bitwarden_vault/cipher/cipher_client/admin/
restore.rs1use bitwarden_api_api::{apis::ApiClient, models::CipherBulkRestoreRequestModel};
2use bitwarden_core::{ApiError, OrganizationId, key_management::KeySlotIds};
3use bitwarden_crypto::{CryptoError, KeyStore};
4use bitwarden_error::bitwarden_error;
5use thiserror::Error;
6#[cfg(feature = "wasm")]
7use wasm_bindgen::prelude::wasm_bindgen;
8
9use crate::{
10 Cipher, CipherId, CipherView, DecryptCipherListResult, VaultParseError,
11 cipher::cipher::{PartialCipher, StrictDecrypt},
12 cipher_client::admin::CipherAdminClient,
13};
14
15#[allow(missing_docs)]
16#[bitwarden_error(flat)]
17#[derive(Debug, Error)]
18pub enum RestoreCipherAdminError {
19 #[error(transparent)]
20 Api(#[from] ApiError),
21 #[error(transparent)]
22 VaultParse(#[from] VaultParseError),
23 #[error(transparent)]
24 Crypto(#[from] CryptoError),
25}
26
27impl<T> From<bitwarden_api_api::apis::Error<T>> for RestoreCipherAdminError {
28 fn from(val: bitwarden_api_api::apis::Error<T>) -> Self {
29 Self::Api(val.into())
30 }
31}
32
33pub async fn restore_as_admin(
35 cipher_id: CipherId,
36 api_client: &ApiClient,
37 key_store: &KeyStore<KeySlotIds>,
38 use_strict_decryption: bool,
39) -> Result<CipherView, RestoreCipherAdminError> {
40 let api = api_client.ciphers_api();
41
42 let cipher: Cipher = api
43 .put_restore_admin(cipher_id.into())
44 .await?
45 .merge_with_cipher(None)?;
46
47 if use_strict_decryption {
48 Ok(key_store.decrypt(&StrictDecrypt(cipher))?)
49 } else {
50 Ok(key_store.decrypt(&cipher)?)
51 }
52}
53
54pub async fn restore_many_as_admin(
56 cipher_ids: Vec<CipherId>,
57 org_id: OrganizationId,
58 api_client: &ApiClient,
59 key_store: &KeyStore<KeySlotIds>,
60) -> Result<DecryptCipherListResult, RestoreCipherAdminError> {
61 let api = api_client.ciphers_api();
62
63 let ciphers: Vec<Cipher> = api
64 .put_restore_many_admin(Some(CipherBulkRestoreRequestModel {
65 ids: cipher_ids.into_iter().map(|id| id.to_string()).collect(),
66 organization_id: Some(org_id.into()),
67 }))
68 .await?
69 .data
70 .into_iter()
71 .flatten()
72 .map(|c| c.merge_with_cipher(None))
73 .collect::<Result<Vec<_>, _>>()?;
74
75 let (successes, failures) = key_store.decrypt_list_with_failures(&ciphers);
76 Ok(DecryptCipherListResult {
77 successes,
78 failures: failures.into_iter().cloned().collect(),
79 })
80}
81
82#[cfg_attr(feature = "wasm", wasm_bindgen)]
83impl CipherAdminClient {
84 pub async fn restore(
86 &self,
87 cipher_id: CipherId,
88 ) -> Result<CipherView, RestoreCipherAdminError> {
89 let api_client = &self.api_configurations.api_client;
90 let key_store = &self.key_store;
91
92 restore_as_admin(
93 cipher_id,
94 api_client,
95 key_store,
96 self.is_strict_decrypt().await,
97 )
98 .await
99 }
100 pub async fn restore_many(
102 &self,
103 cipher_ids: Vec<CipherId>,
104 org_id: OrganizationId,
105 ) -> Result<DecryptCipherListResult, RestoreCipherAdminError> {
106 let api_client = &self.api_configurations.api_client;
107 let key_store = &self.key_store;
108
109 restore_many_as_admin(cipher_ids, org_id, api_client, key_store).await
110 }
111}
112
113#[cfg(test)]
114mod tests {
115 use bitwarden_api_api::{
116 apis::ApiClient,
117 models::{CipherMiniResponseModel, CipherMiniResponseModelListResponseModel},
118 };
119 use bitwarden_core::key_management::{KeySlotIds, SymmetricKeySlotId};
120 use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
121 use chrono::Utc;
122
123 use super::*;
124 use crate::{Cipher, CipherId, Login};
125
126 const TEST_CIPHER_ID: &str = "5faa9684-c793-4a2d-8a12-b33900187097";
127 const TEST_CIPHER_ID_2: &str = "6faa9684-c793-4a2d-8a12-b33900187098";
128 const TEST_ORG_ID: &str = "1bc9ac1e-f5aa-45f2-94bf-b181009709b8";
129
130 fn generate_test_cipher() -> Cipher {
131 Cipher {
132 id: TEST_CIPHER_ID.parse().ok(),
133 name: "2.pMS6/icTQABtulw52pq2lg==|XXbxKxDTh+mWiN1HjH2N1w==|Q6PkuT+KX/axrgN9ubD5Ajk2YNwxQkgs3WJM0S0wtG8=".parse().unwrap(),
134 r#type: crate::CipherType::Login,
135 notes: Default::default(),
136 organization_id: Default::default(),
137 folder_id: Default::default(),
138 favorite: Default::default(),
139 reprompt: Default::default(),
140 fields: Default::default(),
141 collection_ids: Default::default(),
142 key: Default::default(),
143 login: Some(Login{
144 username: None,
145 password: None,
146 password_revision_date: None,
147 uris: None, totp: None,
148 autofill_on_page_load: None,
149 fido2_credentials: None,
150 }),
151 identity: Default::default(),
152 card: Default::default(),
153 secure_note: Default::default(),
154 ssh_key: Default::default(),
155 bank_account: Default::default(),
156 drivers_license: Default::default(),
157 passport: Default::default(),
158 organization_use_totp: Default::default(),
159 edit: Default::default(),
160 permissions: Default::default(),
161 view_password: Default::default(),
162 local_data: Default::default(),
163 attachments: Default::default(),
164 password_history: Default::default(),
165 creation_date: Default::default(),
166 deleted_date: Default::default(),
167 revision_date: Default::default(),
168 archived_date: Default::default(),
169 data: Default::default(),
170 }
171 }
172
173 #[tokio::test]
174 async fn test_restore_as_admin() {
175 let mut cipher = generate_test_cipher();
176 cipher.deleted_date = Some(Utc::now());
177
178 let api_client = {
179 let cipher = cipher.clone();
180 ApiClient::new_mocked(move |mock| {
181 mock.ciphers_api
182 .expect_put_restore_admin()
183 .returning(move |_model| {
184 Ok(CipherMiniResponseModel {
185 id: Some(TEST_CIPHER_ID.try_into().unwrap()),
186 name: Some(cipher.name.to_string()),
187 r#type: Some(cipher.r#type.into()),
188 creation_date: Some(cipher.creation_date.to_string()),
189 revision_date: Some(Utc::now().to_rfc3339()),
190 login: cipher.login.clone().map(|l| Box::new(l.into())),
191 ..Default::default()
192 })
193 });
194 })
195 };
196
197 let store: KeyStore<KeySlotIds> = KeyStore::default();
198 #[allow(deprecated)]
199 let _ = store.context_mut().set_symmetric_key(
200 SymmetricKeySlotId::User,
201 SymmetricCryptoKey::make_aes256_cbc_hmac_key(),
202 );
203 let start_time = Utc::now();
204 let updated_cipher =
205 restore_as_admin(TEST_CIPHER_ID.parse().unwrap(), &api_client, &store, false)
206 .await
207 .unwrap();
208 let end_time = Utc::now();
209
210 assert!(updated_cipher.deleted_date.is_none());
211 assert!(
212 updated_cipher.revision_date >= start_time && updated_cipher.revision_date <= end_time
213 );
214 }
215
216 #[tokio::test]
217 async fn test_restore_many_as_admin() {
218 let cipher_id_2: CipherId = TEST_CIPHER_ID_2.parse().unwrap();
219 let mut cipher_1 = generate_test_cipher();
220 cipher_1.deleted_date = Some(Utc::now());
221 let mut cipher_2 = generate_test_cipher();
222 cipher_2.deleted_date = Some(Utc::now());
223 cipher_2.id = Some(cipher_id_2);
224
225 let api_client = ApiClient::new_mocked(move |mock| {
226 mock.ciphers_api
227 .expect_put_restore_many_admin()
228 .returning(move |_model| {
229 Ok(CipherMiniResponseModelListResponseModel {
230 object: None,
231 data: Some(vec![
232 CipherMiniResponseModel {
233 id: cipher_1.id.map(|id| id.into()),
234 name: Some(cipher_1.name.to_string()),
235 r#type: Some(cipher_1.r#type.into()),
236 login: cipher_1.login.clone().map(|l| Box::new(l.into())),
237 creation_date: cipher_1.creation_date.to_string().into(),
238 deleted_date: None,
239 revision_date: Some(Utc::now().to_rfc3339()),
240 ..Default::default()
241 },
242 CipherMiniResponseModel {
243 id: cipher_2.id.map(|id| id.into()),
244 name: Some(cipher_2.name.to_string()),
245 r#type: Some(cipher_2.r#type.into()),
246 login: cipher_2.login.clone().map(|l| Box::new(l.into())),
247 creation_date: cipher_2.creation_date.to_string().into(),
248 deleted_date: None,
249 revision_date: Some(Utc::now().to_rfc3339()),
250 ..Default::default()
251 },
252 ]),
253 continuation_token: None,
254 })
255 });
256 });
257 let store: KeyStore<KeySlotIds> = KeyStore::default();
258 #[allow(deprecated)]
259 let _ = store.context_mut().set_symmetric_key(
260 SymmetricKeySlotId::User,
261 SymmetricCryptoKey::make_aes256_cbc_hmac_key(),
262 );
263
264 let start_time = Utc::now();
265 let ciphers = restore_many_as_admin(
266 vec![
267 TEST_CIPHER_ID.parse().unwrap(),
268 TEST_CIPHER_ID_2.parse().unwrap(),
269 ],
270 TEST_ORG_ID.parse().unwrap(),
271 &api_client,
272 &store,
273 )
274 .await
275 .unwrap();
276 let end_time = Utc::now();
277
278 assert_eq!(ciphers.successes.len(), 2,);
279 assert_eq!(ciphers.failures.len(), 0,);
280 assert_eq!(
281 ciphers.successes[0].id,
282 Some(TEST_CIPHER_ID.parse().unwrap()),
283 );
284 assert_eq!(
285 ciphers.successes[1].id,
286 Some(TEST_CIPHER_ID_2.parse().unwrap()),
287 );
288 assert_eq!(ciphers.successes[0].deleted_date, None,);
289 assert_eq!(ciphers.successes[1].deleted_date, None,);
290
291 assert!(
292 ciphers.successes[0].revision_date >= start_time
293 && ciphers.successes[0].revision_date <= end_time
294 );
295 assert!(
296 ciphers.successes[1].revision_date >= start_time
297 && ciphers.successes[1].revision_date <= end_time
298 );
299 }
300}