1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00
bitwarden-server/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

830 lines
32 KiB
C#
Raw Normal View History

using System.Net;
using System.Net.Http.Headers;
using Bit.Api.IntegrationTest.Factories;
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
using Bit.Api.IntegrationTest.SecretsManager.Enums;
using Bit.Api.Models.Response;
using Bit.Api.SecretsManager.Models.Request;
using Bit.Api.SecretsManager.Models.Response;
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
using Bit.Core.Enums;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
using Bit.Test.Common.Helpers;
using Xunit;
namespace Bit.Api.IntegrationTest.SecretsManager.Controllers;
public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
{
private readonly string _mockEncryptedString =
"2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98sp4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=";
private readonly HttpClient _client;
private readonly ApiApplicationFactory _factory;
private readonly ISecretRepository _secretRepository;
private readonly IProjectRepository _projectRepository;
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
private readonly IAccessPolicyRepository _accessPolicyRepository;
private string _email = null!;
private SecretsManagerOrganizationHelper _organizationHelper = null!;
public SecretsControllerTests(ApiApplicationFactory factory)
{
_factory = factory;
_client = _factory.CreateClient();
_secretRepository = _factory.GetService<ISecretRepository>();
_projectRepository = _factory.GetService<IProjectRepository>();
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
}
public async Task InitializeAsync()
{
_email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
await _factory.LoginWithNewAccount(_email);
_organizationHelper = new SecretsManagerOrganizationHelper(_factory, _email);
}
public Task DisposeAsync()
{
_client.Dispose();
return Task.CompletedTask;
}
private async Task LoginAsync(string email)
{
var tokens = await _factory.LoginAsync(email);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
var response = await _client.GetAsync($"/organizations/{org.Id}/secrets");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task ListByOrganization_Success(PermissionType permissionType)
{
var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
var project = await _projectRepository.CreateAsync(new Project
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString,
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secretIds = new List<Guid>();
for (var i = 0; i < 3; i++)
{
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
Note = _mockEncryptedString,
Projects = new List<Project> { project }
});
secretIds.Add(secret.Id);
}
var response = await _client.GetAsync($"/organizations/{org.Id}/secrets");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Secrets);
Assert.Equal(secretIds.Count, result.Secrets.Count());
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
var request = new SecretCreateRequestModel
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
public async Task CreateWithoutProject_RunAsAdmin_Success()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var request = new SecretCreateRequestModel
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.NotNull(result);
Assert.Equal(request.Key, result!.Key);
Assert.Equal(request.Value, result.Value);
Assert.Equal(request.Note, result.Note);
AssertHelper.AssertRecent(result.RevisionDate);
AssertHelper.AssertRecent(result.CreationDate);
var createdSecret = await _secretRepository.GetByIdAsync(result.Id);
Assert.NotNull(result);
Assert.Equal(request.Key, createdSecret.Key);
Assert.Equal(request.Value, createdSecret.Value);
Assert.Equal(request.Note, createdSecret.Note);
AssertHelper.AssertRecent(createdSecret.RevisionDate);
AssertHelper.AssertRecent(createdSecret.CreationDate);
Assert.Null(createdSecret.DeletedDate);
}
[Fact]
public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var anotherOrg = await _organizationHelper.CreateSmOrganizationAsync();
var project =
await _projectRepository.CreateAsync(new Project { Name = "123", OrganizationId = anotherOrg.Id });
var request = new SecretCreateRequestModel
{
ProjectIds = new[] { project.Id },
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task CreateWithMultipleProjects_RunAsAdmin_BadRequest()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" });
var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" });
var request = new SecretCreateRequestModel
{
ProjectIds = new Guid[] { projectA.Id, projectB.Id },
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
[Fact]
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
public async Task CreateWithoutProject_RunAsUser_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var request = new SecretCreateRequestModel
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
};
var response = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task CreateWithProject_Success(PermissionType permissionType)
{
var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
AccessClientType accessType = AccessClientType.NoAccessCheck;
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var orgUserId = (Guid)orgAdminUser.UserId!;
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
accessType = AccessClientType.User;
var accessPolicies = new List<BaseAccessPolicy>
{
new Core.SecretsManager.Entities.UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id , Read = true, Write = true,
},
};
orgUserId = (Guid)orgUser.UserId!;
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secretRequest = new SecretCreateRequestModel()
{
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
ProjectIds = new[] { project.Id },
};
var secretResponse = await _client.PostAsJsonAsync($"/organizations/{org.Id}/secrets", secretRequest);
secretResponse.EnsureSuccessStatusCode();
var secretResult = await secretResponse.Content.ReadFromJsonAsync<SecretResponseModel>();
var result = (await _secretRepository.GetManyByProjectIdAsync(project.Id, orgUserId, accessType)).First();
var secret = result.Secret;
Assert.NotNull(secretResult);
Assert.Equal(secret.Id, secretResult!.Id);
Assert.Equal(secret.OrganizationId, secretResult.OrganizationId);
Assert.Equal(secret.Key, secretResult.Key);
Assert.Equal(secret.Value, secretResult.Value);
Assert.Equal(secret.Note, secretResult.Note);
Assert.Equal(secret.CreationDate, secretResult.CreationDate);
Assert.Equal(secret.RevisionDate, secretResult.RevisionDate);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var response = await _client.GetAsync($"/organizations/secrets/{secret.Id}");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Get_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
else
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true);
await LoginAsync(email);
}
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
Note = _mockEncryptedString,
Projects = new List<Project> { project }
});
var response = await _client.GetAsync($"/secrets/{secret.Id}");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.Equal(secret.Key, result!.Key);
Assert.Equal(secret.Value, result.Value);
Assert.Equal(secret.Note, result.Note);
Assert.Equal(secret.RevisionDate, result.RevisionDate);
Assert.Equal(secret.CreationDate, result.CreationDate);
}
2023-03-21 23:12:13 +01:00
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task GetSecretsByProject_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
2023-03-21 23:12:13 +01:00
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
2023-03-21 23:12:13 +01:00
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project
{
OrganizationId = org.Id,
Name = _mockEncryptedString,
});
var response = await _client.GetAsync($"/projects/{project.Id}/secrets");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task GetSecretsByProject_UserWithNoPermission_EmptyList()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
2023-03-21 23:12:13 +01:00
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = new List<Project> { project },
});
var response = await _client.GetAsync($"/projects/{project.Id}/secrets");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
Assert.NotNull(result);
Assert.Empty(result!.Secrets);
Assert.Empty(result!.Projects);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task GetSecretsByProject_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
2023-03-21 23:12:13 +01:00
await LoginAsync(_email);
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = new List<Project> { project },
});
var response = await _client.GetAsync($"/projects/{project.Id}/secrets");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretWithProjectsListResponseModel>();
Assert.NotEmpty(result!.Secrets);
Assert.Equal(secret.Id, result.Secrets.First().Id);
Assert.Equal(secret.OrganizationId, result.Secrets.First().OrganizationId);
2023-03-21 23:12:13 +01:00
Assert.Equal(secret.Key, result.Secrets.First().Key);
Assert.Equal(secret.CreationDate, result.Secrets.First().CreationDate);
Assert.Equal(secret.RevisionDate, result.Secrets.First().RevisionDate);
Assert.Equal(secret.Projects!.First().Id, result.Projects.First().Id);
Assert.Equal(secret.Projects!.First().Name, result.Projects.First().Name);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var request = new SecretUpdateRequestModel
{
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
Note = _mockEncryptedString
};
var response = await _client.PutAsJsonAsync($"/organizations/secrets/{secret.Id}", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Update_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
var project = await _projectRepository.CreateAsync(new Project()
{
Id = new Guid(),
OrganizationId = org.Id,
Name = _mockEncryptedString
});
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
Note = _mockEncryptedString,
Projects = permissionType == PermissionType.RunAsUserWithPermission ? new List<Project>() { project } : null
});
var request = new SecretUpdateRequestModel()
{
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
Note = _mockEncryptedString,
ProjectIds = permissionType == PermissionType.RunAsUserWithPermission ? new Guid[] { project.Id } : null
};
var response = await _client.PutAsJsonAsync($"/secrets/{secret.Id}", request);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<SecretResponseModel>();
Assert.Equal(request.Key, result!.Key);
Assert.Equal(request.Value, result.Value);
Assert.NotEqual(secret.Value, result.Value);
Assert.Equal(request.Note, result.Note);
AssertHelper.AssertRecent(result.RevisionDate);
Assert.NotEqual(secret.RevisionDate, result.RevisionDate);
var updatedSecret = await _secretRepository.GetByIdAsync(result.Id);
Assert.NotNull(result);
Assert.Equal(request.Key, updatedSecret.Key);
Assert.Equal(request.Value, updatedSecret.Value);
Assert.Equal(request.Note, updatedSecret.Note);
AssertHelper.AssertRecent(updatedSecret.RevisionDate);
AssertHelper.AssertRecent(updatedSecret.CreationDate);
Assert.Null(updatedSecret.DeletedDate);
Assert.NotEqual(secret.Value, updatedSecret.Value);
Assert.NotEqual(secret.RevisionDate, updatedSecret.RevisionDate);
}
[Fact]
public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var anotherOrg = await _organizationHelper.CreateSmOrganizationAsync();
var project = await _projectRepository.CreateAsync(new Project { Name = "123", OrganizationId = anotherOrg.Id });
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var request = new SecretUpdateRequestModel
{
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
Note = _mockEncryptedString,
ProjectIds = new Guid[] { project.Id },
};
var response = await _client.PutAsJsonAsync($"/secrets/{secret.Id}", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task UpdateWithMultipleProjects_BadRequest()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" });
var projectB = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123B" });
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var request = new SecretUpdateRequestModel
{
Key = _mockEncryptedString,
Value = "2.3Uk+WNBIoU5xzmVFNcoWzz==|1MsPIYuRfdOHfu/0uY6H2Q==|/98xy4wb6pHP1VTZ9JcNCYgQjEUMFPlqJgCwRk1YXKg=",
Note = _mockEncryptedString,
ProjectIds = new Guid[] { projectA.Id, projectB.Id },
};
var response = await _client.PutAsJsonAsync($"/secrets/{secret.Id}", request);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString
});
var secretIds = new[] { secret.Id };
var response = await _client.PostAsJsonAsync($"/secrets/delete", secretIds);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Fact]
public async Task Delete_MissingAccessPolicy_AccessDenied()
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var (_, secretIds) = await CreateSecretsAsync(org.Id, 3);
var response = await _client.PostAsync("/secrets/delete", JsonContent.Create(secretIds));
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results);
Assert.Equal(secretIds.OrderBy(x => x),
results!.Data.Select(x => x.Id).OrderBy(x => x));
Assert.All(results.Data, item => Assert.Equal("access denied", item.Error));
}
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task Delete_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var (project, secretIds) = await CreateSecretsAsync(org.Id);
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true
}
[SM-381] New secrets access (#2629) * [SM-66] Create Secret Database Table (#2144) Objective The purpose of this PR is to create a database table, entity, and repository for the new Secret database table. The new Secret table will use entity framework for all database providers. * [SM-67] Get all secrets by org ID (#2163) Add a controller to fetch secrets associated with an organization ID. To note, the [SecretsManager] attribute makes this controller only available for local development. * [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201) The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project. * Move interfaces to core (#2211) * [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206) * Read UTC DateTimes from db and order by revision * Move orderby to repo layer * [SM-185] Add EE_Testing_env to server (#2222) * Sm 104 project Database (#2192) * Project DB addition and sprocs * Adding spaces to the end of each file, fixing minor issues * removing useless comments * Adding soft delete proc to migration * Project EF Scaffold * Additional changes to use EF instead of procedures * Adding dependency injection * Fixing lint errors * Bug fixes * Adding migration scripts, removing sproc files, and setting up Entity framework code * Adding back accidentally deleted sproc * Removing files that shouldn't have been created * Lint * Small changes based on Oscar's rec (#2215) * Migrations for making CreateDate not null * adding space to end of file * Making Revision date not null * dotnet format * Adding nonclustered indexes to SQL * SM-104: Update PR with changes Thomas proposed Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> * Removing org ID from create request body (#2243) * SM-114: Add create & update project endpoints (#2251) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Fix import ordering for linter * SM-114: Remove unneeded lines setting DeletedDate, as it should already be null * SM-114: Only have OrgId in route for CreateProject * Remove unneeded using * Fully remove OrgId from ProjectCreateRequestModel * [SM-64] Soft Delete Secrets (#2253) * Bulk delete secrets with command unit tests * Controller unit tests * Optimize conditionals * SM-64 bulk delete integration test * fix test * SM-64 code review updated * [SM-65] Fix return empty secrets list (#2281) * Secrets return empty list * [SM-246] Use repository in integration test (#2285) * [SM-190] Add integration tests to Secrets (#2292) * Adding integration tests for the SecretsController Co-authored-by: Hinton <hinton@users.noreply.github.com> * Sm 95 - Adding GetProjects endpoint (#2295) * SM-114: Initial commit with create project endpoint (for SM) * SM-114: Add Update Project route (for SM) * SM-114: Fix file encodings * Fix DI issue for SM Project Create/Update commands * Adding GetProjectsByOrg * fixing merge conflicts * fix * Updating to return empty list * removing null check Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> * [SM-191] Create ServiceAccount Table (#2301) * SM-191 Create ServiceAccount Table * [SM-207] API for listing service accounts by organization (#2307) * SM-207 list service accounts by org * SM-96: Add ability to get project by id (#2314) * SM-96: Small change to allow getting project by id * Fix whitespace issue * Add first integration test and fix date bug * Ensure tests are consistent * Add more project controller integration tests * Remove commented delete for now * [SM-187] Create ServiceAccounts (#2323) * SM-187 Create & Update ServiceAccounts * Remove extra new line src/Api/Controllers/ServiceAccountsController.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-218] [SM-219] SM Auth flow (#2297) * SM-282 Delete Projects (#2335) * SM-282 delete & bulk delete projects * Have delete commands return tuple with object * Fix admin project not working after secrets manager changes (#2339) * [SM-150] proj and secrets mapping (#2286) * Beggining of changes for Project Secrets mapping * Beggining of changes for project and secrets mapping * Inital changes to add Mapping table for Project Secrets * Resolve migration not working properly * Indent sql * Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository. * Changes made with Oscar * Add reversemap * running lint and removing comments * Lint fixes * fixing merge issues * Trying to fix the DB issue * DB fixes * fixes * removing unused space * fixing lint issue * final lint fix I hope * removing manually added sql.sqlproj * Lint changes and fixing the sql proj issues * adding ServiceAccount to sql proj * Removing ON DELETE CASCADE * remove On delete cascade * changes for deleting project and secret inside of the Organization_DeleteById procedure. * changes for deleting project and secret inside of the Organization_DeleteById procedure. * migration changes * Updating constraints * removing void * remove spaces * updating cipherRepo tests to be task instead of void * fixing * fixing * test * fix * fix * changes to remove circular dependency * fixes * sending guid and string name of the project over * Update src/Sql/dbo/Tables/Secret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update src/Sql/dbo/Tables/Project.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * removing unused code * Potential refactor (#2340) * migrations * Postgres migraiton * Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * rename file * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Lint fixes * removing extra semi colon * removing circular references with projects and secrets * adding back projects * Add ProjectFixture * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-300] Access token endpoint (#2377) * [SM-324] Add Organization to JWT claim (#2379) * [SM-259] Add create access token endpoint for service accounts (#2411) * Add create access token for service accounts * [SM-259] Fix create access token scope initialization (#2418) * Fix namespace for ServiceAccount command tests * Remove "this" from SecretsManager requests * Fix have scope be assigned a JSON list * SM-99: Individual Project / Secrets Tab (#2399) Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-361] Add Support for never expiring ApiKeys (#2450) * Update database to support never expiring ApiKey * Update Api to support never expiring ApiKeys * Fix unit test variable naming * Remove required from model * Fix spacing * Add EF migrations * Run dotnet format * Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-359] Fix project secrets migration (#2443) * [SM-299] Add UseSecretsManager flag (#2413) * [SM-193] Access Policy (#2359) * [SM-371] Fix and re-enable parallel integration tests (#2460) * Fix and re-enable parallel integration tests * Fix package lock files * Move fix to ApiApplicationFactory * Run dotnet restore --force * Run dotnet format * Reset packages.lock.json files * Add project access checks for listing * SM-99: Add CreateSecretWithProject Integration Test (#2452) * Add GetSecretsByProjectAsync endpoint * Add GetManyByProjectIdAsync endpoint * Update response model for GetSecretsByProjectAsync * Include projects when returning secrets by project id * SM-99: Add ability to specify projectId when creating a secret * SM-99: Update tests to accomodate for new create secret parameter * Fix failing test * SM-99: Handle optional projectId for new secret in ToSecret() * SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings * SM-99: make CreateAsync for secret more clear * Add CreateSecretWithProject integration test * Fix CreateSecretWithProject integration test for SM-99 * Run dotnet format * Undo added space * Refactor test * Refactor CreateSecretWithProject API Integration test again * Change to boolean flag * [SM-379] Add SDK device type (#2486) * Add support for service accounts * Improve logic for project repository * Add remaining client types * Experiment with separate enum for access control * Add access checks to update project * Rework AccessClientType * Add access checks to fetching project * Add checks to delete project command (untested) * Remove some service account stuff * Add ServiceAccount to AccessClientType * Change CS8509 to error and 8424 to ignore * Remove unused utcNow * Fix delete tests * SM-73 changes (#2422) * testing * test2 * testing * trying to save the projects associated with the secret * changes * more changes * Fix EF error * Second attempt * Replace AddIfNotExists with Add. * changes * fixing await issue * lint * lint fixes * suggested changes * suggested changes * updating tests * fixing tests 2 * fixing tests * fixing test * fixing test * fixing tests * test * testing * fixing tests for the millionth time * fixing tests * allowing nulls for projectIds, fixing lint * fixing tests Co-authored-by: Hinton <hinton@users.noreply.github.com> * fixing tests * fixing tests * [SM-222] [SM-357] Squash Secrets Manager migrations (#2540) * Fix tables not being cleaned up * Fix migration * Squash secrets manager migrations * Reset EF to pre SM state * Add EF migrations * Fix unified docker * Add missed copy * Fix all unit tests * draft changes to add access checks to secrets * updating code * more changes * fixing issues * updating logic for access checks * updating secrets controller * changes * changes * merging more * changes * updateS * removing unused comment * changes requested by Thomas * more changes suggested by Thomas * making thomas's suggested changes * final changes * Run dotnet format * fixes * run dotnet format * Updating tests * Suggested changes * lint fixes * Test updates * Changes * Fixes for tests, and dotnet format * Fixes * test fixes * changes * fix * fix * test fix * removing duplicate * Removing dupe --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 20:42:07 +01:00
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
var response = await _client.PostAsJsonAsync("/secrets/delete", secretIds);
response.EnsureSuccessStatusCode();
var results = await response.Content.ReadFromJsonAsync<ListResponseModel<BulkDeleteResponseModel>>();
Assert.NotNull(results?.Data);
Assert.Equal(secretIds.Count, results!.Data.Count());
foreach (var result in results!.Data)
{
Assert.Contains(result.Id, secretIds);
Assert.Null(result.Error);
}
var secrets = await _secretRepository.GetManyByIds(secretIds);
Assert.Empty(secrets);
}
[Theory]
[InlineData(false, false, false)]
[InlineData(false, false, true)]
[InlineData(false, true, false)]
[InlineData(false, true, true)]
[InlineData(true, false, false)]
[InlineData(true, false, true)]
[InlineData(true, true, false)]
public async Task GetSecretsByIds_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
{
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
await LoginAsync(_email);
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = org.Id,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
});
var request = new GetSecretsRequestModel { Ids = new[] { secret.Id } };
var response = await _client.PostAsJsonAsync("/secrets/get-by-ids", request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
}
[Theory]
[InlineData(PermissionType.RunAsAdmin)]
[InlineData(PermissionType.RunAsUserWithPermission)]
public async Task GetSecretsByIds_Success(PermissionType permissionType)
{
var (org, _) = await _organizationHelper.Initialize(true, true, true);
await LoginAsync(_email);
var (project, secretIds) = await CreateSecretsAsync(org.Id);
if (permissionType == PermissionType.RunAsUserWithPermission)
{
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
await LoginAsync(email);
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy
{
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id, Read = true, Write = true,
},
};
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
}
else
{
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.Admin, true);
await LoginAsync(email);
}
var request = new GetSecretsRequestModel { Ids = secretIds };
var response = await _client.PostAsJsonAsync("/secrets/get-by-ids", request);
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<BaseSecretResponseModel>>();
Assert.NotNull(result);
Assert.NotEmpty(result!.Data);
Assert.Equal(secretIds.Count, result!.Data.Count());
}
private async Task<(Project Project, List<Guid> secretIds)> CreateSecretsAsync(Guid orgId, int numberToCreate = 3)
{
var project = await _projectRepository.CreateAsync(new Project
{
Id = new Guid(),
OrganizationId = orgId,
Name = _mockEncryptedString
});
var secretIds = new List<Guid>();
for (var i = 0; i < numberToCreate; i++)
{
var secret = await _secretRepository.CreateAsync(new Secret
{
OrganizationId = orgId,
Key = _mockEncryptedString,
Value = _mockEncryptedString,
Note = _mockEncryptedString,
Projects = new List<Project>() { project }
});
secretIds.Add(secret.Id);
}
return (project, secretIds);
}
}