1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-10 15:13:29 +01:00
Commit Graph

803 Commits

Author SHA1 Message Date
Vincent Salucci
c7f88ae430
[Reset Password] Get/Post Org Keys and API updates (#1323)
* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
2021-05-19 09:40:32 -05:00
Oscar Hinton
2b6c5bcd31
Fix bulk api (#1335) 2021-05-17 20:07:41 +02:00
Matt Gibson
785e788cb6
Support large organization sync (#1311)
* Increase organization max seat size from 30k to 2b (#1274)

* Increase organization max seat size from 30k to 2b

* PR review. Do not modify unless state matches expected

* Organization sync simultaneous event reporting (#1275)

* Split up azure messages according to max size

* Allow simultaneous login of organization user events

* Early resolve small event lists

* Clarify logic

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Improve readability

This comes at the cost of multiple serializations, but the
 improvement in wire-time should more than make up for this
 on message where serialization time matters

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Queue emails (#1286)

* Extract common Azure queue methods

* Do not use internal entity framework namespace

* Prefer IEnumerable to IList unless needed

All of these implementations were just using `Count == 1`,
which is easily replicated. This will be used when abstracting Azure queues

* Add model for azure queue message

* Abstract Azure queue for reuse

* Creat service to enqueue mail messages for later processing

Azure queue mail service uses Azure queues.
Blocking just blocks until all the work is done -- This is
how emailing works today

* Provide mail queue service to DI

* Queue organization invite emails for later processing

All emails can later be added to this queue

* Create Admin hosted service to process enqueued mail messages

* Prefer constructors to static generators

* Mass delete organization users (#1287)

* Add delete many to Organization Users

* Correct formatting

* Remove erroneous migration

* Clarify parameter name

* Formatting fixes

* Simplify bump account revision sproc

* Formatting fixes

* Match file names to objects

* Indicate if large import is expected

* Early pull all existing users we were planning on inviting (#1290)

* Early pull all existing users we were planning on inviting

* Improve sproc name

* Batch upsert org users (#1289)

* Add UpsertMany sprocs to OrganizationUser

* Add method to create TVPs from any object.

Uses DbOrder attribute to generate.
Sproc will fail unless TVP column order matches that of the db type

* Combine migrations

* Correct formatting

* Include sql objects in sql project

* Keep consisten parameter names

* Batch deletes for performance

* Correct formatting

* consolidate migrations

* Use batch methods in OrganizationImport

* Declare @BatchSize

* Transaction names limited to 32 chars

Drop sproc before creating it if it exists

* Update import tests

* Allow for more users in org upgrades

* Fix formatting

* Improve class hierarchy structure

* Use name tuple types

* Fix formatting

* Front load all reflection

* Format constructor

* Simplify ToTvp as class-specific extension

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-05-17 09:43:02 -05:00
Oscar Hinton
7a7668b754
Add API for bulk removal of org users (#1320)
* Add API for bulk removal of org users

* Refactor OrganizationService, extract some common code.

* Add tests for DeleteUserAsync

* Add tests for DeleteUsers

* Formating

* Update test/Core.Test/Services/OrganizationServiceTests.cs

added a space

Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-05-17 10:10:44 +02:00
Kyle Spearrin
b150f5977e
add support for postal and multi service mail delivery (#1326)
* adds suppose for postal and multi service mail delivery

* adjust tags

* dont need settings checks in multi-service
2021-05-13 15:18:42 -04:00
Vincent Salucci
ae38c33e05
[Reset Password] Enterprise Policy (#1315)
* [Reset Password] Enterprise Policy

* Created UI for policy/edit policy // Updated TODOs for policy dependent checks

* Updated reset password data model field name to be more descriptive

* Update title to Master Password Reset

* Updated PoliciesModel, Policy Model spacing, and strings
2021-05-12 14:47:00 -05:00
Oscar Hinton
a47b86a995
Remove U2F APIs again (#1319)
* Revert "U2F (#1304)"

This reverts commit ce4f025a0c.

* Avoid removing WebAuthn fixes
2021-05-12 19:48:00 +02:00
Oscar Hinton
cb9ed50248
Discourage user verification on WebAuthn enroll (#1322) 2021-05-12 18:46:35 +02:00
Oscar Hinton
e2f633dace
Bulk re-invite of org users (#1316)
* Add APIs for Bulk reinvinte

* Resolve review comments.
2021-05-12 11:18:25 +02:00
Vincent Salucci
70ab5b25a1
[Reset Password] Organization Key Pair (#1292)
* [Reset Password] Organization Key Pair

* Fixed type in Organization_ReadAbilites sproc

* Fixed broken unit test by making sure premium addon was false

* Updated PublicKey decorator and removed unecessary validation
2021-05-06 14:53:12 -05:00
Oscar Hinton
ce4f025a0c
U2F (#1304)
* Delete U2F tokens alongside WebAuthn

* Bring back u2f apis
2021-05-05 16:14:49 +02:00
Matt Gibson
1bd515e8f0
Refuse upload renew if a file is validated (#1284)
Download should return regardless of file validation state
2021-04-26 14:36:06 -05:00
Vincent Salucci
477f679fc6
[Reset Password] Admin reset actions (#1272)
* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
2021-04-20 16:58:57 -05:00
Thomas Rittson
c1ceeace95
Require user to verify email to use file Send (#1262) 2021-04-08 06:42:12 +10:00
Matt Gibson
79f3dabaac
Throw if collection Id does not exist on the organization (#1259)
Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
2021-04-05 15:20:13 -05:00
Thomas Rittson
4b98361684
Fix server 500 error when enabling 2FA policy from Portal (#1254)
* Fix illegal chars in senderTag

* add null check
2021-04-05 08:33:19 +10:00
Matt Gibson
022e404cc5
Attachment blob upload (#1229)
* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
Vincent Salucci
296e3d881d
[Reset Password] Enrollment API, Service, and Model updates (#1245)
* [Reset Password] Enrollment API, Service and Model updates

* Added conditional check for calling User's ID
2021-03-30 09:48:52 -05:00
Thomas Rittson
688cc00d48
Hide email address in Sends (#1234)
* Add send HideEmail to tables and models

* Respect HideEmail setting for Sends

* Recreate SendView to include new HideEmail column

* Enforce new Send policy

* Insert default value for new HideEmail column

* Delete c95d7598-71cc-4eab-8b08-aced0045198b.json

* Remove unrelated files

* Revert disableSendPolicy, add sendOptionsPolicy

* Minor style fixes

* Update SQL project with Send.HideEmail column

* unit test SendOptionsPolicy.DisableHideEmail

* Add SendOptionsPolicy to Portal

* Make HideEmail nullable, fix migrator script

* Remove NOT NULL constraint from HideEmail

* Fix style

* Make HideEmail nullable

* minor fixes to model and error message

* Move SendOptionsExemption banner

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
Matt Gibson
584d3e771c
Throw error if not enough seats available for a sync (#1241)
* BadRequest if a sync cannot be completed due to seat count

* Comment the reason for the suppressed exception
2021-03-25 08:42:04 -05:00
Oscar Hinton
07f37d1f74
WebAuthn (#903) 2021-03-22 23:21:43 +01:00
Matt Gibson
989d4df599
Direct upload to Azure/Local (#1188)
* Direct upload to azure

To validate file sizes in the event of a rogue client, Azure event webhooks
will be hooked up to AzureValidateFile.
Sends outside of a grace size will be deleted as non-compliant.

TODO: LocalSendFileStorageService direct upload method/endpoint.

* Quick respond to no-body event calls

These shouldn't happen, but might if some errant get requests occur

* Event Grid only POSTS to webhook

* Enable local storage direct file upload

* Increase file size difference leeway

* Upload through service

* Fix LocalFileSendStorage

It turns out that multipartHttpStreams do not have a length
until read. this causes all long files to be "invalid". We need to
write the entire stream, then validate length, just like Azure.

the difference is, We can return an exception to local storage
admonishing the client for lying

* Update src/Api/Utilities/ApiHelpers.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Do not delete directory if it has files

* Allow large uploads for self hosted instances

* Fix formatting

* Re-verfiy access and increment access count on download of Send File

* Update src/Core/Services/Implementations/SendService.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Add back in original Send upload

* Update size and mark as validated upon Send file validation

* Log azure file validation errors

* Lint fix

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
Thomas Rittson
d0f7750650
Don't use dev licensing cert if self-hosted (#1216) 2021-03-18 07:21:00 +10:00
Matt Gibson
a83cbf965e
MultiplartSectionBody streams have 0 length until read. (#1196) 2021-03-09 10:49:49 -06:00
Matt Gibson
edb13bbba8
Push syncs on Send Access (#1190)
* Push syncs on Send Access

* Revert "Push syncs on Send Access"

This reverts commit 6a3eb7af4f.

* Push update of Send directly since we can't use SaveSendAsync method
2021-03-05 18:36:20 -06:00
Thomas Rittson
a18e1b7dca
Exempt owners and admins from single org and 2FA policy (#1171)
* Fix single org policy when creating organization

Exclude owners and admins from policy when creating new org

* Fix single org and 2FA policy on accepting invite

Exclude owners and admins from policies

* Remove looped async calls

* Fix code style and formatting
2021-03-03 08:15:42 +10:00
Matt Gibson
c2d34d7271
Fix send file length always zero (#1175)
* HttpStream must be read prior to knowing it length

We also need to create the send prior to saving the stream so we
have well defined save location. Solve chicken-and-egg problem by saving
the Send twice. This also allows for validation that the stream received
is the same length as that promissed by the content-length header

* Get encrypted file length from request
2021-03-02 09:27:11 -06:00
Matt Gibson
8d5fc21b51
Prepare for send direct upload (#1174)
* Add sendId to path

Event Grid returns the blob path, which will be used to grab a Send and verify file size

* Re-validate access upon file download

Increment access count only when file is downloaded. File
name and size are leaked, but this is a good first step toward
solving the access-download race
2021-03-01 15:01:04 -06:00
Thomas Rittson
3850f0e400
Fix empty grantee or grantor names in emergency access emails (#1162)
* Fix empty grantee or grantor names in emails

* Add migrator dbscript for changes to ReadToNotify
2021-02-26 08:11:58 +10:00
Chad Scharf
2f7c2a64e0
Reference events for Send (#1165) 2021-02-25 13:40:26 -05:00
Matt Gibson
e350daeeee
Use sas token for send downloads (#1157)
* Remove Url from SendFileModel

Url is now generated on the fly with limited lifetime.

New model houses the download url generated

* Create API endpoint for getting Send file download url

* Generate limited-life Azure download urls

* Lint fix
2021-02-24 13:03:16 -06:00
Addison Beck
f8940e4be5
Checked Emergency Access access type on access initiation (#1160)
* also updated the View method

* removed old code

* naming refactor

* used the right type

* also checked PasswordAsync()

* also checked GetPolicies()
2021-02-23 17:12:52 -05:00
Thomas Rittson
499c30a805
Fix error message if already accepted EA invite (#1159)
* Fix error message if already accepted EA invite

* Fix error message wording depending on EA status
2021-02-24 05:46:52 +10:00
Matt Gibson
5537470703
Use sas token for attachment downloads (#1153)
* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
2021-02-22 15:35:16 -06:00
Kyle Spearrin
cd2834cc15 Revert "remove premium checks for internal testing"
This reverts commit 26fb6fc3b7.
2021-02-17 13:16:01 -05:00
Thomas Rittson
ad6abaccc8
Fix error message if user already accepted invite (#1140)
* Fix error message if already accepted invitation

* Improve error message wording

* Use consistent capitalization of organization
2021-02-17 09:28:49 +10:00
Thomas Rittson
9f42357705
Improved handling of grantor access to organizations after takeover (refactored) (#1134)
* Revert "Only return policy in TakeoverResponse if Owner"

This reverts commit b20e6f5e85.

* Revert "Return grantor policy info in TakeoverResponse"

This reverts commit 204217a5e0.

* Add endpoint to get grantor policies on takeover
2021-02-10 09:06:42 +10:00
Thomas Rittson
d51b592cb5
Improved handling of grantor access to organizations after takeover (#1132)
* Remove grantor from orgs after takeover

* Return grantor policy info in TakeoverResponse

* Only return policy in TakeoverResponse if Owner
2021-02-09 06:33:03 +10:00
Matt Gibson
edd4bc2623
Add disable send policy (#1130)
* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
Addison Beck
00853bc250
Import Invite Error (#1121)
* throw error if user is already invited on import

* added back the single InviteUser OrgService method
2021-01-30 17:56:37 -05:00
Addison Beck
445ce33c47
check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)
* check that SingleOrg policy is enabled before saying users cant create new orgs

* fixed org user kick check for SingleOrg

* code review cleanup
2021-01-25 11:19:33 -05:00
Addison Beck
bc4eeff604
changed the address data used to pull sales tax for premium subscriptions (#1109)
* changed the address data used to pull sales tax for premium subscriptions

* nulled checked for extra safety

* fixes null check
2021-01-25 09:56:53 -05:00
Addison Beck
b8a2158626
enabled send and added send sync notifications (#1106) 2021-01-22 16:16:40 -05:00
Vincent Salucci
3555b15b91
[Email] Update welcome content (#1092)
* Initial commit of welcome email update

* Final revisions and updated hosted image urls

* added dynamic year // updated verbiage // fixed typo in text template

* Updated verbiage // changed mustache accessor // updated how year is generated
2021-01-21 14:57:13 -06:00
Oscar Hinton
48d14e8521
Handle name == null in Emergency Access (#1100) 2021-01-20 13:50:07 -05:00
Addison Beck
001bbf2f2b
null checked Stripe.Customer.Address for org seat and storage upgrades (#1099) 2021-01-20 12:40:45 -05:00
Oscar Hinton
adbfd0e107
Fix premium check for emergency access (#1090) 2021-01-15 15:56:17 -05:00
Addison Beck
c9cab74476
Sales Tax for Premium signups (#1087)
* Started charging sales tax on Premium signups

* added a line break
2021-01-14 17:53:37 -05:00
Addison Beck
9f938f5efd
Permissions bugs (#1083)
* Null checked org invite collections

* Null checked permissions on org invite

* Gave a static seat count to org invite fixture

* Null checked the right way
2021-01-13 15:14:28 -05:00
Addison Beck
63fcdc1418
Implemented Custom role and permissions (#1057)
* Implemented Custom role and permissions

* Converted permissions columns to a json blob

* Code review fixes for Permissions

* sql build fix

* Update Permissions.cs

* formatting

* Update IOrganizationService.cs

* reworked a conditional

* built out tests for relevant organization service methods

* removed unused usings

* fixed a broken test and a bad empty string init

* removed 'Attribute' from some attribute instances
2021-01-12 11:02:39 -05:00
Matt Gibson
5aba9f7549
Add cipher response to restore (#1072)
* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
2021-01-08 08:52:42 -06:00
Vincent Salucci
136c39fa50
Initial commit of SingleOrg downstream policy checks (#1038) 2020-12-16 16:02:54 -06:00
Oscar Hinton
0f1af2333e
Add support for Emergency Access (#1000)
* Add support for Emergency Access

* Add migration script

* Review comments

* Ensure grantor has premium when inviting new grantees.

* Resolve review comments

* Remove two factor references
2020-12-16 14:36:47 -05:00
Vincent Salucci
70f5fd5030
[Policy] Personal Ownership (#1013)
* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
2020-12-11 10:45:26 -06:00
Addison Beck
fee5c932db
started charging sales tax on seat/storage upgrades and auto renewals (#1034)
* started charging sales tax on seat/storage upgrades and auto renewals

* Code review fixes for auto-renewing subscriptions charging sales tax
2020-12-09 14:04:46 -05:00
Addison Beck
b877c25234
Implemented tax collection for subscriptions (#1017)
* Implemented tax collection for subscriptions

* Cleanup for Sales Tax

* Cleanup for Sales Tax

* Changes a constraint to an index for checking purposes

* Added and implemented a ReadById method for TaxRate

* Code review fixes for Tax Rate implementation

* Code review fixes for Tax Rate implementation

* Made the SalesTax migration script rerunnable
2020-12-04 12:05:16 -05:00
Matt Gibson
edf30974dc
Validate cipher updates with revision date (#994)
* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-11-23 08:48:05 -06:00
Addison Beck
25a9991908
Implement User-based API Keys (#981)
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
2020-11-10 15:15:29 -05:00
Vincent Salucci
d9cd7551fe
[Exemption] Updated policy messages (#984)
* Updated messages // added exemption message // added callout

* updated strings - futureproofing
2020-11-10 09:53:44 -06:00
Kyle Spearrin
26fb6fc3b7 remove premium checks for internal testing 2020-11-05 12:43:08 -05:00
Kyle Spearrin
82dd364e65
Send APIs (#979)
* send work

* fix sql proj file

* update

* updates

* access id

* delete job

* fix delete job

* local send storage

* update sprocs for null checks
2020-11-02 15:55:49 -05:00
Vincent Salucci
a5db233e51
[Require SSO] Added service layer dependent policy check (#977)
* Added service layer dependent policy check

* Updated to SingleOrg
2020-10-27 14:08:19 -05:00
Addison Beck
0eccfb8784
changed all OnlyOrg wording to be SingleOrg instead (#974)
* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
2020-10-27 10:28:41 -04:00
Addison Beck
e872b4df9d
Only org policy (#962)
* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
Vincent Salucci
50cf16a3fb
[SSO] New user provision flow (#945)
* Initial commit of accept user during set password flow

* changed new org user from accepted to invited // moved another check to token accept function

* Revised some white space // Moved business logic to UserService

* Fixed UserServiceTest

* Removed some white-space

* Removed more white-space

* Final white-space issues
2020-10-13 15:00:33 -05:00
Addison Beck
9848f12638
enabled SSO when needed when upgrading from a free plan (#960) 2020-10-07 15:03:47 -04:00
Addison Beck
845f9f5245
Fixed storage issue when upgrading from a free plan (#942) 2020-09-18 14:10:30 -04:00
Kyle Spearrin
1c6c599b8d
Created sso config service with save (#936) 2020-09-15 10:17:44 -04:00
Vincent Salucci
c0e99d4047
Removed security stamp rotation during set-password SSO flow (#933) 2020-09-14 14:27:30 -05:00
Kyle Spearrin
7a72da5725 fix deprecated mailkit MailboxAddress ctor 2020-08-28 14:21:16 -04:00
Chad Scharf
db7d05b52f
Added PreValidate endpoint on Account controller (#896)
* Added PreValidate endpoint on Account controller

* Fixed IHttpClientFactory implementation

* Core localization and org sproc fix

* Pass culture, fixed sso middleware bug
2020-08-28 12:14:23 -04:00
Addison Beck
59f8467f7c
Create sso user api (#886)
* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-26 14:12:04 -04:00
Kyle Spearrin
2cd6d4f61a
plan adjustments (#890) 2020-08-25 14:23:36 -04:00
Kyle Spearrin
a8c20d1c32
pass down version properly to generate license (#880) 2020-08-20 10:12:27 -04:00
Kyle Spearrin
2872bda6fe
tool to generate licenses (#874)
* tool to generate licenses

* code review feedback
2020-08-18 17:00:21 -04:00
Kyle Spearrin
d190c4bd0f
Update APIs to collect other set password info (#870) 2020-08-17 10:40:35 -04:00
Kyle Spearrin
cd926ca8f6
allow user registration for sso (#865) 2020-08-13 17:30:10 -04:00
Kyle Spearrin
783b4804ec
SSO support (#862)
* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
2020-08-12 17:03:09 -04:00
Kyle Spearrin
056b4b9bf4
add api support for updating org identifier (#861)
* add api support for updating org identifier

* add identifier to response as well

* implement in EF repo
2020-08-12 16:38:22 -04:00
Addison Beck
c8220fdfa6
Plan And Price Updates (#859)
* Expanded the Plan model to make plan & product data a bit more dynamic 
* Created a Product enum to track versioned instances of the same plan
* Created and API call and Response model for getting plan & product data from the server
2020-08-11 14:19:56 -04:00
Chad Scharf
5878d1b0db
Ref event should be base64 encoded (#853) 2020-08-06 20:29:35 -04:00
Chad Scharf
b5ac20ec9f
Correct connection string for res queue (#847) 2020-08-03 15:22:38 -04:00
Kyle Spearrin
69e8860767
Assign usepolicies when upgrading (#838) 2020-07-28 09:28:11 -04:00
Addison Beck
229478adae
Feature.web.534.allow multi select in org vault (#830)
* Set up API methods for bulk admin delete
2020-07-22 11:38:53 -05:00
Matt Portune
51fd87df0b
Added UseSso bool to Organization (#834)
* Added UseSso bool to org

* Update fields in migration script

* bump version & check enabled flag on ssoConfig
2020-07-22 09:38:39 -04:00
Chad Scharf
83e9468502
Transition reference id to data (#828)
* Transition reference id to data

* field length and request model updates
2020-07-20 15:19:46 -04:00
Chad Scharf
2742b414fd
reference event changes and cleanup (#823) 2020-07-15 12:38:45 -04:00
Chad Scharf
7af50172e0
Reference event service implementation (#811)
* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
2020-07-07 12:01:34 -04:00
Chad Scharf
a37706eba1
Restore original collection method (#804) 2020-06-30 11:52:50 -04:00
Chad Scharf
d7b00f6c27
Subscription update to maintain auto charge (#803) 2020-06-29 20:29:19 -04:00
Chad Scharf
fca7b162bf Reference id storage and signup 2020-06-25 12:28:22 -04:00
Kyle Spearrin
f23a8edc45
Update stripe lib (#793) 2020-06-24 21:24:19 -04:00
Mike Hanson
398867a839 Parameterize AmazonSQSClient to allow testing 2020-06-18 10:16:23 -07:00
Chad Scharf
61b15c55d0
Merge pull request #782 from bitwarden/feature/tax-info-collection
Combined tax updates with other operations
2020-06-18 11:26:58 -04:00
Chad Scharf
0f28ac45f9 Consistency on TaxInfo use in service params 2020-06-18 10:41:55 -04:00
Kyle Spearrin
aeb6e4e7d4 formatting 2020-06-18 09:57:24 -04:00
Mike Hanson
dc42be710a
Add unit test coverage for AmazonSesMailDeliveryService (#783)
* Parameterize AmazonSimpleEmailServiceClient to allow testing

* Add unit test coverage for AmazonSesMailDeliveryService
2020-06-18 09:55:46 -04:00
Chad Scharf
b7a500eb63 combined tax updates with other operations 2020-06-17 19:49:27 -04:00
Chad Scharf
f7e5f1f15e
Merge pull request #776 from bitwarden/feature/tax-info-collection
Feature/tax info collection
2020-06-17 10:49:54 -04:00
Chad Scharf
b2cb9a2f69 Billing addr line1 fix, pr feedback 2020-06-15 09:12:03 -04:00
Chad Scharf
1552ff7b29 Collect tax info, correct line1 2020-06-12 19:35:17 -04:00
Kyle Spearrin
a7d7736806
Add i18nservice abstraction (#770) 2020-06-09 10:25:37 -04:00
Chad Scharf
d88838f19e API updates for tax info collection 2020-06-08 17:40:18 -04:00
Matt Portune
545948220a additional formatting & inclusion of org name 2020-05-19 18:22:03 -04:00
Matt Portune
9bf3a467fa formatting 2020-05-19 12:37:45 -04:00
Matt Portune
2cf7f18858 License expiration email for self-hosted org/premium accounts 2020-05-18 16:06:34 -04:00
Chad Scharf
d49cc18a41 Stripe not crediting customer balance after void 2020-05-18 12:38:00 -04:00
Chad Scharf
97158d607a
Merge pull request #727 from bitwarden/subscription-change-invoicing
Subscription change, invoice process update
2020-05-13 10:24:46 -04:00
Chad Scharf
9ef39bcadb Removed payment_behavior, errant whitespace 2020-05-13 09:54:10 -04:00
Chad Scharf
a024b43cea Updated code style and PR feedback 2020-05-12 17:22:04 -04:00
Kyle Spearrin
10a6e12d09
generate signin token for enterprise portal (#728) 2020-05-12 15:36:33 -04:00
Chad Scharf
a9a7003bfc Subscription change, invoice process update 2020-05-12 12:48:21 -04:00
Chad Scharf
9a2d8e96e4 Updated Stripe API SDK version to 36.9.0 2020-05-08 10:15:48 -04:00
Kyle Spearrin
fae4a335dc
public API for organization import (#707) 2020-04-23 11:29:19 -04:00
Chad Scharf
4defd13395 [Soft Delete] - fix Upsert calls based on cipher supertype 2020-04-08 16:18:22 -04:00
Chad Scharf
c0019e7abc [Soft Delete] Update assignment of deleted and revision date to 1-liner 2020-04-02 10:56:22 -04:00
Chad Scharf
d07f27f274 [Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update 2020-04-01 16:39:27 -04:00
Chad Scharf
d014a597dd [Soft Delete] - API updates for soft delete + retrieval 2020-04-01 13:00:25 -04:00
Chad Scharf
9800b752c0 Changed all C# control flow block statements to include space between keyword and open paren 2020-03-27 14:36:37 -04:00
Kyle Spearrin
0f9ec8d64f check user has 2fa enabled when confirming 2020-03-09 15:13:40 -04:00
Kyle Spearrin
518e94f60f upgrade more lgos. remove sendgrid 2020-03-05 10:33:44 -05:00
Kyle Spearrin
7b91fe55f0 set UsePolicies on license update 2020-03-03 22:32:59 -05:00
Kyle Spearrin
71d9ffdd9d
CheckPoliciesOnTwoFactorRemoval for 2fa recovery (#659) 2020-02-28 10:23:19 -05:00
Kyle Spearrin
621192b701
enable email 2fa if joining an org with policy (#658) 2020-02-28 09:14:33 -05:00
Kyle Spearrin
f54ebfdc75
email user whenever they're removed from org because of 2fa policy (#657) 2020-02-27 09:30:03 -05:00
Kyle Spearrin
81424a8526
Enforce 2fa policy (#654) 2020-02-19 14:56:16 -05:00
Kyle Spearrin
9266546d60 only 1 policy event 2020-01-20 09:02:41 -05:00
Kyle Spearrin
0790f9859e usepolicies check 2020-01-15 15:01:31 -05:00
Kyle Spearrin
e8054df5b4 use policies property for orgs 2020-01-15 15:00:54 -05:00
Kyle Spearrin
58faf5266b policy events 2020-01-15 09:43:49 -05:00
Kyle Spearrin
937bb4359f policy service 2020-01-15 09:19:28 -05:00
Kyle Spearrin
dda3c3a123 Async GetEmbeddedCertificate 2020-01-13 15:35:50 -05:00
Kyle Spearrin
3f4a4bac2a copytoasync 2020-01-13 15:32:22 -05:00
Kyle Spearrin
7fd6e4359d fix warnings 2020-01-10 08:47:58 -05:00
Kyle Spearrin
29580684a3 upgrade to aspnet core 3.1 2020-01-10 08:33:13 -05:00
Brian Becker
0be86072f7 Add email notification on Two Factor recovery use (#625)
* Add email notification on Two Factor recovery use

* A user who has lost their 2fa device can clear out the
  2fa settings using a recovery code.  When this happens
  it gets logged but no notification to the user occurs.
* Add a notification to be sent when 2fa recovery code is
  used

* Add email message templates
2019-12-23 15:26:39 -05:00
Kyle Spearrin
72750cf298 org re-invite api 2019-10-07 16:23:38 -04:00
Kyle Spearrin
5fd9df3beb app in review flag for iap receipt validation 2019-09-29 20:42:53 -04:00
Kyle Spearrin
5e7ac0a9bc handle appleReceipt already existing on customer 2019-09-23 10:27:14 -04:00
Kyle Spearrin
b72744eafc alloe sub cancellation when deleting account 2019-09-20 13:45:47 -04:00
Kyle Spearrin
784c86893f throw apple iap exceptions 2019-09-20 00:01:35 -04:00
Kyle Spearrin
ff5a0ff0ce payment service support for iap 2019-09-19 23:30:16 -04:00
Kyle Spearrin
ad95dd6bb2 check for valid transaction as well 2019-09-19 10:04:15 -04:00
Kyle Spearrin
62f4e67e8a save userId with receipt data 2019-09-19 09:36:26 -04:00
Kyle Spearrin
e9174ba9f4 iap pre-purchase check 2019-09-19 08:46:26 -04:00
Kyle Spearrin
bed2a0ab7b no additional storage for premium 2019-09-18 10:52:53 -04:00
Kyle Spearrin
4ec05e111c fix typo 2019-09-18 09:47:42 -04:00
Kyle Spearrin
3af2fbd4e9 register new services 2019-09-18 09:46:26 -04:00
Kyle Spearrin
68b5ba6474 update to apple iap service 2019-09-17 22:58:38 -04:00
Kyle Spearrin
8290ddbb94 apple iap service 2019-09-17 19:48:40 -04:00
Kyle Spearrin
9e51eaea28 Apple Iap service 2019-09-16 09:22:22 -04:00
Kyle Spearrin
294a6dbba5 set/use default payment method on customer 2019-09-06 08:47:36 -04:00
Kyle Spearrin
1be6e2008b qty is only 1 if re-creating after proration 2019-09-03 16:49:25 -04:00
Kyle Spearrin
4982c21c37 qty should be 1 when restoring invoice items 2019-09-03 12:48:42 -04:00
Kyle Spearrin
54162d6531 fix credit card bug for premium 2019-09-02 20:23:43 -04:00
Kyle Spearrin
62732fa002 gateway check 2019-09-02 08:53:59 -04:00
Kyle Spearrin
a3b30595f5 null check paymentToken 2019-08-31 00:33:29 -04:00
Kyle Spearrin
25a8640d80 get rid of old smtp mail delivery service 2019-08-27 09:23:03 -04:00
Kyle Spearrin
fa3bb0c081 set customer source and method earlier 2019-08-12 11:15:05 -04:00
Kyle Spearrin
5c3bf78226 handle sub incomplete status 2019-08-12 10:42:14 -04:00
Kyle Spearrin
41f9f6a7f0 only refund captured charges 2019-08-12 10:33:06 -04:00
Kyle Spearrin
157cafa551 PaymentResponseModel for storage and seat adjustments 2019-08-12 10:03:50 -04:00
Kyle Spearrin
74bbeae776 adjust storage with payment intent/method handling 2019-08-10 12:59:32 -04:00
Kyle Spearrin
e60f1a4f50 add missing sub create options 2019-08-10 12:07:24 -04:00
Kyle Spearrin
bc5322f4cf support for payment intent/method on org signup 2019-08-10 11:58:44 -04:00
Kyle Spearrin
00e808d731 payment intent/method support for incomplete status 2019-08-09 23:56:26 -04:00
Kyle Spearrin
efcf626999 update payment method with stripe card payment method 2019-08-09 16:29:23 -04:00
Kyle Spearrin
b11fd2fab8 handle PaymentMethods for PaymentSource billing info 2019-08-09 15:53:01 -04:00
Kyle Spearrin
9686b4bf2b process off session payment methods 2019-08-09 14:06:07 -04:00
Kyle Spearrin
3aea61cb63 remove unused service 2019-08-09 11:09:37 -04:00
Kyle Spearrin
ae386bfee4 remove old service refs 2019-08-08 23:22:46 -04:00
Kyle Spearrin
48ec345702 update stripe SDK 2019-08-08 17:36:41 -04:00
Kyle Spearrin
6d4e34b229 use SettingHasValue for smtp services 2019-08-07 19:39:37 -04:00
Kyle Spearrin
6a91fd6be9 batch events 2019-07-25 15:50:13 -04:00
Kyle Spearrin
675b22cc9f single event for delete and share bulk operations 2019-07-25 15:39:25 -04:00
Kyle Spearrin
0f0cd3beeb handle bulk cipher events more efficiently 2019-07-25 15:34:14 -04:00
Kyle Spearrin
b5d2a1da75 load certs from azure storage 2019-07-10 20:05:07 -04:00
Kyle Spearrin
da5c385d4a new client event types, pass date to event funcs 2019-07-09 11:44:09 -04:00
Kyle Spearrin
6f0d64119a keep application cache in sync with service bus 2019-06-13 00:10:37 -04:00
Kyle Spearrin
ad7c4b89c4 back to corehelpers 2019-06-11 17:17:23 -04:00
Kyle Spearrin
6ab2f4ff87 org invite exp hours configurable 2019-06-11 16:44:59 -04:00
Kyle Spearrin
621f43c5cd fix token refresh logic 2019-05-30 23:06:02 -04:00
Kyle Spearrin
92505a2d4f dont remove owners when syncing directory 2019-05-14 13:09:56 -04:00
Kyle Spearrin
889d770cec formatting 2019-05-14 11:16:30 -04:00
Kyle Spearrin
0c760cf9e1 overwrite existing users on import 2019-05-06 21:31:36 -04:00
Kyle Spearrin
5cc0b19da8 start tls mail config 2019-04-10 08:44:58 -04:00
Kyle Spearrin
0885264800 log error from exceptions on 2fa registration 2019-03-29 08:59:02 -04:00
Kyle Spearrin
54c46f716b Only owner can change the type of another owner.
resolves #467
2019-03-28 12:36:57 -04:00
Kyle Spearrin
5892842139 add account credit 2019-03-21 23:11:53 -04:00
Kyle Spearrin
5bfed59f9c upgrade org api 2019-03-21 21:36:03 -04:00
Kyle Spearrin
7f77d661c3 remove logging from base identity client service 2019-03-20 09:13:25 -04:00
Kyle Spearrin
bfdc4feaba remove debug logging 2019-03-20 08:46:55 -04:00
Kyle Spearrin
4ed309ea13 fix refs passed from multiservice push 2019-03-20 08:38:28 -04:00
Kyle Spearrin
9dedf359e5 updates to logging 2019-03-20 08:26:11 -04:00
Kyle Spearrin
2f3b38a941 more relay logging 2019-03-20 00:41:11 -04:00
Kyle Spearrin
dc0bdfa28b fix logger ref 2019-03-19 23:45:09 -04:00
Kyle Spearrin
e2be61da0a testing: more logs 2019-03-19 22:47:53 -04:00
Kyle Spearrin
54b0db2128 log from BaseIdentityClientService for testing 2019-03-19 21:57:46 -04:00
Kyle Spearrin
625ed1a1ee force SecureSocketOptions.none if 25 w/ no ssl 2019-03-19 00:47:07 -04:00
Kyle Spearrin
01a293cf76 record installation devices 2019-03-19 00:39:03 -04:00