1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00
Commit Graph

300 Commits

Author SHA1 Message Date
Daniel García
4f87e4e1a4
[PM-2196] Improvements to the Swagger generator (#2914)
* Swagger fixes

Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com>

* Make Response Models return Guids instead of strings

* Change strings into guids in ScimApplicationFactory

---------

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2023-07-14 17:18:26 +02:00
Thomas Avery
1d9aeb37aa
[SM-707] Refactor authorization for Access Policy Commands (#2905)
* Extract authorization from access policy commands

* Use auto mapper to ignore unwanted properties

---------
2023-07-13 11:46:01 -05:00
Thomas Avery
d6a45d4802
[SM-789] Extract authorization from service account delete command (#2999)
* Extract authorization from SA delete command

* swap to IEnumerable

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-07-12 15:32:40 -05:00
Thomas Avery
b629c31de9
[SM-787] Extract authorization from project delete command (#2987)
* Extract authorization from project delete command

* Support service account write access

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-07-11 15:15:18 -05:00
Colton Hurst
a565b19ffb
SM-768: Update EFCore and related packages to >= 7.0 (#3006)
* SM-768: Update EFCore and related packages to >= 7.0

* SM-768: Update more packages for the EF 7 upgrade

* SM-768: Update the PostgreSQL package

* SM-768: Run dotnet restore --force-evaluate

* SM-768: Revert package upgrades for 3 projects

* SM-768: Update the dotnet-ef tool
2023-07-07 09:56:31 -04:00
Vincent Salucci
3b4c8afea0
[AC-1191] TDE admin approval email (#3044)
* feat: add new command for updating request and emailing user, refs AC-1191

* feat: inject service with organization service collection extensions, refs AC-1191

* feat: add function to send admin approval email to mail services (interface/noop/handlebars), refs AC-1191

* feat: add html/text mail templates and add view model for email data, refs AC-1191

* feat: update org auth request controller to use new command during auth request update, refs AC-1191

* fix: dotnet format, refs AC-1191

* refactor: update user not found error, FirstOrDefault for enum type display name, refs AC-1191

* refactor: update user not found to log error instead of throws, refs AC-1191

* fix: remove whitespace lint errors, refs AC-1191

* refactor: update hardcoded UTC timezone string, refs AC-1191

* refactor: add unit test for new command, refs AC-1191

* refactor: improve enum name fallback and identifier string creation, refs AC-1191

* refactor: add addtional unit tests, refs AC-1191

* refactor: update success test to use more generated params, refs AC-1191

* fix: dotnet format...again, refs AC-1191

* refactor: make UTC display a constant for handlebars mail service, refs AC-1191

* refactor: update displayTypeIdentifer to displayTypeAndIdentifier for clarity, refs AC-1191
2023-07-06 10:03:49 -05:00
Justin Baur
b0214ae1be
[PM-863] Fix Organization Folders in EF Databases (#2856)
* Fix Setting Organization Folders

* Fix Formatting

* Added ReplaceAsync Test

* Fix SQL Server Test

* Update Replace Call Also

* Be Case Insensitive With Guids

* Fix Assignment to Cipher
2023-06-30 18:41:11 -04:00
Justin Baur
49e849deb9
[PM-1198] Modify AuthRequest Purge Job (#3048)
* Add PasswordlessAuth Settings

* Update Repository Method to Take TimeSpan

* Update AuthRequest_DeleteIfExpired

- Take Configurable Expiration
- Add Special Cases for AdminApproval AuthRequests

* Add AuthRequestRepositoryTests

* Run Formatting

* Remove Comment

* Fix Bug in EF Repo

* Add Test Covering Expired Rejected AuthRequest

* Use Longer Param Names

* Use Longer Names in Test Helpers
2023-06-30 14:13:31 -04:00
cd-bitwarden
3f3f52399b
[SM-716] Adding ability for service account to have write access (#3021)
* adding ability for service account to have write access

* Suggested changes

* fixing tests

* dotnet format changes

* Adding RunAsServiceAccountWIthPermission logic to ProjectAuthorizationhandlerTests

* Removing logic that prevents deleting and updating a secret. Adding Service Account logic to tests inside of secretAuthorizationhandlerTests.

* Removing Service Account from CanUpdateSecret_NotSupportedClientTypes_DoesNotSuceed because it is a supported client type now :)

* thomas sugested changes

* using Arg.Any<AccessClientType>() instead of default in tests

* merge conflict changes and code updates to remove service account tests that are  outdated

* fixing tests

* removing extra  spaces that lint hates
2023-06-30 17:17:41 +00:00
Thomas Avery
74ab7e8672
[SM-771] Add new endpoint for bulk enabling users for Secrets Manager (#3020)
* Add new endpoint for bulk enabling users for sm

* Review updates
2023-06-29 12:42:44 -04:00
Justin Baur
3bffd480cb
Pin Microsoft.AspNetCore.Http (#3001) 2023-06-29 08:37:58 -05:00
Thomas Avery
d020c49c0e
[SM-788] Extract authorization from secret delete command (#3003)
* Extract authorization from secret delete command
2023-06-27 13:12:34 -05:00
Justin Baur
e0b231a220
[PM-2697] Return UserDecryptionOptions Always (#3032)
* Add Comments to UserDecryptionOptions

* Move Feature Flag Check

* Remove SSO Config Check

* Move UserDecryptionOptions Creation

- Put logic in BaseRequestValidator

* Remove 'async'
2023-06-26 20:17:39 -04:00
SmithThe4th
e96fc56dc2
[SG-497] BEEEP - Health Checks API Project (#2237)
* health check services added

* health check extension added

* added get connection string

* made changes to hrslth check method

* Added database health check

* added identity server health check

* added identity server health check

* Added logger publisher

* latest changes

* removed file

* Added mail server check for dev

* Added authorization to health check url path

* commented

* Added exception to switch

* Removed exclude code coverage

* Added health check for redis

* Added todos

* Added storage queue checks

* Added checks for mail

* Removed unused references and fixed linting issue

* Lint issues

* Moved healthchecks to sharedWeb project and exposed builder as a parameter to configure more health checks based on a project

* Added health check to API project

* dependencies updated

* Removed ef core health check dependencies

* Added checks to only add a health check when the connection string exists, moved health check from startup to extension class

* Merged with master and fixed conflicts

* Fixed lint issues

* Added check for amazon ses

* merged with master

* fixed lint

* Removed Amazon SES health check
2023-06-26 15:04:21 -04:00
Thomas Avery
bb3a9daf98
[SM-678] ClientSecret migration (#2943)
* Init ClientSecret migration

* Fix unit tests

* Move to src/Sql/dbo_future

* Formatting changes

* Update migration date for next release

* Swap to just executing sp_refreshview

* Fix formatting

* Add EF Migrations

* Rename to ClientSecretHash

* Fix unit test

* EF column rename

* Batch the migration

* Fix formatting

* Add deprecation notice to property

* Move data migration

* Swap to CREATE OR ALTER
2023-06-21 13:16:06 -05:00
Justin Baur
5a8e549194
[PM-1815] Include Member Decryption Type in Token Response (#2927)
* Include Member Decryption Type

* Make ICurrentContext protected from base class

* Return MemberDecryptionType

* Extend WebApplicationFactoryBase

- Allow for service subsitution

* Create SSO Tests

- Mock IAuthorizationCodeStore so the SSO process can be limited to Identity

* Add MemberDecryptionOptions

* Remove Unused Property Assertion

* Make MemberDecryptionOptions an Array

* Address PR Feedback

* Make HasAdminApproval Policy Aware

* Format

* Use Object Instead

* Add UserDecryptionOptions File
2023-06-19 10:16:15 -04:00
Matt Bishop
53327b1993
[PM-2633] Warnings cleanup (#3010)
* Warnings cleanup

* One-line response with null

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Remove condition

* Fix lint from suggestion

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2023-06-16 10:02:05 -04:00
cyprain-okeke
5a12db18d1
[AC-1408] Update plan to include secrets manager (#2942)
* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Name the sm service account planId properly

* Update the secrets manager plan

* correcting the wrong amount for the seats

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2023-06-16 11:12:38 +01:00
Shane Melton
904b2fe205
[AC-1192] Create endpoints for new Device Approvals page (#2993)
* [AC-1192] Create new OrganizationAuthRequestsController.cs

* [AC-1192] Introduce OrganizationAdminAuthRequest model

* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository

* [AC-1192] Add new list pending organization auth requests endpoint

* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository

* [AC-1192] Make the response device identifier optional for admin approval requests

* [AC-1192] Add endpoint for bulk denying admin device auth requests

* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel

* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController

* [AC-1192] Secure new endpoints behind TDE feature flag

* [AC-1192] Formatting

* [AC-1192] Add sql migration script

* [AC-1192] Add optional OrganizationId column to AuthRequest entity

- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId

* [AC-1192] Format migration scripts

* [AC-1192] Fix failing AuthRequest EF unit test

* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability

* [AC-1192] Fix missing comma in migration file

* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive

* [AC-1192] Move request validation into helper method to reduce repetition

* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission

* [AC-1192] Introduce FeatureUnavailableException

* [AC-1192] Introduce RequireFeatureAttribute

* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController

* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column

* [AC-1192] More attempts to sync database migrations

* [AC-1192] Formatting

* [AC-1192] Remove unused reference to FeatureService

* [AC-1192] Change Id types from String to Guid

* [AC-1192] Add EncryptedString attribute

* [AC-1192] Remove redundant OrganizationId property

* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping

- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties

* [AC-1192] Remove OrganizationUser navigation property
2023-06-15 14:54:08 -07:00
Thomas Avery
3449d28c83
[SM-705] Extract Authorization from Access Token Commands (#2928)
* refactor authorization for access token commands

* Unit tests for authorization handler
2023-06-13 15:30:44 -05:00
Thomas Avery
05f11a8ee1
[SM-706] Extract Authorization From Create/Update Secret Commands (#2896)
* Extract authorization from commands

* Swap to request model validation.

* Swap to pattern detection
2023-06-08 16:40:35 -05:00
Matt Bishop
6a9e7a1d0a
Project configuration tune-up (#2994) 2023-06-08 13:21:03 -04:00
Rui Tomé
746dec6496
[PM-1270] Throw error when removing master password reset policy with TDE enabled (#2964)
* [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment

* [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment

* [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created

* [PM-1270] Removed unused method mock on unit test
2023-06-07 09:56:31 +01:00
Thomas Avery
d1155ee376
[SM-704] Extract Authorization For ServiceAccounts (#2869)
* Move to access query for project commands

* Swap to hasAccess method per action

* Swap to authorization handler pattern

* Move ProjectOperationRequirement to Core

* Add default throw + tests

* Extract authorization out of commands

* Unit tests for authorization handler

* Formatting

* Swap to reflection for testing switch

* Swap to check read & reflections in test

* fix wording on exception

* Refactor GetAccessClient into its own query

* Use accessClientQuery in project handler
2023-05-31 13:49:58 -05:00
Justin Baur
61a0efbdfc
[PM-2444] Add Pipeline for Testing All Database Variants in CI (#2471)
* Add Pipeline

* Fix Lint

* Added a Change

* Update Pipeline

* Add Multi-Version Support

* Use Profile Switch for each profile

* Fix MySql

* Debug MySql

* Use Proper Seperator

* Add Allow User Variables=true

* Pipeline Work

* Expand Config for Postgres

* Change Config Key

* Add Debug Step

* Fix Debug Step

* Fix Tests

* Add Sleep

* Fix Tests

* Fix SQL Server Tests

* Add Sqlite

* Use Context Property

* Fix Tests

* Fix Test Logger

* Update AccountRevisionDate Check

* Fix Postgres Time Issues

* Formatting and Pipeline Update

* Remove Unneeded SqlServer Setting

* Update .github/workflows/infrastructure-tests.yml

Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>

---------

Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>
2023-05-30 13:25:55 -04:00
Daniel James Smith
09144ddb52
[PM-153] Extend Freshdesk integration (#2939)
* Move keys into FreshDeskSettings class

* Add configurable custom fields for user and org

In FreshDesk we currently use the custom fields `cf_user` and `cf_org`.

- For the US instance these will be set to those values.
- For the EU instance these will likely be configured to `cf_user_eu` and `cf_org_eu`

* Fix file encoding

* Add region to notes

* Use customizable org field value in condition check
2023-05-23 14:43:44 +02:00
cyprain-okeke
662ac7f059
Signups Fail for Organization & User Names >30 Characters (#2923)
* Add a length limit to include only the LEFT 30

* Resolving PR comment

* Fix the failing test

* Add a comment to stripepayment

* Refactoring the code
2023-05-19 18:45:47 +01:00
Rui Tomé
04e18ee8e7
[AC-621] Added possibility of adding users through SCIM to an Organization without a confirmed Owner (#2846)
* [AC-621] Added possibility of adding users through SCIM to an Organization without a confirmed Owner

* [AC-621] Passing EventSystemUser argument for HasConfirmedOwnersExceptAsync in user delete actions by SCIM

* [AC-624] Removed EventSystemUser parameter from IOrganizationService.HasConfirmedOwnersExceptAsync

* [AC-621] Added IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync

* [AC-621] Updated OrganizationService.HasConfirmedOwnersExceptAsync to use IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync to check for any confirmed provider users

* [AC-621] Removed unused EventSystemUser parameters

* [AC-621] Refactored ProviderUserRepository.GetManyByOrganizationAsync to return ProviderUser objects

* [AC-621] Removed default parameter value for Status
2023-05-17 16:39:08 +01:00
Rui Tomé
bcf096971b
[PM-1879] Allow custom users to grant the same custom permissions that they have (#2897)
* [PM-1879] Replaced JsonSerializer.Serialize with CoreHelpers.ClassToJsonData

* [PM-1879] Changed OrganizationService.SaveUserAsync to check Custom permissions

* [PM-1879] Added unit tests for saving Custom permissions using a Custom user

* [PM-1879] Added method OrganizationUser.GetPermissions to deserialize the Permissions property

* [PM-1879] Refactored ValidateCustomPermissionsGrant to return bool

* [PM-1879] Added unit test SaveUser_WithCustomPermission_WhenUpgradingToAdmin_Throws
2023-05-17 14:17:37 +01:00
Jim Hays
8262af3c53
[PM-1969] Spellcheck other (#2878)
* Fix typo in error message: 'Unkown' -> 'Unknown'

* Fix typos in error message

* Fix typo in example text: 'licence' -> 'license'

* Fix typo in validation: 'Ooganization' -> 'Organization'

* Fix typo in text string: 'compatibilty' -> 'compatibility'

* Fix typo: 'ProviderDisllowedOrganizationTypes' -> 'ProviderDisallowedOrganizationTypes'

* Fix typo: 'NSubstitueVersion' -> 'NSubstituteVersion'

* Fix typo: 'CreateIntialInvite' -> 'CreateInitialInvite'

* Fix typo: '_queuryScheme' -> '_queryScheme'

* Fix typo: 'GetApplicationCacheServiceBusSubcriptionName' -> 'GetApplicationCacheServiceBusSubscriptionName'

* Fix typo: 'metaDataRespository' -> 'metaDataRepository'

* Fix typo: 'cipherAttachements' -> 'cipherAttachments'

* Fix typo: 'savedEmergencyAccesss' -> 'savedEmergencyAccesses'

* Fix typo: 'owerOrgUser' -> 'ownerOrgUser'

* Fix typo: 'Organiation' -> 'Organization'

* Fix typo: 'extistingUser' -> 'existingUser'

* Fix typo: 'availibleAccess' -> 'availableAccess'

* Fix typo: 'HasEnouphStorage' -> 'HasEnoughStorage'

* Fix typo: 'extistingOrg' -> 'existingOrg'

* Fix typo: 'subcriber' -> 'subscriber'

* Fix typo: 'availibleCollections' -> 'availableCollections'

* Fix typo: 'Succes' -> 'Success'

* Fix typo: 'CreateAsync_UpdateWithCollecitons_Works' -> 'CreateAsync_UpdateWithCollections_Works'

* Fix typo: 'BadInsallationId' -> 'BadInstallationId'

* Fix typo: 'OrgNotFamiles' -> 'OrgNotFamilies'

* Revert "Fix typo: 'Organiation' -> 'Organization'"

This reverts commit 8aadad1c25.

* Revert "Fix typos in error message"

This reverts commit 81d201fc09.

---------

Co-authored-by: Daniel James Smith <djsmith@web.de>
2023-05-17 12:14:36 +02:00
Shane Melton
bfd3f85bb0
[AC-358] Server changes for self host subscription page changes (#2826)
* [AC-358] Add constant for grace period length

* [AC-358] Add SubscriptionExpiration to OrganizationLicense.cs and increment Current_License_File_Version

* [AC-358] Update org subscription response model

- Add new SelfHostSubscriptionExpiration field that does not include a grace period
- Add optional License argument to constructor for self host responses
- Use the License, if available, to populate the expiration/subscription expiration fields
- Maintain backwards compatability by falling back to organization expiration date

* [AC-358] Read organization license file for self hosted subscription response

* [AC-358] Decrement current license file version and add comment documenting why

* [AC-358] Clarify name for new expiration without grace period field
2023-05-15 07:38:41 -07:00
Rui Tomé
8d3fe12170
[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537)
* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user

* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data

* [EC-787] Returning PolicyData on stored procedures

* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection

* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync

* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Changed integration test to check for single result

* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete

* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails

* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser

* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync

* [EC-787] Removed 'OrganizationUserType' parameter from queries

* [EC-787] Formatted OrganizationUserPolicyDetailsCompare

* [EC-787] Renamed SQL migration files

* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json

* [EC-787] Refactored excluded user types for each Policy

* [EC-787] Updated dates on dbo_future files

* [EC-787] Remove dbo_future files from sql proj

* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync

* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType

* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-05-12 08:22:19 +01:00
Matt Bishop
99b0953acd
Remove Secrets Manager LaunchDarkly feature flag (#2925) 2023-05-11 10:27:58 -04:00
Shane Melton
620a7e0a8d
[AC-1145] Add trusted devices option to SSO Config Data (#2909)
* [AC-1145] Add TDE feature flag

* [AC-1145] Update .gitignore to ignore flags.json in the Api project

* [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData

* [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model

* [AC-1145] Automatically enable password reset policy on TDE selection

* [AC-1145] Remove references to obsolete KeyConnectorEnabled field

* [AC-1145] Formatting

* [AC-1145] Update XML doc reference to MemberDecryptionType
2023-05-10 12:52:08 -07:00
Justin Baur
5a850f48e2
[PM-1807] Add Auth Request Service (#2900)
* Refactor AuthRequest Logic into Service

* Add Tests & Run Formatting

* Register Service

* Add Tests From PR Feedback

Co-authored-by: Jared Snider <jsnider@bitwarden.com>

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-05-09 12:39:33 -04:00
Jim Hays
f9038472ce
Fix typos in comments (#2876) 2023-05-09 17:38:47 +02:00
Thomas Avery
5474d3da18
[SM-702] Extract access policy checks from create/update project commands (#2842)
* Move to access query for project commands

* Swap to hasAccess method per action

* Swap to authorization handler pattern

* Move ProjectOperationRequirement to Core

* Add default throw + tests

* Swap to reflection for testing switch
2023-05-03 09:40:24 -05:00
Thomas Avery
20d3b4b4e8
[SM-670] Add permission context to project lists. (#2822)
* Attach permission context to project lists.

* restrict service-account actions

* Fix project permission details

* Add getters and setters

* dotnet format

* Fix admin create unassigned secret (#2872)
2023-04-26 13:09:25 -05:00
Justin Baur
a2d45c09ad
Fix Organization License Sync (#2864) 2023-04-24 13:51:08 -04:00
Vincent Salucci
9a1a369472
[AC-1201] refactor: move all SCIM related files into the AdminConsole scope (#2841)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2023-04-19 09:31:00 +10:00
Jake Fink
4f2fb2ccf5
[PM-1188] Move EF auth models for code ownership (#2859)
* [PM-1188] move ef auth files to auth folder

* [PM-1188] rename ef models namespace

* [PM-1188] fix auth ef model imports

* [PM-1188] fix ef model usings
2023-04-18 08:45:02 -04:00
Daniel James Smith
4e7b9d2edd
[PM-328] Move files for team-tools (#2857)
* Extract Import-Api endpoints into separate controller

Moved ciphers/import and ciphers/import-organization into new ImportController
Paths have been kept intact for now (no changes on clients needed)
Moved request-models used for import into tools-subfolder

* Update CODEOWNERS for team-tools-dev

* Move HibpController (reports) to tools

* Moving files related to Send

* Moving files related to ReferenceEvent

* Removed unneeded newline
2023-04-18 14:05:17 +02:00
Shane Melton
f2fad5513d
[AC-1070] Enforce master password policy on login (#2714)
* [EC-1070] Add API endpoint to retrieve all policies for the current user

The additional API endpoint is required to avoid forcing a full sync call before every login for master password policy enforcement on login.

* [EC-1070] Add MasterPasswordPolicyData model

* [EC-1070] Move PolicyResponseModel to Core project

The response model is used by both the Identity and Api projects.

* [EC-1070] Supply master password polices as a custom identity token response

* [EC-1070] Include master password policies in 2FA token response

* [EC-1070] Add response model to verify-password endpoint that includes master password policies

* [AC-1070] Introduce MasterPasswordPolicyResponseModel

* [AC-1070] Add policy service method to retrieve a user's master password policy

* [AC-1070] User new policy service method

- Update BaseRequestValidator
- Update AccountsController for /verify-password endpoint
- Update VerifyMasterPasswordResponseModel to accept MasterPasswordPolicyData

* [AC-1070] Cleanup new policy service method

- Use User object instead of Guid
- Remove TODO message
- Use `PolicyRepository.GetManyByTypeApplicableToUserIdAsync` instead of filtering locally

* [AC-1070] Cleanup MasterPasswordPolicy models

- Remove default values from both models
- Add missing `RequireLower`
- Fix mismatched properties in `CombineWith` method
- Make properties nullable in response model

* [AC-1070] Remove now un-used GET /policies endpoint

* [AC-1070] Update policy service method to use GetManyByUserIdAsync

* [AC-1070] Ensure existing value is not null before comparison

* [AC-1070] Remove redundant VerifyMasterPasswordResponse model

* [AC-1070] Fix service typo in constructor
2023-04-17 07:35:47 -07:00
Jake Fink
88dd745070
[PM-1188] Server owner auth migration (#2825)
* [PM-1188] add sso project to auth

* [PM-1188] move sso api models to auth

* [PM-1188] fix sso api model namespace & imports

* [PM-1188] move core files to auth

* [PM-1188] fix core sso namespace & models

* [PM-1188] move sso repository files to auth

* [PM-1188] fix sso repo files namespace & imports

* [PM-1188] move sso sql files to auth folder

* [PM-1188] move sso test files to auth folders

* [PM-1188] fix sso tests namespace & imports

* [PM-1188] move auth api files to auth folder

* [PM-1188] fix auth api files namespace & imports

* [PM-1188] move auth core files to auth folder

* [PM-1188] fix auth core files namespace & imports

* [PM-1188] move auth email templates to auth folder

* [PM-1188] move auth email folder back into shared directory

* [PM-1188] fix auth email names

* [PM-1188] move auth core models to auth folder

* [PM-1188] fix auth model namespace & imports

* [PM-1188] add entire Identity project to auth codeowners

* [PM-1188] fix auth orm files namespace & imports

* [PM-1188] move auth orm files to auth folder

* [PM-1188] move auth sql files to auth folder

* [PM-1188] move auth tests to auth folder

* [PM-1188] fix auth test files namespace & imports

* [PM-1188] move emergency access api files to auth folder

* [PM-1188] fix emergencyaccess api files namespace & imports

* [PM-1188] move emergency access core files to auth folder

* [PM-1188] fix emergency access core files namespace & imports

* [PM-1188] move emergency access orm files to auth folder

* [PM-1188] fix emergency access orm files namespace & imports

* [PM-1188] move emergency access sql files to auth folder

* [PM-1188] move emergencyaccess test files to auth folder

* [PM-1188] fix emergency access test files namespace & imports

* [PM-1188] move captcha files to auth folder

* [PM-1188] fix captcha files namespace & imports

* [PM-1188] move auth admin files into auth folder

* [PM-1188] fix admin auth files namespace & imports
- configure mvc to look in auth folders for views

* [PM-1188] remove extra imports and formatting

* [PM-1188] fix ef auth model imports

* [PM-1188] fix DatabaseContextModelSnapshot paths

* [PM-1188] fix grant import in ef

* [PM-1188] update sqlproj

* [PM-1188] move missed sqlproj files

* [PM-1188] move auth ef models out of auth folder

* [PM-1188] fix auth ef models namespace

* [PM-1188] remove auth ef models unused imports

* [PM-1188] fix imports for auth ef models

* [PM-1188] fix more ef model imports

* [PM-1188] fix file encodings
2023-04-14 13:25:56 -04:00
Colton Hurst
2529c5b36f
SM-695: Block Create & Update for Admins on Secrets Outside of the Org (#2844)
* SM-695: Block create or update for admins on secrets outside of the org

* SM-695: Update test, org is required on project

* SM-695: Update tests to set matching org id in project

* SM-695: Ensure there is no more than 1 project connected to a secret, plus remove org admin check in the CreateSecretCommand.

* SM-695: Add integration tests for create and update secrets security fixes

* SM-695: Update Create and Update secret tests, a secret can only be in one project at a time
2023-04-14 09:48:11 -04:00
Rui Tomé
f5a8cf5c9c
[AC-1081] Merge feature/billing-obfuscation (#2665)
* [EC-1014] Create Organization Status (Pending/Created) (#2610)

* [EC-427] Add columns 'Type' and 'BillingPhone' to Provider table

* [EC-427] Provider table Type and BillingPhone MySql migrations

* [EC-427] Provider table Type and BillingPhone Postgres migrations

* [EC-427] Add mysql migration script

* [EC-427] Add mysql migration script

* [EC-427] Updated Provider sql script to include default column value

* [EC-427] Removed default value from Provider.Type column

* [EC-427] Changed migration script to include a default value constraint instead of updating the null type

* [EC-427] Updated Sql project Provider table script

* [EC-427] Changed migration script to use 'Create OR Alter' for views and sprocs

* [EC-427] Added default values for 'BillingPhone' and 'Type' fields on sprocs [dbo].[Provider_Create] and [dbo].[Provider_Update]

* [EC-427] Adjusting metadata in migration script

* [EC-427] Updated Provider sprocs SQL script files

* [EC-427] Fixed migration script

* [EC-427] Added sqlite migration

* [EC-427] Add missing Provider_Update sproc default value

* [EC-427] Added missing GO action to migration script

* [EC-428] Redirect to Edit after creating Provider

* Revert "[EC-428] Redirect to Edit after creating Provider"

This reverts commit 6347bca1ed.

* [EC-1014] Create OrganizationStatusType and add Status column to Organizations table

* [EC-1014] Added EF migrations

* [EC-1014] dotnet format

* [EC-1014] Changed Organization.Status from SMALLINT to TINYINT

* [EC-1014] Set Organization.Status default value = 1

* [EC-1014] Setting Organization.Status default value as 1

* [EC-459 / EC-428] Admin panel: Add Provider Type to list and creation flow (#2593)

* [EC-427] Add columns 'Type' and 'BillingPhone' to Provider table

* [EC-427] Provider table Type and BillingPhone MySql migrations

* [EC-427] Provider table Type and BillingPhone Postgres migrations

* [EC-427] Add mysql migration script

* [EC-427] Add mysql migration script

* [EC-427] Updated Provider sql script to include default column value

* [EC-427] Removed default value from Provider.Type column

* [EC-427] Changed migration script to include a default value constraint instead of updating the null type

* [EC-427] Updated Sql project Provider table script

* [EC-427] Changed migration script to use 'Create OR Alter' for views and sprocs

* [EC-427] Added default values for 'BillingPhone' and 'Type' fields on sprocs [dbo].[Provider_Create] and [dbo].[Provider_Update]

* [EC-427] Adjusting metadata in migration script

* [EC-427] Updated Provider sprocs SQL script files

* [EC-427] Fixed migration script

* [EC-427] Added sqlite migration

* [EC-427] Add missing Provider_Update sproc default value

* [EC-427] Added missing GO action to migration script

* [EC-459] Added Type column to Providers list

* [EC-428] Added Type, BusinessName and BillingEmail to CreateProviderModel

* [EC-428] Updated Create Provider view to include new fields

* [EC-428] Updated ProviderService to not create a ProviderUser for the type Reseller

* [EC-428] Added custom validation for Provider fields depending on selected Type

* [EC-428] Redirect to Edit after creating Provider

* [EC-428] Setting Provider status as Created for Resellers

* [EC-428] Redirect on Provider creation depending if self host server

* [EC-428] Split ProviderService.CreateAsync into two methods: CreateMspAsync and CreateResellerAsync

* [EC-428] Created ICreateProviderCommand and added service for injection on Admin.Startup

* [EC-428] Modified Provider views to use DisplayName attribute values

* [EC-428] Moved ICreateProviderCommand to Core project

* [EC-428] Adding ICreateProviderCommand injection next to IProviderService

* [EC-428] Moved CreateProviderCommand to Commercial.Core project

* [EC-459] Added Type column to Providers list

* [EC-428] Added Type, BusinessName and BillingEmail to CreateProviderModel

* [EC-428] Updated Create Provider view to include new fields

* [EC-428] Updated ProviderService to not create a ProviderUser for the type Reseller

* [EC-428] Added custom validation for Provider fields depending on selected Type

* [EC-428] Redirect to Edit after creating Provider

* [EC-428] Setting Provider status as Created for Resellers

* [EC-428] Redirect on Provider creation depending if self host server

* [EC-428] Split ProviderService.CreateAsync into two methods: CreateMspAsync and CreateResellerAsync

* [EC-428] Created ICreateProviderCommand and added service for injection on Admin.Startup

* [EC-428] Modified Provider views to use DisplayName attribute values

* [EC-428] Moved ICreateProviderCommand to Core project

* [EC-428] Adding ICreateProviderCommand injection next to IProviderService

* [EC-428] Moved CreateProviderCommand to Commercial.Core project

* [EC-428] Moved CreateProviderCommand to namespace Bit.Commercial.Core.Providers

* [EC-429] Provider details screen updated with Type, BillingPhone and Organization details (#2666)

* [EC-430] Admin portal: Update organization information screen (#2672)

* [EC-430] Added ProviderOrganizationProviderDetailsView to get Provider details for an Organization

* [EC-430] Added Provider information to Organization Edit/View on Admin panel

* [EC-430] Remove "Add to Reseller" button

* [EC-430] Removed unused property OrganizationEditModel.ClientOwnerEmail

* [EC-430] Replaced IProviderOrganizationRepository.GetProviderDetailsByOrganizationAsync with IProviderRepository.GetByOrganizationIdAsync

* [EC-430] Deleted ProviderOrganizationProviderDetails and ProviderOrganizationProviderDetailsReadByOrganizationIdQuery

* [EC-429] Only show Create/Add Existing Organization buttons for Reseller providers (#2723)

* [EC-432] Add existing Organizations to Provider (#2683)

* [EC-432] Added ProviderOrganizationUnassignedOrganizationDetails_Search stored procedure

* [EC-432] Added IProviderOrganizationRepository.SearchAsync

* [EC-432] Created controller ProviderOrganizationsController to assign Organizations to a Provider

* [EC-432] Filter existing organizations by plans Enterprise or Team

* [EC-432] Existing Organization name links to edit page

* [EC-432] EF filtering out existing organizations by plan type enterprise or teams

* [EC-432] Creating multiple ProviderOrganization records

* [EC-432] Added ProviderOrganizationUnassignedOrganizationDetails_Search stored procedure

* [EC-432] Added IProviderOrganizationRepository.SearchAsync

* [EC-432] Created controller ProviderOrganizationsController to assign Organizations to a Provider

* [EC-432] Filter existing organizations by plans Enterprise or Team

* [EC-432] Existing Organization name links to edit page

* [EC-432] EF filtering out existing organizations by plan type enterprise or teams

* [EC-432] Creating multiple ProviderOrganization records

* [EC-432] Renamed migration script and added missing sproc

* [EC-432] Saving multiple events for the created ProviderOrganizations

* [EC-432] Included unit testing for ProviderService.AddOrganizations and EventService.LogProviderOrganizationEventsAsync

* [EC-432] Removed async from NoopEventService.LogProviderOrganizationEventsAsync

* [EC-432] Remove unused dependency setup in ProviderServiceTests.AddOrganizations_Success

* [EC-432] Renamed AddOrganizations to AddOrganizationsToReseller and removed addingUserId and key arguments

* [EC-432] Added DisplayName attributes to ProviderOrganizationViewModel and used them in the view

* [EC-432] Reverted changes to input fields

* [EC-432] Moved unassigned organizations search to Organizations repo

* [EC-432] Moved AddExistingOrganization action to ProvidersController

* [EC-432] dotnet format

* [EC-432] Fixed unit test issues

* [EC-432] Removed unnecessary Html.DisplayNameFor for labels

* [EC-432] Renamed OrganizationSearchViewModel to OrganizationUnassignedToProviderSearchViewModel

* [EC-432] Modified IEventService.LogProviderOrganizationEventsAsync to receive an IEnumerable as parameter

* [EC-432] Updated IProviderOrganizationRepository and replaced CreateWithManyOrganizations method with CreateManyAsync

* [EC-432] Deleted ProviderOrganization_CreateWithManyOrganizations

* [AC-432] Simplified Organization_UnassignedToProviderSearch query

* [AC-432] Removed unnecessary setup

* [EC-432] Checking if stored procedure exists before creating

* [EC-432] Renamed migration file to recent date

* [EC-435] Admin Portal: Add new Organization creation flow UI (#2707)

* [EC-435] Created _OrganizationForm partial view. Added actions for creating an Organization assigned to a provider

* [EC-435] Remove logic for creating an organization

* [EC-435] Created partial view _OrganizationFormScripts

* [EC-435] Remove unused ReferenceEventType

* [EC-435] Added TODO comment on Organization Create

* [EC-435] Checking if Provider type is Reseller on creating new assigned organization

* [EC-435] Setting the Organization plan type as TeamsMonthly by default when adding to a provider

* [EC-435] Removing unused buttons

* [EC-435] Switched hidden fields to form submit route value

* [EC-435] Moved _OrganizationForm and _OrganizationFormScripts to Shared folder

* [EC-435] Moved Create organization actions from OrganizationsController to ProvidersController

* [EC-435] Fixing bug on saving Organization that would have BillingEmail as null

* [EC-435] Added null check to Provider

* [EC-435] Moved trial buttons script logic to Edit view

* [AC-431] Add new organization invite process (#2737)

* [EC-435] Created _OrganizationForm partial view. Added actions for creating an Organization assigned to a provider

* [EC-435] Remove logic for creating an organization

* [EC-435] Created partial view _OrganizationFormScripts

* [EC-435] Remove unused ReferenceEventType

* [EC-435] Added TODO comment on Organization Create

* [EC-435] Checking if Provider type is Reseller on creating new assigned organization

* [EC-435] Setting the Organization plan type as TeamsMonthly by default when adding to a provider

* [EC-435] Removing unused buttons

* [EC-435] Switched hidden fields to form submit route value

* [EC-435] Moved _OrganizationForm and _OrganizationFormScripts to Shared folder

* [EC-435] Moved Create organization actions from OrganizationsController to ProvidersController

* [AC-431] Added new ReferenceEventType OrganizationCreatedByAdmin

* [AC-431] Added method IOrganizationService.CreateOrganization

* [AC-431] Creating new Organization with Pending status and assigning to Provider

* [AC-431] Added method to IMailService to send invitation to initialize org

* [AC-431] Added methods CreatePendingOrganization and InitPendingOrganization to IOrganizationService

* [AC-431] Org invite includes initOrganization parameter

* [AC-431] Modified existing Accept organization user action to initialize org

* [AC-431] Updated ProvidersController method name

* [AC-431] Created OrganizationUserInitInvitedViewModel to link to 'accept-init-organization' url

* [AC-431] Added action AcceptInit to OrganizationUsersController

* [AC-431] Resend owner invite

* [AC-431] dotnet format

* [AC-431] Removed unused parameter 'addingUserId' from IProviderService.AddOrganization

* [AC-431] Removed setting manual values for CreationDate and RevisionDate

* [AC-431] Updated OrganizationService.InitPendingOrganization to throw exceptions when the Organization does not meet the required criteria

* [AC-431] Modified OrganizationUserInitInvitedViewModel to inherit properties from OrganizationUserInvitedViewModel

* [AC-431] Removed unecessary parameter check

* [AC-431] Moved method description to IOrganizationService.InitPendingOrganization

* [AC-431] Moved ApplicationCacheService.UpsertOrganizationAbilityAsync and ReferenceEventService.RaiseEventAsync to OrganizationService

* [AC-431] Creating collection after creating organization

* [EC-435] Fixing bug on saving Organization that would have BillingEmail as null

* [AC-431] Deleted OrganizationUserInitInvitedViewModel and added parameter InitOrganization to OrganizationUserInvitedViewModel.cs

* [AC-431] Checking if the user has any existing SingleOrg policies before initializing an Org

* [AC-431] Remove commented code

* [EC-435] Added null check to Provider

* [EC-435] Moved trial buttons script logic to Edit view

* [AC-431] Added EncryptedString attribute to OrganizationUserAcceptInitRequestModel.CollectionName

* [AC-431] Refactored plan check condition

* [AC-431] Remove duplicate _applicationCacheService.UpsertOrganizationAbilityAsync call

* [AC-431] Removed IMailService.SendOrganizationInitInviteEmailAsync

* [AC-431] Added parameters ClaimsPrincipal and IUserService to IOrganizationService.CreatePendingOrganization

* [AC-434] Hide Billing screen for Reseller clients (#2783)

* [AC-434] Added ProviderType to ProfileOrganizationResponseModel

* [AC-434] Migration script

* [AC-434] Fixed indentation on migration script

* [AC-434] Hiding sensitive subscription data if the user does not have permissions

* [AC-434] Fixed missing dependency in unit test

* [AC-434] Altered BillingSubscription.Amount and BillingSubscriptionUpcomingInvoice.Amount to nullable

* [AC-434] Replaced CurrentContext.ManageBilling with ViewBillingHistory, ViewSubscription, EditSubscription and EditPaymentMethods

* [AC-434] Reverted change on BillingSubscription.Amount and now setting Subscription.Items = null when User does not have permission

* [AC-434] Added ProviderOrganizationProviderDetails_ReadByUserId

* [AC-434] Added IProviderOrganizationRepository.GetManyByUserAsync

* [AC-434] Added CurrentContext.GetOrganizationProviderDetails

* [AC-434] Remove unneeded join Organization table

* [AC-1255] Search Existing Organizations by partial Email (#2830)

* [AC-1255] Added email search field input validation

* [AC-1255] Reverted added email pattern

* [AC-1255] Modified Organization search by Email to search using substring

* [AC-1276] Displaying an Organizations pending owners if the Organization is in a Pending status (#2834)

* [AC-432] Checking that an existing Organization is not assigned to any Provider before being assigned (#2840)

* [AC-432] Checking if any of the selected Organizations is already assigned to a Provider

* [AC-432] Changed ProviderOrganization_ReadByOrganizationIds to only get count

* [AC-432] Replaced IProviderOrganizationRepository.GetCountByOrganizationIdsAsync with call to IProviderOrganizationRepository.GetByOrganizationId

* [AC-432] undo new line

* [AC-432] Fixed unit test

* Revert "[AC-432] Replaced IProviderOrganizationRepository.GetCountByOrganizationIdsAsync with call to IProviderOrganizationRepository.GetByOrganizationId"

This reverts commit ee6e095e88.

# Conflicts:
#	util/Migrator/DbScripts/2023-03-22_00_ProviderAddExistingOrganizations.sql

* [AC-432] Created new migration script for ProviderOrganization_ReadCountByOrganizationIds
2023-04-14 11:13:16 +01:00
Justin Baur
ecf885f4d6
Update Azure.Extensions.AspNetCore.DataProtection.Blobs (#2821) 2023-04-10 12:10:11 -04:00
cyprain-okeke
141c6862ca
[AC 482]automatically apply discounts to provider portal orgs (#2801)
* Adding discount coupon on provider org creation

* Change the provider discount Id

* Fixing the whitespace format

* Remove discount at subscription and apply to customer

* resolving a failing test

* Remove white spaces
2023-04-10 14:40:04 +01:00
cyprain-okeke
6d7bcd98a9
[AC 480]Add the organization name to the stripe invoice (#2772)
* Adding organization name on subscription and update

* Changes after running  dotnet format -v diag

* Change the OrganizationName to GetName

* Change GetName to OwnerName

* Change the OwnerName to SubscriberName

* Reverting the changes made by dotnet format-v diag

* Removing extract space

* resolve the lint issue

* Fix whitespace formatting issue

* Resolving pr comment on changing organization

* Fixing the failing test

* Using the ISubscriber interface for consistent

* fixing the whitescapes

* Resolving the PR comments

* resolving the whitespace format

* Remove unnecessary directive

* Resolving the whitespace issue

* changes for organization instead of subscriber

* resolving the failing test

* Resolve lint issue by removing unnecessary directive

* Resolve the PR comment

* remove these blank lines

* Fixing whitespace formatting
2023-04-07 10:45:18 +01:00
Oscar Hinton
60bdf77e8b
[SM-574] Wire up read/write for secret list and secret response (#2767)
* Wire up read/write for secret list and secret response

* Fix trash

* Remove UserHasReadPermission

* Fix list by project

* Implement admin and service accounts for AccessToSecretAsync

* Resolve feedback

* Fix tests

* Rename function

* Change create to return true, true

* Remove duplicated access check
2023-03-30 16:51:46 +02:00