bitwarden-server/src/Admin/Startup.cs

using System;
using System.Globalization;
using Bit.Core.Context;
using Bit.Core.Identity;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Stripe;

#if !OSS
using Bit.CommCore.Utilities;
#endif

namespace Bit.Admin
{
    public class Startup
    {
        public Startup(IWebHostEnvironment env, IConfiguration configuration)
        {
            CultureInfo.DefaultThreadCurrentCulture = new CultureInfo("en-US");
            Configuration = configuration;
            Environment = env;
        }

        public IConfiguration Configuration { get; private set; }
        public IWebHostEnvironment Environment { get; set; }

        public void ConfigureServices(IServiceCollection services)
        {
            // Options
            services.AddOptions();

            // Settings
            var globalSettings = services.AddGlobalSettingsServices(Configuration);
            services.Configure<AdminSettings>(Configuration.GetSection("AdminSettings"));

            // Data Protection
            services.AddCustomDataProtectionServices(Environment, globalSettings);

            // Stripe Billing
            StripeConfiguration.ApiKey = globalSettings.Stripe.ApiKey;
            StripeConfiguration.MaxNetworkRetries = globalSettings.Stripe.MaxNetworkRetries;

            // Repositories
            services.AddSqlServerRepositories(globalSettings);

            // Context
            services.AddScoped<ICurrentContext, CurrentContext>();

            // Identity
            services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings);
            services.Configure<SecurityStampValidatorOptions>(options =>
            {
                options.ValidationInterval = TimeSpan.FromMinutes(5);
            });
            if (globalSettings.SelfHosted)
            {
                services.ConfigureApplicationCookie(options =>
                {
                    options.Cookie.Path = "/admin";
                });
            }

            // Services
            services.AddBaseServices();
            services.AddDefaultServices(globalSettings);

#if OSS
                services.AddOosServices();
#else
            services.AddCommCoreServices();
#endif

            // Mvc
            services.AddMvc(config =>
            {
                config.Filters.Add(new LoggingExceptionHandlerFilterAttribute());
            });
            services.Configure<RouteOptions>(options => options.LowercaseUrls = true);

            // Jobs service
            Jobs.JobsHostedService.AddJobsServices(services, globalSettings.SelfHosted);
            services.AddHostedService<Jobs.JobsHostedService>();
            if (globalSettings.SelfHosted)
            {
                services.AddHostedService<HostedServices.DatabaseMigrationHostedService>();
            }
            else
            {
                if (CoreHelpers.SettingHasValue(globalSettings.Storage.ConnectionString))
                {
                    services.AddHostedService<HostedServices.AzureQueueBlockIpHostedService>();
                }
                else if (CoreHelpers.SettingHasValue(globalSettings.Amazon?.AccessKeySecret))
                {
                    services.AddHostedService<HostedServices.AmazonSqsBlockIpHostedService>();
                }
                if (CoreHelpers.SettingHasValue(globalSettings.Mail.ConnectionString))
                {
                    services.AddHostedService<HostedServices.AzureQueueMailHostedService>();
                }
            }
        }

        public void Configure(
            IApplicationBuilder app,
            IWebHostEnvironment env,
            IHostApplicationLifetime appLifetime,
            GlobalSettings globalSettings)
        {
            app.UseSerilog(env, appLifetime, globalSettings);

            // Add general security headers
            app.UseMiddleware<SecurityHeadersMiddleware>();

            if (globalSettings.SelfHosted)
            {
                app.UsePathBase("/admin");
                app.UseForwardedHeaders(globalSettings);
            }

            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/error");
            }

            app.UseStaticFiles();
            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
        }
    }
}
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								using System;
-												set en-US as default current culture

											
										
										
											2019-07-11 21:03:17 +02:00
+								using System.Globalization;
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 19:54:21 +01:00
+								using Bit.Core.Context;
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
+								using Bit.Core.Identity;
-												Use sas token for attachment downloads (#1153)

* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
											
										
										
											2021-02-22 22:35:16 +01:00
+								using Bit.Core.Settings;
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
+								using Bit.Core.Utilities;
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								using Microsoft.AspNetCore.Builder;
 								using Microsoft.AspNetCore.Hosting;
-												security stamp validation for passwordless login

											
										
										
											2019-01-17 22:07:24 +01:00
+								using Microsoft.AspNetCore.Identity;
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								using Microsoft.AspNetCore.Routing;
 								using Microsoft.Extensions.Configuration;
 								using Microsoft.Extensions.DependencyInjection;
-												upgrade to aspnet core 3.1

											
										
										
											2020-01-10 14:33:13 +01:00
+								using Microsoft.Extensions.Hosting;
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
+								using Stripe;
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
-												[Provider] Setup provider (#1378)


											
										
										
											2021-06-30 09:35:26 +02:00
+								#if !OSS
 								using Bit.CommCore.Utilities;
 								#endif
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								namespace Bit.Admin
 								{
 								    public class Startup
 								    {
-												upgrade to aspnet core 3.1

											
										
										
											2020-01-10 14:33:13 +01:00
+								        public Startup(IWebHostEnvironment env, IConfiguration configuration)
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								        {
-												set en-US as default current culture

											
										
										
											2019-07-11 21:03:17 +02:00
+								            CultureInfo.DefaultThreadCurrentCulture = new CultureInfo("en-US");
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								            Configuration = configuration;
-												chown nginx logs and data protect admin

											
										
										
											2018-03-28 03:37:35 +02:00
+								            Environment = env;
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								        }
-												chown nginx logs and data protect admin

											
										
										
											2018-03-28 03:37:35 +02:00
+								        public IConfiguration Configuration { get; private set; }
-												upgrade to aspnet core 3.1

											
										
										
											2020-01-10 14:33:13 +01:00
+								        public IWebHostEnvironment Environment { get; set; }
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
 								        public void ConfigureServices(IServiceCollection services)
 								        {
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
+								            // Options
 								            services.AddOptions();
 								            // Settings
 								            var globalSettings = services.AddGlobalSettingsServices(Configuration);
 								            services.Configure<AdminSettings>(Configuration.GetSection("AdminSettings"));
-												chown nginx logs and data protect admin

											
										
										
											2018-03-28 03:37:35 +02:00
+								            // Data Protection
 								            services.AddCustomDataProtectionServices(Environment, globalSettings);
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
+								            // Stripe Billing
-												Fix Stripe object lock timeouts (#1735)

* Fix Stripe object lock timeouts

* Move stripe config into globalSetting.stripe
* add MaxNetworkRetries config option with smart defaults

* Rename stripeApiKey to apiKey
											
										
										
											2021-11-29 01:01:51 +01:00
+								            StripeConfiguration.ApiKey = globalSettings.Stripe.ApiKey;
 								            StripeConfiguration.MaxNetworkRetries = globalSettings.Stripe.MaxNetworkRetries;
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
 								            // Repositories
 								            services.AddSqlServerRepositories(globalSettings);
 								            // Context
-												Add disable send policy (#1130)

* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
											
										
										
											2021-02-04 19:54:21 +01:00
+								            services.AddScoped<ICurrentContext, CurrentContext>();
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
 								            // Identity
 								            services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings);
-												security stamp validation for passwordless login

											
										
										
											2019-01-17 22:07:24 +01:00
+								            services.Configure<SecurityStampValidatorOptions>(options =>
 								            {
 								                options.ValidationInterval = TimeSpan.FromMinutes(5);
 								            });
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 19:36:37 +01:00
+								            if (globalSettings.SelfHosted)
-												success/error messages for admin

											
										
										
											2018-03-28 16:38:01 +02:00
+								            {
 								                services.ConfigureApplicationCookie(options =>
 								                {
 								                    options.Cookie.Path = "/admin";
 								                });
 								            }
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
 								            // Services
 								            services.AddBaseServices();
 								            services.AddDefaultServices(globalSettings);
-												Run dotnet format (#1764)


											
										
										
											2021-12-16 15:35:09 +01:00
-												[Provider] Setup provider (#1378)


											
										
										
											2021-06-30 09:35:26 +02:00
+								#if OSS
 								                services.AddOosServices();
 								#else
 								            services.AddCommCoreServices();
 								#endif
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
 								            // Mvc
 								            services.AddMvc(config =>
 								            {
 								                config.Filters.Add(new LoggingExceptionHandlerFilterAttribute());
 								            });
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								            services.Configure<RouteOptions>(options => options.LowercaseUrls = true);
-												database maintenance jobs setup in admin

											
										
										
											2018-10-09 16:12:27 +02:00
 								            // Jobs service
-												remove alive job

											
										
										
											2019-11-04 13:43:15 +01:00
+								            Jobs.JobsHostedService.AddJobsServices(services, globalSettings.SelfHosted);
-												database maintenance jobs setup in admin

											
										
										
											2018-10-09 16:12:27 +02:00
+								            services.AddHostedService<Jobs.JobsHostedService>();
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 19:36:37 +01:00
+								            if (globalSettings.SelfHosted)
-												move migrations to migrator project

											
										
										
											2019-03-25 18:21:05 +01:00
+								            {
 								                services.AddHostedService<HostedServices.DatabaseMigrationHostedService>();
 								            }
 								            else
-												BlockIpHostedService to replace func

											
										
										
											2019-03-05 05:41:46 +01:00
+								            {
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 19:36:37 +01:00
+								                if (CoreHelpers.SettingHasValue(globalSettings.Storage.ConnectionString))
-												amazon sqs block ip queuing

											
										
										
											2019-03-18 21:23:37 +01:00
+								                {
 								                    services.AddHostedService<HostedServices.AzureQueueBlockIpHostedService>();
 								                }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 19:36:37 +01:00
+								                else if (CoreHelpers.SettingHasValue(globalSettings.Amazon?.AccessKeySecret))
-												amazon sqs block ip queuing

											
										
										
											2019-03-18 21:23:37 +01:00
+								                {
 								                    services.AddHostedService<HostedServices.AmazonSqsBlockIpHostedService>();
 								                }
-												Support large organization sync (#1311)

* Increase organization max seat size from 30k to 2b (#1274)

* Increase organization max seat size from 30k to 2b

* PR review. Do not modify unless state matches expected

* Organization sync simultaneous event reporting (#1275)

* Split up azure messages according to max size

* Allow simultaneous login of organization user events

* Early resolve small event lists

* Clarify logic

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Improve readability

This comes at the cost of multiple serializations, but the
 improvement in wire-time should more than make up for this
 on message where serialization time matters

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Queue emails (#1286)

* Extract common Azure queue methods

* Do not use internal entity framework namespace

* Prefer IEnumerable to IList unless needed

All of these implementations were just using `Count == 1`,
which is easily replicated. This will be used when abstracting Azure queues

* Add model for azure queue message

* Abstract Azure queue for reuse

* Creat service to enqueue mail messages for later processing

Azure queue mail service uses Azure queues.
Blocking just blocks until all the work is done -- This is
how emailing works today

* Provide mail queue service to DI

* Queue organization invite emails for later processing

All emails can later be added to this queue

* Create Admin hosted service to process enqueued mail messages

* Prefer constructors to static generators

* Mass delete organization users (#1287)

* Add delete many to Organization Users

* Correct formatting

* Remove erroneous migration

* Clarify parameter name

* Formatting fixes

* Simplify bump account revision sproc

* Formatting fixes

* Match file names to objects

* Indicate if large import is expected

* Early pull all existing users we were planning on inviting (#1290)

* Early pull all existing users we were planning on inviting

* Improve sproc name

* Batch upsert org users (#1289)

* Add UpsertMany sprocs to OrganizationUser

* Add method to create TVPs from any object.

Uses DbOrder attribute to generate.
Sproc will fail unless TVP column order matches that of the db type

* Combine migrations

* Correct formatting

* Include sql objects in sql project

* Keep consisten parameter names

* Batch deletes for performance

* Correct formatting

* consolidate migrations

* Use batch methods in OrganizationImport

* Declare @BatchSize

* Transaction names limited to 32 chars

Drop sproc before creating it if it exists

* Update import tests

* Allow for more users in org upgrades

* Fix formatting

* Improve class hierarchy structure

* Use name tuple types

* Fix formatting

* Front load all reflection

* Format constructor

* Simplify ToTvp as class-specific extension

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
											
										
										
											2021-05-17 16:43:02 +02:00
+								                if (CoreHelpers.SettingHasValue(globalSettings.Mail.ConnectionString))
 								                {
 								                    services.AddHostedService<HostedServices.AzureQueueMailHostedService>();
 								                }
-												BlockIpHostedService to replace func

											
										
										
											2019-03-05 05:41:46 +01:00
+								            }
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								        }
-												passwordless sign in for admin

											
										
										
											2018-03-21 19:26:49 +01:00
+								        public void Configure(
 								            IApplicationBuilder app,
-												upgrade to aspnet core 3.1

											
										
										
											2020-01-10 14:33:13 +01:00
+								            IWebHostEnvironment env,
 								            IHostApplicationLifetime appLifetime,
-												update to net core 2.2

											
										
										
											2019-07-23 22:38:49 +02:00
+								            GlobalSettings globalSettings)
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								        {
-												update to net core 2.2

											
										
										
											2019-07-23 22:38:49 +02:00
+								            app.UseSerilog(env, appLifetime, globalSettings);
-												Revert "explicitly disable app insights telemetry"

This reverts commit 819a4e031d8e2b9e2257a373d01849afb347f585.

											
										
										
											2018-05-21 19:31:47 +02:00
-												Added middleware for general security headers (#1700)


											
										
										
											2021-11-09 17:37:14 +01:00
+								            // Add general security headers
 								            app.UseMiddleware<SecurityHeadersMiddleware>();
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 19:36:37 +01:00
+								            if (globalSettings.SelfHosted)
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								            {
-												proxypass to /admin

											
										
										
											2018-03-24 13:39:55 +01:00
+								                app.UsePathBase("/admin");
-												UseForwardedHeaders with known proxies

											
										
										
											2019-04-26 15:52:54 +02:00
+								                app.UseForwardedHeaders(globalSettings);
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								            }
-												Changed all C# control flow block statements to include space between keyword and open paren

											
										
										
											2020-03-27 19:36:37 +01:00
+								            if (env.IsDevelopment())
-												set base admin path for self host

											
										
										
											2018-03-24 04:27:33 +01:00
+								            {
-												proxypass to /admin

											
										
										
											2018-03-24 13:39:55 +01:00
+								                app.UseDeveloperExceptionPage();
-												set base admin path for self host

											
										
										
											2018-03-24 04:27:33 +01:00
+								            }
-												Tweak provider views (#1499)

* Add Organizations to provider views

Remove enabled/disabled toggle from provider. It's currently not used.

* Remove provider Delete

There are implications to deleting providers on the organizations they manage.
We want to think through this flow before allowing delete from the
admin portal.

* Use toastr to display production exception messages.

Update build actions to upgrade npm to v7.

Use a custom error handler in production which displays a toast of the
exception message and redirect to the offending page

* Clarify provider create error message
											
										
										
											2021-08-10 18:28:00 +02:00
+								            else
 								            {
 								                app.UseExceptionHandler("/error");
 								            }
-												set base admin path for self host

											
										
										
											2018-03-24 04:27:33 +01:00
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								            app.UseStaticFiles();
-												upgrade to aspnet core 3.1

											
										
										
											2020-01-10 14:33:13 +01:00
+								            app.UseRouting();
 								            app.UseAuthentication();
 								            app.UseAuthorization();
 								            app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
-												setup new admin portal project

											
										
										
											2018-03-21 17:57:43 +01:00
+								        }
 								    }
 								}