Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-23 11:56:00 +01:00
Code Issues Projects Releases Wiki Activity

Remove Business Portal, add SSO configuration models (#506)

Browse Source
This commit is contained in:
Oscar Hinton 2021-10-06 19:36:20 +02:00 committed by GitHub
parent 91c5393ae7
commit bfa9a1e1bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 175 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
angular/src/components/environment.component.ts
View File

@ -6,7 +6,6 @@ import {
import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { NotificationsService } from 'jslib-common/abstractions/notifications.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
@Directive()
@ -20,7 +19,6 @@ export class EnvironmentComponent {
notificationsUrl: string;
baseUrl: string;
showCustom = false;
enterpriseUrl: string;
constructor(protected platformUtilsService: PlatformUtilsService, protected environmentService: EnvironmentService,
protected i18nService: I18nService) {
@ -33,7 +31,6 @@ export class EnvironmentComponent {
this.identityUrl = urls.identity || '';
this.iconsUrl = urls.icons || '';
this.notificationsUrl = urls.notifications || '';
this.enterpriseUrl = urls.enterprise || '';
}
async submit() {
@ -44,7 +41,6 @@ export class EnvironmentComponent {
webVault: this.webVaultUrl,
icons: this.iconsUrl,
notifications: this.notificationsUrl,
enterprise: this.enterpriseUrl,
});
// re-set urls since service can change them, ex: prefixing https://
@ -54,7 +50,6 @@ export class EnvironmentComponent {
this.webVaultUrl = resUrls.webVault;
this.iconsUrl = resUrls.icons;
this.notificationsUrl = resUrls.notifications;
this.enterpriseUrl = resUrls.enterprise;
this.platformUtilsService.showToast('success', null, this.i18nService.t('environmentSaved'));
this.saved();

6
common/src/abstractions/api.service.ts
View File

@ -1,6 +1,5 @@
import { PolicyType } from '../enums/policyType';
import { EnvironmentUrls } from '../models/domain/environmentUrls';
import { AttachmentRequest } from '../models/request/attachmentRequest';
import { BitPayInvoiceRequest } from '../models/request/bitPayInvoiceRequest';
@ -30,6 +29,7 @@ import { ImportDirectoryRequest } from '../models/request/importDirectoryRequest
import { ImportOrganizationCiphersRequest } from '../models/request/importOrganizationCiphersRequest';
import { KdfRequest } from '../models/request/kdfRequest';
import { KeysRequest } from '../models/request/keysRequest';
import { OrganizationSsoRequest } from '../models/request/organization/organizationSsoRequest';
import { OrganizationCreateRequest } from '../models/request/organizationCreateRequest';
import { OrganizationImportRequest } from '../models/request/organizationImportRequest';
import { OrganizationKeysRequest } from '../models/request/organizationKeysRequest';
@ -115,6 +115,7 @@ import { IdentityCaptchaResponse } from '../models/response/identityCaptchaRespo
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
import { ListResponse } from '../models/response/listResponse';
import { OrganizationSsoResponse } from '../models/response/organization/organizationSsoResponse';
import { OrganizationAutoEnrollStatusResponse } from '../models/response/organizationAutoEnrollStatusResponse';
import { OrganizationKeysResponse } from '../models/response/organizationKeysResponse';
import { OrganizationResponse } from '../models/response/organizationResponse';
@ -191,7 +192,6 @@ export abstract class ApiService {
postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
postAccountKdf: (request: KdfRequest) => Promise<any>;
getEnterprisePortalSignInToken: () => Promise<string>;
postUserApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
postUserRotateApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
putUpdateTempPassword: (request: UpdateTempPasswordRequest) => Promise<any>;
@ -373,6 +373,7 @@ export abstract class ApiService {
getOrganizationLicense: (id: string, installationId: string) => Promise<any>;
getOrganizationTaxInfo: (id: string) => Promise<TaxInfoResponse>;
getOrganizationAutoEnrollStatus: (identifier: string) => Promise<OrganizationAutoEnrollStatusResponse>;
getOrganizationSso: (id: string) => Promise<OrganizationSsoResponse>;
postOrganization: (request: OrganizationCreateRequest) => Promise<OrganizationResponse>;
putOrganization: (id: string, request: OrganizationUpdateRequest) => Promise<OrganizationResponse>;
putOrganizationTaxInfo: (id: string, request: OrganizationTaxInfoUpdateRequest) => Promise<any>;
@ -381,6 +382,7 @@ export abstract class ApiService {
postOrganizationLicenseUpdate: (id: string, data: FormData) => Promise<any>;
postOrganizationApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
postOrganizationRotateApiKey: (id: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
postOrganizationSso: (id: string, request: OrganizationSsoRequest) => Promise<OrganizationSsoResponse>;
postOrganizationUpgrade: (id: string, request: OrganizationUpgradeRequest) => Promise<PaymentResponse>;
postOrganizationUpdateSubscription: (id: string, request: OrganizationSubscriptionUpdateRequest) => Promise<void>;
postOrganizationSeat: (id: string, request: SeatRequest) => Promise<PaymentResponse>;

2
common/src/abstractions/environment.service.ts
View File

@ -8,7 +8,6 @@ export type Urls = {
icons?: string;
notifications?: string;
events?: string;
enterprise?: string;
};
export type PayPalConfig = {
@ -21,7 +20,6 @@ export abstract class EnvironmentService {
hasBaseUrl: () => boolean;
getNotificationsUrl: () => string;
getEnterpriseUrl: () => string;
getWebVaultUrl: () => string;
getSendUrl: () => string;
getIconsUrl: () => string;

34
common/src/enums/permissions.ts
View File

@ -1,27 +1,27 @@
export enum Permissions {
AccessBusinessPortal = 0,
AccessEventLogs = 1,
AccessImportExport = 2,
AccessReports = 3,
AccessEventLogs,
AccessImportExport,
AccessReports,
/**
* @deprecated Sep 29 2021: This permission has been split out to `createNewCollections`, `editAnyCollection`, and
* `deleteAnyCollection`. It exists here for backwards compatibility with Server versions <= 1.43.0
*/
ManageAllCollections = 4,
ManageAllCollections,
/**
* @deprecated Sep 29 2021: This permission has been split out to `editAssignedCollections` and
* `deleteAssignedCollections`. It exists here for backwards compatibility with Server versions <= 1.43.0
*/
ManageAssignedCollections = 5,
ManageGroups = 6,
ManageOrganization = 7,
ManagePolicies = 8,
ManageProvider = 9,
ManageUsers = 10,
ManageUsersPassword = 11,
CreateNewCollections = 12,
EditAnyCollection = 13,
DeleteAnyCollection = 14,
EditAssignedCollections = 15,
DeleteAssignedCollections = 16,
ManageAssignedCollections,
ManageGroups,
ManageOrganization ,
ManagePolicies,
ManageProvider,
ManageUsers,
ManageUsersPassword,
CreateNewCollections,
EditAnyCollection,
DeleteAnyCollection,
EditAssignedCollections,
DeleteAssignedCollections,
ManageSso,
}

2
common/src/models/api/permissionsApi.ts
View File

@ -1,7 +1,6 @@
import { BaseResponse } from '../response/baseResponse';
export class PermissionsApi extends BaseResponse {
accessBusinessPortal: boolean;
accessEventLogs: boolean;
accessImportExport: boolean;
accessReports: boolean;
@ -32,7 +31,6 @@ export class PermissionsApi extends BaseResponse {
if (data == null) {
return this;
}
this.accessBusinessPortal = this.getResponseProperty('AccessBusinessPortal');
this.accessEventLogs = this.getResponseProperty('AccessEventLogs');
this.accessImportExport = this.getResponseProperty('AccessImportExport');
this.accessReports = this.getResponseProperty('AccessReports');

112
common/src/models/api/ssoConfigApi.ts Normal file
View File

@ -0,0 +1,112 @@
import { BaseResponse } from '../response/baseResponse';
enum SsoType {
OpenIdConnect = 1,
Saml2 = 2,
}
enum OpenIdConnectRedirectBehavior {
RedirectGet = 0,
FormPost = 1,
}
enum Saml2BindingType {
HttpRedirect = 1,
HttpPost = 2,
Artifact = 4,
}
enum Saml2NameIdFormat {
NotConfigured = 0,
Unspecified = 1,
EmailAddress = 2,
X509SubjectName = 3,
WindowsDomainQualifiedName = 4,
KerberosPrincipalName = 5,
EntityIdentifier = 6,
Persistent = 7,
Transient = 8,
}
enum Saml2SigningBehavior {
IfIdpWantAuthnRequestsSigned = 0,
Always = 1,
Never = 3,
}
export class SsoConfigApi extends BaseResponse {
configType: SsoType;
// OpenId
authority: string;
clientId: string;
clientSecret: string;
metadataAddress: string;
redirectBehavior: OpenIdConnectRedirectBehavior;
getClaimsFromUserInfoEndpoint: boolean;
additionalScopes: string;
additionalUserIdClaimTypes: string;
additionalEmailClaimTypes: string;
additionalNameClaimTypes: string;
acrValues: string;
expectedReturnAcrValue: string;
// SAML
spNameIdFormat: Saml2NameIdFormat;
spOutboundSigningAlgorithm: string;
spSigningBehavior: Saml2SigningBehavior;
spMinIncomingSigningAlgorithm: boolean;
spWantAssertionsSigned: boolean;
spValidateCertificates: boolean;
idpEntityId: string;
idpBindingType: Saml2BindingType;
idpSingleSignOnServiceUrl: string;
idpSingleLogoutServiceUrl: string;
idpArtifactResolutionServiceUrl: string;
idpX509PublicCert: string;
idpOutboundSigningAlgorithm: string;
idpAllowUnsolicitedAuthnResponse: boolean;
idpDisableOutboundLogoutRequests: boolean;
idpWantAuthnRequestsSigned: boolean;
constructor(data: any = null) {
super(data);
if (data == null) {
return;
}
this.configType = this.getResponseProperty('ConfigType');
this.authority = this.getResponseProperty('Authority');
this.clientId = this.getResponseProperty('ClientId');
this.clientSecret = this.getResponseProperty('ClientSecret');
this.metadataAddress = this.getResponseProperty('MetadataAddress');
this.redirectBehavior = this.getResponseProperty('RedirectBehavior');
this.getClaimsFromUserInfoEndpoint = this.getResponseProperty('GetClaimsFromUserInfoEndpoint');
this.additionalScopes = this.getResponseProperty('AdditionalScopes');
this.additionalUserIdClaimTypes = this.getResponseProperty('AdditionalUserIdClaimTypes');
this.additionalEmailClaimTypes = this.getResponseProperty('AdditionalEmailClaimTypes');
this.additionalNameClaimTypes = this.getResponseProperty('AdditionalNameClaimTypes');
this.acrValues = this.getResponseProperty('AcrValues');
this.expectedReturnAcrValue = this.getResponseProperty('ExpectedReturnAcrValue');
this.spNameIdFormat = this.getResponseProperty('SpNameIdFormat');
this.spOutboundSigningAlgorithm = this.getResponseProperty('SpOutboundSigningAlgorithm');
this.spSigningBehavior = this.getResponseProperty('SpSigningBehavior');
this.spMinIncomingSigningAlgorithm = this.getResponseProperty('SpMinIncomingSigningAlgorithm');
this.spWantAssertionsSigned = this.getResponseProperty('SpWantAssertionsSigned');
this.spValidateCertificates = this.getResponseProperty('SpValidateCertificates');
this.idpEntityId = this.getResponseProperty('IdpEntityId');
this.idpBindingType = this.getResponseProperty('IdpBindingType');
this.idpSingleSignOnServiceUrl = this.getResponseProperty('IdpSingleSignOnServiceUrl');
this.idpSingleLogoutServiceUrl = this.getResponseProperty('IdpSingleLogoutServiceUrl');
this.idpArtifactResolutionServiceUrl = this.getResponseProperty('IdpArtifactResolutionServiceUrl');
this.idpX509PublicCert = this.getResponseProperty('IdpX509PublicCert');
this.idpOutboundSigningAlgorithm = this.getResponseProperty('IdpOutboundSigningAlgorithm');
this.idpAllowUnsolicitedAuthnResponse = this.getResponseProperty('IdpAllowUnsolicitedAuthnResponse');
this.idpDisableOutboundLogoutRequests = this.getResponseProperty('IdpDisableOutboundLogoutRequests');
this.idpWantAuthnRequestsSigned = this.getResponseProperty('IdpWantAuthnRequestsSigned');
}
}

2
common/src/models/data/organizationData.ts
View File

@ -17,7 +17,6 @@ export class OrganizationData {
useTotp: boolean;
use2fa: boolean;
useApi: boolean;
useBusinessPortal: boolean;
useSso: boolean;
useResetPassword: boolean;
selfHost: boolean;
@ -48,7 +47,6 @@ export class OrganizationData {
this.useTotp = response.useTotp;
this.use2fa = response.use2fa;
this.useApi = response.useApi;
this.useBusinessPortal = response.useBusinessPortal;
this.useSso = response.useSso;
this.useResetPassword = response.useResetPassword;
this.selfHost = response.selfHost;

6
common/src/models/domain/organization.ts
View File

@ -18,7 +18,6 @@ export class Organization {
useTotp: boolean;
use2fa: boolean;
useApi: boolean;
useBusinessPortal: boolean;
useSso: boolean;
useResetPassword: boolean;
selfHost: boolean;
@ -53,7 +52,6 @@ export class Organization {
this.useTotp = obj.useTotp;
this.use2fa = obj.use2fa;
this.useApi = obj.useApi;
this.useBusinessPortal = obj.useBusinessPortal;
this.useSso = obj.useSso;
this.useResetPassword = obj.useResetPassword;
this.selfHost = obj.selfHost;
@ -92,10 +90,6 @@ export class Organization {
return this.type === OrganizationUserType.Owner || this.isProviderUser;
}
get canAccessBusinessPortal() {
return this.isAdmin || this.permissions.accessBusinessPortal;
}
get canAccessEventLogs() {
return this.isAdmin || this.permissions.accessEventLogs;
}

6
common/src/models/request/organization/organizationSsoRequest.ts Normal file
View File

@ -0,0 +1,6 @@
import { SsoConfigApi } from '../../api/ssoConfigApi';
export class OrganizationSsoRequest {
enabled: boolean = false;
data: SsoConfigApi;
}

23
common/src/models/response/organization/organizationSsoResponse.ts Normal file
View File

@ -0,0 +1,23 @@
import { SsoConfigApi } from '../../api/ssoConfigApi';
import { BaseResponse } from '../baseResponse';
export class OrganizationSsoResponse extends BaseResponse {
enabled: boolean;
data: SsoConfigApi;
urls: SsoUrls;
constructor(response: any) {
super(response);
this.enabled = this.getResponseProperty('Enabled');
this.data = new SsoConfigApi(this.getResponseProperty('Data'));
this.urls = this.getResponseProperty('Urls');
}
}
type SsoUrls = {
callbackPath: string;
signedOutCallbackPath: string;
spEntityId: string;
spMetadataUrl: string;
spAcsUrl: string;
};

2
common/src/models/response/profileOrganizationResponse.ts
View File

@ -14,7 +14,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
useTotp: boolean;
use2fa: boolean;
useApi: boolean;
useBusinessPortal: boolean;
useSso: boolean;
useResetPassword: boolean;
selfHost: boolean;
@ -46,7 +45,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
this.useTotp = this.getResponseProperty('UseTotp');
this.use2fa = this.getResponseProperty('Use2fa');
this.useApi = this.getResponseProperty('UseApi');
this.useBusinessPortal = this.getResponseProperty('UseBusinessPortal');
this.useSso = this.getResponseProperty('UseSso');
this.useResetPassword = this.getResponseProperty('UseResetPassword');
this.selfHost = this.getResponseProperty('SelfHost');

2
common/src/models/response/profileProviderOrganizationResponse.ts
View File

@ -14,7 +14,6 @@ export class ProfileProviderOrganizationResponse extends BaseResponse {
useTotp: boolean;
use2fa: boolean;
useApi: boolean;
useBusinessPortal: boolean;
useSso: boolean;
useResetPassword: boolean;
selfHost: boolean;
@ -46,7 +45,6 @@ export class ProfileProviderOrganizationResponse extends BaseResponse {
this.useTotp = this.getResponseProperty('UseTotp');
this.use2fa = this.getResponseProperty('Use2fa');
this.useApi = this.getResponseProperty('UseApi');
this.useBusinessPortal = this.getResponseProperty('UseBusinessPortal');
this.useSso = this.getResponseProperty('UseSso');
this.useResetPassword = this.getResponseProperty('UseResetPassword');
this.selfHost = this.getResponseProperty('SelfHost');

19
common/src/services/api.service.ts
View File

@ -33,6 +33,7 @@ import { ImportDirectoryRequest } from '../models/request/importDirectoryRequest
import { ImportOrganizationCiphersRequest } from '../models/request/importOrganizationCiphersRequest';
import { KdfRequest } from '../models/request/kdfRequest';
import { KeysRequest } from '../models/request/keysRequest';
import { OrganizationSsoRequest } from '../models/request/organization/organizationSsoRequest';
import { OrganizationCreateRequest } from '../models/request/organizationCreateRequest';
import { OrganizationImportRequest } from '../models/request/organizationImportRequest';
import { OrganizationKeysRequest } from '../models/request/organizationKeysRequest';
@ -117,9 +118,11 @@ import {
GroupDetailsResponse,
GroupResponse,
} from '../models/response/groupResponse';
import { IdentityCaptchaResponse } from '../models/response/identityCaptchaResponse';
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
import { ListResponse } from '../models/response/listResponse';
import { OrganizationSsoResponse } from '../models/response/organization/organizationSsoResponse';
import { OrganizationAutoEnrollStatusResponse } from '../models/response/organizationAutoEnrollStatusResponse';
import { OrganizationKeysResponse } from '../models/response/organizationKeysResponse';
import { OrganizationResponse } from '../models/response/organizationResponse';
@ -163,7 +166,6 @@ import { ChallengeResponse } from '../models/response/twoFactorWebAuthnResponse'
import { TwoFactorYubiKeyResponse } from '../models/response/twoFactorYubiKeyResponse';
import { UserKeyResponse } from '../models/response/userKeyResponse';
import { IdentityCaptchaResponse } from '../models/response/identityCaptchaResponse';
import { SendAccessView } from '../models/view/sendAccessView';
export class ApiService implements ApiServiceAbstraction {
@ -370,11 +372,6 @@ export class ApiService implements ApiServiceAbstraction {
return this.send('POST', '/accounts/kdf', request, true, false);
}
async getEnterprisePortalSignInToken(): Promise<string> {
const r = await this.send('GET', '/accounts/enterprise-portal-signin-token', null, true, true);
return r as string;
}
async deleteSsoUser(organizationId: string): Promise<any> {
return this.send('DELETE', '/accounts/sso/' + organizationId, null, true, false);
}
@ -1151,6 +1148,11 @@ export class ApiService implements ApiServiceAbstraction {
return new TaxInfoResponse(r);
}
async getOrganizationSso(id: string): Promise<OrganizationSsoResponse> {
const r = await this.send('GET', '/organizations/' + id + '/sso', null, true, true);
return new OrganizationSsoResponse(r);
}
async postOrganization(request: OrganizationCreateRequest): Promise<OrganizationResponse> {
const r = await this.send('POST', '/organizations', request, true, true);
return new OrganizationResponse(r);
@ -1188,6 +1190,11 @@ export class ApiService implements ApiServiceAbstraction {
return new ApiKeyResponse(r);
}
async postOrganizationSso(id: string, request: OrganizationSsoRequest): Promise<OrganizationSsoResponse> {
const r = await this.send('POST', '/organizations/' + id + '/sso', request, true, true);
return new OrganizationSsoResponse(r);
}
async postOrganizationUpgrade(id: string, request: OrganizationUpgradeRequest): Promise<PaymentResponse> {
const r = await this.send('POST', '/organizations/' + id + '/upgrade', request, true, true);
return new PaymentResponse(r);

19
common/src/services/environment.service.ts
View File

@ -19,7 +19,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
private iconsUrl: string;
private notificationsUrl: string;
private eventsUrl: string;
private enterpriseUrl: string;
constructor(private storageService: StorageService) {}
@ -39,18 +38,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
return 'https://notifications.bitwarden.com';
}
getEnterpriseUrl() {
if (this.enterpriseUrl != null) {
return this.enterpriseUrl;
}
if (this.baseUrl != null) {
return this.baseUrl + '/portal';
}
return 'https://portal.bitwarden.com';
}
getWebVaultUrl() {
if (this.webVaultUrl != null) {
return this.webVaultUrl;
@ -126,7 +113,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
notifications: null,
events: null,
webVault: null,
enterprise: null,
};
const envUrls = new EnvironmentUrls();
@ -142,7 +128,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
this.iconsUrl = urls.icons;
this.notificationsUrl = urls.notifications;
this.eventsUrl = envUrls.events = urls.events;
this.enterpriseUrl = urls.enterprise;
}
async setUrls(urls: Urls, saveSettings: boolean = true): Promise<any> {
@ -153,7 +138,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
urls.icons = this.formatUrl(urls.icons);
urls.notifications = this.formatUrl(urls.notifications);
urls.events = this.formatUrl(urls.events);
urls.enterprise = this.formatUrl(urls.enterprise);
if (saveSettings) {
await this.storageService.save(ConstantsService.environmentUrlsKey, {
@ -164,7 +148,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
icons: urls.icons,
notifications: urls.notifications,
events: urls.events,
enterprise: urls.enterprise,
});
}
@ -175,7 +158,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
this.iconsUrl = urls.icons;
this.notificationsUrl = urls.notifications;
this.eventsUrl = urls.events;
this.enterpriseUrl = urls.enterprise;
this.urlsSubject.next(urls);
@ -191,7 +173,6 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
icons: this.iconsUrl,
notifications: this.notificationsUrl,
events: this.eventsUrl,
enterprise: this.enterpriseUrl,
};
}