1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-28 13:15:12 +01:00
Commit Graph

3444 Commits

Author SHA1 Message Date
Oscar Hinton
18b597559a
Bump version to 1.42.1 (#1527) 2021-08-19 14:19:52 +02:00
Oscar Hinton
7058fe3ed0
Bump Saml2 dependency to 2.8.0, which adds support for .NET 5. (#1526) 2021-08-19 04:16:12 -05:00
Thomas Rittson
a735bdd027
Fix sales tax error if using PayPal or credit (#1524)
Add sales tax information to previewInvoice, which is used to calculate
the amount of the PayPal or account credit charge. Without this, the
charged amount and Stripe subscription amounts are different and throws
an error.
2021-08-19 15:21:06 +10:00
Joseph Flinn
bbc2483968
removing job dependencies (#1523) 2021-08-18 18:51:38 -07:00
Addison Beck
4400fdf57d
changed the value of the DirectorySynced event (#1520) 2021-08-17 16:19:15 -04:00
Matt Gibson
b5094c8718
Update version to 1.42.0 (#1519) 2021-08-17 14:06:22 -05:00
Oscar Hinton
34995ead1f
Refactor email template to resolve logo not being centred (#1516) 2021-08-17 20:54:06 +02:00
Addison Beck
4645914383
Reference Events Fixups (#1518)
* made salesAssistedTrialStarted nullable

* removed conditional logic surrounding directory sync events

* changed the value of the CipherCreated reference event enum
2021-08-17 13:12:55 -04:00
Matt Portune
f241b34b22
Update AppId.hbs (#1517)
testing sha256 apk key hash against debug build
2021-08-17 10:31:16 -04:00
Matt Gibson
1779d33a66
Verify Send file does not exist before saving file (#1515)
* Verify Send file does not exist before saving file

* Fix flaky test
2021-08-17 08:37:00 -05:00
Matt Gibson
48aa54949b
Allow api key as captcha token (#1513)
This allows legitimate users to permanently bypass captcha once
they've successfully logged in. Will allow unmonitored scripts more
resilience to captcha requirements
2021-08-13 08:52:52 -05:00
Matt Gibson
6d18f44029
Add captcha option to Nginx config (#1509)
* Add captcha option to Nginx config

* Fix formatting
2021-08-13 08:52:26 -05:00
Addison Beck
824645250e
toggled the force password reset flow off (#1510)
* toggled the force password reset flow off

* Update UserService.cs
2021-08-12 13:09:08 -04:00
Addison Beck
87fb3f533c
fixed a bad migration change (#1511) 2021-08-12 13:06:02 -04:00
Addison Beck
f55708d748
built out the organization edit event from the admin portal (#1508)
* built out the organization edit event from the admin portal

* removed unneeded override

* added some space

* fixed the space
2021-08-11 12:44:30 -04:00
Joseph Flinn
c22dc71c49
removing unneeded code from the QA deploy workflow (#1506) 2021-08-11 07:27:29 -07:00
Thomas Rittson
eb6aaad57a
Use RequestSizeLimit for all file upload endpoints (#1507)
* Enforce upload size limits via RequestSizeLimit instead of if statements
* 101mb limit for legacy uploads, 501mb limit for all other
* Only allow v2 local storage for self-hosted instances
2021-08-11 08:14:28 +10:00
Thomas Rittson
f92628fb80
Use UrlB64 encoding for auth-email header (#1503) 2021-08-11 06:21:46 +10:00
Vince Grassia
179543d790
Add 'alive' endpoint to Admin and Identity services (#1505)
* Add 'alive' endpoint to Admin and Identity services

* Move 'alive' endpoint for Admin to Home Controller
2021-08-10 15:29:13 -04:00
Addison Beck
7928b25796
Added Several New Reference Events (#1500)
* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
2021-08-10 14:38:58 -04:00
Joseph Flinn
2e1df91232
Update qa env (#1504)
* deploying directly to the production slot of the App Service

* Update Azure Service Bus package

* adding a app service shutdown to qa

* reverting QA env deploy change

* Update qa-deploy workflow with debugging statement

* Disable start/stop in QA deploy workflow

* Fix UserKdf and UserApiKey migrations to only update null values (#1494)

* Add proper New Relic NuGet package for .NET 5

* Test NewRelic changes

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2021-08-10 11:15:16 -07:00
Matt Gibson
842a1c2e37
Tweak provider views (#1499)
* Add Organizations to provider views

Remove enabled/disabled toggle from provider. It's currently not used.

* Remove provider Delete

There are implications to deleting providers on the organizations they manage.
We want to think through this flow before allowing delete from the
admin portal.

* Use toastr to display production exception messages.

Update build actions to upgrade npm to v7.

Use a custom error handler in production which displays a toast of the
exception message and redirect to the offending page

* Clarify provider create error message
2021-08-10 11:28:00 -05:00
Matt Gibson
5dc6013e37
Provider qa feedback (#1501)
* Title case buttons

* Throw if provider tries to add a non-business organization

* Allow only one admin OR owner roll in a free org per user

Boolean operators were not properly assocated
and ownership of an org was precluding confirmation into any other
organization

* Limit email length

* Require email domain with top level domain

* Do not allow email domains to end in invalid characters

* Fix free org tests
2021-08-10 11:16:10 -05:00
Addison Beck
b726b08ea1
added a status check to the read by minimum role proc (#1498) 2021-08-10 06:59:54 -04:00
Vincent Salucci
53a93ffcea
[Reset Password v1] Updated force password reset models (#1492) 2021-08-05 13:00:24 -05:00
Addison Beck
152f1f7a9b
Allow Resending Provider Setup Emails From The Admin Portal (#1497)
* Added a button for resending provider setup emails

* Fixed a case typo in a stored procedure

* Turned a couple lines of code into a method call

* Added service level validation against inviting users for MSP invites

* Code review improvements for provider invites

created a factory for provider user invites

wrote tests for provider invite permissions"

* changed a few exception types
2021-08-05 10:39:05 -04:00
Matt Gibson
cfc7fa071b
Record when a provider user accesses a clients vault (#1496)
* Record when a provider user accesses a clients vault

* Do not allow removal from provider unless owner exists

* PR Review

* Null safe event processing
* append `Async` to async methods
2021-08-05 07:50:41 -05:00
Matt Portune
744e8f1a13
Update AppId.hbs (#1495) 2021-08-04 15:49:55 -04:00
Thomas Rittson
b1ed6d2c21
Fix upload limits for direct uploads (again) (#1479)
* Use constants to represent file size limits

* Allow uploads of up to 500mb for self-hosted

* Set nginx max body size to 505mb

* Add reminder about updating nginx/proxy.conf
2021-08-04 09:00:30 +10:00
Vince Grassia
a31c231749
Fix UserKdf and UserApiKey migrations to only update null values (#1494) 2021-08-03 15:54:47 -04:00
Matt Gibson
f37c87c0e1
Change display name of provider view properties (#1491)
Note, ProviderAdmin info section is being updated in another PR
2021-08-02 13:19:26 -05:00
Matt Gibson
282d6a9007
Change set up to two words (#1490) 2021-08-02 11:20:04 -05:00
Thomas Rittson
8d2b36d187
Fix conflicting group permissions (#1473)
* Return collection with highest permission levels

* Revert "Return collection with highest permission levels"

This reverts commit 06e0f3b73e.

* Combine duplicate collectionDetails

* Update EF to combine duplicate CollectionDetails

* Delete unneeded using statements
2021-08-02 11:49:27 +10:00
Thomas Rittson
28df4fddb7
Support RSA 4096 keys in password history (#1407)
* Support RSA 4096 keys in password history

* Increase password length to 5000 for RSA4096 keys
2021-08-02 11:39:43 +10:00
Matt Gibson
2298c96e30
Invite Client owner at time of client org creation (#1488) 2021-07-30 08:10:58 -05:00
Mart
fdaf6b14d4
enh(mysql) Enforce ENGINE=InnoDB (#1470)
* enh(mysql) Enforce ENGINE=InnoDB

* enh(mysql) Enforce ENGINE=InnoDB
2021-07-29 17:12:57 -04:00
Matt Gibson
71daef2588
Always enable events for providers (#1487) 2021-07-27 15:44:54 -05:00
Vincent Salucci
545d5f942b
[Reset Password v1] Fixed ForcePasswordReset migration script (#1484) 2021-07-23 08:48:34 -05:00
Oscar Hinton
eb846f7627
[Provider] Resolve email not being url encoded (#1483) 2021-07-23 10:22:59 +02:00
Oscar Hinton
792fb377dd
[Provider] Prevent including pending organizations in SyncResponse (#1482) 2021-07-22 22:18:34 +02:00
Thomas Rittson
757102fd96
Fixes for StrictEmailAddressAttribute (#1474)
* Use StrictEmail validation for changing email

* Add trailing symbols to illegal chars in emails

* Add semicolon as always illegal

* Replace regex with MimeKit parsing, add unit test

* Add more unit tests

* Fix linting
2021-07-23 05:59:10 +10:00
Matt Gibson
7a135ae7cd
Protect user registration with captcha (#1480)
* Protect user registration with captcha

* PR feedback
2021-07-22 12:29:06 -05:00
Vincent Salucci
46fa6f6673
[Reset Password v1] Update Temporary Password API (#1481)
* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
2021-07-22 09:20:14 -05:00
Matt Gibson
8e1e2fa2fe
Feature/sync Enable hcaptcha on login (#1469)
* Share globalSettings hcaptcha public key with clients

* Require captcha valid only prior to two factor

users with two factor will have already solved captcha is necessary.
Users without two factor will have`TwoFactorVerified` set to false

* Do not require CaptchaResponse on two-factor requests

* Add option to always require captcha for testing purposes

* Allow for self-hosted instances if they want to use it

* Move refresh suggestion to correct error

* Expect lifetime in helper method

* Add captcha bypass token to successful captcha validations

* Remove twofactorValidated

* PR Feedback
2021-07-21 13:42:06 -05:00
Oscar Hinton
259bf8d760
Add events for Creating, Adding and Removing ProviderOrganizations (#1475) 2021-07-21 19:40:38 +02:00
Vincent Salucci
4e486e5f5d
[Reset Password v1] Update DB for Forced Reset (#1467)
* [Reset Password v1] Force Temp Password Changes

* Updated EF migrations/scripts

* Updating user sprocs with default bit value
2021-07-21 11:47:11 -05:00
Addison Beck
8e97b924d4
addressed bugs and concerns around special characters in email templates (#1478)
* addressed bugs and concerns around special characters in email templates

* Modified email sanitization rules
2021-07-21 12:43:28 -04:00
Joseph Flinn
f1238d7b4a
Increasing production log level (#1477)
* increasing the log levels on all of the services to prevent logging successes

* resetting the default logging and adding in constraints in logging in Production
2021-07-21 09:15:59 -07:00
Joseph Flinn
2419bc2928
Protecting Versioned Docker Images in the CI Pipeline (#1462)
* moving the docker versioning into the deploy since it is an actual deploy push

* removing the unneeded branch constraints

* adding in different branch constraint to deploy
2021-07-19 12:16:06 -07:00
Oscar Hinton
19c2b025d1
[Provider] Include disabled providers in sync response (#1471) 2021-07-19 19:50:29 +02:00