From 91a23193251366b630b6c25cb2c5d7429604ee7e Mon Sep 17 00:00:00 2001 From: Kumar Ankur Date: Wed, 1 Aug 2018 03:58:47 +0530 Subject: [PATCH 1/4] Implementing PUT for ciphers/move (#99) --- src/api/core/ciphers.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 29f9e8c6..7f268f2a 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -483,8 +483,9 @@ fn delete_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbCon Ok(()) } -#[post("/ciphers/move", data = "")] +#[put("/ciphers/move", data = "")] fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { + println!("{}", "inside put"); let data = data.into_inner().data; let folder_id = match data.get("FolderId") { From fcc485384f37583cb3261e833b5acc91e7f30c65 Mon Sep 17 00:00:00 2001 From: Kumar Ankur Date: Wed, 1 Aug 2018 04:12:46 +0530 Subject: [PATCH 2/4] clean up --- src/api/core/ciphers.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 7f268f2a..fe351d76 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -485,7 +485,6 @@ fn delete_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbCon #[put("/ciphers/move", data = "")] fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { - println!("{}", "inside put"); let data = data.into_inner().data; let folder_id = match data.get("FolderId") { From 2f6aa3c36381f802bddf97fbb988020a302e7a2b Mon Sep 17 00:00:00 2001 From: Kumar Ankur Date: Wed, 1 Aug 2018 11:21:05 +0530 Subject: [PATCH 3/4] Reverting removal of 'api/ciphers/move' POST as it is required for backward compatibility --- src/api/core/ciphers.rs | 54 ++++++++++++++++++++++++++++++++++++++++- src/api/core/mod.rs | 1 + 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index fe351d76..d1450df9 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -483,7 +483,7 @@ fn delete_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbCon Ok(()) } -#[put("/ciphers/move", data = "")] +#[post("/ciphers/move", data = "")] fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { let data = data.into_inner().data; @@ -535,6 +535,58 @@ fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) Ok(()) } +#[put("/ciphers/move", data = "")] +fn move_cipher_selected_put(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { + let data = data.into_inner().data; + + let folder_id = match data.get("FolderId") { + Some(folder_id) => { + match folder_id.as_str() { + Some(folder_id) => { + match Folder::find_by_uuid(folder_id, &conn) { + Some(folder) => { + if folder.user_uuid != headers.user.uuid { + err!("Folder is not owned by user") + } + Some(folder.uuid) + } + None => err!("Folder doesn't exist") + } + } + None => err!("Folder id provided in wrong format") + } + } + None => None + }; + + let uuids = match data.get("Ids") { + Some(ids) => match ids.as_array() { + Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }), + None => err!("Posted ids field is not an array") + }, + None => err!("Request missing ids field") + }; + + for uuid in uuids { + let mut cipher = match Cipher::find_by_uuid(uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) { + err!("Cipher is not accessible by user") + } + + // Move cipher + if cipher.move_to_folder(folder_id.clone(), &headers.user.uuid, &conn).is_err() { + err!("Error saving the folder information") + } + cipher.save(&conn); + } + + Ok(()) +} + #[post("/ciphers/purge", data = "")] fn delete_all(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { let data: PasswordData = data.into_inner().data; diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 89df7a1f..d7387d44 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -46,6 +46,7 @@ pub fn routes() -> Vec { delete_cipher_selected, delete_all, move_cipher_selected, + move_cipher_selected_put, get_folders, get_folder, From 0e095a9fa4c8417ba308cbd0de974278654a65e1 Mon Sep 17 00:00:00 2001 From: Kumar Ankur Date: Wed, 1 Aug 2018 13:50:52 +0530 Subject: [PATCH 4/4] change to reuse the logic for POST in PUT as well --- src/api/core/ciphers.rs | 49 +---------------------------------------- 1 file changed, 1 insertion(+), 48 deletions(-) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index d1450df9..12e65de0 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -537,54 +537,7 @@ fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) #[put("/ciphers/move", data = "")] fn move_cipher_selected_put(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { - let data = data.into_inner().data; - - let folder_id = match data.get("FolderId") { - Some(folder_id) => { - match folder_id.as_str() { - Some(folder_id) => { - match Folder::find_by_uuid(folder_id, &conn) { - Some(folder) => { - if folder.user_uuid != headers.user.uuid { - err!("Folder is not owned by user") - } - Some(folder.uuid) - } - None => err!("Folder doesn't exist") - } - } - None => err!("Folder id provided in wrong format") - } - } - None => None - }; - - let uuids = match data.get("Ids") { - Some(ids) => match ids.as_array() { - Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }), - None => err!("Posted ids field is not an array") - }, - None => err!("Request missing ids field") - }; - - for uuid in uuids { - let mut cipher = match Cipher::find_by_uuid(uuid, &conn) { - Some(cipher) => cipher, - None => err!("Cipher doesn't exist") - }; - - if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) { - err!("Cipher is not accessible by user") - } - - // Move cipher - if cipher.move_to_folder(folder_id.clone(), &headers.user.uuid, &conn).is_err() { - err!("Error saving the folder information") - } - cipher.save(&conn); - } - - Ok(()) + move_cipher_selected(data, headers, conn) } #[post("/ciphers/purge", data = "")]