Merge pull request #3831 from BlackDex/fix-3819

Fix Login With Device without MasterPassword

migrations/mysql/2023-09-01-170620_update_auth_request_table/up.sql

@@ -0,0 +1,5 @@
+ALTER TABLE auth_requests
+MODIFY master_password_hash TEXT;
+
+ALTER TABLE auth_requests
+MODIFY enc_key TEXT;

migrations/postgresql/2023-09-01-170620_update_auth_request_table/up.sql

@@ -0,0 +1,5 @@
+ALTER TABLE auth_requests
+ALTER COLUMN master_password_hash DROP NOT NULL;
+
+ALTER TABLE auth_requests
+ALTER COLUMN enc_key DROP NOT NULL;

migrations/sqlite/2023-09-01-170620_update_auth_request_table/up.sql

@@ -0,0 +1,29 @@
+-- Create new auth_requests table with master_password_hash as nullable column
+CREATE TABLE auth_requests_new (
+    uuid                        TEXT NOT NULL PRIMARY KEY,
+    user_uuid                   TEXT NOT NULL,
+    organization_uuid           TEXT,
+    request_device_identifier   TEXT NOT NULL,
+    device_type                 INTEGER NOT NULL,
+    request_ip                  TEXT NOT NULL,
+    response_device_id          TEXT,
+    access_code                 TEXT NOT NULL,
+    public_key                  TEXT NOT NULL,
+    enc_key                     TEXT,
+    master_password_hash        TEXT,
+    approved                    BOOLEAN,
+    creation_date               DATETIME NOT NULL,
+    response_date               DATETIME,
+    authentication_date         DATETIME,
+    FOREIGN KEY (user_uuid) REFERENCES users (uuid),
+    FOREIGN KEY (organization_uuid) REFERENCES organizations (uuid)
+);
+
+-- Transfer current data to new table
+INSERT INTO	auth_requests_new SELECT * FROM auth_requests;
+
+-- Drop the old table
+DROP TABLE auth_requests;
+
+-- Rename the new table to the original name
+ALTER TABLE auth_requests_new RENAME TO auth_requests;

src/api/core/accounts.rs

@@ -1090,7 +1090,7 @@ async fn get_auth_request(uuid: &str, mut conn: DbConn) -> JsonResult {
 struct AuthResponseRequest {
     deviceIdentifier: String,
     key: String,
-    masterPasswordHash: String,
+    masterPasswordHash: Option<String>,
     requestApproved: bool,
 }
 
@@ -1111,7 +1111,7 @@ async fn put_auth_request(
     };
 
     auth_request.approved = Some(data.requestApproved);
-    auth_request.enc_key = data.key;
+    auth_request.enc_key = Some(data.key);
     auth_request.master_password_hash = data.masterPasswordHash;
     auth_request.response_device_id = Some(data.deviceIdentifier.clone());
     auth_request.save(&mut conn).await?;

src/db/models/auth_request.rs

@@ -20,9 +20,9 @@ db_object! {
         pub access_code: String,
         pub public_key: String,
 
-        pub enc_key: String,
+        pub enc_key: Option<String>,
 
-        pub master_password_hash: String,
+        pub master_password_hash: Option<String>,
         pub approved: Option<bool>,
         pub creation_date: NaiveDateTime,
         pub response_date: Option<NaiveDateTime>,
@@ -53,8 +53,8 @@ impl AuthRequest {
             response_device_id: None,
             access_code,
             public_key,
-            enc_key: String::new(),
-            master_password_hash: String::new(),
+            enc_key: None,
+            master_password_hash: None,
             approved: None,
             creation_date: now,
             response_date: None,

src/db/schemas/mysql/schema.rs

@@ -297,8 +297,8 @@ table! {
         response_device_id -> Nullable<Text>,
         access_code -> Text,
         public_key -> Text,
-        enc_key -> Text,
-        master_password_hash -> Text,
+        enc_key -> Nullable<Text>,
+        master_password_hash -> Nullable<Text>,
         approved -> Nullable<Bool>,
         creation_date -> Timestamp,
         response_date -> Nullable<Timestamp>,
@@ -324,6 +324,7 @@ joinable!(users_collections -> collections (collection_uuid));
 joinable!(users_collections -> users (user_uuid));
 joinable!(users_organizations -> organizations (org_uuid));
 joinable!(users_organizations -> users (user_uuid));
+joinable!(users_organizations -> ciphers (org_uuid));
 joinable!(organization_api_key -> organizations (org_uuid));
 joinable!(emergency_access -> users (grantor_uuid));
 joinable!(groups -> organizations (organizations_uuid));

src/db/schemas/postgresql/schema.rs

@@ -297,8 +297,8 @@ table! {
         response_device_id -> Nullable<Text>,
         access_code -> Text,
         public_key -> Text,
-        enc_key -> Text,
-        master_password_hash -> Text,
+        enc_key -> Nullable<Text>,
+        master_password_hash -> Nullable<Text>,
         approved -> Nullable<Bool>,
         creation_date -> Timestamp,
         response_date -> Nullable<Timestamp>,
@@ -324,6 +324,7 @@ joinable!(users_collections -> collections (collection_uuid));
 joinable!(users_collections -> users (user_uuid));
 joinable!(users_organizations -> organizations (org_uuid));
 joinable!(users_organizations -> users (user_uuid));
+joinable!(users_organizations -> ciphers (org_uuid));
 joinable!(organization_api_key -> organizations (org_uuid));
 joinable!(emergency_access -> users (grantor_uuid));
 joinable!(groups -> organizations (organizations_uuid));

src/db/schemas/sqlite/schema.rs

@@ -297,8 +297,8 @@ table! {
         response_device_id -> Nullable<Text>,
         access_code -> Text,
         public_key -> Text,
-        enc_key -> Text,
-        master_password_hash -> Text,
+        enc_key -> Nullable<Text>,
+        master_password_hash -> Nullable<Text>,
         approved -> Nullable<Bool>,
         creation_date -> Timestamp,
         response_date -> Nullable<Timestamp>,