1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Commit Graph

71 Commits

Author SHA1 Message Date
Bernd Schoolmann
7d48102865
[PM-7742] Set hasManageResetPasswordPermission for owner and admin invitees (#4528)
* Set hasManageResetPasswordPermission for owner and admin invitees

* Make userdecryptionoptionsbuilder ignore orgusertype if orguser is null
2024-08-06 11:22:10 +02:00
Jared Snider
1b5f9e3f3e
Auth/PM-6198 - Registration with Email Verification - Add email clicked endpoint (#4520)
* PM-6198 - RegistrationEmailVerificationTokenable - add new static validate token method

* PM-6198 - Rename RegistrationStart to Registration as we now have to add another anonymous reference event.

* PM-6198 - rest of work

* PM-6198 - Unit test new account controller method.

* PM-6198 - Integration test new account controller endpoint
2024-07-22 17:24:42 -04:00
Jared Snider
8471326b1e
Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
2024-07-02 17:03:36 -04:00
Jared Snider
29b47f72ca
Auth/PM-3833 - Remove Deprecated Register and Prelogin endpoints from API (#4206)
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.

* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.

* PM-3833 - FIX LINT

* PM-3833 - Fix issues after merge conflict fixes.

* PM-3833 - Another test fix
2024-06-19 15:11:24 -04:00
Jared Snider
b2b1e3de87
Auth/PM-5092 - Registration with Email verification - Send Email Verification Endpoint (#4173)
* PM-5092 - Add new EnableEmailVerification global setting.

* PM-5092 - WIP - AccountsController.cs - create stub for new     PostRegisterSendEmailVerification

* PM-5092 - RegisterSendEmailVerificationRequestModel

* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).

* PM-5092 - EmailVerificationTokenable.cs finished + tests working.

* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.

* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.

* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.

* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.

* PM-5092 - Add new registration verify email method on mail service.

* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.

* PM-5092 - NoopMailService.cs needs to implement all interface methods.

* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.

* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP

* PM-5092 - SendVerificationEmailForRegistrationCommandTests

* PM-5092 - Add integration tests for new acct controller method

* PM-5092 - Cleanup unit tests

* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.

* PM-5092 - Rename to read better - send verification email > send email verification

* PM-5092 - Revert primary constructor approach so DI works.

* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.

* PM-5092 - Fix email text

* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests

* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.

* PM-5092 - Per PR feedback, cleanup used dict.

* PM-5092 - formatting pass (manual + dotnet format)

* PM-5092 - Per PR feedback, log reference event after core business logic executes

* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.

* PM-5092 - Per PR feedback, add constructor validation for required tokenable data

* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.

* PM-5092 - Add fromEmail flag + some docs

* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable

* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback

* PM-5092 - Per PR feedback, use default constructor and manually create reference event.

* PM-5092 - Per PR feedback, add more docs!
2024-06-19 13:54:20 -04:00
Todd Martin
2763345e9e
[PM-3777[PM-3633] Update minimum KDF iterations when creating new User record (#3687)
* Updated minimum iterations on new Users to the default.

* Fixed test I missed.
2024-01-25 10:59:53 -05:00
Todd Martin
956efbdb39
[PM-2260] Remove TDE feature flag (#3614)
* Remove TDE feature flag.

* Removed references to feature service from decryption options builder.

* Removed redundant references.

* Removed test that is no longer valid, as it was testing the feature flag.

* Removed remainder of TDE feature check.
2024-01-10 12:33:19 -05:00
Andreas Coroiu
d63c917c95
[PM-4619] Rewrite UserService methods as commands (#3432)
* [PM-4619] feat: scaffold new create options command

* [PM-4169] feat: implement credential create options command

* [PM-4619] feat: create command for credential creation

* [PM-4619] feat: create assertion options command

* [PM-4619] chore: clean-up unused argument

* [PM-4619] feat: implement assertion command

* [PM-4619] feat: migrate to commands

* [PM-4619] fix: lint

* [PM-4169] fix: use constant

* [PM-4619] fix: lint

I have no idea what this commit acutally changes, but the file seems to have some character encoding issues. This fix was generated by `dotnet format`
2023-12-14 09:35:52 +01:00
Matt Bishop
890a09804f
Stop using lockfiles (#3550) 2023-12-12 09:09:42 -05:00
renovate[bot]
43eea0d297
[deps] Billing: Update Braintree to v5.21.0 (#3537)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-08 14:46:39 -05:00
renovate[bot]
62bf2a146f
[deps] Tools: Update MailKit to v4.3.0 (#3533)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-08 18:21:26 +01:00
renovate[bot]
baafbe4576
[deps] Tools: Update SendGrid to v9.28.1 (#3534)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-08 18:07:33 +01:00
renovate[bot]
3e323ae3d9
[deps] Platform: Update dotnet monorepo to v6.0.25 (#3507)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-08 12:04:13 -05:00
renovate[bot]
3ecec808b6
[deps] Billing: Update Serilog.Extensions.Logging.File to v3 (#3069)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-08 11:54:20 -05:00
Oscar Hinton
eedc96263a
[PM-3565] Enforce higher minimum KDF (#3304)
Extract KDF logic into a new Range class. Increase minimum iterations for PBKDF.
2023-12-05 17:21:46 +01:00
github-actions[bot]
26e6093c14
Bumped version to 2023.12.0 (#3519)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-05 10:55:20 -05:00
renovate[bot]
b05bdbac01
[deps] SM: Update Dapper to v2.1.24 (#3482)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-04 16:36:54 -06:00
renovate[bot]
333a51b3f2
[deps] Tools: Update Handlebars.Net to v2.1.4 (#3508)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-04 12:02:30 +01:00
renovate[bot]
85df9716d8
[deps] SM: Update EntityFrameworkCore (#3494)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-11-30 16:49:15 -06:00
renovate[bot]
14bd7d1415
[deps] Billing: Update Newtonsoft.Json to v13.0.3 (#3439)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-11-28 08:47:04 -05:00
renovate[bot]
959b2393b3
[deps] Billing: Update Serilog.Sinks.SyslogMessages to v2.0.9 (#3456)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-11-28 08:41:44 -05:00
github-actions[bot]
636a7646a3
Bumped version to 2023.10.3 (#3462)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-11-21 11:43:57 -05:00
Matt Bishop
87fd4ad97d
[PM-3569] Upgrade to Duende.Identity (#3185)
* Upgrade to Duende.Identity

* Linting

* Get rid of last IdentityServer4 package

* Fix identity test since Duende returns additional configuration

* Use Configure

PostConfigure is ran after ASP.NET's PostConfigure
so ConfigurationManager was already configured and our HttpHandler wasn't
being respected.

* Regenerate lockfiles

* Move to 6.0.4 for patches

* fixes with testing

* Add additional grant type supported in 6.0.4 and beautify

* Lockfile refresh

* Reapply lockfiles

* Apply change to new WebAuthn logic

* When automated merging fails me

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
2023-11-20 16:32:23 -05:00
Andreas Coroiu
80740aa4ba
[PM-2032] Server endpoints to support authentication with a passkey (#3361)
* [PM-2032] feat: add assertion options tokenable

* [PM-2032] feat: add request and response models

* [PM-2032] feat: implement `assertion-options` identity endpoint

* [PM-2032] feat: implement authentication with passkey

* [PM-2032] chore: rename to `WebAuthnGrantValidator`

* [PM-2032] fix: add missing subsitute

* [PM-2032] feat: start adding builder

* [PM-2032] feat: add support for KeyConnector

* [PM-2032] feat: add first version of TDE

* [PM-2032] chore: refactor WithSso

* [PM-2023] feat: add support for TDE feature flag

* [PM-2023] feat: add support for approving devices

* [PM-2023] feat: add support for hasManageResetPasswordPermission

* [PM-2032] feat: add support for hasAdminApproval

* [PM-2032] chore: don't supply device if not necessary

* [PM-2032] chore: clean up imports

* [PM-2023] feat: extract interface

* [PM-2023] chore: add clarifying comment

* [PM-2023] feat: use new builder in production code

* [PM-2032] feat: add support for PRF

* [PM-2032] chore: clean-up todos

* [PM-2023] chore: remove token which is no longer used

* [PM-2032] chore: remove todo

* [PM-2032] feat: improve assertion error handling

* [PM-2032] fix: linting issues

* [PM-2032] fix: revert changes to `launchSettings.json`

* [PM-2023] chore: clean up assertion endpoint

* [PM-2032] feat: bypass 2FA

* [PM-2032] fix: rename prf option to singular

* [PM-2032] fix: lint

* [PM-2032] fix: typo

* [PM-2032] chore: improve builder tests

Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>

* [PM-2032] chore: clarify why we don't require 2FA

* [PM-2023] feat: move `identityProvider` constant to common class

* [PM-2032] fix: lint

* [PM-2023] fix: move `IdentityProvider` to core.Constants

* [PM-2032] fix: missing import

* [PM-2032] chore: refactor token timespan to use `TimeSpan`

* [PM-2032] chore: make `StartWebAuthnLoginAssertion` sync

* [PM-2032] chore: use `FromMinutes`

* [PM-2032] fix: change to 17 minutes to cover webauthn assertion

* [PM-2032] chore: do not use `async void`

* [PM-2032] fix: comment saying wrong amount of minutes

* [PM-2032] feat: put validator behind feature flag

* [PM-2032] fix: lint

---------

Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2023-11-20 15:55:31 +01:00
Matt Bishop
fb89e07df7
Provide LaunchDarkly application info (#3435)
* Upgrade to SDK v8

* Provide application properties

* Test adjustments

* Clean up tests

* Ensure project name is set

* Add a 'v' for Git tagging support
2023-11-13 14:46:39 -05:00
Daniel James Smith
95680b434b
Update lockfiles by running dotnet restore --force-evaluate (#3430)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-11-09 14:48:18 +01:00
Justin Baur
81868dc5a3
Add Explicit Reference to Azure.Identity (#3426) 2023-11-08 12:58:42 -05:00
github-actions[bot]
3f7ff52f0b
Bumped version to 2023.10.2 (#3415)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-11-06 20:21:47 -05:00
github-actions[bot]
a66528cf46
Bumped version to 2023.10.1 (#3408)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-11-02 14:21:55 -04:00
github-actions[bot]
1800e6ffd3
Bumped version to 2023.10.0 (#3396)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-10-31 09:32:34 -04:00
Conner Turnbull
90d600db9d
[PM-2961] Upgrade Braintree (#3206)
* Upgraded Braintree to 5.19.0

* Force evaluate of nuget packages

---------

Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
2023-09-20 14:11:29 -04:00
Oscar Hinton
8b30b3c7fd
Refresh lockfiles (#3274) 2023-09-15 15:49:34 -04:00
Matt Gibson
a5bda60c4e
Platform/pm 2535/upgrade to azure messaging servicebus (#3102)
* `dotnet add package Azure.Messaging.ServiceBus` 🤖

* Move to Azure.Messaging.ServiceBus

* `dotnet restore --locked-mode --force-evaluate` 🤖

Remove Microsoft.Azure.ServiceBus

* `dotnet restore --locked-mode --force-evaluate` 🤖

* Include broker filter

* `dotnet restore --locked-mode --force-evaluate` 🤖
2023-08-07 08:57:18 -05:00
Colton Hurst
a565b19ffb
SM-768: Update EFCore and related packages to >= 7.0 (#3006)
* SM-768: Update EFCore and related packages to >= 7.0

* SM-768: Update more packages for the EF 7 upgrade

* SM-768: Update the PostgreSQL package

* SM-768: Run dotnet restore --force-evaluate

* SM-768: Revert package upgrades for 3 projects

* SM-768: Update the dotnet-ef tool
2023-07-07 09:56:31 -04:00
Justin Baur
3bffd480cb
Pin Microsoft.AspNetCore.Http (#3001) 2023-06-29 08:37:58 -05:00
SmithThe4th
e96fc56dc2
[SG-497] BEEEP - Health Checks API Project (#2237)
* health check services added

* health check extension added

* added get connection string

* made changes to hrslth check method

* Added database health check

* added identity server health check

* added identity server health check

* Added logger publisher

* latest changes

* removed file

* Added mail server check for dev

* Added authorization to health check url path

* commented

* Added exception to switch

* Removed exclude code coverage

* Added health check for redis

* Added todos

* Added storage queue checks

* Added checks for mail

* Removed unused references and fixed linting issue

* Lint issues

* Moved healthchecks to sharedWeb project and exposed builder as a parameter to configure more health checks based on a project

* Added health check to API project

* dependencies updated

* Removed ef core health check dependencies

* Added checks to only add a health check when the connection string exists, moved health check from startup to extension class

* Merged with master and fixed conflicts

* Fixed lint issues

* Added check for amazon ses

* merged with master

* fixed lint

* Removed Amazon SES health check
2023-06-26 15:04:21 -04:00
Jim Hays
8262af3c53
[PM-1969] Spellcheck other (#2878)
* Fix typo in error message: 'Unkown' -> 'Unknown'

* Fix typos in error message

* Fix typo in example text: 'licence' -> 'license'

* Fix typo in validation: 'Ooganization' -> 'Organization'

* Fix typo in text string: 'compatibilty' -> 'compatibility'

* Fix typo: 'ProviderDisllowedOrganizationTypes' -> 'ProviderDisallowedOrganizationTypes'

* Fix typo: 'NSubstitueVersion' -> 'NSubstituteVersion'

* Fix typo: 'CreateIntialInvite' -> 'CreateInitialInvite'

* Fix typo: '_queuryScheme' -> '_queryScheme'

* Fix typo: 'GetApplicationCacheServiceBusSubcriptionName' -> 'GetApplicationCacheServiceBusSubscriptionName'

* Fix typo: 'metaDataRespository' -> 'metaDataRepository'

* Fix typo: 'cipherAttachements' -> 'cipherAttachments'

* Fix typo: 'savedEmergencyAccesss' -> 'savedEmergencyAccesses'

* Fix typo: 'owerOrgUser' -> 'ownerOrgUser'

* Fix typo: 'Organiation' -> 'Organization'

* Fix typo: 'extistingUser' -> 'existingUser'

* Fix typo: 'availibleAccess' -> 'availableAccess'

* Fix typo: 'HasEnouphStorage' -> 'HasEnoughStorage'

* Fix typo: 'extistingOrg' -> 'existingOrg'

* Fix typo: 'subcriber' -> 'subscriber'

* Fix typo: 'availibleCollections' -> 'availableCollections'

* Fix typo: 'Succes' -> 'Success'

* Fix typo: 'CreateAsync_UpdateWithCollecitons_Works' -> 'CreateAsync_UpdateWithCollections_Works'

* Fix typo: 'BadInsallationId' -> 'BadInstallationId'

* Fix typo: 'OrgNotFamiles' -> 'OrgNotFamilies'

* Revert "Fix typo: 'Organiation' -> 'Organization'"

This reverts commit 8aadad1c25.

* Revert "Fix typos in error message"

This reverts commit 81d201fc09.

---------

Co-authored-by: Daniel James Smith <djsmith@web.de>
2023-05-17 12:14:36 +02:00
Justin Baur
a2d45c09ad
Fix Organization License Sync (#2864) 2023-04-24 13:51:08 -04:00
Jake Fink
88dd745070
[PM-1188] Server owner auth migration (#2825)
* [PM-1188] add sso project to auth

* [PM-1188] move sso api models to auth

* [PM-1188] fix sso api model namespace & imports

* [PM-1188] move core files to auth

* [PM-1188] fix core sso namespace & models

* [PM-1188] move sso repository files to auth

* [PM-1188] fix sso repo files namespace & imports

* [PM-1188] move sso sql files to auth folder

* [PM-1188] move sso test files to auth folders

* [PM-1188] fix sso tests namespace & imports

* [PM-1188] move auth api files to auth folder

* [PM-1188] fix auth api files namespace & imports

* [PM-1188] move auth core files to auth folder

* [PM-1188] fix auth core files namespace & imports

* [PM-1188] move auth email templates to auth folder

* [PM-1188] move auth email folder back into shared directory

* [PM-1188] fix auth email names

* [PM-1188] move auth core models to auth folder

* [PM-1188] fix auth model namespace & imports

* [PM-1188] add entire Identity project to auth codeowners

* [PM-1188] fix auth orm files namespace & imports

* [PM-1188] move auth orm files to auth folder

* [PM-1188] move auth sql files to auth folder

* [PM-1188] move auth tests to auth folder

* [PM-1188] fix auth test files namespace & imports

* [PM-1188] move emergency access api files to auth folder

* [PM-1188] fix emergencyaccess api files namespace & imports

* [PM-1188] move emergency access core files to auth folder

* [PM-1188] fix emergency access core files namespace & imports

* [PM-1188] move emergency access orm files to auth folder

* [PM-1188] fix emergency access orm files namespace & imports

* [PM-1188] move emergency access sql files to auth folder

* [PM-1188] move emergencyaccess test files to auth folder

* [PM-1188] fix emergency access test files namespace & imports

* [PM-1188] move captcha files to auth folder

* [PM-1188] fix captcha files namespace & imports

* [PM-1188] move auth admin files into auth folder

* [PM-1188] fix admin auth files namespace & imports
- configure mvc to look in auth folders for views

* [PM-1188] remove extra imports and formatting

* [PM-1188] fix ef auth model imports

* [PM-1188] fix DatabaseContextModelSnapshot paths

* [PM-1188] fix grant import in ef

* [PM-1188] update sqlproj

* [PM-1188] move missed sqlproj files

* [PM-1188] move auth ef models out of auth folder

* [PM-1188] fix auth ef models namespace

* [PM-1188] remove auth ef models unused imports

* [PM-1188] fix imports for auth ef models

* [PM-1188] fix more ef model imports

* [PM-1188] fix file encodings
2023-04-14 13:25:56 -04:00
Justin Baur
ecf885f4d6
Update Azure.Extensions.AspNetCore.DataProtection.Blobs (#2821) 2023-04-10 12:10:11 -04:00
Justin Baur
388caa28f8
Remove Visual Studio Code Generation Package (#2749) 2023-03-14 15:44:53 -04:00
Matt Bishop
27adaf59b4
[PM-1011] LaunchDarkly service (#2726)
* LaunchDarkly service

* Load file-based flag values, properly support offline only when self-host

* Simplify tests

* Use interface for LD settings

* Remove tests that will provide inconsistent results depending on machine setup and file fallback

* Fall back to offline mode more actively

* Drive fallback file path with setting
2023-03-02 14:04:23 -05:00
SmithThe4th
9a484bec07
[SG-147] Organization Domain Claiming Feature (#2704)
* [SG-696] Organization Domain Claiming DB Objects and Migrations (#2394)

* model organization domain claiming

* Added migration scripts and db objects for mssql

* create and implement sql repository abstraction

* Added ef migrations for mysql and postgres. Removed time without timezone in previous migration

* made update on sql migration to use create or alter statement

* removed active column from OrganizationDomain table and decided to go with the hard delete approach

* Ran dotnet restore evaluate

* created DNS service verification using DNSClient (#2401)

* [SG-678] Api Endpoints for Domain Claiming (#2430)

* Added stored procedure to read claimed domains

* Updated Organization Domain Repository to include method to get claimed domains

* Updated domain entity and added request model

* Implemented organization domain respository and regsitered it in the various extensions

* Added create endpoint, request, responses and command

* Added endpoint to get domain by domain entry id

* Ran lint fix

* Added new stored procedure to get domains by organizattion id

* Moved migration scripts to init migration and added new procedure

* Renamed from domainId to Id

* Added and implemented GetDomainByOrganizationId

* Completed GetDomainByOrgId endpoint and started work on verify domain endpoint

* Updated the OrganizationDomain update procedure

* Added delete command and include other endpoints in the controller

* Remove test item from controller

* Remove test item from controller

* Changed access to allow admin, owners and manage sso roles

* changed logic for setting the initial value for the NextRunCount

* Renamed NextRunCount to JobRunCount

* Renamed NextRunCount to JobRunCount on mysql

* Renamed NextRunCount to JobRunCount on postgres

* Removed chaining pattern and added logic to get next run date

* Lint fix

* Added stored procedure to get organization sso details by email address

* Added endpoint to get sso details of an organization with email

* Added organizationDomainRepository to OrganizationController test

* merged with master and fixed conflicts

* [SG-661] Background Domain Verification Service (#2455)

* Added stored procedure to read claimed domains

* Updated Organization Domain Repository to include method to get claimed domains

* Updated domain entity and added request model

* Implemented organization domain respository and regsitered it in the various extensions

* Added create endpoint, request, responses and command

* Added endpoint to get domain by domain entry id

* Ran lint fix

* Added new stored procedure to get domains by organizattion id

* Moved migration scripts to init migration and added new procedure

* Renamed from domainId to Id

* Added and implemented GetDomainByOrganizationId

* Completed GetDomainByOrgId endpoint and started work on verify domain endpoint

* Updated the OrganizationDomain update procedure

* Added delete command and include other endpoints in the controller

* Remove test item from controller

* Remove test item from controller

* Changed access to allow admin, owners and manage sso roles

* Added stored procedure to get unverified domains by nextrundate

* Renamed stored procedure name

* Added domain verification service interface

* Added GetManyByNextRunDate to repository

* Added verification domain service implementation

* changed logic for setting the initial value for the NextRunCount

* This commit should be signed using my SSH key

* Renamed NextRunCount to JobRunCount

* Renamed NextRunCount to JobRunCount on mysql

* Renamed NextRunCount to JobRunCount on postgres

* Removed chaining pattern and added logic to get next run date

* Lint fix

* Implemented EF core version on the repository

* Created background job implementation and logic

* popped stash

* Updated stored procedure and EF script

* Lint fix

* Added logic to set next job count and the next run date when a verification is false

* Added logic to set next job count and the next run date when a verification is false

* Updated stored procedure name on repository

* Removed test trigger

* Lint fix

* Added trigger for job

* Added job count update after successful domain verification

* Lint fix

* Lint fix

* [SG-682] Add Event Log Entries to Organization Domain (#2492)

* Added domain name property to Event related objects

* Added organization domain claiming event types

* Created migration script and updated related event scripts to include domanName

* Added EF Migrations

* Renamed postres script file extension

* Added DomainName property to response model

* Added abstraction to interface

* Added system name to enum

* dotnet formattinfg fix

* Added events to organization domain actions

* Added LastCheckedDate property to domain

* Migrations and stored procedure updates with new column

* Added new stored procedure to get domain by org id and domain name

* Log organization domain event abstract method

* Ef migrattion to add new LastCheckedDate column

* Added duplicate domain exception

* Modified create command to include domain verification and last checked date and renamed methods used

* removed variable

* changed service lifetime

* Renamed trigger

* Initialed property in constructor

* Ensured domain name is stored as lower case

* Fixed suggestions from review

* Fixed suggestions from review

* Return Conflict Status on Organization Domain APIs (#2498)

* Added conflict response to end point to help translate error message on the client better

* Added conflict response to end point to help translate error message on the client better

* Set message with exception message or generic message

* Added last check date to response model (#2499)

* Fix/Check to throw exception when domain is claimed by another organization (#2503)

* Added check to ensure domain claimed by another organization cannot be verified

* Made error message consistent

* [SG-660] Organization Domain Maintenance (#2502)

* Added email template

* Mail service abstraction and implementation

* Mail template model

* Initial delete job commit

* Added SPs to get all unverifed domains after 72 hours and another to delete unverified domains after 7 days

* Moved all organization domain scripts to single file

* Added new scripts implementation for sqlserver and EF core

* Renamed service

* Formatting fix

* Added background service to send warning email and delete expired domains

* Renamed variable

* Added implementation for email warning to organization admins and for deleting expired domains after 7 days

* Added formatting

* Modified read if expired script to limit result to 4 days

* Added send mail abstract method and implementation

* Model used in build mail body

* Completed maintenace service

* Added comment to make logic clear

* Fixed cron expression (#2505)

* Modified procedure and methods to handle flexible verification adn expiration period (#2517)

* Merged with master

* [SG-908] Unit Tests for Organization Domain Claiming Feature (#2522)

* added test controlleer class

* added unit test for create command

* Added query tests

* Added tests for delete and verify command

* Formated code and added some more unit tests

* Fixed lint

* Added log event assertion to create command tests

* Added log event assertion to delete command tests

* Added unit tests for organization domain controller

* Added unit tests for organization domain service

* Modified test after merge

* fixed comment

* fixed comment

* fixed lint

* Defect/SG-977 - Org domain event logs missing details (#2573)

* SG-977 - (1) Refactor EventSystemUser.SSO to be EventSystemUser.DomainVerification to better match SCIM property and for easier display and translation on web client (2) Add new DeviceType of Server to be used on SCIM and Domain Verification logs so event log will show Server as client.

* SG-977 - SCIM bugfix - Restoring / Revoking user access via Jumpcloud activation / suspension did not properly log the events as SCIM events so the client side showed Unknown for both Client and Member.

* Run autoformat to fix lint errors

* SG-977 - Fixed broken test due to new device type logic in event service

* SG-976 - Add admin log and clean up log verbiage for domain verification (#2574)

* SG-976 - Add admin log and clean up log verbiage for domain verification

* SG-976 - (1) Use logInformation extension without exception (2) Clarify verbiage of logs

* SG-955 - On domain verification error or failure, set last checked da… (#2541)

* SG-955 - On domain verification error or failure, set last checked date on the org domain.

* SG-955 - Refactoring VerifyOrganizationDomain event logging to avoid duplication and increase efficiency (based on Gbubemi's PR feedback)

* Org Domain Background Verification service - set last checked date (#2599)

* Refactored OrganizationDomain repository to work with latest changes on code base

* Fixed formatting

* [SG-957] Cannot Delete Organizations due to FK Constraint (#2602)

* Added stored procedure to fix FX contstraint issue when deleting an organization

* Update stored procedures related to organization delete with OrganizationDomain_OrganizationDelete SP

* Fixed formatting

* Updated SP

* SG-990 - Log expired domains that are going to be deleted.

* Fix lint errors with auto format

* /home/runner/work/server/server/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs(107,2): error FINALNEWLINE: Fix final newline. Insert '\n'.

* Added missing bracket to fix compile error.

* Added imports for Domain Claiming classes that were lost on merge.

* Fixing broken unit tests + adding proper behavior for newly added SCIM logic changing device type

* Fix lint errors again

* Included domain name set in constructor (#2618)

* [SG-1001] Error Thrown When Verifying Sub Domains (#2621)

* Renamed exception to a more generic name that receives error message from the dns client and also added updates to job count and next run date

* Improved error logs by adding dns client error message

* Fixed formatting

* [SG-1001] Added event logs when a domain is not verified due to thrown exception (#2623)

* Added eevent logs when a domain is not verified due to thrown exception

* Fixed formatting

* Org Domain Verification - Small refactor to improve method/model name… (#2641)

* Org Domain Verification - Small refactor to improve method/model names and method locations - required refactoring of controller routes (I confirmed all behavior still functional)

* Fixed organization test controller issue

* Fixed lint

* Autoformat org domain controller

* Removing whitespace for lint argh, why does Rider not do this.

---------

Co-authored-by: gbubemismith <gsmithwalter@gmail.com>

* Tweak name of Request model to match Response model for ClaimedOrgDomain call

* [SG-1009] Users with Custom Role and "Manage SSO" permission don't receive verification failed email (#2645)

* Modified condition to pick up unverified domains after said period

* Fix to get emails of custom users with manage sso rights

* Formatted code

* Removed return that made background job exit on successful validation (#2648)

* [SG-1014] Unit Tests for Get Organization Sso Details (#2655)

* Added unit tests for GetOrgDomainSsoDetails

* renamed variable

* Adjust OrganizationDomainSsoDetails_ReadByEmail to use outer join so … (#2657)

* Adjust OrganizationDomainSsoDetails_ReadByEmail to use outer join so that claimed domain results will come back if an org has not yet setup a policy

* Removed migration as not needed

* Updated OrganizationDomainSsoDetails_ReadByEmail from original creation migration to use outer join & handle null policy results (and still return results)

* Fixed lint formatting

---------

Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2023-02-15 14:26:41 -05:00
Stepan Goremykin
d32cd79535
[PS-2425] Upgrade vulnerable packages (#2669)
* Upgrade vulnerable packages

* Added packages.lock.json files

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2023-02-07 17:44:40 -06:00
Matt Bishop
0e32cb944a
Upgrade Swagger (#2611) 2023-01-24 12:10:00 -05:00
Matt Bishop
352b42b535
Upgrade FIDO2 library usage out of beta (#2579) 2023-01-19 11:06:51 -05:00
Oscar Hinton
1f0fc43278
[SM-394] Secrets Manager (#2164)
Long lived feature branch for Secrets Manager

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-01-13 15:02:53 +01:00
Matt Bishop
df2edcfb8c
Migrate to Microsoft.Data.SqlClient (#2548) 2023-01-10 15:58:41 -05:00
Matt Bishop
452891b39e
Upgrade to the latest System.Data.SqlClient (#2546) 2023-01-06 14:36:12 -05:00
Kyle Spearrin
c39fb8f7af
update ef core libraries (#2515)
* update ef core libraries

* lock file updates
2022-12-25 20:49:14 -05:00