1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-28 13:15:12 +01:00
Commit Graph

4567 Commits

Author SHA1 Message Date
Rui Tomé
9d59e4dc9e
[AC-1637] Sanitize Business and Organization Names from html script injection prior to storing in db (#3302)
* [AC-1637] Added HtmlEncodingStringConverter to encode/decode special chars on JSON serialization/deserialization

* [AC-1637] Added unit tests for HtmlEncodingStringConverter

* [AC-1637] Moved expected values on unit tests to the arrange phase

* [AC-1637] Added HtmlEncodingStringConverter to properties that are for input/output of Org Name and Business name

* [AC-1637] Modified views in Admin project to decode values to display

* [AC-1637] Replaced Html.Raw with HttpUtility.HtmlDecode

* [AC-1637] Added JsonConverter to Provider DTOs

* [AC-1637] Modified HandlebarsMailService to decode organization name before sending emails

* Revert "[AC-1637] Added JsonConverter to Provider DTOs"

This reverts commit 94d507cf93.

* [AC-1637] Fixed Admin panel organization search

* [AC-1637] Sanitizing Organization name and business name on creation in Admin panel

* [AC-1637] Sanitizing organization name and business name on creation by a provider

* [AC-1637] Sanitizing provider name on creation and on viewing in admin panel

* [AC-1637] Added sanitization to more places where Org name is used

* [AC-1637] Swapped using HttpUtility for WebUtility since the later is part of the dotnet framework

* [AC-1637] Updated error messages

* [AC-1637] Decoding on Admin panel add existing organization

* [AC-1637] Fix HTML decoding issues

* [AC-1637] Refactor HTML decoding in View and Model classes on Admin panel

* [AC-1637] Refactor provider name and business name usages to use methods that output decoded values

* [AC-1637] Fixed typo

* [AC-1637] Renamed Provider methods to retrieve Decoded Name and BusinessName

* [AC-1637] Renamed Organization methods to retrieve Decoded Name and BusinessName

* [AC-1637] Update the display name method in the `ProviderOrganizationOrganizationDetails` class to `DisplayName()`
2024-03-05 10:56:48 +00:00
Tom
997af0f6ab
[PM-221] Adding CipherId to the Send table, create/update sprocs, and added mi… (#3646)
* Adding CipherId to the Send table, create/update sprocs, and added migrations

* changing migrator script to drop create sprocs

* fixing double brackets

* Revert "changing migrator script to drop create sprocs"

This reverts commit 2d5171e7e5.

* Remove comment I nitpicked

* Script best practices

* Fix typo

* Try recreate again

* Fix missing output

* Revert "Try recreate again"

This reverts commit 38257ebeaa.

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: federicom09 <fmonesiglio@bitwarden.com>
2024-03-04 19:31:33 -05:00
Todd Martin
94d665e6e9
[PM-5435] Handle Fido2VerificationException on WebAuthn 2FA (#3615)
* Handle Fido2VerificationException on WebAuthn 2FA

* Linting!
2024-03-04 11:43:03 -05:00
renovate[bot]
37a22540a9
[deps] Tools: Update MailKit to v4.4.0 (#3868)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-04 17:29:40 +01:00
renovate[bot]
8919f50435
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.54 (#3862)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-04 10:55:39 +01:00
Matt Bishop
acb453b75b
Provide full depth for Sonar scans (#3860) 2024-02-29 15:40:14 -05:00
renovate[bot]
f96bcae974
[deps] Billing: Update Sentry.Serilog to v3.41.4 (#3822)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-29 09:41:52 -05:00
Alex Morask
eb1eb0554c
Resolve RisksSubscriptionFailure bugs (#3790) 2024-02-29 08:15:18 -05:00
cyprain-okeke
696883c5e0
[AC-2101] Update welcome emails from trial initiation and org creation (#3836)
* Add the email template

* add changes fro the trial initiation email

* adding featureFlags

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* adding noopener

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Fix  the failing test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-02-29 09:16:16 +01:00
renovate[bot]
b7dc9feb0e
[deps] Vault: Update aspnet-health-checks monorepo (major) (#3294)
* [deps] Vault: Update aspnet-health-checks monorepo

* [PM-5249] Add updated Azure Storage Queues health check package that was split from the original Azure Storage health check package

* [PM-5249] Remove Azure Queue Storage health checks and dependencies

* [PM-5249] Remove unused Redis, Service Bus, and SendGrid health checks

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Shane Melton <smelton@bitwarden.com>
2024-02-28 11:42:45 -08:00
renovate[bot]
0b56c0e14b
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.53 (#3848)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-28 12:44:57 +01:00
Matt Bishop
80e386be56
Don't exclude tests from Sonar (#3844) 2024-02-27 08:12:11 -05:00
Thomas Rittson
e0ae294953
[AC-2099] Flexible Collections migration integration tests (#3828)
Add integration tests for Organization_EnableCollectionEnhancements sproc
2024-02-27 10:40:29 +00:00
Bitwarden DevOps
b3a6bf5af3
Bumped version to 2024.2.3 (#3842) 2024-02-26 17:25:44 +00:00
Alex Morask
40a2a567e6
Sent initiation path for organization and user signups (#3723) 2024-02-26 11:50:24 -05:00
renovate[bot]
56543722ad
[deps] DevOps: Update codecov/codecov-action action to v4 (#3840)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-26 09:37:23 -05:00
Vincent Salucci
8fb64f036c
fix: set orgUser Id for collection access when creating reseller org, refs AC-2214 (#3839) 2024-02-26 09:00:34 +10:00
Thomas Rittson
4ae86b7d34
[AC-2213] Add Flexible Collections information in the Bitwarden Portal (#3801)
* Add Flexible Collections information in the Bitwarden Portal

* Add collection management settings

* Add headings
2024-02-25 10:26:08 -06:00
Matt Bishop
faf84f9aa9
Use primary tag for container scans (#3838)
* Use local path for container scans

* Use a primary tag
2024-02-23 16:09:51 -05:00
Matt Bishop
96d0ae9cf7
Consolidated scanning (#3832)
* Consolidated security scanning

* Add quality scan

* Version bumps

* Add container scanning

* Check out repo for container scan

* Build need and dependent outputs

* Incremental SAST

* Sonar fixes

* Underscore

* Inherit secrets

* Qualify Docker image name outputs

* Try a login

* Remove build modifications as this doesn't work with a matrix

* Move container scanning closer to tbe Docker steps for better management
2024-02-23 13:47:23 -05:00
Shane Melton
6d089d3c26
[AC-2195] Fixes for FC V1 for Custom Users (#3837)
* [AC-2195] Ensure Custom users with EditAnyCollection can always access all ciphers

* [AC-2195] Ensure FC V1 logic is not used for non-migrated organizations
2024-02-23 10:01:14 -08:00
Oscar Hinton
bad9694f6c
[PM-6378] Add noreferrer to external admin urls (#3827) 2024-02-23 14:54:41 +01:00
Justin Baur
e22da3a53e
Replace async void with async Task (#3835) 2024-02-22 11:59:08 -05:00
Thomas Avery
1499d1e2c6
[SM-713] Add database support for secret access policies (#3681)
* mssql add column and migration

* Add secret access policies to EF models and config

* Clear new access policies on service account delete

* Add SM cleanup code on delete

* Fix EF org user bulk delete

* Run EF migrations
2024-02-22 10:06:39 -06:00
Todd Martin
374b59bcfb
[PM-5947] Add self-hosted override to allow Duo redirect flow (#3818) 2024-02-21 14:17:40 -05:00
Justin Baur
70fac808b0
Use FrozenDictionary in StaticClientStore (#3833)
* Add Benchmark

* Use FrozenDictionary

* Use TryGetValue

* Format
2024-02-21 10:29:59 -05:00
Thomas Rittson
0abd52b5be
[AC-1895] AC Team code ownership moves: Bitwarden Portal (#3528)
---------

Co-authored-by: Addison Beck <hello@addisonbeck.com>
2024-02-21 09:18:09 +10:00
renovate[bot]
3a6b2d85d3
[deps] DevOps: Update CommandDotNet to v7.0.3 (#3824)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-20 15:59:55 -05:00
Justin Baur
a661ffdb3d
Improve Speed of EncryptedStringAttribute (#3785)
* Improve Speed of EncryptedStringAttribute

- Use Base64.IsValid
- Use SearchValues

* Fix Tests

* Remove SearchValues Change

* Format
2024-02-20 13:07:54 -05:00
Oscar Hinton
80a3979be1
Remove unused job hosted service from billing (#3831) 2024-02-20 18:50:04 +01:00
Matt Bishop
af56ab4159
Remove unnecessary identity column indication (#3830) 2024-02-20 11:42:52 -05:00
Oscar Hinton
9720d18a0a
Include all projects in coverage (#3829)
Not all of our server projects had associated test projects which caused them to be omitted from the code coverage. Added projects to ensure the coverage gets reported accurately.
2024-02-20 17:18:40 +01:00
Vincent Salucci
e23f37ea1f
[AC-2214] Defect - provider reseller org creation when fc signup flag enabled (#3805)
* fix: supply signup feature flag to provider reseller org creation, refs AC-2214

* feat: extend flexible collections coverage to enhancement bools, refs AC-2214
2024-02-20 09:53:50 -06:00
renovate[bot]
4e6360cc4f
[deps] DbOps: Update EntityFrameworkCore (#3823)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-20 09:42:30 -05:00
renovate[bot]
d384107ef7
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.52 (#3826)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 16:37:11 +01:00
renovate[bot]
a98af69e00
[deps] Tools: Update SendGrid to v9.29.2 (#3811)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 11:24:47 +01:00
Alex Morask
b866353d2c
Split endpoints for FF 'AC-1607_present-user-offboarding-survey' (#3814) 2024-02-16 13:37:54 -05:00
Rui Tomé
d187487cb7
[AC-2077] Set a minimum number of seats for the tested Organization (#3702)
* [AC-2077] Set a minimum number of seats for the tested Organization

* [AC-2077] Added PlanType property to OrganizationCustomization

* [AC-2077] Set up the test secrets manager seats to be null in case the plan does not support it
2024-02-16 11:49:05 +00:00
renovate[bot]
268db7d45e
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.51 (#3804)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-16 09:42:15 +01:00
Shane Melton
da0da772e9
[PM-6325] Include permission details for non FC organizations when creating/updating a collection (#3810) 2024-02-15 09:49:37 -08:00
Opeyemi
7f752fbd62
Remove individual linter file (#3808) 2024-02-15 11:15:37 -05:00
Oscar Hinton
8a7779d30c
Exclude dev directory from iac scans (#3807)
* Exclude dev directory from iac scans
2024-02-15 08:53:03 -05:00
Matt Bishop
179b7fb498
Exclude tests from Checkmarx (#3797)
* Exclude tests from Checkmarx

* Leading slash

* Simpler path
2024-02-15 08:01:40 -05:00
renovate[bot]
0b486b0585
[deps] Tools: Update SignalR to v8.0.2 (#3803)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-15 11:14:30 +01:00
Jake Fink
d99d3b8380
[PM-6303] Add duo state to 2fa (#3806)
* add duo state to 2fa

* Id to UserId
2024-02-14 18:00:46 -05:00
rkac-bw
744d21ec5e
[PM-4767] Update Grant_Save procedure (#3641)
* modify grant_save sql script to migration and Auth SQL scripts to not use merge

* Update formatting for sql files

* Fix formatting for sql files

* Format using Prettier

* Rename 2024-01-03_00_FixGrantSave.sql to 2024-02-12_00_FixGrantSave.sql

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-02-14 09:48:58 -07:00
Rui Tomé
4830a352e8
[AC-2154] Log backup data in OrganizationEnableCollectionEnhancementsCommand as Json (#3802) 2024-02-14 14:42:16 +00:00
Thomas Rittson
06dcdd7d13
Fix Flexible Collections block in Public API (#3800)
Only throw if collection.Manage is true
2024-02-14 08:42:07 -06:00
Thomas Rittson
a07aa8330c
[AC-2206] Fix assigning Manage access to default collection (#3799)
* Fix assigning Manage access to default collection

The previous implementation did not work when creating an org as a
provider because the ownerId is null in OrganizationService.SignUp.
Added a null check and handled assigning access in ProviderService
instead.

* Tweaks
2024-02-14 08:41:51 -06:00
Alex Morask
97018e2501
Upgrade logging packages for .NET 8 (#3798) 2024-02-13 14:34:55 -05:00