diff options
author | binsky <timo@binsky.org> | 2021-10-23 20:59:13 +0300 |
---|---|---|
committer | binsky <timo@binsky.org> | 2021-10-23 20:59:13 +0300 |
commit | d9815b3ca3bdd4c4ce59cc3ae03bd64b607de042 (patch) | |
tree | db7a1fba69b0fa48c80d879ff8861d9463cb4886 | |
parent | e9f0beb0a61c71cc19be409d7b2e1126897d580a (diff) |
do not collect all credential guids for vault deletion; use custom file mass deletion endpoint
Signed-off-by: binsky <timo@binsky.org>
-rw-r--r-- | appinfo/routes.php | 2 | ||||
-rw-r--r-- | controller/filecontroller.php | 47 | ||||
-rw-r--r-- | controller/vaultcontroller.php | 29 | ||||
-rw-r--r-- | js/app/controllers/settings.js | 4 | ||||
-rw-r--r-- | js/app/services/vaultservice.js | 9 |
5 files changed, 48 insertions, 43 deletions
diff --git a/appinfo/routes.php b/appinfo/routes.php index f46968ef..a0476751 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -28,7 +28,6 @@ return [ ['name' => 'vault#create', 'url' => '/api/v2/vaults', 'verb' => 'POST'], ['name' => 'vault#get', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'GET'], ['name' => 'vault#update', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'PATCH'], - ['name' => 'vault#deleteVaultContent', 'url' => '/api/v2/vaults/delete-vault-content', 'verb' => 'POST'], ['name' => 'vault#delete', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'DELETE'], //@TODO make frontend use PATCH ['name' => 'vault#updateSharingKeys', 'url' => '/api/v2/vaults/{vault_guid}/sharing-keys', 'verb' => 'POST'], @@ -48,6 +47,7 @@ return [ ['name' => 'file#uploadFile', 'url' => '/api/v2/file', 'verb' => 'POST'], ['name' => 'file#getFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'GET'], ['name' => 'file#deleteFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'DELETE'], + ['name' => 'file#deleteFiles', 'url' => '/api/v2/files/delete', 'verb' => 'POST'], ['name' => 'file#updateFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'PATCH'], //Sharing stuff diff --git a/controller/filecontroller.php b/controller/filecontroller.php index c2d151a8..1a865fe9 100644 --- a/controller/filecontroller.php +++ b/controller/filecontroller.php @@ -11,19 +11,20 @@ namespace OCA\Passman\Controller; +use OCA\Passman\Service\FileService; +use OCP\AppFramework\ApiController; use OCP\AppFramework\Db\DoesNotExistException; -use OCP\IRequest; use OCP\AppFramework\Http\JSONResponse; -use OCP\AppFramework\ApiController; -use OCA\Passman\Service\FileService; +use OCP\IRequest; class FileController extends ApiController { private $userId; private $fileService; + public function __construct($AppName, - IRequest $request, - $UserId, - FileService $fileService){ + IRequest $request, + $UserId, + FileService $fileService) { parent::__construct( $AppName, $request, @@ -57,6 +58,7 @@ class FileController extends ApiController { public function getFile($file_id) { return new JSONResponse($this->fileService->getFile($file_id, $this->userId)); } + /** * @NoAdminRequired * @NoCSRFRequired @@ -65,22 +67,39 @@ class FileController extends ApiController { return new JSONResponse($this->fileService->deleteFile($file_id, $this->userId)); } - public function updateFile($file_id, $file_data, $filename){ - try{ + /** + * @NoAdminRequired + * @NoCSRFRequired + */ + public function deleteFiles($file_ids) { + if ($file_ids != null && !empty($file_ids)) { + foreach (json_decode($file_ids) as $file_id) { + try { + $this->fileService->deleteFile($file_id, $this->userId); + } catch (\Exception $e) { + continue; + } + } + } + return new JSONResponse(array('ok' => true)); + } + + public function updateFile($file_id, $file_data, $filename) { + try { $file = $this->fileService->getFile($file_id, $this->userId); - } catch (\Exception $doesNotExistException){ + } catch (\Exception $doesNotExistException) { } - if($file){ - if($file_data) { + if ($file) { + if ($file_data) { $file->setFileData($file_data); } - if($filename) { + if ($filename) { $file->setFilename($filename); } - if($filename || $file_data){ + if ($filename || $file_data) { new JSONResponse($this->fileService->updateFile($file)); } } } -}
\ No newline at end of file +} diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php index f6e2a3c0..b0616bb5 100644 --- a/controller/vaultcontroller.php +++ b/controller/vaultcontroller.php @@ -168,11 +168,14 @@ class VaultController extends ApiController { * @NoAdminRequired * @NoCSRFRequired */ - public function deleteVaultContent($credential_guids, $file_ids) { - if ($credential_guids != null && !empty($credential_guids)) { - foreach (json_decode($credential_guids) as $credential_guid) { + public function delete($vault_guid) { + try { + $vault = $this->vaultService->getByGuid($vault_guid, $this->userId); + $credentials = $this->credentialService->getCredentialsByVaultId($vault->getId(), $this->userId); + + foreach ($credentials as $credential) { try { - $credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); + // $credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); if ($credential instanceof Credential) { $this->credentialService->deleteCredentiaL($credential); $this->credentialService->deleteCredentialParts($credential, $this->userId); @@ -181,24 +184,10 @@ class VaultController extends ApiController { continue; } } + } catch (\Exception $e) { + return new NotFoundJSONResponse(); } - if ($file_ids != null && !empty($file_ids)) { - foreach (json_decode($file_ids) as $file_id) { - try { - $this->fileService->deleteFile($file_id, $this->userId); - } catch (\Exception $e) { - continue; - } - } - } - return new JSONResponse(array('ok' => true)); - } - /** - * @NoAdminRequired - * @NoCSRFRequired - */ - public function delete($vault_guid) { $this->vaultService->deleteVault($vault_guid, $this->userId); return new JSONResponse(array('ok' => true)); } diff --git a/js/app/controllers/settings.js b/js/app/controllers/settings.js index 31d4a0a8..21caea4a 100644 --- a/js/app/controllers/settings.js +++ b/js/app/controllers/settings.js @@ -283,17 +283,15 @@ total: vault.credentials.length, }; - var credential_guids = []; var file_ids = []; for (const credential of credentials) { - credential_guids.push(credential.guid); var decryptedFiles = JSON.parse(EncryptService.decryptString(angular.copy(credential.files), VaultService.getActiveVault().vaultKey)); for (const file of decryptedFiles) { file_ids.push(file.file_id); } } - VaultService.deleteVault(vault, credential_guids, file_ids).then(function () { + VaultService.deleteVault(vault, file_ids).then(function () { SettingsService.setSetting('defaultVaultPass', false); SettingsService.setSetting('defaultVault', null); $rootScope.$broadcast('logout'); diff --git a/js/app/services/vaultservice.js b/js/app/services/vaultservice.js index 79809b6e..188f7c06 100644 --- a/js/app/services/vaultservice.js +++ b/js/app/services/vaultservice.js @@ -122,14 +122,13 @@ } }); }, - deleteVault: function (vault, credential_guids, file_ids) { + deleteVault: function (vault, file_ids) { var queryUrl = OC.generateUrl('apps/passman/api/v2/vaults/' + vault.guid); - var deleteContentUrl = OC.generateUrl('apps/passman/api/v2/vaults/delete-vault-content'); - var data = { - "credential_guids": JSON.stringify(credential_guids), + var deleteFilesUrl = OC.generateUrl('apps/passman/api/v2/files/delete'); + var filesData = { "file_ids": JSON.stringify(file_ids) }; - return $http.post(deleteContentUrl, data).then(function () { + return $http.post(deleteFilesUrl, filesData).then(function () { return $http.delete(queryUrl).then(function (response) { if (response.data) { return response.data; |