bitwarden_vault/cipher/cipher_client/admin/
restore.rs

1use bitwarden_api_api::{apis::ApiClient, models::CipherBulkRestoreRequestModel};
2use bitwarden_core::{ApiError, OrganizationId, key_management::KeyIds};
3use bitwarden_crypto::{CryptoError, KeyStore};
4use bitwarden_error::bitwarden_error;
5use thiserror::Error;
6#[cfg(feature = "wasm")]
7use wasm_bindgen::prelude::wasm_bindgen;
8
9use crate::{
10    Cipher, CipherId, CipherView, DecryptCipherListResult, VaultParseError,
11    cipher::cipher::PartialCipher, cipher_client::admin::CipherAdminClient,
12};
13
14#[allow(missing_docs)]
15#[bitwarden_error(flat)]
16#[derive(Debug, Error)]
17pub enum RestoreCipherAdminError {
18    #[error(transparent)]
19    Api(#[from] ApiError),
20    #[error(transparent)]
21    VaultParse(#[from] VaultParseError),
22    #[error(transparent)]
23    Crypto(#[from] CryptoError),
24}
25
26impl<T> From<bitwarden_api_api::apis::Error<T>> for RestoreCipherAdminError {
27    fn from(val: bitwarden_api_api::apis::Error<T>) -> Self {
28        Self::Api(val.into())
29    }
30}
31
32/// Restores a soft-deleted cipher on the server, using the admin endpoint.
33pub async fn restore_as_admin(
34    cipher_id: CipherId,
35    api_client: &ApiClient,
36    key_store: &KeyStore<KeyIds>,
37) -> Result<CipherView, RestoreCipherAdminError> {
38    let api = api_client.ciphers_api();
39
40    let cipher: Cipher = api
41        .put_restore_admin(cipher_id.into())
42        .await?
43        .merge_with_cipher(None)?;
44
45    Ok(key_store.decrypt(&cipher)?)
46}
47
48/// Restores multiple soft-deleted ciphers on the server.
49pub async fn restore_many_as_admin(
50    cipher_ids: Vec<CipherId>,
51    org_id: OrganizationId,
52    api_client: &ApiClient,
53    key_store: &KeyStore<KeyIds>,
54) -> Result<DecryptCipherListResult, RestoreCipherAdminError> {
55    let api = api_client.ciphers_api();
56
57    let ciphers: Vec<Cipher> = api
58        .put_restore_many_admin(Some(CipherBulkRestoreRequestModel {
59            ids: cipher_ids.into_iter().map(|id| id.to_string()).collect(),
60            organization_id: Some(org_id.into()),
61        }))
62        .await?
63        .data
64        .into_iter()
65        .flatten()
66        .map(|c| c.merge_with_cipher(None))
67        .collect::<Result<Vec<_>, _>>()?;
68
69    let (successes, failures) = key_store.decrypt_list_with_failures(&ciphers);
70    Ok(DecryptCipherListResult {
71        successes,
72        failures: failures.into_iter().cloned().collect(),
73    })
74}
75
76#[cfg_attr(feature = "wasm", wasm_bindgen)]
77impl CipherAdminClient {
78    /// Restores a soft-deleted cipher on the server, using the admin endpoint.
79    pub async fn restore(
80        &self,
81        cipher_id: CipherId,
82    ) -> Result<CipherView, RestoreCipherAdminError> {
83        let api_client = &self.client.internal.get_api_configurations().api_client;
84        let key_store = self.client.internal.get_key_store();
85
86        restore_as_admin(cipher_id, api_client, key_store).await
87    }
88    /// Restores multiple soft-deleted ciphers on the server.
89    pub async fn restore_many(
90        &self,
91        cipher_ids: Vec<CipherId>,
92        org_id: OrganizationId,
93    ) -> Result<DecryptCipherListResult, RestoreCipherAdminError> {
94        let api_client = &self.client.internal.get_api_configurations().api_client;
95        let key_store = self.client.internal.get_key_store();
96
97        restore_many_as_admin(cipher_ids, org_id, api_client, key_store).await
98    }
99}
100
101#[cfg(test)]
102mod tests {
103    use bitwarden_api_api::{
104        apis::ApiClient,
105        models::{CipherMiniResponseModel, CipherMiniResponseModelListResponseModel},
106    };
107    use bitwarden_core::key_management::{KeyIds, SymmetricKeyId};
108    use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
109    use chrono::Utc;
110
111    use super::*;
112    use crate::{Cipher, CipherId, Login};
113
114    const TEST_CIPHER_ID: &str = "5faa9684-c793-4a2d-8a12-b33900187097";
115    const TEST_CIPHER_ID_2: &str = "6faa9684-c793-4a2d-8a12-b33900187098";
116    const TEST_ORG_ID: &str = "1bc9ac1e-f5aa-45f2-94bf-b181009709b8";
117
118    fn generate_test_cipher() -> Cipher {
119        Cipher {
120            id: TEST_CIPHER_ID.parse().ok(),
121            name: "2.pMS6/icTQABtulw52pq2lg==|XXbxKxDTh+mWiN1HjH2N1w==|Q6PkuT+KX/axrgN9ubD5Ajk2YNwxQkgs3WJM0S0wtG8=".parse().unwrap(),
122            r#type: crate::CipherType::Login,
123            notes: Default::default(),
124            organization_id: Default::default(),
125            folder_id: Default::default(),
126            favorite: Default::default(),
127            reprompt: Default::default(),
128            fields: Default::default(),
129            collection_ids: Default::default(),
130            key: Default::default(),
131            login: Some(Login{
132                username: None,
133                password: None,
134                password_revision_date: None,
135                uris: None, totp: None,
136                autofill_on_page_load: None,
137                fido2_credentials: None,
138            }),
139            identity: Default::default(),
140            card: Default::default(),
141            secure_note: Default::default(),
142            ssh_key: Default::default(),
143            organization_use_totp: Default::default(),
144            edit: Default::default(),
145            permissions: Default::default(),
146            view_password: Default::default(),
147            local_data: Default::default(),
148            attachments: Default::default(),
149            password_history: Default::default(),
150            creation_date: Default::default(),
151            deleted_date: Default::default(),
152            revision_date: Default::default(),
153            archived_date: Default::default(),
154            data: Default::default(),
155        }
156    }
157
158    #[tokio::test]
159    async fn test_restore_as_admin() {
160        let mut cipher = generate_test_cipher();
161        cipher.deleted_date = Some(Utc::now());
162
163        let api_client = {
164            let cipher = cipher.clone();
165            ApiClient::new_mocked(move |mock| {
166                mock.ciphers_api
167                    .expect_put_restore_admin()
168                    .returning(move |_model| {
169                        Ok(CipherMiniResponseModel {
170                            id: Some(TEST_CIPHER_ID.try_into().unwrap()),
171                            name: Some(cipher.name.to_string()),
172                            r#type: Some(cipher.r#type.into()),
173                            creation_date: Some(cipher.creation_date.to_string()),
174                            revision_date: Some(Utc::now().to_rfc3339()),
175                            login: cipher.login.clone().map(|l| Box::new(l.into())),
176                            ..Default::default()
177                        })
178                    });
179            })
180        };
181
182        let store: KeyStore<KeyIds> = KeyStore::default();
183        #[allow(deprecated)]
184        let _ = store.context_mut().set_symmetric_key(
185            SymmetricKeyId::User,
186            SymmetricCryptoKey::make_aes256_cbc_hmac_key(),
187        );
188        let start_time = Utc::now();
189        let updated_cipher = restore_as_admin(TEST_CIPHER_ID.parse().unwrap(), &api_client, &store)
190            .await
191            .unwrap();
192        let end_time = Utc::now();
193
194        assert!(updated_cipher.deleted_date.is_none());
195        assert!(
196            updated_cipher.revision_date >= start_time && updated_cipher.revision_date <= end_time
197        );
198    }
199
200    #[tokio::test]
201    async fn test_restore_many_as_admin() {
202        let cipher_id_2: CipherId = TEST_CIPHER_ID_2.parse().unwrap();
203        let mut cipher_1 = generate_test_cipher();
204        cipher_1.deleted_date = Some(Utc::now());
205        let mut cipher_2 = generate_test_cipher();
206        cipher_2.deleted_date = Some(Utc::now());
207        cipher_2.id = Some(cipher_id_2);
208
209        let api_client = ApiClient::new_mocked(move |mock| {
210            mock.ciphers_api
211                .expect_put_restore_many_admin()
212                .returning(move |_model| {
213                    Ok(CipherMiniResponseModelListResponseModel {
214                        object: None,
215                        data: Some(vec![
216                            CipherMiniResponseModel {
217                                id: cipher_1.id.map(|id| id.into()),
218                                name: Some(cipher_1.name.to_string()),
219                                r#type: Some(cipher_1.r#type.into()),
220                                login: cipher_1.login.clone().map(|l| Box::new(l.into())),
221                                creation_date: cipher_1.creation_date.to_string().into(),
222                                deleted_date: None,
223                                revision_date: Some(Utc::now().to_rfc3339()),
224                                ..Default::default()
225                            },
226                            CipherMiniResponseModel {
227                                id: cipher_2.id.map(|id| id.into()),
228                                name: Some(cipher_2.name.to_string()),
229                                r#type: Some(cipher_2.r#type.into()),
230                                login: cipher_2.login.clone().map(|l| Box::new(l.into())),
231                                creation_date: cipher_2.creation_date.to_string().into(),
232                                deleted_date: None,
233                                revision_date: Some(Utc::now().to_rfc3339()),
234                                ..Default::default()
235                            },
236                        ]),
237                        continuation_token: None,
238                    })
239                });
240        });
241        let store: KeyStore<KeyIds> = KeyStore::default();
242        #[allow(deprecated)]
243        let _ = store.context_mut().set_symmetric_key(
244            SymmetricKeyId::User,
245            SymmetricCryptoKey::make_aes256_cbc_hmac_key(),
246        );
247
248        let start_time = Utc::now();
249        let ciphers = restore_many_as_admin(
250            vec![
251                TEST_CIPHER_ID.parse().unwrap(),
252                TEST_CIPHER_ID_2.parse().unwrap(),
253            ],
254            TEST_ORG_ID.parse().unwrap(),
255            &api_client,
256            &store,
257        )
258        .await
259        .unwrap();
260        let end_time = Utc::now();
261
262        assert_eq!(ciphers.successes.len(), 2,);
263        assert_eq!(ciphers.failures.len(), 0,);
264        assert_eq!(
265            ciphers.successes[0].id,
266            Some(TEST_CIPHER_ID.parse().unwrap()),
267        );
268        assert_eq!(
269            ciphers.successes[1].id,
270            Some(TEST_CIPHER_ID_2.parse().unwrap()),
271        );
272        assert_eq!(ciphers.successes[0].deleted_date, None,);
273        assert_eq!(ciphers.successes[1].deleted_date, None,);
274
275        assert!(
276            ciphers.successes[0].revision_date >= start_time
277                && ciphers.successes[0].revision_date <= end_time
278        );
279        assert!(
280            ciphers.successes[1].revision_date >= start_time
281                && ciphers.successes[1].revision_date <= end_time
282        );
283    }
284}
bitwarden_vault/cipher/cipher_client/admin/restore.rs

bitwarden_vault/cipher/cipher_client/admin/
restore.rs
