1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Commit Graph

214 Commits

Author SHA1 Message Date
Chad Scharf
17db94190e
Test 1: add acr_values return validation value (#1285)
* Part 1: add acr_values return validation value

* Update acr return value validation from OIDC specs

* acr validation prompt clarification
2021-04-27 15:17:03 -04:00
Thomas Rittson
de155c78ad Enforce SSO "Want assertions signed" option (#1270)
* Enforce SSO Want Assertions Signed option

* Simplify changes and code style

* Fix style

* Check Issuer entityID before assertion signature
2021-04-21 11:06:30 -04:00
Chad Scharf
1b8b9b7539
Email length in IdSv4 config needed to be 256 (#1255) 2021-04-01 10:56:55 -04:00
Thomas Rittson
ea9849245d
Add Fido2 to Portal services (#1248)
* Add Fido2 to Portal services

* Add Fido2 to Sso services
2021-03-31 07:13:59 +10:00
Thomas Rittson
688cc00d48
Hide email address in Sends (#1234)
* Add send HideEmail to tables and models

* Respect HideEmail setting for Sends

* Recreate SendView to include new HideEmail column

* Enforce new Send policy

* Insert default value for new HideEmail column

* Delete c95d7598-71cc-4eab-8b08-aced0045198b.json

* Remove unrelated files

* Revert disableSendPolicy, add sendOptionsPolicy

* Minor style fixes

* Update SQL project with Send.HideEmail column

* unit test SendOptionsPolicy.DisableHideEmail

* Add SendOptionsPolicy to Portal

* Make HideEmail nullable, fix migrator script

* Remove NOT NULL constraint from HideEmail

* Fix style

* Make HideEmail nullable

* minor fixes to model and error message

* Move SendOptionsExemption banner

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
Thomas Rittson
df7a035d9b
Minor release version bump 1.40.0 (#1199) 2021-03-10 11:19:40 -05:00
Matt Gibson
5537470703
Use sas token for attachment downloads (#1153)
* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
2021-02-22 15:35:16 -06:00
Chad Scharf
6cc317c4ba
SSO - Added custom scopes and claim types for OIDC (#1133)
* SSO - Added custom scopes and claim types for OIDC

* Removed redundant field labels

* Added acr_values to OIDC config + request
2021-02-10 12:00:12 -05:00
Matt Gibson
edd4bc2623
Add disable send policy (#1130)
* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
2021-02-04 12:54:21 -06:00
Chad Scharf
6d8e37ebf6
Patch release version bump, 1.39.4 (#1124) 2021-02-01 18:43:32 -05:00
Chad Scharf
2380bba577
version bump 1.39.3 (#1113) 2021-01-27 17:00:56 -05:00
Chad Scharf
85edc03461
Add SAML 2.0 metadata export for dynamic SPs (#1094) 2021-01-21 15:54:46 -05:00
Chad Scharf
5778a903c6
Version bump, v1.39.0 (#1095) 2021-01-19 16:09:43 -05:00
Vincent Salucci
96cc88aafc
[Policy] Update Personal Ownership checkbox description (#1076)
* Initial commit of checkbox description update

* refactored property name
2021-01-12 11:37:33 -06:00
Addison Beck
63fcdc1418
Implemented Custom role and permissions (#1057)
* Implemented Custom role and permissions

* Converted permissions columns to a json blob

* Code review fixes for Permissions

* sql build fix

* Update Permissions.cs

* formatting

* Update IOrganizationService.cs

* reworked a conditional

* built out tests for relevant organization service methods

* removed unused usings

* fixed a broken test and a bad empty string init

* removed 'Attribute' from some attribute instances
2021-01-12 11:02:39 -05:00
Chad Scharf
99b95b5330
Fix safari sso header size (#1065)
* Safari SSO header size fix - in progress

* Cleanup of memoryCacheTicketStore

* Redis cache ticket store + registration

* Revert some unecessary changes

* temp - distributed cookie: idsrv.external

* Ticket data cached storage added

* OIDC working w/ substantially reduced cookie size

* Added distributed cache cookie manager

* Removed hybrid OIDC flow

* Enable self-hosted folks to use Redis  for SSO

* Also allow self-hosted to use Redis cont...
2021-01-11 11:03:46 -05:00
Chad Scharf
246cac1a33
Allow SHA1 inbound sigs from Idp (#1047) 2020-12-18 11:26:52 -05:00
Chad Scharf
fd293dd183
Added OIDC scope management (#1049)
* added OIDC scope management

* Remove errant code comment
2020-12-18 11:07:31 -05:00
Vincent Salucci
037757a740
Added missing enum type (#1046) 2020-12-17 14:20:23 -06:00
Chad Scharf
c390c46b3e
Version bump 1.38.4 (#1045) 2020-12-17 12:43:47 -05:00
Chad Scharf
1b8d5a8ee8
version bump to 1.38.3 (#1043) 2020-12-17 10:49:52 -05:00
Vincent Salucci
136c39fa50
Initial commit of SingleOrg downstream policy checks (#1038) 2020-12-16 16:02:54 -06:00
Vincent Salucci
70f5fd5030
[Policy] Personal Ownership (#1013)
* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
2020-12-11 10:45:26 -06:00
Kyle Spearrin
01d4d97ef1
Ensure that users are confirmed status (#1033) 2020-12-09 12:04:14 -05:00
Vincent Salucci
09aea4ed38
[Bug] Improve SSO user provision flow (#1022)
* Initial commit of provisioning updates

* Updated strings

* removed extra BANG

* Separated orgUsers db lookup - prioritized existing user Id

* Updated create sso record method // Added sproc for org/email retrieval
2020-12-04 16:45:54 -06:00
Chad Scharf
9e1bf3d584
version bump 1.38.2 (#1023) 2020-12-03 22:06:36 -05:00
Vincent Salucci
f311f40d93
Added OrgIdentifer to SetPasswordAsync // Added jit user two factor provider (#1009) 2020-11-22 08:46:44 -06:00
Kyle Spearrin
7405ccb007 bump version 2020-11-18 10:24:02 -05:00
Addison Beck
2e6368d11a
Set user API key on account creation through SSO auto provision (#1003) 2020-11-18 10:20:59 -05:00
Vincent Salucci
028ad46c47
Bugfix: pulled back correct policy (#999) 2020-11-17 17:04:29 -06:00
Kyle Spearrin
ac1defc97a bump versions and disabled send creation 2020-11-12 21:43:10 -05:00
Vincent Salucci
d9cd7551fe
[Exemption] Updated policy messages (#984)
* Updated messages // added exemption message // added callout

* updated strings - futureproofing
2020-11-10 09:53:44 -06:00
Addison Beck
0eccfb8784
changed all OnlyOrg wording to be SingleOrg instead (#974)
* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
2020-10-27 10:28:41 -04:00
Vincent Salucci
66e44759f0
[Require SSO] Enterprise policy enforcement (#970)
* Initial commit of require sso authentication policy enforcement

* Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future

* Update policy name // adjusted conditional to demorgan's

* Updated sproc // Added migrator script

* Added .sql file extension to DeleteOrgUserWithOrg migrator script

* Added policy // edit // strings // validation to business portal

* Change requests from review // Added Owner & Admin exemption

* Updated repository function used to get org user's type

* Updated with requested changes
2020-10-26 11:56:16 -05:00
Addison Beck
e872b4df9d
Only org policy (#962)
* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
Vincent Salucci
50cf16a3fb
[SSO] New user provision flow (#945)
* Initial commit of accept user during set password flow

* changed new org user from accepted to invited // moved another check to token accept function

* Revised some white space // Moved business logic to UserService

* Fixed UserServiceTest

* Removed some white-space

* Removed more white-space

* Final white-space issues
2020-10-13 15:00:33 -05:00
Chad Scharf
6227ddf304
Bump version: v1.37.2 (#961)
* Bump version: v1.37.2

* Revert Docker version
2020-10-09 10:48:11 -04:00
Chad Scharf
bf04b9f940
Fix null ref exception for new org SSO (#963) 2020-10-08 13:49:05 -04:00
Chad Scharf
a74778de3a
Update ACS path to embed Organization ID (#955) 2020-10-01 15:05:09 -04:00
Chad Scharf
3b8cbe631f
Implemented new OIDC redirect behavior (#954) 2020-09-29 17:06:17 -04:00
Addison Beck
34034829b4
fixed faulty conditional logic for showing enabled policy labels (#952) 2020-09-24 11:47:57 -04:00
Chad Scharf
a75077d703
Fixed resource and err msg for user provisioning (#939) 2020-09-16 15:02:18 -04:00
Kyle Spearrin
cf4fddfa21 bump version 2020-09-15 17:06:10 -04:00
Chad Scharf
143e34766d
Handle nameID as email w/o email attribute (#938) 2020-09-15 12:50:25 -04:00
Kyle Spearrin
1c6c599b8d
Created sso config service with save (#936) 2020-09-15 10:17:44 -04:00
Chad Scharf
692b3970af
SSO config revision date not updating fix (#934) 2020-09-14 21:22:24 -04:00
Addison Beck
1880889325
added localization variables to sso account controller (#930)
* added localization variables to sso account controller

* Used the correct method for server side localization
2020-09-11 19:36:49 -04:00
Chad Scharf
8c7e7d1f6b
Remove referer header match from middleware (#928) 2020-09-10 16:06:22 -04:00
Kyle Spearrin
dce8332561 remove test exception page 2020-09-09 15:44:29 -04:00
Kyle Spearrin
4cb6ff395b test exception 2020-09-09 15:15:55 -04:00
Chad Scharf
a28a68889d
Null ref exception when saving config fix (#927) 2020-09-09 15:01:00 -04:00
Kyle Spearrin
82b6216e95
SetIdentityServerOrigin for all non-dev (#925) 2020-09-09 14:47:52 -04:00
Chad Scharf
b429f6908d
Added X.509 cert validation copy value buttons (#923) 2020-09-09 11:32:33 -04:00
Chad Scharf
1c3ba46246
Filled custom error handling gaps for SSO (#922)
* Filled custom error handling gaps for SSO

* Removed explicit logger from HomeController
2020-09-09 10:07:31 -04:00
Kyle Spearrin
55e0f82139
use custom DiscoveryResponseGenerator on cloud too (#921) 2020-09-08 13:57:52 -04:00
Chad Scharf
a997440e3d
Added SP ACS URL to Config Screen (#920) 2020-09-08 13:04:26 -04:00
Chad Scharf
6574d083fe
SAML NameID Policy AllowCreate should be null (#918)
* SAML NameID Policy AllowCreate should be null

* Determine if transient, then null, otherwise true
2020-09-08 10:43:07 -04:00
Chad Scharf
f27df01158
update portal landing page with tiles (#915) 2020-09-05 23:06:15 -04:00
Chad Scharf
c11af22010
version bump (#914)
* version bump

* version bump
2020-09-05 21:31:26 -04:00
Addison Beck
4b3abe6fb0
stopped manually encoding the SSO user_identifier (#913) 2020-09-04 14:16:49 -04:00
Kyle Spearrin
4ce572ae48 cleanup project files 2020-09-04 14:02:59 -04:00
Kyle Spearrin
0a58ec0bc8 delete compiled assets that should be ignored 2020-09-04 14:02:17 -04:00
Kyle Spearrin
84c85a90e8 Merge SSO and Portal projects 2020-09-04 13:56:08 -04:00
Kyle Spearrin
61dff9c758
split license file out to support bitwarden licensed code (#912)
* split license file out to support bitwarden licensed code

* Update LICENSE_BITWARDEN.txt

* Update LICENSE_BITWARDEN.txt
2020-09-04 13:36:22 -04:00