mirror of
https://github.com/nextcloud/passman.git
synced 2024-11-10 09:13:00 +08:00
do not collect all credential guids for vault deletion; use custom file mass deletion endpoint
Signed-off-by: binsky <timo@binsky.org>
This commit is contained in:
binsky
parent
e9f0beb0a6
commit
d9815b3ca3
5 changed files with 49 additions and 44 deletions
|
|
@ -28,7 +28,6 @@ return [
|
|||
['name' => 'vault#create', 'url' => '/api/v2/vaults', 'verb' => 'POST'],
|
||||
['name' => 'vault#get', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'GET'],
|
||||
['name' => 'vault#update', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'PATCH'],
|
||||
['name' => 'vault#deleteVaultContent', 'url' => '/api/v2/vaults/delete-vault-content', 'verb' => 'POST'],
|
||||
['name' => 'vault#delete', 'url' => '/api/v2/vaults/{vault_guid}', 'verb' => 'DELETE'],
|
||||
//@TODO make frontend use PATCH
|
||||
['name' => 'vault#updateSharingKeys', 'url' => '/api/v2/vaults/{vault_guid}/sharing-keys', 'verb' => 'POST'],
|
||||
|
|
@ -48,6 +47,7 @@ return [
|
|||
['name' => 'file#uploadFile', 'url' => '/api/v2/file', 'verb' => 'POST'],
|
||||
['name' => 'file#getFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'GET'],
|
||||
['name' => 'file#deleteFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'DELETE'],
|
||||
['name' => 'file#deleteFiles', 'url' => '/api/v2/files/delete', 'verb' => 'POST'],
|
||||
['name' => 'file#updateFile', 'url' => '/api/v2/file/{file_id}', 'verb' => 'PATCH'],
|
||||
|
||||
//Sharing stuff
|
||||
|
|
|
|||
|
|
@ -11,19 +11,20 @@
|
|||
|
||||
namespace OCA\Passman\Controller;
|
||||
|
||||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\IRequest;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\ApiController;
|
||||
use OCA\Passman\Service\FileService;
|
||||
use OCP\AppFramework\ApiController;
|
||||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\IRequest;
|
||||
|
||||
class FileController extends ApiController {
|
||||
private $userId;
|
||||
private $fileService;
|
||||
|
||||
public function __construct($AppName,
|
||||
IRequest $request,
|
||||
$UserId,
|
||||
FileService $fileService){
|
||||
FileService $fileService) {
|
||||
parent::__construct(
|
||||
$AppName,
|
||||
$request,
|
||||
|
|
@ -57,6 +58,7 @@ class FileController extends ApiController {
|
|||
public function getFile($file_id) {
|
||||
return new JSONResponse($this->fileService->getFile($file_id, $this->userId));
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
|
|
@ -65,20 +67,37 @@ class FileController extends ApiController {
|
|||
return new JSONResponse($this->fileService->deleteFile($file_id, $this->userId));
|
||||
}
|
||||
|
||||
public function updateFile($file_id, $file_data, $filename){
|
||||
try{
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function deleteFiles($file_ids) {
|
||||
if ($file_ids != null && !empty($file_ids)) {
|
||||
foreach (json_decode($file_ids) as $file_id) {
|
||||
try {
|
||||
$this->fileService->deleteFile($file_id, $this->userId);
|
||||
} catch (\Exception $e) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
return new JSONResponse(array('ok' => true));
|
||||
}
|
||||
|
||||
public function updateFile($file_id, $file_data, $filename) {
|
||||
try {
|
||||
$file = $this->fileService->getFile($file_id, $this->userId);
|
||||
} catch (\Exception $doesNotExistException){
|
||||
} catch (\Exception $doesNotExistException) {
|
||||
|
||||
}
|
||||
if($file){
|
||||
if($file_data) {
|
||||
if ($file) {
|
||||
if ($file_data) {
|
||||
$file->setFileData($file_data);
|
||||
}
|
||||
if($filename) {
|
||||
if ($filename) {
|
||||
$file->setFilename($filename);
|
||||
}
|
||||
if($filename || $file_data){
|
||||
if ($filename || $file_data) {
|
||||
new JSONResponse($this->fileService->updateFile($file));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -168,11 +168,14 @@ class VaultController extends ApiController {
|
|||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function deleteVaultContent($credential_guids, $file_ids) {
|
||||
if ($credential_guids != null && !empty($credential_guids)) {
|
||||
foreach (json_decode($credential_guids) as $credential_guid) {
|
||||
public function delete($vault_guid) {
|
||||
try {
|
||||
$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
|
||||
$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
|
||||
$credentials = $this->credentialService->getCredentialsByVaultId($vault->getId(), $this->userId);
|
||||
|
||||
foreach ($credentials as $credential) {
|
||||
try {
|
||||
// $credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
|
||||
if ($credential instanceof Credential) {
|
||||
$this->credentialService->deleteCredentiaL($credential);
|
||||
$this->credentialService->deleteCredentialParts($credential, $this->userId);
|
||||
|
|
@ -181,24 +184,10 @@ class VaultController extends ApiController {
|
|||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($file_ids != null && !empty($file_ids)) {
|
||||
foreach (json_decode($file_ids) as $file_id) {
|
||||
try {
|
||||
$this->fileService->deleteFile($file_id, $this->userId);
|
||||
} catch (\Exception $e) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
return new JSONResponse(array('ok' => true));
|
||||
return new NotFoundJSONResponse();
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function delete($vault_guid) {
|
||||
$this->vaultService->deleteVault($vault_guid, $this->userId);
|
||||
return new JSONResponse(array('ok' => true));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -283,17 +283,15 @@
|
|||
total: vault.credentials.length,
|
||||
};
|
||||
|
||||
var credential_guids = [];
|
||||
var file_ids = [];
|
||||
for (const credential of credentials) {
|
||||
credential_guids.push(credential.guid);
|
||||
var decryptedFiles = JSON.parse(EncryptService.decryptString(angular.copy(credential.files), VaultService.getActiveVault().vaultKey));
|
||||
for (const file of decryptedFiles) {
|
||||
file_ids.push(file.file_id);
|
||||
}
|
||||
}
|
||||
|
||||
VaultService.deleteVault(vault, credential_guids, file_ids).then(function () {
|
||||
VaultService.deleteVault(vault, file_ids).then(function () {
|
||||
SettingsService.setSetting('defaultVaultPass', false);
|
||||
SettingsService.setSetting('defaultVault', null);
|
||||
$rootScope.$broadcast('logout');
|
||||
|
|
|
|||
|
|
@ -122,14 +122,13 @@
|
|||
}
|
||||
});
|
||||
},
|
||||
deleteVault: function (vault, credential_guids, file_ids) {
|
||||
deleteVault: function (vault, file_ids) {
|
||||
var queryUrl = OC.generateUrl('apps/passman/api/v2/vaults/' + vault.guid);
|
||||
var deleteContentUrl = OC.generateUrl('apps/passman/api/v2/vaults/delete-vault-content');
|
||||
var data = {
|
||||
"credential_guids": JSON.stringify(credential_guids),
|
||||
var deleteFilesUrl = OC.generateUrl('apps/passman/api/v2/files/delete');
|
||||
var filesData = {
|
||||
"file_ids": JSON.stringify(file_ids)
|
||||
};
|
||||
return $http.post(deleteContentUrl, data).then(function () {
|
||||
return $http.post(deleteFilesUrl, filesData).then(function () {
|
||||
return $http.delete(queryUrl).then(function (response) {
|
||||
if (response.data) {
|
||||
return response.data;
|
||||
|
|
|
|||
Loading…
Reference in a new issue