1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Commit Graph

378 Commits

Author SHA1 Message Date
Rui Tomé
58c6f09629
[PM-12684] Remove Members Bulk 2FA feature flag logic (#4864) 2024-10-09 15:32:49 +01:00
Alex Morask
669f1ea5dc
Add IDistributedCache to SCIM (#4871) 2024-10-09 08:52:59 -04:00
renovate[bot]
72b7f6c065
[deps] Billing: Update dotnet monorepo (#4819)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-30 11:14:17 -04:00
Kyle Spearrin
8c8956da37
[PM-12630] support for ping identity SCIM provisioning (#4804)
* support for ping identity SCIM provisioning

* mark ping ip list static
2024-09-26 16:04:27 -04:00
Maciej Zieniuk
9a5c6fe527
PM-11123: Device Type mapping (#4768)
* PM-11123: Device Type mapping

* PM-11123: Moving ClientType out of NotificationCenter, naming clash with Identity ClientType

* PM-11123: Rename ClientType in ICurrentContext to match the type
2024-09-23 23:02:32 +02:00
keithhubner
ab8c3af685
[PM-6630][INT-188] krb5 to dockerfile and kinit entrypoint (#3841) 2024-09-20 12:15:47 -04:00
Alex Morask
68b421fa2b
[PM-11728] Upgrade free organizations without Stripe Sources API (#4757)
* Refactor: Update metadata in OrganizationSignup and OrganizationUpgrade

This commit moves the IsFromSecretsManagerTrial flag from the OrganizationUpgrade to the OrganizationSignup because it will only be passed in on organization creation. Additionally, it removes the nullable boolean 'provider' flag passed to OrganizationService.SignUpAsync and instead adds that boolean flag to the OrganizationSignup which seems more appropriate.

* Introduce OrganizationSale

While I'm trying to ingrain a singular model that can be used to purchase or upgrade organizations, I disliked my previously implemented OrganizationSubscriptionPurchase for being a little too wordy and specific. This sale class aligns more closely with the work we need to complete against Stripe and also uses a private constructor so that it can only be created and utilized via an Organiztion and either OrganizationSignup or OrganizationUpgrade object.

* Use OrganizationSale in OrganizationBillingService

This commit renames the OrganizationBillingService.PurchaseSubscription to Finalize and passes it the OrganizationSale object. It also updates the method so that, if the organization already has a customer, it retrieves that customer instead of automatically trying to create one which we'll need for upgraded free organizations.

* Add functionality for free organization upgrade

This commit adds an UpdatePaymentMethod to the OrganizationBillingService that will check if a customer exists for the organization and if not, creates one with the updated payment source and tax information. Then, in the UpgradeOrganizationPlanCommand, we can use the OrganizationUpgrade to get an OrganizationSale and finalize it, which will create a subscription using the customer created as part of the payment method update that takes place right before it on the client-side. Additionally, it adds some tax ID backfill logic to SubscriberService.UpdateTaxInformation

* (No Logic) Re-order OrganizationBillingService methods alphabetically

* (No Logic) Run dotnet format
2024-09-11 09:04:15 -04:00
renovate[bot]
b103e8f5d9
[deps] Auth: Update sass-loader to v16.0.1 (#4717)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-09-09 10:20:25 -07:00
renovate[bot]
bb99801e2c
[deps] Auth: Update mini-css-extract-plugin to v2.9.1 (#4716)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-09-09 10:17:01 -07:00
Alex Morask
afa9620f35
Add billing operations to SSO for OrganizationService dependency (#4750) 2024-09-09 11:06:24 -04:00
Alex Morask
c0a4ba8de1
[AC-2965] Use OrganizationBillingService to purchase org when FF is on (#4737)
* Add PurchaseSubscription to OrganizationBillingService and call from OrganizationService.SignUpAsync when FF is on

* Run dotnet format

* Missed billing service DI for SCIM which uses the OrganizationService
2024-09-06 10:24:05 -04:00
Rui Tomé
471851978b
[PM-10325] Rename OrganizationUser Delete and BulkDelete endpoints to Remove and BulkRemove (#4711)
* Rename IDeleteOrganizationUserCommand to IRemoveOrganizationUserCommand

* Rename IOrganizationService DeleteUser methods to RemoveUser

* Rename API endpoints for deleting organization users to "Remove"

* chore: Rename Delete method to Remove in MembersController
2024-09-04 11:18:23 +01:00
renovate[bot]
0d61f30d53
[deps] Auth: Update webpack to v5.94.0 [SECURITY] (#4707)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 11:10:40 -04:00
Alex Morask
3c86ec6a35
[AC-2959] ACH Direct Debit POC (#4703)
* Refactor: Rename some methods and models for consistency

This commit contains no logic changes at all. It's entirely comprised of renames of existing models and methods to bring our codebase more in line with our app's functionality and terminology.

* Add feature flag: AC-2476-deprecate-stripe-sources-api

* Standardize error responses from applicable billing controllers

During my work on CB, I found that just using the built-in TypedResults errors results in the client choking on the response because it's looking for the ErrroResponseModel. The new BaseBillingController provides Error utilities to return TypedResults wrapping that model so the client can process it.

* Add feature flagged payment method endoints to OrganizationBillingController

* Run dotnet format
2024-08-28 10:48:14 -04:00
renovate[bot]
ec05077b5c
[deps] Auth: Lock file maintenance (#4541)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-08-27 17:08:48 -07:00
renovate[bot]
6764131934
[deps] Auth: Update sass to v1.77.8 (#4659)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-08-27 11:14:48 -07:00
Todd Martin
0a6c35e56c
Updated bootstrap to 5.3.3 (#4697)
* Updated bootstrap to 5.3.3

* Removed locking of bootstrap version
2024-08-27 09:24:02 -07:00
renovate[bot]
c72ad48da8
[deps] Auth: Update Sustainsys.Saml2.AspNetCore2 to v2.10.0 (#4657)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-08-26 10:41:23 -07:00
Alex Morask
e1a52f7c6e
Set Stripe to assigned seats when assigned seats are greater than incoming seat min (#4679) 2024-08-26 12:35:23 -04:00
Justin Baur
faa9afbe5e
Resolve Billing and Secrets Manager Code (#4645)
* Resolve Billing Warnings

* Resolve SM Warnings
2024-08-17 07:06:31 -04:00
Thomas Rittson
f04c3b8e54
[PM-10361] Remove Group.AccessAll from code (#4614)
* Remove Group.AccessAll from code

* Add shadow property config and migration
2024-08-13 08:54:03 +10:00
Thomas Avery
e2f05f4b8b
Fix SecretAccessPoliciesUpdatesQueryTest (#4619) 2024-08-12 16:58:30 -05:00
Alex Morask
de1a816b07
Handle tax_id_invalid error (#4609) 2024-08-09 14:13:54 -04:00
Maciej Zieniuk
77f8cc58e8
SM-1146: Secrets Manager total counts (#4200)
* SM-1146: SM Organization Counts for Projects, Secrets, Machine Accounts

* SM-1146: Project total counts

* SM-1146: models object renames

* SM-1146: Service Account total counts

* SM-1146: Unit test coverage for counts controller

* SM-1146: Counts controller simplification, UT update

* SM-1146: Service Account total counts from Service Account auth user

* SM-1146: Integration Tests for total counts controller

* SM-1146: Explicitly denying access for Service Accounts

* SM-1146: Fix broken ProjectsController integration test

* SM-1146: Integration tests for counts controller

* SM-1146: Explicitly denying access for Service Accounts cleanup

* SM-1146: Test cleanup

* SM-1146: PR review comments fix

* SM-1146: People, Service Accounts positive count on write access

* Update bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-08-08 15:12:52 +02:00
Alex Morask
2157df9ac8
[AC-2942] Sync seat minimum updates from Admin to Stripe (#4580)
* Sync stripe when seat minimums are updated from admin portal

* Add unit tests

* Run dotnet format
2024-08-05 14:45:33 -04:00
Oscar Hinton
f5c771a057
[PM-10261] Migrate from gulp to webpack (#4569)
* Migrate from gulp to bootstrap

* Remove auto build since it breaks tests
2024-07-31 15:41:55 -04:00
Alex Morask
398741cec4
[AC-2888] Improve consolidated billing error handling (#4548)
* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
2024-07-31 09:26:44 -04:00
Thomas Rittson
ffdc40b21c
[AC-2881] Remove Organization.FlexibleCollections from code (#4552)
* Remove Organization.FlexibleCollections from code

* Drop Organization.FlexibleCollections column in EF databases
(MSSQL column to be retained for 1 additional deployment to support rollback in cloud)
2024-07-26 15:07:33 +10:00
cd-bitwarden
9560a32495
[SM-1211] Adding API endpoint to send out Access Request for SM to Admins, addi… (#4155)
* Adding API endpoint to send out Access Request for SM to Admins, adding email template

* Fixing email template HTML, adding tests

* fixing tests

* fixing lint

* Moving files to proper locations

* fixing build error relating to not removing some old code

* Updating namespaces and removing unused using statements

* Dependency injection fix

* Fixing tests and moving them to proper files

* lint

* format fixes

* dotnet format fix

* small fixes

* removing using directive's that aren't needed

* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/PasswordManager/RequestSMAccessCommandTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.text.hbs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update bitwarden_license/src/Commercial.Core/SecretsManager/Commands/PasswordManager/RequestSMAccessCommand.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Changes requested by Thomas

* Lint fixes

* Suggested changes from Maceij

* Current state of tests

* Fixing tests and getting the core.csproj file from main

* Reverting csproj file change

* Removing usings directory

* dotnet format

* Fixing test

* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/Requests/RequestSMAccessCommandTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update test/Api.Test/SecretsManager/Controllers/RequestSMAccessControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Thomas requested changes

* Fixing 500 error when user name is null

* Prettier error message if user sends over an whitespace string

* Fixing word wrapping issue in email contents

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-07-25 11:04:05 -04:00
Vincent Salucci
02b3453cd5
[AC-2646] Remove FC MVP dead code from Core (#4281)
* chore: remove fc refs in CreateGroup and UpdateGroup commands, refs AC-2646

* chore: remove fc refs and update interface to represent usage/get rid of double enumeration warnings, refs AC-2646

* chore: remove org/provider service fc callers, refs AC-2646

* chore: remove collection service fc callers, refs AC-2646

* chore: remove cipher service import ciphers fc callers, refs AC-2646

* fix: UpdateOrganizationUserCommandTests collections to list, refs AC-2646

* fix: update CreateGroupCommandTests, refs AC-2646

* fix: adjust UpdateGroupCommandTests, refs AC-2646

* fix: adjust UpdateOrganizationUserCommandTests for FC always true, refs AC-2646

* fix: update CollectionServiceTests, refs AC-2646

* fix: remove unnecessary test with fc disabled, refs AC-2646

* fix: update tests to account for AccessAll removal and Manager removal, refs AC-2646

* chore: remove dependence on FC flag for tests, refs AC-2646
2024-07-12 12:25:04 -05:00
Thomas Avery
acc4808509
[SM-1256] Add BulkSecretAuthorizationHandler (#4099)
* Add AccessToSecretsAsync to the repository

* Add BulkSecretAuthorizationHandler

* Update controller to use the new authz handler

* Add integration test coverage
2024-07-09 10:06:33 -05:00
Justin Baur
b61b1eadaf
Devcontainer Improvements (#4466)
* Optionally Run `docker-compose`

* Use Traversal Projects Over Solution Files

* Cleanup VSCode Tasks

* Bind DataProtection Keys to Host

- Makes it so the container can be rebuilt without corrupting data

* Update .vscode/tasks.json

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-07-08 10:48:02 -04:00
Alex Morask
9c8a9f41fb
[AC-2804] Add client ID to provider client invoice report (#4458)
* Add client ID to provider client invoice report

* Run dotnet format
2024-07-05 10:12:03 -04:00
Justin Baur
8b5f65fc00
PM-2944] Make Entities Nullable In Admin Console (#4386)
* Enable `nullable` in `ISubscriber`

* Enable `nullable` in `Group`

* Enable `nullable` in `GroupUser`

* Enable `nullable` in `Organization`

* Enable `nullable` in `OrganizationUser`

* Enable `nullable` in `Policy`

* Enable `nullable` in `Provider`

* Enable `nullable` in `ProviderOrganization`

* Enable `nullable` in `ProviderUser`

* Update Tests

* Formatting

* Update TwoFactor Tests

* Fix Scim Tests

* Format

* Add Migrations

* Format
2024-07-04 21:14:37 -04:00
Justin Baur
1d09b88ade
[PM-2944] Enable Nullable For Secrets Manager (#4389)
* Enable `nullable` for `ApiKey`

* Switch to Using `required`

* Make Scope Be Valid JSON

* Update test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Move Nullable Directive

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2024-07-03 15:17:10 -04:00
Jared Snider
8471326b1e
Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
2024-07-02 17:03:36 -04:00
renovate[bot]
04ab3d4c2e
[deps] Auth: Lock file maintenance (#3961)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-27 13:49:22 -07:00
cyprain-okeke
e0f7d212c8
Fix the Bug for org without subscription (#4213)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-06-27 11:08:46 +01:00
Alex Morask
26575856e6
Remove provider discount for CB (#4277) 2024-06-26 09:33:22 -04:00
Alex Morask
750321afaa
Updated CSV column header, removed invoice PDF URL (#4212) 2024-06-26 09:30:30 -04:00
Alex Morask
e8e725c389
[AC-2795] Add account credit & tax information to provider subscription (#4276)
* Add account credit, suspension and tax information to subscription response

* Run dotnet format'
2024-06-26 09:08:18 -04:00
Alex Morask
95f54b616e
[AC-2744] Add provider portal pricing for consolidated billing (#4210)
* Expanded Teams and Enterprise plan with provider seat data

* Updated provider setup process with new plan information

* Updated provider subscription retrieval and update with new plan information

* Updated client invoice report with new plan information

* Fixed tests

* Fix broken test
2024-06-24 11:16:57 -04:00
Alex Morask
fa62b36d44
[AC-2774] Consolidated issues for Consolidated Billing (#4201)
* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
2024-06-24 11:15:47 -04:00
Thomas Avery
01d67dce48
[SM-654] Individual secret permissions (#4160)
* Add new data and request models

* Update authz handlers

* Update secret commands to handle access policy updates

* Update secret repository to handle access policy updates

* Update secrets controller to handle access policy updates

* Add tests

* Add integration tests for secret create
2024-06-20 12:45:28 -05:00
Thomas Avery
0e6e461602
[SM-654] Add support for direct secret permissions at the repo layer (#4156)
* calculate direct secret permissions at the repo layer

* Add integration tests for service account secret access count
2024-06-20 10:40:24 -05:00
Conner Turnbull
721d2969d4
[PM-8830] Billing Enums Rename (#4180)
* Renamed ProductType to ProductTierType

* Renamed Product properties to ProductTier

* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums

* Moved PlanType enum to Bit.Core.Billing.Enums

* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace

* Added ProductType enum

* dotnet format
2024-06-14 15:34:47 -04:00
Alex Morask
83604cceb1
[AC-1943] Implement provider client invoice report (#4178)
* Update ProviderInvoiceItem SQL configuration

* Implement provider client invoice export

* Add tests

* Run dotnet format

* Fixed SPROC backwards compatibility issue
2024-06-14 12:26:49 -04:00
cyprain-okeke
b392cc962d
[AC-2721] [Defect] Apply Subscription Status Updates in Provider Subscription details (#4184)
* Resolve the past_due date display issue

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Fix the failing test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-06-14 13:53:45 +01:00
Jake Fink
576b78d739
Change error message (#4175) 2024-06-11 16:20:06 -04:00
Thomas Avery
36705790ad
[SM-1293] Add endpoint to fetch secret's access policies (#4146)
* Add authz handling for secret access policy reads

* Add the ability to fetch secret access polices from the repository

* refactor response models

* Add new endpoint
2024-06-07 12:08:38 -05:00