do not collect all credential guids for vault deletion; use custom file mass deletion endpoint

Signed-off-by: binsky <timo@binsky.org>

5 files changed, 48 insertions, 43 deletions

diff --git a/appinfo/routes.php b/appinfo/routes.php
index f46968ef..a0476751 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -28,7 +28,6 @@ return [
 		['name' => 'vault#create', 'url' => '/api/v2/vaults', 'verb' => 'POST'],
 		['name' => 'vault#get', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'GET'],
 		['name' => 'vault#update', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'PATCH'],
-		['name' => 'vault#deleteVaultContent', 'url' => '/api/v2/vaults/delete-vault-content', 'verb' => 'POST'],
 		['name' => 'vault#delete', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'DELETE'],
 		//@TODO make frontend use PATCH
 		['name' => 'vault#updateSharingKeys', 'url' => '/api/v2/vaults/{vault_guid}/sharing-keys', 'verb' => 'POST'],
@@ -48,6 +47,7 @@ return [
 		['name' => 'file#uploadFile', 'url' => '/api/v2/file', 'verb' => 'POST'],
 		['name' => 'file#getFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'GET'],
 		['name' => 'file#deleteFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'DELETE'],
+		['name' => 'file#deleteFiles', 'url' => '/api/v2/files/delete', 'verb' => 'POST'],
 		['name' => 'file#updateFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'PATCH'],
 
 		//Sharing stuff
diff --git a/controller/filecontroller.php b/controller/filecontroller.php
index c2d151a8..1a865fe9 100644
--- a/controller/filecontroller.php
+++ b/controller/filecontroller.php
@@ -11,19 +11,20 @@
 
 namespace OCA\Passman\Controller;
 
+use OCA\Passman\Service\FileService;
+use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Db\DoesNotExistException;
-use OCP\IRequest;
 use OCP\AppFramework\Http\JSONResponse;
-use OCP\AppFramework\ApiController;
-use OCA\Passman\Service\FileService;
+use OCP\IRequest;
 
 class FileController extends ApiController {
 	private $userId;
 	private $fileService;
+
 	public function __construct($AppName,
-								IRequest $request,
-								$UserId,
-								FileService $fileService){
+	                            IRequest $request,
+		$UserId,
+		                        FileService $fileService) {
 		parent::__construct(
 			$AppName,
 			$request,
@@ -57,6 +58,7 @@ class FileController extends ApiController {
 	public function getFile($file_id) {
 		return new JSONResponse($this->fileService->getFile($file_id, $this->userId));
 	}
+
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
@@ -65,22 +67,39 @@ class FileController extends ApiController {
 		return new JSONResponse($this->fileService->deleteFile($file_id, $this->userId));
 	}
 
-	public function updateFile($file_id, $file_data, $filename){
-		try{
+	/**
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
+	public function deleteFiles($file_ids) {
+		if ($file_ids != null && !empty($file_ids)) {
+			foreach (json_decode($file_ids) as $file_id) {
+				try {
+					$this->fileService->deleteFile($file_id, $this->userId);
+				} catch (\Exception $e) {
+					continue;
+				}
+			}
+		}
+		return new JSONResponse(array('ok' => true));
+	}
+
+	public function updateFile($file_id, $file_data, $filename) {
+		try {
 			$file = $this->fileService->getFile($file_id, $this->userId);
-		} catch (\Exception $doesNotExistException){
+		} catch (\Exception $doesNotExistException) {
 
 		}
-		if($file){
-			if($file_data) {
+		if ($file) {
+			if ($file_data) {
 				$file->setFileData($file_data);
 			}
-			if($filename) {
+			if ($filename) {
 				$file->setFilename($filename);
 			}
-			if($filename || $file_data){
+			if ($filename || $file_data) {
 				new JSONResponse($this->fileService->updateFile($file));
 			}
 		}
 	}
-}
\ No newline at end of file
+}
diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php
index f6e2a3c0..b0616bb5 100644
--- a/controller/vaultcontroller.php
+++ b/controller/vaultcontroller.php
@@ -168,11 +168,14 @@ class VaultController extends ApiController {
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
 	 */
-	public function deleteVaultContent($credential_guids, $file_ids) {
-		if ($credential_guids != null && !empty($credential_guids)) {
-			foreach (json_decode($credential_guids) as $credential_guid) {
+	public function delete($vault_guid) {
+		try {
+			$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
+			$credentials = $this->credentialService->getCredentialsByVaultId($vault->getId(), $this->userId);
+
+			foreach ($credentials as $credential) {
 				try {
-					$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
+					// $credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
 					if ($credential instanceof Credential) {
 						$this->credentialService->deleteCredentiaL($credential);
 						$this->credentialService->deleteCredentialParts($credential, $this->userId);
@@ -181,24 +184,10 @@ class VaultController extends ApiController {
 					continue;
 				}
 			}
+		} catch (\Exception $e) {
+			return new NotFoundJSONResponse();
 		}
-		if ($file_ids != null && !empty($file_ids)) {
-			foreach (json_decode($file_ids) as $file_id) {
-				try {
-					$this->fileService->deleteFile($file_id, $this->userId);
-				} catch (\Exception $e) {
-					continue;
-				}
-			}
-		}
-		return new JSONResponse(array('ok' => true));
-	}
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 */
-	public function delete($vault_guid) {
 		$this->vaultService->deleteVault($vault_guid, $this->userId);
 		return new JSONResponse(array('ok' => true));
 	}
diff --git a/js/app/controllers/settings.js b/js/app/controllers/settings.js
index 31d4a0a8..21caea4a 100644
--- a/js/app/controllers/settings.js
+++ b/js/app/controllers/settings.js
@@ -283,17 +283,15 @@
 								total: vault.credentials.length,
 							};
 
-							var credential_guids = [];
 							var file_ids = [];
 							for (const credential of credentials) {
-								credential_guids.push(credential.guid);
 								var decryptedFiles = JSON.parse(EncryptService.decryptString(angular.copy(credential.files), VaultService.getActiveVault().vaultKey));
 								for (const file of decryptedFiles) {
 									file_ids.push(file.file_id);
 								}
 							}
 
-							VaultService.deleteVault(vault, credential_guids, file_ids).then(function () {
+							VaultService.deleteVault(vault, file_ids).then(function () {
 								SettingsService.setSetting('defaultVaultPass', false);
 								SettingsService.setSetting('defaultVault', null);
 								$rootScope.$broadcast('logout');
diff --git a/js/app/services/vaultservice.js b/js/app/services/vaultservice.js
index 79809b6e..188f7c06 100644
--- a/js/app/services/vaultservice.js
+++ b/js/app/services/vaultservice.js
@@ -122,14 +122,13 @@
 						}
 					});
 				},
-				deleteVault: function (vault, credential_guids, file_ids) {
+				deleteVault: function (vault, file_ids) {
 					var queryUrl = OC.generateUrl('apps/passman/api/v2/vaults/' + vault.guid);
-					var deleteContentUrl = OC.generateUrl('apps/passman/api/v2/vaults/delete-vault-content');
-					var data = {
-						"credential_guids": JSON.stringify(credential_guids),
+					var deleteFilesUrl = OC.generateUrl('apps/passman/api/v2/files/delete');
+					var filesData = {
 						"file_ids": JSON.stringify(file_ids)
 					};
-					return $http.post(deleteContentUrl, data).then(function () {
+					return $http.post(deleteFilesUrl, filesData).then(function () {
 						return $http.delete(queryUrl).then(function (response) {
 							if (response.data) {
 								return response.data;