1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00
Commit Graph

270 Commits

Author SHA1 Message Date
Thomas Rittson
5df0e2180d
[AC-2847] Simplify OrganizationUser and Group PUT methods and tests (#4479)
* refactor controller logic
* add additional validation checks to update commands
* refactor and improve tests
2024-07-16 10:47:28 +10:00
Thomas Avery
acc4808509
[SM-1256] Add BulkSecretAuthorizationHandler (#4099)
* Add AccessToSecretsAsync to the repository

* Add BulkSecretAuthorizationHandler

* Update controller to use the new authz handler

* Add integration test coverage
2024-07-09 10:06:33 -05:00
Thomas Rittson
ef44def88b
[AC-2810] Remove unused FlexibleCollections feature flag from CollectionCipher Repository (#4284)
Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync

This feature flag was never turned on and we will update the sprocs
directly as required.
2024-07-03 12:06:36 +10:00
Thomas Rittson
4e0a981b43
[AC-2809] Remove unused FlexibleCollections feature flag from Cipher Repository (#4282)
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync

This feature flag was never turned on and we will update the sprocs
directly as required.
2024-07-03 11:45:44 +10:00
Addison Beck
b5d42eb189
Handle TDE enrollment case in put account recovery enrollment endpoint (#4449)
* Handle TDE enrollment case in put account recovery enrollment endpoint

* Use `ssoConfig` to derive if an organization is using TDE
2024-07-02 14:18:29 -05:00
Addison Beck
e2d2a2ba90
Add a master password hash check to account recovery enrollment (#4154) 2024-07-01 11:52:58 -04:00
Alex Morask
750321afaa
Updated CSV column header, removed invoice PDF URL (#4212) 2024-06-26 09:30:30 -04:00
Alex Morask
e8e725c389
[AC-2795] Add account credit & tax information to provider subscription (#4276)
* Add account credit, suspension and tax information to subscription response

* Run dotnet format'
2024-06-26 09:08:18 -04:00
Alex Morask
95f54b616e
[AC-2744] Add provider portal pricing for consolidated billing (#4210)
* Expanded Teams and Enterprise plan with provider seat data

* Updated provider setup process with new plan information

* Updated provider subscription retrieval and update with new plan information

* Updated client invoice report with new plan information

* Fixed tests

* Fix broken test
2024-06-24 11:16:57 -04:00
Alex Morask
fa62b36d44
[AC-2774] Consolidated issues for Consolidated Billing (#4201)
* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
2024-06-24 11:15:47 -04:00
aj-rosado
f275b2567d
[PM-517] Added validation to maximum and minimum expiry date (#4199)
* Added validation to maximum and minimum expiry date

* Updated error text on SendRequestModel

* Add tests to ValidateEdit on SendRequestModel
2024-06-21 13:56:43 +01:00
Thomas Rittson
9595252224
[AC-2656] Remove old permissions code from CiphersController (#4186) 2024-06-21 09:57:43 +10:00
Thomas Rittson
6262686c0c
[AC-2699] Remove AccessAll from api request/response models (#4203) 2024-06-21 09:00:01 +10:00
Thomas Avery
01d67dce48
[SM-654] Individual secret permissions (#4160)
* Add new data and request models

* Update authz handlers

* Update secret commands to handle access policy updates

* Update secret repository to handle access policy updates

* Update secrets controller to handle access policy updates

* Add tests

* Add integration tests for secret create
2024-06-20 12:45:28 -05:00
Jared Snider
29b47f72ca
Auth/PM-3833 - Remove Deprecated Register and Prelogin endpoints from API (#4206)
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.

* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.

* PM-3833 - FIX LINT

* PM-3833 - Fix issues after merge conflict fixes.

* PM-3833 - Another test fix
2024-06-19 15:11:24 -04:00
Thomas Rittson
c375c18257
[AC-2655] Remove old permissions logic from CollectionsController (#4185)
* Replace all old methods with vNext methods

* Remove remaining Flexible Collections checks and remove helper method

* Remove unused private methods

* Update tests
2024-06-18 06:23:32 +10:00
Bernd Schoolmann
3ad4bc1cab
[PM-4371] Implement PRF key rotation (#4157)
* Send rotateable keyset on list webauthn keys

* Implement basic prf key rotation

* Add validator for webauthn rotation

* Fix accounts controller tests

* Add webauthn rotation validator tests

* Introduce separate request model

* Fix tests

* Remove extra empty line

* Remove filtering in validator

* Don't send encrypted private key

* Fix tests

* Implement delegated webauthn db transactions

* Add backward compatibility

* Fix query not working

* Update migration sql

* Update dapper query

* Remove unused helper

* Rename webauthn to WebAuthnLogin

* Fix linter errors

* Fix tests

* Fix tests
2024-06-17 20:46:57 +02:00
Conner Turnbull
721d2969d4
[PM-8830] Billing Enums Rename (#4180)
* Renamed ProductType to ProductTierType

* Renamed Product properties to ProductTier

* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums

* Moved PlanType enum to Bit.Core.Billing.Enums

* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace

* Added ProductType enum

* dotnet format
2024-06-14 15:34:47 -04:00
Alex Morask
83604cceb1
[AC-1943] Implement provider client invoice report (#4178)
* Update ProviderInvoiceItem SQL configuration

* Implement provider client invoice export

* Add tests

* Run dotnet format

* Fixed SPROC backwards compatibility issue
2024-06-14 12:26:49 -04:00
Thomas Avery
36705790ad
[SM-1293] Add endpoint to fetch secret's access policies (#4146)
* Add authz handling for secret access policy reads

* Add the ability to fetch secret access polices from the repository

* refactor response models

* Add new endpoint
2024-06-07 12:08:38 -05:00
cyprain-okeke
fef34d845f
Add additional return properties ti providerSubscriptionResponse (#4159)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-06-06 15:54:08 +01:00
Ike
97b3f3e7ee
[PM-5216] User and Organization Duo Request and Response Model refactor (#4126)
* inital changes

* add provider GatewayType migrations

* db provider migrations

* removed duo migrations added v2 metadata to duo response

* removed helper scripts

* remove signature from org duo

* added backward compatibility for Duo v2

* added tests for duo request + response models

* refactors to TwoFactorController

* updated test methods to be compartmentalized by usage

* fix organization add duo

* Assert.Empty() fix for validator
2024-06-05 11:42:02 -07:00
Alex Morask
a0a7654077
[AC-1942] Add endpoint to get provider invoices (#4158)
* Added endpoint to get provider invoices

* Added missing properties of invoice

* Run dotnet format'
2024-06-05 13:33:28 -04:00
Thomas Rittson
cae417e2a2
[AC-2317] Public API - remove old permissions code (#4125)
* Remove FlexibleCollections checks from Public API controllers

* Remove AccessAll from Public API

* Update tests
2024-06-04 08:58:44 +10:00
Thomas Rittson
2c40dc0602
[AC-2654] Remove old permissions code from OrganizationUsersController (#4149) 2024-06-04 08:47:12 +10:00
Thomas Rittson
80793d1ffa
[AC-2653] Remove old permissions code from GroupsController (#4148) 2024-06-04 08:46:48 +10:00
Conner Turnbull
395d6e845c
[AC-2678] Enterprise to Families Sponsorship Bugs (#4118)
* Removed prorationDate as it wasn't used, and wasn't needed

* Fixed logic to detect if a subscription was sponsored

* Moved OrganizationSponsorshipsController.cs to Billing folder
2024-06-03 13:18:46 -04:00
Alex Morask
2b43cde99b
[AC-1938] Update provider payment method (#4140)
* Refactored GET provider subscription

Refactoring this endpoint and its associated tests in preparation for the addition of more endpoints that share similar patterns

* Replaced StripePaymentService call in AccountsController, OrganizationsController

This was made in error during a previous PR. Since this is not related to Consolidated Billing, we want to try not to include it in these changes.

* Removing GetPaymentInformation call from ProviderBillingService

This method is a good call for the SubscriberService as we'll want to extend the functionality to all subscriber types

* Refactored GetTaxInformation to use Billing owned DTO

* Add UpdateTaxInformation to SubscriberService

* Added GetTaxInformation and UpdateTaxInformation endpoints to ProviderBillingController

* Added controller to manage creation of Stripe SetupIntents

With the deprecation of the Sources API, we need to move the bank account creation process to using SetupIntents. This controller brings both the creation of "card" and "us_bank_account" SetupIntents
under billing management.

* Added UpdatePaymentMethod method to SubscriberService

This method utilizes the SetupIntents created by the StripeController from the previous commit when a customer adds a card or us_bank_account payment method (Stripe). We need to cache the most recent SetupIntent for the subscriber so that we know which PaymentMethod is their most recent even when it hasn't been confirmed yet.

* Refactored GetPaymentMethod to use billing owned DTO and check setup intents

* Added GetPaymentMethod and UpdatePaymentMethod endpoints to ProviderBillingController

* Re-added GetPaymentInformation endpoint to consolidate API calls on the payment method page

* Added VerifyBankAccount endpoint to ProviderBillingController in order to finalize bank account payment methods

* Updated BitPayInvoiceRequestModel to support providers

* run dotnet format

* Conner's feedback

* Run dotnet format'
2024-06-03 11:00:52 -04:00
Thomas Rittson
357ac4f40a
[AC-292] Public Api - allow configuration of custom permissions (#4022)
* Also refactor OrganizationService user invite methods
2024-05-31 09:23:31 +10:00
Bernd Schoolmann
0189952e1f
[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)
* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests
2024-05-30 11:08:26 +02:00
Addison Beck
98a191a5e8
Allow for bulk processing new login device requests (#4064)
* Define a model for updating many auth requests

In order to facilitate a command method that can update many auth
requests at one time a new model must be defined that accepts valid
input for the command's needs. To achieve this a new file has been
created at
`Core/AdminConsole/OrganizationAuth/Models/OrganizationAuthRequestUpdateCommandModel.cs`
that contains a class of the same name. It's properties match those that
need to come from any calling API request models to fulfill the request.

* Declare a new command interface method

Calling API functions of the `UpdateOrganizationAuthRequestCommand` need
a function that can accept many auth request response objects and
process them as approved or denied. To achieve this a new function has
been added to `IUpdateOrganizationAuthRequestCommand` called
`UpdateManyAsync()` that accepts an
`IEnumberable<OrganizationAuthRequest>` and returns a `Task`.
Implementations of this interface method will be used to bulk process
auth requests as approved or denied.

* Stub out method implementation for unit testing

To facilitate a bulk device login request approval workflow in the admin
console `UpdateOrganizationAuthRequestCommand` needs to be updated to
include an `UpdateMany()` method. It should accept a list of
`OrganizationAuthRequestUpdateCommandModel` objects, perform some simple
data validation checks, and then pass those along to
`AuthRequestRepository` for updating in the database.

This commit stubs out this method for the purpose of writing unit tests.
At this stage the method throws a `NotImplementedException()`. It will
be expand after writing assertions.

* Inject `IAuthRequestRepository` into `UpdateOrganizationAuthCommand`

The updates to `UpdateOrganizationAuthRequestCommand` require a new
direct dependency on `IAuthRequestRepository`. This commit simply
registers this dependency in the `UpdateOrganizationAuthRequest`
constructor for use in unit tests and the `UpdateManyAsync()`
implementation.

* Write tests

* Rename `UpdateManyAsync()` to `UpdateAsync`

* Drop the `CommandModel` suffix

* Invert business logic update filters

* Rework everything to be more model-centric

* Bulk send push notifications

* Write tests that validate the command as a whole

* Fix a test that I broke by mistake

* Swap to using await instead of chained methods for processing

* Seperate a function arguement into a variable declaration

* Ungeneric-ify the processor

* Adjust ternary formatting

* Adjust naming of methods regarding logging organization events

* Throw an exception if Process is called with no auth request loaded

* Rename `_updates` -> `_update`

* Rename email methods

* Stop returning `this`

* Allow callbacks to be null

* Make some assertions about the state of a processed auth request

* Be more terse about arguements in happy path test

* Remove unneeded null check

* Expose an endpoint for bulk processing of organization auth requests  (#4077)

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-05-27 11:56:52 +10:00
Rui Tomé
5fabad35c7
[AC-2328] Add a Bulk OrganizationUsersController.GetResetPasswordDetails endpoint (#4079)
* Add new stored procedure for reading reset password details for multiple organization user IDs

* Add method IOrganizationUserRepository.GetManyResetPasswordDetailsByOrganizationUserAsync

* Add new API endpoint for getting reset password details for multiple organization users

* Add unit tests for bulk OrganizationUsersController.GetResetPasswordDetails

* Add alias to sql query result column

* Add constructor for automatic mapping

* Fix http method type for endpoint

* dotnet format

* Simplify the constructor in the OrganizationUserResetPasswordDetails

* Refactor stored procedure and repository method names for retrieving account recovery details

* Add integration tests for GetManyAccountRecoveryDetailsByOrganizationUserAsync

* Lock endpoint behind BulkDeviceApproval feature flag

* Update feature flag key value
2024-05-24 11:20:54 +01:00
Thomas Rittson
be41865b59
[AC-2522] Remove collection enhancements opt-in (#4110)
* Delete controller endpoint
* Delete command
* Drop sproc
2024-05-24 09:00:04 +10:00
Alex Morask
06910175e2
[AC-2576] Replace Billing commands and queries with services (#4070)
* Replace SubscriberQueries with SubscriberService

* Replace OrganizationBillingQueries with OrganizationBillingService

* Replace ProviderBillingQueries with ProviderBillingService, move to Commercial

* Replace AssignSeatsToClientOrganizationCommand with ProviderBillingService, move to commercial

* Replace ScaleSeatsCommand with ProviderBillingService and move to Commercial

* Replace CancelSubscriptionCommand with SubscriberService

* Replace CreateCustomerCommand with ProviderBillingService and move to Commercial

* Replace StartSubscriptionCommand with ProviderBillingService and moved to Commercial

* Replaced RemovePaymentMethodCommand with SubscriberService

* Formatting

* Used dotnet format this time

* Changing ProviderBillingService to scoped

* Found circular dependency'

* One more time with feeling

* Formatting

* Fix error in remove org from provider

* Missed test fix in conflit

* [AC-1937] Server: Implement endpoint to retrieve provider payment information (#4107)

* Move the gettax and paymentmethod from stripepayment class

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add the method to retrieve the tax and payment details

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add unit tests for the paymentInformation method

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add the endpoint to retrieve paymentinformation

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add unit tests to the SubscriberService

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Remove the getTaxInfoAsync update reference

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
2024-05-23 10:17:00 -04:00
Kyle Spearrin
4264fc0729
[PM-7004] Org Admin Initiate Delete (#3905)
* org delete

* move org id to URL path

* tweaks

* lint fixes

* Update src/Core/Services/Implementations/HandlebarsMailService.cs

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Update src/Core/Services/Implementations/HandlebarsMailService.cs

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* PR feedback

* fix id

* [PM-7004] Move OrgDeleteTokenable to AdminConsole ownership

* [PM-7004] Add consolidated billing logic into organization delete request acceptance endpoint

* [PM-7004] Delete unused IOrganizationService.DeleteAsync(Organization organization, string token) method

* [PM-7004] Fix unit tests

* [PM-7004] Update delete organization request email templates

* Add success message when initiating organization deletion

* Refactor OrganizationsController request delete initiation action to handle exceptions

---------

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
2024-05-22 17:59:19 +01:00
Jason Ng
87865e8f5c
[AC-2447] Update PutCollection to return Unavailable cipher when last Can Manage Access is Removed (#4074)
* update CiphersController to return a unavailable value to the client so it can determine if the user removed the final Can Manage access of an item
2024-05-21 11:31:22 -04:00
Thomas Rittson
98b7866c95
[AC-2605] Restrict collection access for some custom users (#4096)
* Make custom users subject to collection settings
  Affects ManageUsers and ManageGroups
2024-05-21 10:44:57 +10:00
Conner Turnbull
a60180230d
[AC-2513] Scaling PM seat count with SM seat count (#4040)
* For SM Trial orgs, now scaling PM seat count with SM seat count adjustments

* Split Billing related organization endpoints into billing owned controller

* Updated billing organizations controller to use a primary constructor to reduce boilerplate

* Fixed error where ID couldn't be mapped to subscription endpoint guid param

* Updated billing OrganizationController endpoints to not manually create the GUID from the string ID

* Banished magic string back to the pit from whence it came

* Resolved errors in unit tests
2024-05-17 14:16:03 -04:00
Thomas Rittson
e619508f3f
[AC-2602] Fix error when provider edits existing group (#4086)
* Add null check to groups endpoint - providers may not be OrgUsers
2024-05-15 15:17:15 +01:00
Alex Morask
fd173e81b6
[AC-2426] Allow editing of client organization name (#4072)
* Allow editing of client organization name

* Removing unnecessary using for linter
2024-05-14 11:26:08 -04:00
Vincent Salucci
df4d1d5552
[AC-2086] Update CanDelete to handle V1 flag logic (#3979)
* feat: Update authorization handler to handle V1 collection enhancement, refs AC-2086

* feat: update tests to account for new V1 flag/setting logic, refs AC-2086

* feat: update CanDelete with all collection enhancement combinations, refs AC-2086

* feat: add tests for new delete flows, refs AC-2086

* fix: update new conditionals with bool return value, refs AC-2086

* feat: simplify conditional in regards to LimitCollectionCreationDeletion, refs AC-2086

* feat: simplify AllowAdminAccessToAllCollectionItems conditional, refs AC-2086

* feat: add unit test making sure admins can't delete collections without can manage, refs AC-2086
2024-05-08 18:25:22 -04:00
Shane Melton
45be4d5069
[AC-1707] Restrict provider access to items (#3881)
* [AC-2274] Introduce CanEditAnyCiphersAsAdminAsync helper to replace EditAnyCollection usage

* [AC-2274] Add unit tests for CanEditAnyCiphersAsAdmin helper

* [AC-2274] Add Jira ticket

* [AC-1707] Add feature flag

* [AC-1707] Update CanEditAnyCiphersAsAdmin to fail for providers when the feature flag is enabled

* [AC-2274] Undo change to purge endpoint

* [AC-2274] Update admin checks to account for unassigned ciphers

* [AC-1707] Fix provider auth checks after merge with main

* [AC-1707] Fix tests after merge

* [AC-1707] Adjust CanEditCipherAsAdmin method to properly account for admin user types

- Fix associated unit tests

* [AC-1707] Formatting
2024-05-07 12:30:48 -07:00
Thomas Avery
cd3a45c8c6
[SM-1030] Cleanup old access policy management code (#4015)
* Remove access selector code

* Cleanup integration tests
2024-05-06 14:56:58 -05:00
Shane Melton
d965166a37
[AC-2084] Include Collection permissions for admin endpoints (#3793)
* [AC-2084] Add documentation to existing collection repository getters

* [AC-2084] Add new CollectionAdminDetails model

* [AC-2084] Add SQL and migration scripts

* [AC-2084] Introduce new repository methods to include permission details for collections

* [AC-2084] Add EF repository methods and integration tests

* [AC-2084] Update CollectionsController and response models

* [AC-2084] Fix failing SqlServer test

* [AC-2084] Clean up admin endpoint response models
- vNext endpoints should now always return CollectionDetailsResponse models
- Update constructors in CollectionDetailsResponseModel to be more explicit and add named static constructors for additional clarity

* [AC-2084] Fix failing tests

* [AC-2084] Fix potential provider/member bug

* [AC-2084] Fix broken collections controller

* [AC-2084] Cleanup collection response model types and constructors

* [AC-2084] Remove redundant authorization check

* [AC-2084] Cleanup ambiguous model name

* [AC-2084] Add GroupBy clause to sprocs

* [AC-2084] Add GroupBy logic to EF repository

* [AC-2084] Update collection repository tests

* [AC-2084] Update migration script date

* Update migration script date

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
2024-05-03 09:33:06 -04:00
Thomas Avery
7f8cea58d0
[SM-923] Add project service accounts access policies management endpoints (#3993)
* Add new models

* Update repositories

* Add new authz handler

* Add new query

* Add new command

* Add authz, command, and query to DI

* Add new endpoint to controller

* Add query unit tests

* Add api unit tests

* Add api integration tests
2024-05-02 11:06:20 -05:00
Thomas Rittson
e302ee1520
[AC-2170] Group modal - limit admin access - collections tab (#3998)
* Update GroupsController POST and PUT to respect collection management settings
2024-05-02 09:55:16 +10:00
Thomas Rittson
f0b9391249
Prevent user from adding themselves to collection (#4037) 2024-05-02 08:32:50 +10:00
Thomas Avery
ebd88393c8
[SM-910] Add service account granted policies management endpoints (#3736)
* Add the ability to get multi projects access

* Add access policy helper + tests

* Add new data/request models

* Add access policy operations to repo

* Add authz handler for new operations

* Add new controller endpoints

* add updating service account revision
2024-05-01 11:47:11 -05:00
Thomas Rittson
5012d56e5a
[AC-2538] Limit admin access - fix ManageUsers custom permission (#4032)
* Fix issue where ManageUsers custom permission could not
  grant access to collections
* Split ModifyAccess operation to ModifyUserAccess and
  ModifyGroupAccess to reflect more granular operations
2024-05-01 10:06:24 +10:00
Shane Melton
8e7bd79d9a
[AC-2274] Restrict Admin POST/PUT/DELETE Cipher Endpoints for V1 FC (#3879)
* [AC-2274] Introduce CanEditAnyCiphersAsAdminAsync helper to replace EditAnyCollection usage

* [AC-2274] Add unit tests for CanEditAnyCiphersAsAdmin helper

* [AC-2274] Add Jira ticket

* [AC-2274] Undo change to purge endpoint

* [AC-2274] Update admin checks to account for unassigned ciphers

---------

Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
2024-04-30 10:28:16 -07:00