bitwarden_rs/src/db/models/org_policy.rs

use serde_json::Value;

use crate::api::EmptyResult;
use crate::db::DbConn;
use crate::error::MapResult;

use super::{Organization, UserOrgStatus};

db_object! {
    #[derive(Identifiable, Queryable, Insertable, Associations, AsChangeset)]
    #[table_name = "org_policies"]
    #[belongs_to(Organization, foreign_key = "org_uuid")]
    #[primary_key(uuid)]
    pub struct OrgPolicy {
        pub uuid: String,
        pub org_uuid: String,
        pub atype: i32,
        pub enabled: bool,
        pub data: String,
    }
}

#[allow(dead_code)]
#[derive(num_derive::FromPrimitive)]
pub enum OrgPolicyType {
    TwoFactorAuthentication = 0,
    MasterPassword = 1,
    PasswordGenerator = 2,
    // SingleOrg = 3, // Not currently supported.
    // RequireSso = 4, // Not currently supported.
    PersonalOwnership = 5,
}

/// Local methods
impl OrgPolicy {
    pub fn new(org_uuid: String, atype: OrgPolicyType, data: String) -> Self {
        Self {
            uuid: crate::util::get_uuid(),
            org_uuid,
            atype: atype as i32,
            enabled: false,
            data,
        }
    }

    pub fn has_type(&self, policy_type: OrgPolicyType) -> bool {
        self.atype == policy_type as i32
    }

    pub fn to_json(&self) -> Value {
        let data_json: Value = serde_json::from_str(&self.data).unwrap_or(Value::Null);
        json!({
            "Id": self.uuid,
            "OrganizationId": self.org_uuid,
            "Type": self.atype,
            "Data": data_json,
            "Enabled": self.enabled,
            "Object": "policy",
        })
    }
}

/// Database methods
impl OrgPolicy {
    pub fn save(&self, conn: &DbConn) -> EmptyResult {
        db_run! { conn:
            sqlite, mysql {
                match diesel::replace_into(org_policies::table)
                    .values(OrgPolicyDb::to_db(self))
                    .execute(conn)
                {
                    Ok(_) => Ok(()),
                    // Record already exists and causes a Foreign Key Violation because replace_into() wants to delete the record first.
                    Err(diesel::result::Error::DatabaseError(diesel::result::DatabaseErrorKind::ForeignKeyViolation, _)) => {
                        diesel::update(org_policies::table)
                            .filter(org_policies::uuid.eq(&self.uuid))
                            .set(OrgPolicyDb::to_db(self))
                            .execute(conn)
                            .map_res("Error saving org_policy")
                    }
                    Err(e) => Err(e.into()),
                }.map_res("Error saving org_policy")
            }
            postgresql {
                let value = OrgPolicyDb::to_db(self);
                // We need to make sure we're not going to violate the unique constraint on org_uuid and atype.
                // This happens automatically on other DBMS backends due to replace_into(). PostgreSQL does
                // not support multiple constraints on ON CONFLICT clauses.
                diesel::delete(
                    org_policies::table
                        .filter(org_policies::org_uuid.eq(&self.org_uuid))
                        .filter(org_policies::atype.eq(&self.atype)),
                )
                .execute(conn)
                .map_res("Error deleting org_policy for insert")?;

                diesel::insert_into(org_policies::table)
                    .values(&value)
                    .on_conflict(org_policies::uuid)
                    .do_update()
                    .set(&value)
                    .execute(conn)
                    .map_res("Error saving org_policy")
            }
        }
    }

    pub fn delete(self, conn: &DbConn) -> EmptyResult {
        db_run! { conn: {
            diesel::delete(org_policies::table.filter(org_policies::uuid.eq(self.uuid)))
                .execute(conn)
                .map_res("Error deleting org_policy")
        }}
    }

    pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
        db_run! { conn: {
            org_policies::table
                .filter(org_policies::uuid.eq(uuid))
                .first::<OrgPolicyDb>(conn)
                .ok()
                .from_db()
        }}
    }

    pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
        db_run! { conn: {
            org_policies::table
                .filter(org_policies::org_uuid.eq(org_uuid))
                .load::<OrgPolicyDb>(conn)
                .expect("Error loading org_policy")
                .from_db()
        }}
    }

    pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
        db_run! { conn: {
            org_policies::table
                .inner_join(
                    users_organizations::table.on(
                        users_organizations::org_uuid.eq(org_policies::org_uuid)
                            .and(users_organizations::user_uuid.eq(user_uuid)))
                )
                .filter(
                    users_organizations::status.eq(UserOrgStatus::Confirmed as i32)
                )
                .select(org_policies::all_columns)
                .load::<OrgPolicyDb>(conn)
                .expect("Error loading org_policy")
                .from_db()
        }}
    }

    pub fn find_by_org_and_type(org_uuid: &str, atype: i32, conn: &DbConn) -> Option<Self> {
        db_run! { conn: {
            org_policies::table
                .filter(org_policies::org_uuid.eq(org_uuid))
                .filter(org_policies::atype.eq(atype))
                .first::<OrgPolicyDb>(conn)
                .ok()
                .from_db()
        }}
    }

    pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {
        db_run! { conn: {
            diesel::delete(org_policies::table.filter(org_policies::org_uuid.eq(org_uuid)))
                .execute(conn)
                .map_res("Error deleting org_policy")
        }}
    }

    /*pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
        db_run! { conn: {
            diesel::delete(twofactor::table.filter(twofactor::user_uuid.eq(user_uuid)))
                .execute(conn)
                .map_res("Error deleting twofactors")
        }}
    }*/
}
Initial version of policies 2020-03-14 13:22:30 +01:00			`use serde_json::Value;`

			`use crate::api::EmptyResult;`
			`use crate::db::DbConn;`
			`use crate::error::MapResult;`

Ensure that a user is actually in an org when applying policies 2020-11-07 23:14:17 +01:00			`use super::{Organization, UserOrgStatus};`
Initial version of policies 2020-03-14 13:22:30 +01:00
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_object! {`
Remove debug impl from database structs This is only implemented for the database specific structs, which is not what we want 2021-03-13 22:04:04 +01:00			`#[derive(Identifiable, Queryable, Insertable, Associations, AsChangeset)]`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`#[table_name = "org_policies"]`
			`#[belongs_to(Organization, foreign_key = "org_uuid")]`
			`#[primary_key(uuid)]`
			`pub struct OrgPolicy {`
			`pub uuid: String,`
			`pub org_uuid: String,`
			`pub atype: i32,`
			`pub enabled: bool,`
			`pub data: String,`
			`}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`#[allow(dead_code)]`
Remove unused dependency and simple feature, update dependencies and fix some clippy lints 2020-05-03 17:24:51 +02:00			`#[derive(num_derive::FromPrimitive)]`
Initial version of policies 2020-03-14 13:22:30 +01:00			`pub enum OrgPolicyType {`
			`TwoFactorAuthentication = 0,`
			`MasterPassword = 1,`
			`PasswordGenerator = 2,`
Add support for the Personal Ownership policy Upstream refs: * https://github.com/bitwarden/server/pull/1013 * https://bitwarden.com/help/article/policies/#personal-ownership 2021-01-24 05:50:06 +01:00			`// SingleOrg = 3, // Not currently supported.`
			`// RequireSso = 4, // Not currently supported.`
			`PersonalOwnership = 5,`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`/// Local methods`
			`impl OrgPolicy {`
			`pub fn new(org_uuid: String, atype: OrgPolicyType, data: String) -> Self {`
			`Self {`
			`uuid: crate::util::get_uuid(),`
			`org_uuid,`
			`atype: atype as i32,`
			`enabled: false,`
			`data,`
			`}`
			`}`

Add support for the Personal Ownership policy Upstream refs: * https://github.com/bitwarden/server/pull/1013 * https://bitwarden.com/help/article/policies/#personal-ownership 2021-01-24 05:50:06 +01:00			`pub fn has_type(&self, policy_type: OrgPolicyType) -> bool {`
			`self.atype == policy_type as i32`
			`}`

Initial version of policies 2020-03-14 13:22:30 +01:00			`pub fn to_json(&self) -> Value {`
			`let data_json: Value = serde_json::from_str(&self.data).unwrap_or(Value::Null);`
			`json!({`
			`"Id": self.uuid,`
			`"OrganizationId": self.org_uuid,`
			`"Type": self.atype,`
			`"Data": data_json,`
			`"Enabled": self.enabled,`
			`"Object": "policy",`
			`})`
			`}`
			`}`

			`/// Database methods`
			`impl OrgPolicy {`
Fix issue with postgres 2020-03-14 23:35:34 +01:00			`pub fn save(&self, conn: &DbConn) -> EmptyResult {`
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050 2020-09-22 12:13:02 +02:00			`db_run! { conn:`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`sqlite, mysql {`
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050 2020-09-22 12:13:02 +02:00			`match diesel::replace_into(org_policies::table)`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`.values(OrgPolicyDb::to_db(self))`
			`.execute(conn)`
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050 2020-09-22 12:13:02 +02:00			`{`
			`Ok(_) => Ok(()),`
			`// Record already exists and causes a Foreign Key Violation because replace_into() wants to delete the record first.`
			`Err(diesel::result::Error::DatabaseError(diesel::result::DatabaseErrorKind::ForeignKeyViolation, _)) => {`
			`diesel::update(org_policies::table)`
			`.filter(org_policies::uuid.eq(&self.uuid))`
			`.set(OrgPolicyDb::to_db(self))`
			`.execute(conn)`
			`.map_res("Error saving org_policy")`
			`}`
			`Err(e) => Err(e.into()),`
			`}.map_res("Error saving org_policy")`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`}`
			`postgresql {`
			`let value = OrgPolicyDb::to_db(self);`
			`// We need to make sure we're not going to violate the unique constraint on org_uuid and atype.`
			`// This happens automatically on other DBMS backends due to replace_into(). PostgreSQL does`
			`// not support multiple constraints on ON CONFLICT clauses.`
			`diesel::delete(`
			`org_policies::table`
			`.filter(org_policies::org_uuid.eq(&self.org_uuid))`
			`.filter(org_policies::atype.eq(&self.atype)),`
			`)`
			`.execute(conn)`
			`.map_res("Error deleting org_policy for insert")?;`

			`diesel::insert_into(org_policies::table)`
			`.values(&value)`
			`.on_conflict(org_policies::uuid)`
			`.do_update()`
			`.set(&value)`
			`.execute(conn)`
			`.map_res("Error saving org_policy")`
			`}`
			`}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`pub fn delete(self, conn: &DbConn) -> EmptyResult {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`diesel::delete(org_policies::table.filter(org_policies::uuid.eq(self.uuid)))`
			`.execute(conn)`
			`.map_res("Error deleting org_policy")`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`org_policies::table`
			`.filter(org_policies::uuid.eq(uuid))`
			`.first::<OrgPolicyDb>(conn)`
			`.ok()`
			`.from_db()`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`org_policies::table`
			`.filter(org_policies::org_uuid.eq(org_uuid))`
			`.load::<OrgPolicyDb>(conn)`
			`.expect("Error loading org_policy")`
			`.from_db()`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`org_policies::table`
Try to fix #1218 2020-11-07 23:01:56 +01:00			`.inner_join(`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`users_organizations::table.on(`
			`users_organizations::org_uuid.eq(org_policies::org_uuid)`
			`.and(users_organizations::user_uuid.eq(user_uuid)))`
			`)`
Ensure that a user is actually in an org when applying policies 2020-11-07 23:14:17 +01:00			`.filter(`
			`users_organizations::status.eq(UserOrgStatus::Confirmed as i32)`
			`)`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`.select(org_policies::all_columns)`
			`.load::<OrgPolicyDb>(conn)`
			`.expect("Error loading org_policy")`
			`.from_db()`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`pub fn find_by_org_and_type(org_uuid: &str, atype: i32, conn: &DbConn) -> Option<Self> {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`org_policies::table`
			`.filter(org_policies::org_uuid.eq(org_uuid))`
			`.filter(org_policies::atype.eq(atype))`
			`.first::<OrgPolicyDb>(conn)`
			`.ok()`
			`.from_db()`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`diesel::delete(org_policies::table.filter(org_policies::org_uuid.eq(org_uuid)))`
			`.execute(conn)`
			`.map_res("Error deleting org_policy")`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}`

			`/*pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {`
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones 2020-08-18 17:15:44 +02:00			`db_run! { conn: {`
			`diesel::delete(twofactor::table.filter(twofactor::user_uuid.eq(user_uuid)))`
			`.execute(conn)`
			`.map_res("Error deleting twofactors")`
			`}}`
Initial version of policies 2020-03-14 13:22:30 +01:00			`}*/`
			`}`