Update Key Rotation web-vault v2024.3.x (#4446)

Key rotation was changed since 2024.1.x. Multiple other items were added to be rotated like password-reset and emergency-access data to be part of just one POST instead of having multiple. See: https://github.com/dani-garcia/bw_web_builds/pull/157
2025-11-06 13:18:19 +02:00 · 2024-04-06 14:42:53 +02:00
parent e42a37c6c1
commit e1a8df96db
4 changed files with 123 additions and 41 deletions
--- a/src/api/core/sends.rs
+++ b/src/api/core/sends.rs
@@ -49,7 +49,7 @@ pub async fn purge_sends(pool: DbPool) {

 #[derive(Deserialize)]
 #[allow(non_snake_case)]
-struct SendData {
+pub struct SendData {
    Type: i32,
    Key: String,
    Password: Option<String>,
@@ -65,6 +65,9 @@ struct SendData {
    Text: Option<Value>,
    File: Option<Value>,
    FileLength: Option<NumberOrString>,
+
+    // Used for key rotations
+    pub Id: Option<String>,
 }

 /// Enforces the `Disable Send` policy. A non-owner/admin user belonging to
@@ -549,6 +552,19 @@ async fn put_send(
        None => err!("Send not found"),
    };

+    update_send_from_data(&mut send, data, &headers, &mut conn, &nt, UpdateType::SyncSendUpdate).await?;
+
+    Ok(Json(send.to_json()))
+}
+
+pub async fn update_send_from_data(
+    send: &mut Send,
+    data: SendData,
+    headers: &Headers,
+    conn: &mut DbConn,
+    nt: &Notify<'_>,
+    ut: UpdateType,
+) -> EmptyResult {
    if send.user_uuid.as_ref() != Some(&headers.user.uuid) {
        err!("Send is not owned by user")
    }
@@ -557,6 +573,12 @@ async fn put_send(
        err!("Sends can't change type")
    }

+    if data.DeletionDate > Utc::now() + TimeDelta::try_days(31).unwrap() {
+        err!(
+            "You cannot have a Send with a deletion date that far into the future. Adjust the Deletion Date to a value less than 31 days from now and try again."
+        );
+    }
+
    // When updating a file Send, we receive nulls in the File field, as it's immutable,
    // so we only need to update the data field in the Text case
    if data.Type == SendType::Text as i32 {
@@ -569,11 +591,6 @@ async fn put_send(
        send.data = data_str;
    }

-    if data.DeletionDate > Utc::now() + TimeDelta::try_days(31).unwrap() {
-        err!(
-            "You cannot have a Send with a deletion date that far into the future. Adjust the Deletion Date to a value less than 31 days from now and try again."
-        );
-    }
    send.name = data.Name;
    send.akey = data.Key;
    send.deletion_date = data.DeletionDate.naive_utc();
@@ -591,17 +608,11 @@ async fn put_send(
        send.set_password(Some(&password));
    }

-    send.save(&mut conn).await?;
-    nt.send_send_update(
-        UpdateType::SyncSendUpdate,
-        &send,
-        &send.update_users_revision(&mut conn).await,
-        &headers.device.uuid,
-        &mut conn,
-    )
-    .await;
-
-    Ok(Json(send.to_json()))
+    send.save(conn).await?;
+    if ut != UpdateType::None {
+        nt.send_send_update(ut, send, &send.update_users_revision(conn).await, &headers.device.uuid, conn).await;
+    }
+    Ok(())
 }

 #[delete("/sends/<id>")]