1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00
Commit Graph

643 Commits

Author SHA1 Message Date
Kyle Spearrin
61675342c3
added duofederal.com to allowed duo domains (#1091) 2021-01-15 16:59:51 -05:00
Addison Beck
63fcdc1418
Implemented Custom role and permissions (#1057)
* Implemented Custom role and permissions

* Converted permissions columns to a json blob

* Code review fixes for Permissions

* sql build fix

* Update Permissions.cs

* formatting

* Update IOrganizationService.cs

* reworked a conditional

* built out tests for relevant organization service methods

* removed unused usings

* fixed a broken test and a bad empty string init

* removed 'Attribute' from some attribute instances
2021-01-12 11:02:39 -05:00
Matt Gibson
5aba9f7549
Add cipher response to restore (#1072)
* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
2021-01-08 08:52:42 -06:00
Addison Beck
6143ad2b95
fixed a copy/paste bug in the tax rate migration script (#1077) 2021-01-07 16:36:18 -05:00
Chad Scharf
4825998ba5
Fix sproc name mismatch in migration sql (#1066) 2020-12-30 16:21:14 -05:00
Mart
0f962809bc
Fix mssql healthcheck (#1055)
Let's let some more time for the container to start
2020-12-21 10:30:36 -05:00
Joseph Flinn
97ba472606
Make nginx Content-Security-Policy configurable (#1048)
* Adding the nginx head Content-Security-Policy to the Configuration file

* fixing whitespace formatting

* adding a '+' that got removed
2020-12-18 07:58:35 -08:00
Oscar Hinton
0f1af2333e
Add support for Emergency Access (#1000)
* Add support for Emergency Access

* Add migration script

* Review comments

* Ensure grantor has premium when inviting new grantees.

* Resolve review comments

* Remove two factor references
2020-12-16 14:36:47 -05:00
Kai Bröker
9bb63b86f0
Update Dockerfile (#1040) 2020-12-16 11:16:03 -05:00
David Lundgren
d63eb376c4
Allow for slight customization of the mssql db backup interval (#1008)
* Allow for slight customization of the mssql db backup interval

* Honor env TZ if set and clean up -u in sleep calculation
2020-12-15 11:08:30 -05:00
Vincent Salucci
70f5fd5030
[Policy] Personal Ownership (#1013)
* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
2020-12-11 10:45:26 -06:00
Mart
8d9b1ff214
Fix mssql healthcheck (#1030)
Let's let time for the container to start
2020-12-07 14:57:36 -05:00
Vincent Salucci
09aea4ed38
[Bug] Improve SSO user provision flow (#1022)
* Initial commit of provisioning updates

* Updated strings

* removed extra BANG

* Separated orgUsers db lookup - prioritized existing user Id

* Updated create sso record method // Added sproc for org/email retrieval
2020-12-04 16:45:54 -06:00
Addison Beck
b877c25234
Implemented tax collection for subscriptions (#1017)
* Implemented tax collection for subscriptions

* Cleanup for Sales Tax

* Cleanup for Sales Tax

* Changes a constraint to an index for checking purposes

* Added and implemented a ReadById method for TaxRate

* Code review fixes for Tax Rate implementation

* Code review fixes for Tax Rate implementation

* Made the SalesTax migration script rerunnable
2020-12-04 12:05:16 -05:00
Addison Beck
25a9991908
Implement User-based API Keys (#981)
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
2020-11-10 15:15:29 -05:00
Kyle Spearrin
c466acf081 adjust params for attachments server 2020-11-05 11:39:15 -05:00
Kyle Spearrin
dacb2a8e2b fix null or whitespace logic 2020-11-04 16:15:38 -05:00
Kyle Spearrin
d2ab098ca5 configure send for self-host 2020-11-03 14:29:07 -05:00
Kyle Spearrin
82dd364e65
Send APIs (#979)
* send work

* fix sql proj file

* update

* updates

* access id

* delete job

* fix delete job

* local send storage

* update sprocs for null checks
2020-11-02 15:55:49 -05:00
Vincent Salucci
66e44759f0
[Require SSO] Enterprise policy enforcement (#970)
* Initial commit of require sso authentication policy enforcement

* Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future

* Update policy name // adjusted conditional to demorgan's

* Updated sproc // Added migrator script

* Added .sql file extension to DeleteOrgUserWithOrg migrator script

* Added policy // edit // strings // validation to business portal

* Change requests from review // Added Owner & Admin exemption

* Updated repository function used to get org user's type

* Updated with requested changes
2020-10-26 11:56:16 -05:00
Addison Beck
e872b4df9d
Only org policy (#962)
* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
Addison Beck
dfe5c571b9
Delete OrgUsers When Deleting An Org (#964)
* deleted orgUsers when deleting an org

* sql formatting
2020-10-13 11:26:55 -04:00
Kyle Spearrin
00aaa64285 accept larger headers 2020-09-02 16:44:54 -04:00
Kyle Spearrin
8510a753a8
delete sso config when deleting org (#904)
* delete ssouser on org and user delete

* delete sso config when deleting org
2020-09-02 10:48:15 -04:00
Kyle Spearrin
47224913d4
delete ssouser on org and user delete (#902) 2020-09-01 16:05:37 -04:00
Kyle Spearrin
9faa9406a6
delete sso user when deleting org user (#901) 2020-09-01 15:07:47 -04:00
Kyle Spearrin
01bae115a5 proxy for sso connector 2020-09-01 12:44:45 -04:00
Kyle Spearrin
6e0921dcc1 proxy_buffers 2020-08-31 16:44:18 -04:00
Kyle Spearrin
6e7d618e52 correct nginx sso pathing 2020-08-28 13:44:50 -04:00
Kyle Spearrin
f0210cd798 correct identity pathing from nginx 2020-08-28 13:44:01 -04:00
Chad Scharf
db7d05b52f
Added PreValidate endpoint on Account controller (#896)
* Added PreValidate endpoint on Account controller

* Fixed IHttpClientFactory implementation

* Core localization and org sproc fix

* Pass culture, fixed sso middleware bug
2020-08-28 12:14:23 -04:00
Kyle Spearrin
526bdfdb05 update nginx proxy for portal pathing 2020-08-27 16:26:12 -04:00
Kyle Spearrin
0607050024
update self-host for sso and portal (#893) 2020-08-26 17:48:31 -04:00
Addison Beck
59f8467f7c
Create sso user api (#886)
* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-26 14:12:04 -04:00
Chad Scharf
8884157427
Added get for sso config repo by revision date (#878) 2020-08-19 13:35:17 -04:00
Kyle Spearrin
cd926ca8f6
allow user registration for sso (#865) 2020-08-13 17:30:10 -04:00
Kyle Spearrin
056b4b9bf4
add api support for updating org identifier (#861)
* add api support for updating org identifier

* add identifier to response as well

* implement in EF repo
2020-08-12 16:38:22 -04:00
Kyle Spearrin
623cd36bd4
upgrade identity server 4 to v4 (#842)
* upgrade identity server 4 to v4

* remove script ref
2020-07-30 17:00:13 -04:00
Kyle Spearrin
047c2ad3ab comment out sso in nginx config 2020-07-29 10:01:36 -04:00
Kyle Spearrin
307ac437d5 remove sso container ref 2020-07-29 09:50:11 -04:00
Kyle Spearrin
68915a452e missing go 2020-07-28 21:53:12 -04:00
Kyle Spearrin
c53e8cbf9d
return if org user has sso binding (#839) 2020-07-28 21:11:45 -04:00
Kyle Spearrin
2c4752f4ac
Sso user table, model and repo stubbed out (#837)
* Sso user table, model and repo stubbed out

* switch to nullable org id, bigint id

* update GetBySsoUserAsync

* cleanup migrator file

* fix EF user repo

* fix pg repo

* is `IS NULL` checks

* unique indexes

* update migration scripts

* add another unique index

* remove old script
2020-07-28 10:03:09 -04:00
Kyle Spearrin
5de236f294 update libs 2020-07-27 20:36:17 -04:00
Addison Beck
229478adae
Feature.web.534.allow multi select in org vault (#830)
* Set up API methods for bulk admin delete
2020-07-22 11:38:53 -05:00
Matt Portune
51fd87df0b
Added UseSso bool to Organization (#834)
* Added UseSso bool to org

* Update fields in migration script

* bump version & check enabled flag on ssoConfig
2020-07-22 09:38:39 -04:00
Chad Scharf
83e9468502
Transition reference id to data (#828)
* Transition reference id to data

* field length and request model updates
2020-07-20 15:19:46 -04:00
François Van Ingelgom
aab6095073
Add support building from path that contains space (#815) 2020-07-17 08:28:31 -04:00
Kyle Spearrin
0d0c6c7167
sso integrations (#822)
* stub out hybrid sso

* support for PKCE authorization_code clients

* sso service urls

* sso client key

* abstract request validator

* support for verifying password

* custom AuthorizationCodeStore that does not remove codes

* cleanup

* comment

* created master password

* ResetMasterPassword

* rename Sso client to OidcIdentity

* update env builder

* bitwarden sso project in docker-compose

* sso path in nginx config
2020-07-16 08:01:39 -04:00
Chad Scharf
d0d93a64ee
Reverse encouragement of self-signed cert (#813) 2020-07-07 20:58:45 -04:00
Mart124
61f46ecb11
Update CertBuilder.cs (#809) 2020-07-06 13:48:23 -04:00
Mart124
62b3c305c3
Add default log parameters (#807)
* Add default log parameters

* Case typo
2020-07-02 16:28:16 -04:00
Kyle Spearrin
cc9d18f6d2
add missing [ViewPassword] true (#799) 2020-06-27 15:09:04 -04:00
Matt Portune
0b1e49bc0a Remove Id from SsoConfig_Create sproc 2020-06-26 16:47:41 -04:00
Matt Portune
9f919bbea9 move Id assignment to after insert 2020-06-25 18:28:08 -04:00
Matt Portune
f46023f2f5 requested changes 2020-06-25 18:06:27 -04:00
Matt Portune
39a81af3e9 DAL & CRUD for SSO 2020-06-25 16:42:29 -04:00
Chad Scharf
fca7b162bf Reference id storage and signup 2020-06-25 12:28:22 -04:00
Kyle Spearrin
0f2ea43454 bump dbup minor version 2020-06-24 16:37:23 -04:00
Kyle Spearrin
8559e144c6 bump dependency minor/patch versions 2020-06-24 16:37:23 -04:00
Matt Portune
f471237ce4 Update migration 2020-06-24 16:14:59 -04:00
Matt Portune
81879f804b fixed field name during name check 2020-06-24 15:21:48 -04:00
Matt Portune
448032668e fixed syntax error in migration 2020-06-24 15:18:42 -04:00
Matt Portune
05891f2122 Requested updates 2020-06-24 12:24:36 -04:00
Matt Portune
09df3f64d3 Updates to SSO config DB setup 2020-06-23 23:54:27 -04:00
Matt Portune
aa19be2c0c formatting 2020-06-22 10:45:37 -04:00
Matt Portune
d0a98d6cf3 Added missing migration functionality 2020-06-22 09:49:16 -04:00
Matt Portune
519226f824 formatting 2020-06-21 23:42:27 -04:00
Matt Portune
8e7cb082ad DB support for SSO config 2020-06-21 23:35:42 -04:00
hinton
24a458416e Add missing go after create type. 2020-05-26 20:56:10 +02:00
hinton
bf7f541664 Add go after last statement. 2020-05-26 20:53:49 +02:00
hinton
4c1ba235d8 Delete procedures before droping type 2020-05-23 12:06:05 +02:00
hinton
14a8224a99 Be explicit about AccessAll for ViewPassword 2020-05-23 11:06:41 +02:00
hinton
1c0095b122 Be explicit with AccessAll and fix bug in create/update cipher 2020-05-23 10:36:35 +02:00
hinton
54f3ab5863 Add database migration script for hidden passwords 2020-05-22 22:52:08 +02:00
Kyle Spearrin
343ef92a20
Sproc tweaks (#730)
* do not follow local hosts or ip addresses

* remove cron from mssql

* migration script

* Use joins instead of temp tables

* update migration script with join changes
2020-05-21 11:35:00 -04:00
Kyle Spearrin
c205bf72e6 update some libs 2020-05-18 21:57:14 -04:00
Mart124
330ff7cd80
Fix sleep calculation (#719)
* Fix sleep calculation

* Fix sleep calculation
2020-05-04 07:48:16 -04:00
Chad Scharf
43501e643f [Soft Delete] - cleanup whitespace in Cipher_Restore 2020-04-10 10:51:27 -04:00
Chad Scharf
598e1ff92b [Soft Delete] - Add not null/is null filters to soft delete and restore sprocs 2020-04-09 15:25:17 -04:00
Chad Scharf
7f22088d5f Fix delcaration of @UtcNow variable 2020-04-02 14:08:19 -04:00
Chad Scharf
eb34cc49c6 Fixed date time precision assignment for DeletedDate and RevisionDate (performance + match/data quality) 2020-04-02 13:45:53 -04:00
Chad Scharf
d07f27f274 [Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update 2020-04-01 16:39:27 -04:00
Chad Scharf
d014a597dd [Soft Delete] - API updates for soft delete + retrieval 2020-04-01 13:00:25 -04:00
Chad Scharf
9800b752c0 Changed all C# control flow block statements to include space between keyword and open paren 2020-03-27 14:36:37 -04:00
Chad Scharf
55b937ff68 Updated PR comments, changed smart defaults for behavior, updated Cipher table index 2020-03-27 10:23:37 -04:00
Chad Scharf
bc46eccf70 Deleted date on Cipher table, related sprocs and repositories updated 2020-03-26 19:32:37 -04:00
Kyle Spearrin
cd0ec26b07 upgrade libs 2020-03-04 22:01:28 -05:00
Kyle Spearrin
81424a8526
Enforce 2fa policy (#654) 2020-02-19 14:56:16 -05:00
Kyle Spearrin
6b6c2d862d 8bit => bitwarden 2020-02-18 22:22:32 -05:00
Kyle Spearrin
725522128c sync org policies to client devices 2020-01-28 15:33:32 -05:00
Kyle Spearrin
1f22420e6c update mssql image 2020-01-22 17:14:12 -05:00
Kyle Spearrin
f3f1ac57d2 refactor policy apis 2020-01-20 08:53:15 -05:00
Mart124
d9181045c9 Stop mssql gently (#641) 2020-01-16 14:25:06 -08:00
Kyle Spearrin
ff8731c82f add usepolicies to org profile object 2020-01-15 15:17:32 -05:00
Kyle Spearrin
e8054df5b4 use policies property for orgs 2020-01-15 15:00:54 -05:00
Kyle Spearrin
58faf5266b policy events 2020-01-15 09:43:49 -05:00
Kyle Spearrin
57a491d58b aspnet image 2020-01-13 15:07:52 -05:00
Kyle Spearrin
6efb7fcbfd add routing for server 2020-01-13 11:14:50 -05:00
Kyle Spearrin
b1e8d16b9d update some libs 2020-01-13 09:33:12 -05:00
Kyle Spearrin
47b50e48ef update libs 2020-01-10 16:14:16 -05:00
Kyle Spearrin
29580684a3 upgrade to aspnet core 3.1 2020-01-10 08:33:13 -05:00
Kyle Spearrin
4e4644e17d stub out organization policy db schema 2020-01-06 14:26:48 -05:00
Mart124
9bb6476f53 Typo (#613)
* Update logrotate.sh

* Update backup-db.sh
2019-11-25 10:36:06 -05:00
Mart124
8b5e37d349 Update .dockerignore (#612) 2019-11-25 10:08:14 -05:00
Kyle Spearrin
2cf8b88fbb dont exec 2019-11-25 09:25:11 -05:00
Kyle Spearrin
980e19884d exec gosu 2019-11-25 09:22:42 -05:00
Mart124
35a5dd95bb DB backups without cron (#608)
* Update backup-db.sh

* Update entrypoint.sh

* Update Dockerfile

* Delete crontab

* Update backup-db.sh

* don't bother with log files

all is already in /var/opt/mssql/log/errorlog

* Use gosu
2019-11-25 08:35:52 -05:00
Mart124
47bda1e6d0 Rotate nginx logs (#601)
* Rotate nginx logs

* Create logrotate.sh

* Update Dockerfile

* Update entrypoint.sh

* Update Dockerfile

* Update logrotate.sh

* No reason to disable logrotate

* Update logrotate.sh

* Update entrypoint.sh

* typo

* Avoid useless output

* Use gosu
2019-11-25 08:34:47 -05:00
Mart124
6950dcae8b Install tzdata package (#606) 2019-11-22 09:52:17 -05:00
Kyle Spearrin
8f3df46075 remove black hole for telemetry 2019-11-20 09:47:46 -05:00
Kyle Spearrin
fe3378b483 try internal network by default 2019-11-20 08:09:53 -05:00
Kyle Spearrin
c27b72e019 private network for some containers 2019-11-20 07:35:42 -05:00
Kyle Spearrin
63c3d5342c undo admin host port header 2019-10-17 14:40:05 -04:00
Kyle Spearrin
0a7727dc27 port to host header for admin 2019-10-17 14:20:49 -04:00
Kyle Spearrin
dfeb2aad5c no server port test 2019-10-17 14:04:22 -04:00
Kyle Spearrin
b040229933 add server_port to host proxy header 2019-10-17 13:30:41 -04:00
Mart124
6f91b693d9 Increase self-signed certs duration (#570) 2019-10-02 10:26:07 -04:00
Kyle Spearrin
c0bc5a0361 bitwarden update script without .sh suffix 2019-08-22 15:19:06 -04:00
Kyle Spearrin
5f4c7eb122 add q9 secondary dns resolver 2019-08-05 07:36:31 -04:00
h-town
d081d0fc4d Revise hard-coded ssl resolver to Cloudflare & Quad9 (#543)
Google (terrible) and OpenDNS (questionable at best) are not ideal for privacy-minded users.  Both Cloudflare DNS and Quad9 at least claim to drop logs, each of them have widely-reported response times, and they're sufficiently established with over a year of service.
2019-08-05 07:34:29 -04:00
Kyle Spearrin
8dabba984d fix nginx healthcheck 2019-07-27 21:54:06 -04:00
Kyle Spearrin
0793cb6167 healthcheck for attachments server 2019-07-26 20:31:45 -04:00
Kyle Spearrin
310e0115d5 add port to health check 2019-07-26 14:24:39 -04:00
Kyle Spearrin
2ea244c723 healthcheck cmd 2019-07-26 14:04:45 -04:00
Kyle Spearrin
b7f3fa0087 try fixing curl install again 2019-07-26 13:21:46 -04:00
Kyle Spearrin
82a8249a69 fix curl error 2019-07-26 13:12:20 -04:00
Kyle Spearrin
d2bf308c10 fix sqlcmd path on healthcheck 2019-07-26 12:52:39 -04:00
Kyle Spearrin
bba0206bb7 alive check for nginx 2019-07-26 12:43:06 -04:00
Kyle Spearrin
29f0a2aa12 mssql healthcheck 2019-07-26 12:16:38 -04:00
Kyle Spearrin
a23e081397 update some libs 2019-07-23 16:58:40 -04:00
Kyle Spearrin
94188fa0b5 update to net core 2.2 2019-07-23 16:38:49 -04:00
Kyle Spearrin
3422df325b HIBP api key in env variables 2019-07-22 21:24:04 -04:00
Kyle Spearrin
242e509b9d set en-US as default current culture 2019-07-11 15:03:17 -04:00
Kyle Spearrin
f97539d558 build events container into docker deployment 2019-07-09 14:49:34 -04:00
Kyle Spearrin
35804e10cf collection cipher query improvements 2019-05-28 23:55:47 -04:00
Kyle Spearrin
d34cde7579 group name fix 2019-05-15 22:38:52 -04:00
Kyle Spearrin
e6fc0f9548 real_ips uses this in template 2019-05-15 22:11:22 -04:00
Kyle Spearrin
6381634a92 update libs 2019-05-11 20:56:49 -04:00
Kyle Spearrin
33845d372f bump dockerfile dep versions 2019-05-07 11:14:37 -04:00
Cédric Laubacher
afdf29da78 Update NGINX Dockerfile to latest stable version (#490) 2019-05-03 07:37:32 -04:00
Kyle Spearrin
b4148d3532 fix issues on cipher admin endpoints 2019-05-01 09:38:13 -04:00
Kyle Spearrin
044f21df29 indenting 2019-04-27 23:13:14 -04:00
Kyle Spearrin
b935b16cb8 more real_ip config values for nginx 2019-04-27 23:11:57 -04:00
Kyle Spearrin
d8204341a4 add semicolon 2019-04-26 12:44:44 -04:00
Kyle Spearrin
6dc2e1b328 real ips config 2019-04-26 12:26:54 -04:00
Kyle Spearrin
acfacf69a2 Revert "--with-http_realip_module"
This reverts commit f951304f11.
2019-04-26 12:10:22 -04:00
Kyle Spearrin
f951304f11 --with-http_realip_module 2019-04-26 11:09:12 -04:00
Kyle Spearrin
bc94c36cfc formatting 2019-04-14 22:46:11 -04:00
Robin van Boven
03bcce1e73 Support reading a file for the SA_PASSWORD for swarm security. (#477) 2019-04-14 22:41:59 -04:00