From 2f6aa3c36381f802bddf97fbb988020a302e7a2b Mon Sep 17 00:00:00 2001
From: Kumar Ankur <kankur@mobileiron.com>
Date: Wed, 1 Aug 2018 11:21:05 +0530
Subject: [PATCH] Reverting removal of 'api/ciphers/move' POST as it is
 required for backward compatibility

---
 src/api/core/ciphers.rs | 54 ++++++++++++++++++++++++++++++++++++++++-
 src/api/core/mod.rs     |  1 +
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index fe351d7..d1450df 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -483,7 +483,7 @@ fn delete_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbCon
     Ok(())
 }
 
-#[put("/ciphers/move", data = "<data>")]
+#[post("/ciphers/move", data = "<data>")]
 fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
     let data = data.into_inner().data;
 
@@ -535,6 +535,58 @@ fn move_cipher_selected(data: JsonUpcase<Value>, headers: Headers, conn: DbConn)
     Ok(())
 }
 
+#[put("/ciphers/move", data = "<data>")]
+fn move_cipher_selected_put(data: JsonUpcase<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
+    let data = data.into_inner().data;
+
+    let folder_id = match data.get("FolderId") {
+        Some(folder_id) => {
+            match folder_id.as_str() {
+                Some(folder_id) => {
+                    match Folder::find_by_uuid(folder_id, &conn) {
+                        Some(folder) => {
+                            if folder.user_uuid != headers.user.uuid {
+                                err!("Folder is not owned by user")
+                            }
+                            Some(folder.uuid)
+                        }
+                        None => err!("Folder doesn't exist")
+                    }
+                }
+                None => err!("Folder id provided in wrong format")
+            }
+        }
+        None => None
+    };
+
+    let uuids = match data.get("Ids") {
+        Some(ids) => match ids.as_array() {
+            Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }),
+            None => err!("Posted ids field is not an array")
+        },
+        None => err!("Request missing ids field")
+    };
+
+    for uuid in uuids {
+        let mut cipher = match Cipher::find_by_uuid(uuid, &conn) {
+            Some(cipher) => cipher,
+            None => err!("Cipher doesn't exist")
+        };
+
+        if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) {
+            err!("Cipher is not accessible by user")
+        }
+
+        // Move cipher
+        if cipher.move_to_folder(folder_id.clone(), &headers.user.uuid, &conn).is_err() {
+            err!("Error saving the folder information")
+        }
+        cipher.save(&conn);
+    }
+
+    Ok(())
+}
+
 #[post("/ciphers/purge", data = "<data>")]
 fn delete_all(data: JsonUpcase<PasswordData>, headers: Headers, conn: DbConn) -> EmptyResult {
     let data: PasswordData = data.into_inner().data;
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index 89df7a1..d7387d4 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -46,6 +46,7 @@ pub fn routes() -> Vec<Route> {
         delete_cipher_selected,
         delete_all,
         move_cipher_selected,
+        move_cipher_selected_put,
 
         get_folders,
         get_folder,