aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBlackDex <[email protected]>2022-11-07 17:13:34 +0100
committerBlackDex <[email protected]>2022-11-07 17:13:34 +0100
commitc9ec389b244c98d5cc57852f29130923fe9d6ce6 (patch)
treeed190965725a1703a603648ef7db47ec282dce9b
parentf60a6929a9a289bd39c38eeb793ebf54c4d88199 (diff)
downloadvaultwarden-c9ec389b244c98d5cc57852f29130923fe9d6ce6.tar.gz
vaultwarden-c9ec389b244c98d5cc57852f29130923fe9d6ce6.zip
Support Org Export for v2022.11 clients
Since v2022.9.x the org export uses a different endpoint. But, since v2022.11.x this endpoint will return a different format. See: https://github.com/bitwarden/clients/pull/3641 and https://github.com/bitwarden/server/pull/2316 To support both version in the case of users having an older client either web-vault or cli this PR checks the version and responds using the correct format. If no version can be determined it will use the new format as a default.
-rw-r--r--Cargo.lock7
-rw-r--r--Cargo.toml3
-rw-r--r--src/api/core/organizations.rs69
-rw-r--r--src/auth.rs3
4 files changed, 61 insertions, 21 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 38e2f398..1f428ebd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2467,6 +2467,12 @@ dependencies = [
]
[[package]]
+name = "semver"
+version = "1.0.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e25dfac463d778e353db5be2449d1cce89bd6fd23c9f1ea21310ce6e5a1b29c4"
+
+[[package]]
name = "serde"
version = "1.0.147"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3201,6 +3207,7 @@ dependencies = [
"ring",
"rmpv",
"rocket",
+ "semver",
"serde",
"serde_json",
"syslog",
diff --git a/Cargo.toml b/Cargo.toml
index a232807a..693f95f8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -142,6 +142,9 @@ governor = "0.5.0"
# Capture CTRL+C
ctrlc = { version = "3.2.3", features = ["termination"] }
+# Check client versions for specific features.
+semver = "1.0.14"
+
# Allow overriding the default memory allocator
# Mainly used for the musl builds, since the default musl malloc is very slow
mimalloc = { version = "0.1.30", features = ["secure"], default-features = false, optional = true }
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 0de6feb9..532cdda0 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -273,19 +273,15 @@ async fn get_user_collections(headers: Headers, mut conn: DbConn) -> Json<Value>
#[get("/organizations/<org_id>/collections")]
async fn get_org_collections(org_id: String, _headers: ManagerHeadersLoose, mut conn: DbConn) -> Json<Value> {
- Json(_get_org_collections(&org_id, &mut conn).await)
+ Json(json!({
+ "Data": _get_org_collections(&org_id, &mut conn).await,
+ "Object": "list",
+ "ContinuationToken": null,
+ }))
}
async fn _get_org_collections(org_id: &str, conn: &mut DbConn) -> Value {
- json!({
- "Data":
- Collection::find_by_organization(org_id, conn).await
- .iter()
- .map(Collection::to_json)
- .collect::<Value>(),
- "Object": "list",
- "ContinuationToken": null,
- })
+ Collection::find_by_organization(org_id, conn).await.iter().map(Collection::to_json).collect::<Value>()
}
#[post("/organizations/<org_id>/collections", data = "<data>")]
@@ -550,7 +546,11 @@ struct OrgIdData {
#[get("/ciphers/organization-details?<data..>")]
async fn get_org_details(data: OrgIdData, headers: Headers, mut conn: DbConn) -> Json<Value> {
- Json(_get_org_details(&data.organization_id, &headers.host, &headers.user.uuid, &mut conn).await)
+ Json(json!({
+ "Data": _get_org_details(&data.organization_id, &headers.host, &headers.user.uuid, &mut conn).await,
+ "Object": "list",
+ "ContinuationToken": null,
+ }))
}
async fn _get_org_details(org_id: &str, host: &str, user_uuid: &str, conn: &mut DbConn) -> Value {
@@ -561,12 +561,7 @@ async fn _get_org_details(org_id: &str, host: &str, user_uuid: &str, conn: &mut
for c in ciphers {
ciphers_json.push(c.to_json(host, user_uuid, Some(&cipher_sync_data), conn).await);
}
-
- json!({
- "Data": ciphers_json,
- "Object": "list",
- "ContinuationToken": null,
- })
+ json!(ciphers_json)
}
#[get("/organizations/<org_id>/users")]
@@ -2079,9 +2074,41 @@ async fn delete_group_user(
// Else the export will be just an empty JSON file.
#[get("/organizations/<org_id>/export")]
async fn get_org_export(org_id: String, headers: AdminHeaders, mut conn: DbConn) -> Json<Value> {
+ use semver::{Version, VersionReq};
+
+ // Since version v2022.11.0 the format of the export is different.
+ // Also, this endpoint was created since v2022.9.0.
+ // Therefore, we will check for any version smaller then 2022.11.0 and return a different response.
+ // If we can't determine the version, we will use the latest default v2022.11.0 and higher.
+ // https://github.com/bitwarden/server/blob/8a6f780d55cf0768e1869f1f097452328791983e/src/Api/Controllers/OrganizationExportController.cs#L44-L45
+ let use_list_response_model = if let Some(client_version) = headers.client_version {
+ let ver_match = VersionReq::parse("<2022.11.0").unwrap();
+ let client_version = Version::parse(&client_version).unwrap();
+ ver_match.matches(&client_version)
+ } else {
+ false
+ };
+
// Also both main keys here need to be lowercase, else the export will fail.
- Json(json!({
- "collections": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await),
- "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await),
- }))
+ if use_list_response_model {
+ // Backwards compatible pre v2022.11.0 response
+ Json(json!({
+ "collections": {
+ "data": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await),
+ "object": "list",
+ "continuationToken": null,
+ },
+ "ciphers": {
+ "data": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await),
+ "object": "list",
+ "continuationToken": null,
+ }
+ }))
+ } else {
+ // v2022.11.0 and newer response
+ Json(json!({
+ "collections": convert_json_key_lcase_first(_get_org_collections(&org_id, &mut conn).await),
+ "ciphers": convert_json_key_lcase_first(_get_org_details(&org_id, &headers.host, &headers.user.uuid, &mut conn).await),
+ }))
+ }
}
diff --git a/src/auth.rs b/src/auth.rs
index eb8fe1ad..ac407ecb 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -481,6 +481,7 @@ pub struct AdminHeaders {
pub device: Device,
pub user: User,
pub org_user_type: UserOrgType,
+ pub client_version: Option<String>,
}
#[rocket::async_trait]
@@ -489,12 +490,14 @@ impl<'r> FromRequest<'r> for AdminHeaders {
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let headers = try_outcome!(OrgHeaders::from_request(request).await);
+ let client_version = request.headers().get_one("Bitwarden-Client-Version").map(String::from);
if headers.org_user_type >= UserOrgType::Admin {
Outcome::Success(Self {
host: headers.host,
device: headers.device,
user: headers.user,
org_user_type: headers.org_user_type,
+ client_version,
})
} else {
err_handler!("You need to be Admin or Owner to call this endpoint")