WIP: Update Key Rotation web-vault v2023.3.x

src/api/core/accounts.rs

@@ -442,13 +442,31 @@ struct UpdateFolderData {
     Name: String,
 }
 
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct UpdateEmergencyAccessData {
+    Id: String,
+    KeyEncrypted: String,
+}
+
+#[derive(Deserialize)]
+#[allow(non_snake_case)]
+struct UpdateResetPasswordData {
+    OrganizationId: String,
+    ResetPasswordKey: String,
+}
+
 use super::ciphers::CipherData;
+use super::sends::{SendData, put_send};
 
 #[derive(Deserialize)]
 #[allow(non_snake_case)]
 struct KeyData {
     Ciphers: Vec<CipherData>,
     Folders: Vec<UpdateFolderData>,
+    Sends: Vec<SendData>,
+    EmergencyAccessKeys: Vec<UpdateEmergencyAccessData>,
+    ResetPasswordKeys: Vec<UpdateResetPasswordData>,
     Key: String,
     PrivateKey: String,
     MasterPasswordHash: String,
@@ -485,6 +503,50 @@ async fn post_rotatekey(data: JsonUpcase<KeyData>, headers: Headers, mut conn: D
         saved_folder.save(&mut conn).await?
     }
 
+    // Update emergency access data
+    for emergency_access_data in data.EmergencyAccessKeys {
+        let mut saved_emergency_access = match EmergencyAccess::find_by_uuid(&emergency_access_data.Id, &mut conn).await {
+            Some(emergency_access) => emergency_access,
+            None => err!("Emergency access doesn't exist"),
+        };
+
+        if &saved_emergency_access.grantor_uuid != user_uuid {
+            err!("The emergency access is not owned by the user")
+        }
+
+        saved_emergency_access.key_encrypted = Some(emergency_access_data.KeyEncrypted);
+        saved_emergency_access.save(&mut conn).await?
+    }
+
+    // Update reset password data
+    for reset_password_data in data.ResetPasswordKeys {
+        let mut saved_reset_password = match UserOrganization::find_by_user_and_org(user_uuid, &reset_password_data.OrganizationId, &mut conn).await {
+            Some(reset_password) => reset_password,
+            None => err!("Reset password doesn't exist"),
+        };
+
+        if &saved_reset_password.user_uuid != user_uuid {
+            err!("The reset password is not owned by the user")
+        }
+
+        saved_reset_password.reset_password_key = Some(reset_password_data.ResetPasswordKey);
+        saved_reset_password.save(&mut conn).await?
+    }
+
+    // Update send data
+    for send_data in data.Sends {
+        let saved_send = match Send::find_by_uuid(&send_data.Id.unwrap(), &mut conn).await {
+            Some(send) => send,
+            None => err!("Send doesn't exist"),
+        };
+
+        if &saved_send.user_uuid.unwrap() != user_uuid {
+            err!("The send is not owned by the user")
+        }
+
+        // put_send(&send_data.Id.unwrap(), send_data, headers, &mut conn, &nt);
+    }
+
     // Update cipher data
     use super::ciphers::update_cipher_from_data;
 

src/api/core/sends.rs

@@ -49,7 +49,7 @@ pub async fn purge_sends(pool: DbPool) {
 
 #[derive(Deserialize)]
 #[allow(non_snake_case)]
-struct SendData {
+pub struct SendData {
     Type: i32,
     Key: String,
     Password: Option<String>,
@@ -65,6 +65,9 @@ struct SendData {
     Text: Option<Value>,
     File: Option<Value>,
     FileLength: Option<NumberOrString>,
+
+    // Used for key rotations
+    pub Id: Option<String>,
 }
 
 /// Enforces the `Disable Send` policy. A non-owner/admin user belonging to
@@ -532,7 +535,7 @@ async fn download_send(send_id: SafeString, file_id: SafeString, t: &str) -> Opt
 }
 
 #[put("/sends/<id>", data = "<data>")]
-async fn put_send(
+pub async fn put_send(
     id: &str,
     data: JsonUpcase<SendData>,
     headers: Headers,