(uuid: &str, attachment_id: &str, headers: &Headers, conn: &DbConn) -> EmptyResult {
+ let attachment = match Attachment::find_by_id(&attachment_id, &conn) {
+ Some(attachment) => attachment,
+ None => err!("Attachment doesn't exist")
+ };
+
+ if attachment.cipher_uuid != uuid {
+ err!("Attachment from other cipher")
+ }
+
+ let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
+ Some(cipher) => cipher,
+ None => err!("Cipher doesn't exist")
+ };
+
+ if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
+ err!("Cipher cannot be deleted by user")
+ }
+
+ // Delete attachment
+ match attachment.delete(&conn) {
+ Ok(()) => Ok(()),
+ Err(_) => err!("Deleting attachement failed")
+ }
+}
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index 89df7a1f..513319bc 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -34,7 +34,10 @@ pub fn routes() -> Vec<Route> {
post_ciphers_admin,
post_ciphers_import,
post_attachment,
+ post_attachment_admin,
+ post_attachment_share,
delete_attachment_post,
+ delete_attachment_post_admin,
delete_attachment,
post_cipher_admin,
post_cipher_share,
diff --git a/src/db/models/attachment.rs b/src/db/models/attachment.rs
index 1ce4edfe..1f5e29a7 100644
--- a/src/db/models/attachment.rs
+++ b/src/db/models/attachment.rs
@@ -64,14 +64,33 @@ impl Attachment {
pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
use util;
+ use std::{thread, time};
- util::delete_file(&self.get_file_path());
+ let mut retries = 10;
+
+ loop {
+ match diesel::delete(
+ attachments::table.filter(
+ attachments::id.eq(&self.id)
+ )
+ ).execute(&**conn) {
+ Ok(_) => break,
+ Err(err) => {
+ if retries < 1 {
+ println!("ERROR: Failed with 10 retries");
+ return Err(err)
+ } else {
+ retries = retries - 1;
+ println!("Had to retry! Retries left: {}", retries);
+ thread::sleep(time::Duration::from_millis(500));
+ continue
+ }
+ }
+ }
+ }
- diesel::delete(
- attachments::table.filter(
- attachments::id.eq(self.id)
- )
- ).execute(&**conn).and(Ok(()))
+ util::delete_file(&self.get_file_path());
+ Ok(())
}
pub fn delete_all_by_cipher(cipher_uuid: &str, conn: &DbConn) -> QueryResult<()> {
diff --git a/src/main.rs b/src/main.rs
index 17b63794..59840b9c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -83,6 +83,11 @@ fn check_db() {
exit(1);
}
}
+
+ // Turn on WAL in SQLite
+ use diesel::RunQueryDsl;
+ let connection = db::get_connection().expect("Can't conect to DB");
+ diesel::sql_query("PRAGMA journal_mode=wal").execute(&connection).expect("Failed to turn on WAL");
}
fn check_rsa_keys() {