devol
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Use encrypted filename filename in Cipher attachment upload blob name (#403) 

* Use EncString type to enforce encryption on filename in Cipher attachment upload

* Fix Cipher attachment test
This commit is contained in:
Matt Gibson 2021-06-08 14:02:08 -05:00 committed by GitHub
parent 2e16aef6a2
commit ea90aea013
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/src/abstractions/fileUpload.service.ts
View File

@ -6,6 +6,6 @@ import { SendFileUploadDataResponse } from '../models/response/sendFileUploadDat
export abstract class FileUploadService { export abstract class FileUploadService {
uploadSendFile: (uploadData: SendFileUploadDataResponse, fileName: EncString, uploadSendFile: (uploadData: SendFileUploadDataResponse, fileName: EncString,
encryptedFileData: EncArrayBuffer) => Promise<any>; encryptedFileData: EncArrayBuffer) => Promise<any>;
uploadCipherAttachment: (admin: boolean, uploadData: AttachmentUploadDataResponse, fileName: string, uploadCipherAttachment: (admin: boolean, uploadData: AttachmentUploadDataResponse, fileName: EncString,
encryptedFileData: EncArrayBuffer) => Promise<any>; encryptedFileData: EncArrayBuffer) => Promise<any>;
} }

2
common/src/services/cipher.service.ts
View File

@ -638,7 +638,7 @@ export class CipherService implements CipherServiceAbstraction {
try { try {
const uploadDataResponse = await this.apiService.postCipherAttachment(cipher.id, request); const uploadDataResponse = await this.apiService.postCipherAttachment(cipher.id, request);
response = admin ? uploadDataResponse.cipherMiniResponse : uploadDataResponse.cipherResponse; response = admin ? uploadDataResponse.cipherMiniResponse : uploadDataResponse.cipherResponse;
await this.fileUploadService.uploadCipherAttachment(admin, uploadDataResponse, filename, encData); await this.fileUploadService.uploadCipherAttachment(admin, uploadDataResponse, encFileName, encData);
} catch (e) { } catch (e) {
if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404 || (e as ErrorResponse).statusCode === 405) { if (e instanceof ErrorResponse && (e as ErrorResponse).statusCode === 404 || (e as ErrorResponse).statusCode === 405) {
response = await this.legacyServerAttachmentFileUpload(admin, cipher.id, encFileName, encData, dataEncKey[1]); response = await this.legacyServerAttachmentFileUpload(admin, cipher.id, encFileName, encData, dataEncKey[1]);

5
common/src/services/fileUpload.service.ts
View File

@ -47,12 +47,13 @@ export class FileUploadService implements FileUploadServiceAbstraction {
} }
} }
async uploadCipherAttachment(admin: boolean, uploadData: AttachmentUploadDataResponse, encryptedFileName: string, encryptedFileData: EncArrayBuffer) { async uploadCipherAttachment(admin: boolean, uploadData: AttachmentUploadDataResponse, encryptedFileName: EncString,
encryptedFileData: EncArrayBuffer) {
const response = admin ? uploadData.cipherMiniResponse : uploadData.cipherResponse; const response = admin ? uploadData.cipherMiniResponse : uploadData.cipherResponse;
try { try {
switch (uploadData.fileUploadType) { switch (uploadData.fileUploadType) {
case FileUploadType.Direct: case FileUploadType.Direct:
await this.bitwardenFileUploadService.upload(encryptedFileName, encryptedFileData, await this.bitwardenFileUploadService.upload(encryptedFileName.encryptedString, encryptedFileData,
fd => this.apiService.postAttachmentFile(response.id, uploadData.attachmentId, fd)); fd => this.apiService.postAttachmentFile(response.id, uploadData.attachmentId, fd));
break; break;
case FileUploadType.Azure: case FileUploadType.Azure:

2
spec/common/services/cipher.service.spec.ts
View File

@ -56,6 +56,6 @@ describe('Cipher Service', () => {
await cipherService.saveAttachmentRawWithServer(new Cipher(), fileName, fileData); await cipherService.saveAttachmentRawWithServer(new Cipher(), fileName, fileData);
fileUploadService.received(1).uploadCipherAttachment(Arg.any(), Arg.any(), fileName, ENCRYPTED_BYTES); fileUploadService.received(1).uploadCipherAttachment(Arg.any(), Arg.any(), new EncString(ENCRYPTED_TEXT), ENCRYPTED_BYTES);
}); });
}); });