* Add Collections Tests
* Update CollectionRepository Implementation
* Test Adding And Deleting Through Replace
* Format
* Fix Most Test Warnings
* Format
* SM-1146: SM Organization Counts for Projects, Secrets, Machine Accounts
* SM-1146: Project total counts
* SM-1146: models object renames
* SM-1146: Service Account total counts
* SM-1146: Unit test coverage for counts controller
* SM-1146: Counts controller simplification, UT update
* SM-1146: Service Account total counts from Service Account auth user
* SM-1146: Integration Tests for total counts controller
* SM-1146: Explicitly denying access for Service Accounts
* SM-1146: Fix broken ProjectsController integration test
* SM-1146: Integration tests for counts controller
* SM-1146: Explicitly denying access for Service Accounts cleanup
* SM-1146: Test cleanup
* SM-1146: PR review comments fix
* SM-1146: People, Service Accounts positive count on write access
* Update bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Add AccessToSecretsAsync to the repository
* Add BulkSecretAuthorizationHandler
* Update controller to use the new authz handler
* Add integration test coverage
* Enable `nullable` for `ApiKey`
* Switch to Using `required`
* Make Scope Be Valid JSON
* Update test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Move Nullable Directive
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Show a more detailed error message if duplicate GUIDS are passed ot get by Ids
* Update test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Making requested changes to tests
* lint fix
* fixing whitespace
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Show a more detailed error message if duplicate GUIDS are passed ot get by Ids
* Update test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Making requested changes to tests
* lint fix
* fixing whitespace
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Add authz handling for secret access policy reads
* Add the ability to fetch secret access polices from the repository
* refactor response models
* Add new endpoint
* Add new models
* Update repositories
* Add new authz handler
* Add new query
* Add new command
* Add authz, command, and query to DI
* Add new endpoint to controller
* Add query unit tests
* Add api unit tests
* Add api integration tests
* Add the ability to get multi projects access
* Add access policy helper + tests
* Add new data/request models
* Add access policy operations to repo
* Add authz handler for new operations
* Add new controller endpoints
* add updating service account revision
* refactoring replace logic
* model for policies + authz handler + unit tests
* update AP repository
* add new endpoints to controller
* update unit tests and integration tests
---------
Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>
* Expose access policy discriminators
* Add people policy model and auth handler
* Add unit tests for authz handler
* Add people policies support in repo
* Add new endpoints and request/response models
* Update tests
* Add ability to fetch events by service account
* Extract GetDateRange into ApiHelpers util
* Add dapper implementation
* Add EF repo implementation
* Add authz handler case
* unit + integration tests for controller
* swap to read check
* Adding comments
* Fix integration tests from merge
* Enabled SM events controller for self-hosting
* restricting access to disabled orgs
* Unit Test Updates
* Update test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Covering all test cases
* making organization enabled NOT default
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Add ProjectLimitQuery
* Add query to DI
* Add unit tests
* Add query to controller
* Add controller unit tests
* add integration tests
* rename query and variables
* More renaming
* Add support CanReadSecret authorization
* Extract base response model for secret
* Add support for SA bulk fetching event logging
* secret repository bug fix
* Add endpoint and request for bulk fetching secrets
* Swap to original reference event
* Add unit tests
* Add integration tests
* Add unit tests for authz handler
* update authz handler tests
---------
* Swagger fixes
Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com>
* Make Response Models return Guids instead of strings
* Change strings into guids in ScimApplicationFactory
---------
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Move to access query for project commands
* Swap to hasAccess method per action
* Swap to authorization handler pattern
* Move ProjectOperationRequirement to Core
* Add default throw + tests
* Extract authorization out of commands
* Unit tests for authorization handler
* Formatting
* Swap to reflection for testing switch
* Swap to check read & reflections in test
* fix wording on exception
* Refactor GetAccessClient into its own query
* Use accessClientQuery in project handler
* SM-695: Block create or update for admins on secrets outside of the org
* SM-695: Update test, org is required on project
* SM-695: Update tests to set matching org id in project
* SM-695: Ensure there is no more than 1 project connected to a secret, plus remove org admin check in the CreateSecretCommand.
* SM-695: Add integration tests for create and update secrets security fixes
* SM-695: Update Create and Update secret tests, a secret can only be in one project at a time
* Wire up read/write for secret list and secret response
* Fix trash
* Remove UserHasReadPermission
* Fix list by project
* Implement admin and service accounts for AccessToSecretAsync
* Resolve feedback
* Fix tests
* Rename function
* Change create to return true, true
* Remove duplicated access check
* SM-655: Add Authorize attribute for secrets on the SM Porting Controller
* SM-655: Add access secrets manager check to SM Import and Export
* SM-655: Add tests for export and import endpoints
* SM-561: Update secret revision date on restore
* SM-561: Update secret revision dates when a project is deleted
* SM-561: Fix bug when updating revision dates for secrets when their parent project is deleted
* SM-561: Handle case when there are no secrets in the projects that are being deleted
* SM-561: Rename func to GetManyWithSecretsByIds and move UpdateRevisionDates call from ProjectsController to projects delete command
* SM-561: update secret ids before project deletion
* SM-561: Refactor out command in command call to follow CQRS pattern
* SM-561: Remove null check
* Add endpoints to check current user's permission
* Swap to adding current user permission onto GET
* Cleanup DI
* Add ProjectPermissionDetails DTO and query
* code review updates
* Remove assert recent for longer running creates
* [SM-66] Create Secret Database Table (#2144)
Objective
The purpose of this PR is to create a database table, entity, and repository for the new Secret database table.
The new Secret table will use entity framework for all database providers.
* [SM-67] Get all secrets by org ID (#2163)
Add a controller to fetch secrets associated with an organization ID.
To note, the [SecretsManager] attribute makes this controller only available for local development.
* [SM-68] Add API endpoints for getting, creating, and editing secrets (#2201)
The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project.
* Move interfaces to core (#2211)
* [SM-63] Read UTC DateTimes from databases via EF and order by revision date (#2206)
* Read UTC DateTimes from db and order by revision
* Move orderby to repo layer
* [SM-185] Add EE_Testing_env to server (#2222)
* Sm 104 project Database (#2192)
* Project DB addition and sprocs
* Adding spaces to the end of each file, fixing minor issues
* removing useless comments
* Adding soft delete proc to migration
* Project EF Scaffold
* Additional changes to use EF instead of procedures
* Adding dependency injection
* Fixing lint errors
* Bug fixes
* Adding migration scripts, removing sproc files, and setting up Entity framework code
* Adding back accidentally deleted sproc
* Removing files that shouldn't have been created
* Lint
* Small changes based on Oscar's rec (#2215)
* Migrations for making CreateDate not null
* adding space to end of file
* Making Revision date not null
* dotnet format
* Adding nonclustered indexes to SQL
* SM-104: Update PR with changes Thomas proposed
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
* Removing org ID from create request body (#2243)
* SM-114: Add create & update project endpoints (#2251)
* SM-114: Initial commit with create project endpoint (for SM)
* SM-114: Add Update Project route (for SM)
* SM-114: Fix file encodings
* Fix DI issue for SM Project Create/Update commands
* Fix import ordering for linter
* SM-114: Remove unneeded lines setting DeletedDate, as it should already be null
* SM-114: Only have OrgId in route for CreateProject
* Remove unneeded using
* SM-114: Initial commit with create project endpoint (for SM)
* SM-114: Add Update Project route (for SM)
* SM-114: Fix file encodings
* Fix DI issue for SM Project Create/Update commands
* Fix import ordering for linter
* SM-114: Remove unneeded lines setting DeletedDate, as it should already be null
* SM-114: Only have OrgId in route for CreateProject
* Remove unneeded using
* Fully remove OrgId from ProjectCreateRequestModel
* [SM-64] Soft Delete Secrets (#2253)
* Bulk delete secrets with command unit tests
* Controller unit tests
* Optimize conditionals
* SM-64 bulk delete integration test
* fix test
* SM-64 code review updated
* [SM-65] Fix return empty secrets list (#2281)
* Secrets return empty list
* [SM-246] Use repository in integration test (#2285)
* [SM-190] Add integration tests to Secrets (#2292)
* Adding integration tests for the SecretsController
Co-authored-by: Hinton <hinton@users.noreply.github.com>
* Sm 95 - Adding GetProjects endpoint (#2295)
* SM-114: Initial commit with create project endpoint (for SM)
* SM-114: Add Update Project route (for SM)
* SM-114: Fix file encodings
* Fix DI issue for SM Project Create/Update commands
* Adding GetProjectsByOrg
* fixing merge conflicts
* fix
* Updating to return empty list
* removing null check
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
* [SM-191] Create ServiceAccount Table (#2301)
* SM-191 Create ServiceAccount Table
* [SM-207] API for listing service accounts by organization (#2307)
* SM-207 list service accounts by org
* SM-96: Add ability to get project by id (#2314)
* SM-96: Small change to allow getting project by id
* Fix whitespace issue
* Add first integration test and fix date bug
* Ensure tests are consistent
* Add more project controller integration tests
* Remove commented delete for now
* [SM-187] Create ServiceAccounts (#2323)
* SM-187 Create & Update ServiceAccounts
* Remove extra new line src/Api/Controllers/ServiceAccountsController.cs
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [SM-218] [SM-219] SM Auth flow (#2297)
* SM-282 Delete Projects (#2335)
* SM-282 delete & bulk delete projects
* Have delete commands return tuple with object
* Fix admin project not working after secrets manager changes (#2339)
* [SM-150] proj and secrets mapping (#2286)
* Beggining of changes for Project Secrets mapping
* Beggining of changes for project and secrets mapping
* Inital changes to add Mapping table for Project Secrets
* Resolve migration not working properly
* Indent sql
* Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository.
* Changes made with Oscar
* Add reversemap
* running lint and removing comments
* Lint fixes
* fixing merge issues
* Trying to fix the DB issue
* DB fixes
* fixes
* removing unused space
* fixing lint issue
* final lint fix I hope
* removing manually added sql.sqlproj
* Lint changes and fixing the sql proj issues
* adding ServiceAccount to sql proj
* Removing ON DELETE CASCADE
* remove On delete cascade
* changes for deleting project and secret inside of the Organization_DeleteById procedure.
* changes for deleting project and secret inside of the Organization_DeleteById procedure.
* migration changes
* Updating constraints
* removing void
* remove spaces
* updating cipherRepo tests to be task instead of void
* fixing
* fixing
* test
* fix
* fix
* changes to remove circular dependency
* fixes
* sending guid and string name of the project over
* Update src/Sql/dbo/Tables/Secret.sql
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update src/Sql/dbo/Tables/Project.sql
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* removing unused code
* Potential refactor (#2340)
* migrations
* Postgres migraiton
* Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* rename file
* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Lint fixes
* removing extra semi colon
* removing circular references with projects and secrets
* adding back projects
* Add ProjectFixture
* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>
* [SM-300] Access token endpoint (#2377)
* [SM-324] Add Organization to JWT claim (#2379)
* [SM-259] Add create access token endpoint for service accounts (#2411)
* Add create access token for service accounts
* [SM-259] Fix create access token scope initialization (#2418)
* Fix namespace for ServiceAccount command tests
* Remove "this" from SecretsManager requests
* Fix have scope be assigned a JSON list
* SM-99: Individual Project / Secrets Tab (#2399)
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [SM-361] Add Support for never expiring ApiKeys (#2450)
* Update database to support never expiring ApiKey
* Update Api to support never expiring ApiKeys
* Fix unit test variable naming
* Remove required from model
* Fix spacing
* Add EF migrations
* Run dotnet format
* Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [SM-359] Fix project secrets migration (#2443)
* [SM-299] Add UseSecretsManager flag (#2413)
* [SM-193] Access Policy (#2359)
* [SM-371] Fix and re-enable parallel integration tests (#2460)
* Fix and re-enable parallel integration tests
* Fix package lock files
* Move fix to ApiApplicationFactory
* Run dotnet restore --force
* Run dotnet format
* Reset packages.lock.json files
* Add project access checks for listing
* SM-99: Add CreateSecretWithProject Integration Test (#2452)
* Add GetSecretsByProjectAsync endpoint
* Add GetManyByProjectIdAsync endpoint
* Update response model for GetSecretsByProjectAsync
* Include projects when returning secrets by project id
* SM-99: Add ability to specify projectId when creating a secret
* SM-99: Update tests to accomodate for new create secret parameter
* Fix failing test
* SM-99: Handle optional projectId for new secret in ToSecret()
* SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings
* SM-99: make CreateAsync for secret more clear
* Add CreateSecretWithProject integration test
* Fix CreateSecretWithProject integration test for SM-99
* Run dotnet format
* Undo added space
* Refactor test
* Refactor CreateSecretWithProject API Integration test again
* Change to boolean flag
* [SM-379] Add SDK device type (#2486)
* Add support for service accounts
* Improve logic for project repository
* Add remaining client types
* Experiment with separate enum for access control
* Add access checks to update project
* Rework AccessClientType
* Add access checks to fetching project
* Add checks to delete project command (untested)
* Remove some service account stuff
* Add ServiceAccount to AccessClientType
* Change CS8509 to error and 8424 to ignore
* Remove unused utcNow
* Fix delete tests
* SM-73 changes (#2422)
* testing
* test2
* testing
* trying to save the projects associated with the secret
* changes
* more changes
* Fix EF error
* Second attempt
* Replace AddIfNotExists with Add.
* changes
* fixing await issue
* lint
* lint fixes
* suggested changes
* suggested changes
* updating tests
* fixing tests 2
* fixing tests
* fixing test
* fixing test
* fixing tests
* test
* testing
* fixing tests for the millionth time
* fixing tests
* allowing nulls for projectIds, fixing lint
* fixing tests
Co-authored-by: Hinton <hinton@users.noreply.github.com>
* fixing tests
* fixing tests
* [SM-222] [SM-357] Squash Secrets Manager migrations (#2540)
* Fix tables not being cleaned up
* Fix migration
* Squash secrets manager migrations
* Reset EF to pre SM state
* Add EF migrations
* Fix unified docker
* Add missed copy
* Fix all unit tests
* draft changes to add access checks to secrets
* updating code
* more changes
* fixing issues
* updating logic for access checks
* updating secrets controller
* changes
* changes
* merging more
* changes
* updateS
* removing unused comment
* changes requested by Thomas
* more changes suggested by Thomas
* making thomas's suggested changes
* final changes
* Run dotnet format
* fixes
* run dotnet format
* Updating tests
* Suggested changes
* lint fixes
* Test updates
* Changes
* Fixes for tests, and dotnet format
* Fixes
* test fixes
* changes
* fix
* fix
* test fix
* removing duplicate
* Removing dupe
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
* Add service account access policy endpoints
* Add unit & integration tests for new endpoints
* Fix formatting on response models
* Cleanup unit tests
* Add permission checks to access policy endpoints
* Fix unit tests
* Add service account grant permission checks
* Add service account grant tests
* Add new endpoint unit tests
* Cleanup unit tests add integration tests
* User permission enum in create tests
* Swap to NotFoundException for access checks
* Add filter for potential grantees
* Add in AccessSecretsManager check and test it
* Add code review updates
* Code review updates
* Refactor potential grantees endpoint
* Code review updates
