1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00
Commit Graph

5229 Commits

Author SHA1 Message Date
Vincent Salucci
df4d1d5552
[AC-2086] Update CanDelete to handle V1 flag logic (#3979)
* feat: Update authorization handler to handle V1 collection enhancement, refs AC-2086

* feat: update tests to account for new V1 flag/setting logic, refs AC-2086

* feat: update CanDelete with all collection enhancement combinations, refs AC-2086

* feat: add tests for new delete flows, refs AC-2086

* fix: update new conditionals with bool return value, refs AC-2086

* feat: simplify conditional in regards to LimitCollectionCreationDeletion, refs AC-2086

* feat: simplify AllowAdminAccessToAllCollectionItems conditional, refs AC-2086

* feat: add unit test making sure admins can't delete collections without can manage, refs AC-2086
2024-05-08 18:25:22 -04:00
Shane Melton
45be4d5069
[AC-1707] Restrict provider access to items (#3881)
* [AC-2274] Introduce CanEditAnyCiphersAsAdminAsync helper to replace EditAnyCollection usage

* [AC-2274] Add unit tests for CanEditAnyCiphersAsAdmin helper

* [AC-2274] Add Jira ticket

* [AC-1707] Add feature flag

* [AC-1707] Update CanEditAnyCiphersAsAdmin to fail for providers when the feature flag is enabled

* [AC-2274] Undo change to purge endpoint

* [AC-2274] Update admin checks to account for unassigned ciphers

* [AC-1707] Fix provider auth checks after merge with main

* [AC-1707] Fix tests after merge

* [AC-1707] Adjust CanEditCipherAsAdmin method to properly account for admin user types

- Fix associated unit tests

* [AC-1707] Formatting
2024-05-07 12:30:48 -07:00
Alex Urbina
1ede40d5e1
DEVOPS-1901 Fix error: az login again to refresh permissions (#4050)
* DEVOPS-1901 REFACTOR: Remove the Docker image per registry

* DEVOPS-1901 REFACTOR: Docker image removal process in cleanup-after-pr.yml
2024-05-07 19:20:50 +00:00
renovate[bot]
928f94db1f
[deps] Platform: Update Microsoft.AspNetCore.Http to v2.2.2 (#3753)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-05-07 10:25:46 -07:00
cyprain-okeke
6bdee5dd34
Fix the issue of returning on Error! without descriptive message (#4056)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-07 17:45:01 +01:00
Jason Ng
ea49ff7dcb
[AC-1121] Update authorization for orphaned collections (#4047)
* update BulkCollectionAuthorizationHandler to account for orphaned collections
2024-05-07 11:02:59 -04:00
renovate[bot]
9e554006f3
[deps] Auth: Update Microsoft.Azure.Cosmos to v3.39.1 (#3541)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-05-07 07:49:52 -07:00
Vince Grassia
4a607b7406
Add IgnoreUnmatchedProperties when deserializing YAML (#4061) 2024-05-07 13:50:04 +00:00
Bitwarden DevOps
6970207e9e
Bumped version to 2024.5.0 (#4060) 2024-05-06 22:36:31 +00:00
Thomas Avery
cd3a45c8c6
[SM-1030] Cleanup old access policy management code (#4015)
* Remove access selector code

* Cleanup integration tests
2024-05-06 14:56:58 -05:00
cyprain-okeke
3715d7d426
Add providerType as part of the response object (#4055)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-06 20:21:38 +01:00
Alex Morask
bcfaf55412
[AC-2548] Remove automatic tax collection check from provider creation (#4042)
* Remove automatic tax collection check

* Fix tests
2024-05-06 11:56:02 -04:00
Jake Fink
2a535ac835
[PM-7919] return exception if trying to overwrite keypair (#4052)
* return exception if trying to overwrite keypair

* add feature flag
2024-05-06 08:49:18 -04:00
renovate[bot]
90e065556e
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.86 (#4049)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-06 13:50:31 +02:00
Shane Melton
6a8d97affb
Add the extension-refresh feature flag (#4041) 2024-05-03 16:16:57 -04:00
Todd Martin
5a5e5c5058
Disabled major updates for bootstrap, del, gulp (#4048) 2024-05-03 12:04:56 -04:00
Shane Melton
d965166a37
[AC-2084] Include Collection permissions for admin endpoints (#3793)
* [AC-2084] Add documentation to existing collection repository getters

* [AC-2084] Add new CollectionAdminDetails model

* [AC-2084] Add SQL and migration scripts

* [AC-2084] Introduce new repository methods to include permission details for collections

* [AC-2084] Add EF repository methods and integration tests

* [AC-2084] Update CollectionsController and response models

* [AC-2084] Fix failing SqlServer test

* [AC-2084] Clean up admin endpoint response models
- vNext endpoints should now always return CollectionDetailsResponse models
- Update constructors in CollectionDetailsResponseModel to be more explicit and add named static constructors for additional clarity

* [AC-2084] Fix failing tests

* [AC-2084] Fix potential provider/member bug

* [AC-2084] Fix broken collections controller

* [AC-2084] Cleanup collection response model types and constructors

* [AC-2084] Remove redundant authorization check

* [AC-2084] Cleanup ambiguous model name

* [AC-2084] Add GroupBy clause to sprocs

* [AC-2084] Add GroupBy logic to EF repository

* [AC-2084] Update collection repository tests

* [AC-2084] Update migration script date

* Update migration script date

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
2024-05-03 09:33:06 -04:00
cyprain-okeke
25c87214ff
Fix typo in 'Provider' spelling (#4043)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-02 22:50:10 +01:00
Kyle Spearrin
c045739325
[PM-6977] Migrate to FCM v1 (redo) (#4046)
* revert changes again

* use IServiceProvider

* fix test
2024-05-02 16:37:06 -04:00
rkac-bw
b40d9ab70d
Set mysql version to 8.0 in docker compose, prevent upgrading to 8.4 (#4045)
* Set mysql version to 8.0 in docker compose to prevent upgrading to 8.4 for now

* touched file to trigger test

* revert tocuhed file
2024-05-02 14:05:49 -06:00
Thomas Avery
7f8cea58d0
[SM-923] Add project service accounts access policies management endpoints (#3993)
* Add new models

* Update repositories

* Add new authz handler

* Add new query

* Add new command

* Add authz, command, and query to DI

* Add new endpoint to controller

* Add query unit tests

* Add api unit tests

* Add api integration tests
2024-05-02 11:06:20 -05:00
Thomas Rittson
e302ee1520
[AC-2170] Group modal - limit admin access - collections tab (#3998)
* Update GroupsController POST and PUT to respect collection management settings
2024-05-02 09:55:16 +10:00
Thomas Rittson
f0b9391249
Prevent user from adding themselves to collection (#4037) 2024-05-02 08:32:50 +10:00
Matt Gibson
bc0a35259d
Add events collection to full server launch configs (#4039) 2024-05-01 13:43:31 -04:00
Thomas Avery
29a69b76a4
[SM-1222] Add event and reference event logging to secrets sync (#4031) 2024-05-01 12:31:58 -05:00
Thomas Avery
ebd88393c8
[SM-910] Add service account granted policies management endpoints (#3736)
* Add the ability to get multi projects access

* Add access policy helper + tests

* Add new data/request models

* Add access policy operations to repo

* Add authz handler for new operations

* Add new controller endpoints

* add updating service account revision
2024-05-01 11:47:11 -05:00
cyprain-okeke
a14646eaad
resolve the text style (#4038)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-01 17:00:39 +01:00
Thomas Rittson
5012d56e5a
[AC-2538] Limit admin access - fix ManageUsers custom permission (#4032)
* Fix issue where ManageUsers custom permission could not
  grant access to collections
* Split ModifyAccess operation to ModifyUserAccess and
  ModifyGroupAccess to reflect more granular operations
2024-05-01 10:06:24 +10:00
cyprain-okeke
3749fa6113
resolve the issue (#4035)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-04-30 19:20:48 +01:00
Shane Melton
8e7bd79d9a
[AC-2274] Restrict Admin POST/PUT/DELETE Cipher Endpoints for V1 FC (#3879)
* [AC-2274] Introduce CanEditAnyCiphersAsAdminAsync helper to replace EditAnyCollection usage

* [AC-2274] Add unit tests for CanEditAnyCiphersAsAdmin helper

* [AC-2274] Add Jira ticket

* [AC-2274] Undo change to purge endpoint

* [AC-2274] Update admin checks to account for unassigned ciphers

---------

Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
2024-04-30 10:28:16 -07:00
renovate[bot]
79a4cbaa09
[PM-7335] [deps] Auth: Update Duende.IdentityServer to v7 (#3709)
* [deps] Auth: Update Duende.IdentityServer to v7

* Fixes for upgrade incompatibility

* Update configuration file used in a test

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-04-30 09:50:36 -07:00
Todd Martin
e74d299e6b
[PM-1449] Add email-verification flag (#4033) 2024-04-30 12:43:12 -04:00
Alex Morask
ccaee0b719
Stopped subtracting grace period from expiration date when license is in trial (#3991) 2024-04-30 10:55:05 -04:00
SmithThe4th
cb55699d80
get updated cipher and used that in the response model (#4030) 2024-04-29 16:12:42 -04:00
renovate[bot]
ba4c2639b7
[deps] Auth: Update del to v6.1.1 (#3607)
* [deps] Auth: Update del to v6.1.1

* fix bootstrap

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-04-29 10:59:59 -07:00
Thomas Rittson
19217679cf
Fix migration script date to be merge date (#4028) 2024-04-29 07:08:31 -06:00
Thomas Rittson
ba36b2d26a
[AC-2172] Member modal - limit admin access (#3934)
* update OrganizationUsersController PUT and POST
* enforces new collection access checks when updating members
* refactor BulkCollectionAuthorizationHandler to avoid repeated db calls
2024-04-29 11:02:06 +10:00
Ike
8142ba7bf2
target bootstrap v4.6.2 (#4024) 2024-04-26 17:40:45 -07:00
SmithThe4th
e2d445dd3c
Changed PutCollections response model to return collection ids (#4023) 2024-04-26 16:27:00 -04:00
Rui Tomé
b3e5076128
[AC-1978] Flexible collections: EF data migrations for deprecated permissions (#3969)
* [AC-1682] Added MySql migration and script

(cherry picked from commit d367f6de6b)

* [AC-1682] Added Postgres migration and script

(cherry picked from commit 9bde1604da)

* [AC-1682] Added Sqlite migration and script

(cherry picked from commit 262887f9c3)

* [AC-1682] dotnet format

(cherry picked from commit 00eea0621c)

* [AC-1682] Fixed Sqlite query

(cherry picked from commit 26f5bf8afd)

* [AC-1682] Drop temp tables if they exist when starting the scripts

(cherry picked from commit c20912f95c)

* [AC-1682] Removed MySql transaction from script because EF migration already wraps it under its own transaction

(cherry picked from commit 7b54d78d67)

* [AC-1682] Setting FlexibleCollections = 1 only for Orgs that had data migrated in previous steps

(cherry picked from commit 28bba94d81)

* [AC-1682] Updated queries to check for OrganizationId

(cherry picked from commit a957530d5e)

* [AC-1682] Fixed MySql script

(cherry picked from commit deee483ab7)

* [AC-1682] Fixed Postgres query

(cherry picked from commit c3ca9ec3c8)

* [AC-1682] Fix Sqlite query

(cherry picked from commit fada0a81bf)

* [AC-1682] Reverted scripts back to enabling Flexible Collections to all existing Orgs

(cherry picked from commit bd3b21b969)

* [AC-1682] Removed dropping temporary table from scripts

(cherry picked from commit eb7794d592)

* [AC-1682] Removed other temp table drops

(cherry picked from commit 26768b7bf8)

* [AC-1978] Fix issue that allows the web app to have the user type Manager available

(cherry picked from commit 2890f78870)

* [AC-1682] Bump dates on migration scripts

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-04-26 14:11:29 +01:00
Rui Tomé
d2abf5b2d7
[AC-2323] Flexible collections: automatically migrate data for all Organizations (#3927)
* [AC-2323] Added script to migrate all sql organizations to use flexible collections

* [AC-2323] Overriding FlexibleCollectionsSignup to true for local usage

* [AC-2323] Fix script comment

* [AC-2323] Fixed typo

* [AC-2323] Bump up date on migration script

* [AC-2323] Bump migration script date

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-04-26 14:11:00 +01:00
Alex Morask
186afbc162
Updated CB to use both flag and provider status. (#4005) 2024-04-25 15:27:00 -04:00
Thomas Avery
a7b992d424
[SM-1150] Add secret sync endpoint (#3906)
* Add SecretsSyncQuery

* Add SecretsSync to controller

* Add unit tests

* Add integration tests

* update repo layer
2024-04-25 10:34:08 -05:00
Alex Morask
f7aa56b324
Handle case where Stripe IDs do not relate to Stripe entities (#4021) 2024-04-25 11:07:47 -04:00
renovate[bot]
78b57ba99f
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.81 (#4019)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-25 15:42:53 +02:00
renovate[bot]
be05050e68
[deps] Tools: Update LaunchDarkly.ServerSdk to v8.4.0 (#4020)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-25 15:41:18 +02:00
cyprain-okeke
b220de0126
[AC-2312] Server: Update ProviderOrganizationsController.Delete to update provider plan (#4008)
* initial commit

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* fix the failing unit test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve some pr comments

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* resolves some pr comments

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* resolve the collection expression suggestion

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* resolve pr comments

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* test for when the flag is on

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* rename the test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-04-25 14:24:14 +01:00
Alex Morask
eac2b9f0b8
[AC-2488] Return default state for billing metadata when Organization has no Stripe entities (#4018)
* Return default state for billing metadata when no stripe entities

* Fix tests
2024-04-25 09:21:05 -04:00
Alex Morask
b12e881ece
[AC-2488] Add billing endpoint to determine SM standalone for organization (#4014)
* Add billing endpoint to determine SM standalone for org.

* Add missing attribute
2024-04-24 16:29:04 -04:00
cyprain-okeke
d3c964887f
[AC-2512] Admin: Seat Minimum input fields are showing for Reseller-type providers (#4013)
* resolve the issue

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* remove the unused reference

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-04-24 20:37:21 +01:00