1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00
Commit Graph

4071 Commits

Author SHA1 Message Date
Shane Melton
a095e02e86
[AC-1435] Single Organization policy prerequisite for Account Recovery policy (#3082)
* [AC-1435] Automatically enable Single Org policy when selecting TDE

* [AC-1435] Add test for automatic policy enablement

* [AC-1435] Prevent disabling single org when account recovery is enabled

* [AC-1435] Require Single Org policy when enabling Account recovery

* [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org

* [AC-1435] Add test to verify single org policy is enabled for account recovery policy

* [AC-1435] Fix failing test
2023-07-18 10:00:49 -05:00
Shane Melton
fe570cb6c8
[AC-1487] Update queries to use [User] table instead of [OrganizationUser] for email address (#3083) 2023-07-17 13:00:32 -05:00
Daniel García
4f87e4e1a4
[PM-2196] Improvements to the Swagger generator (#2914)
* Swagger fixes

Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com>

* Make Response Models return Guids instead of strings

* Change strings into guids in ScimApplicationFactory

---------

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2023-07-14 17:18:26 +02:00
Matt Bishop
966614c7e2
Add DevOps as workflow code owners (#3105) 2023-07-14 16:17:14 +02:00
renovate[bot]
3f3bd66a33
Update actions/stale action to v8 (#3061)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-14 10:11:26 -04:00
mimartin12
22ae86fd0a
Pin webapp deploy to v.2.2.9 (#3088) 2023-07-13 14:53:13 -07:00
Matt Bishop
0196f4a885
Solution and editor configuration cleanup (#3099)
* Solution and editor configuration cleanup

* Editor tweaks
2023-07-13 17:34:11 -04:00
Thomas Avery
1d9aeb37aa
[SM-707] Refactor authorization for Access Policy Commands (#2905)
* Extract authorization from access policy commands

* Use auto mapper to ignore unwanted properties

---------
2023-07-13 11:46:01 -05:00
Thomas Avery
d6a45d4802
[SM-789] Extract authorization from service account delete command (#2999)
* Extract authorization from SA delete command

* swap to IEnumerable

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-07-12 15:32:40 -05:00
Thomas Avery
b629c31de9
[SM-787] Extract authorization from project delete command (#2987)
* Extract authorization from project delete command

* Support service account write access

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-07-11 15:15:18 -05:00
github-actions[bot]
4dea376aa3
Bumped version to 2023.7.0 (#3090)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-07-11 17:28:06 +00:00
Colton Hurst
a565b19ffb
SM-768: Update EFCore and related packages to >= 7.0 (#3006)
* SM-768: Update EFCore and related packages to >= 7.0

* SM-768: Update more packages for the EF 7 upgrade

* SM-768: Update the PostgreSQL package

* SM-768: Run dotnet restore --force-evaluate

* SM-768: Revert package upgrades for 3 projects

* SM-768: Update the dotnet-ef tool
2023-07-07 09:56:31 -04:00
Vincent Salucci
3b4c8afea0
[AC-1191] TDE admin approval email (#3044)
* feat: add new command for updating request and emailing user, refs AC-1191

* feat: inject service with organization service collection extensions, refs AC-1191

* feat: add function to send admin approval email to mail services (interface/noop/handlebars), refs AC-1191

* feat: add html/text mail templates and add view model for email data, refs AC-1191

* feat: update org auth request controller to use new command during auth request update, refs AC-1191

* fix: dotnet format, refs AC-1191

* refactor: update user not found error, FirstOrDefault for enum type display name, refs AC-1191

* refactor: update user not found to log error instead of throws, refs AC-1191

* fix: remove whitespace lint errors, refs AC-1191

* refactor: update hardcoded UTC timezone string, refs AC-1191

* refactor: add unit test for new command, refs AC-1191

* refactor: improve enum name fallback and identifier string creation, refs AC-1191

* refactor: add addtional unit tests, refs AC-1191

* refactor: update success test to use more generated params, refs AC-1191

* fix: dotnet format...again, refs AC-1191

* refactor: make UTC display a constant for handlebars mail service, refs AC-1191

* refactor: update displayTypeIdentifer to displayTypeAndIdentifier for clarity, refs AC-1191
2023-07-06 10:03:49 -05:00
Calum Lind
62beb7d1e8
[PM-2300] Add Linux script to create dev certificates (#2941)
* Add Linux script to create dev certificates

A script based on the macOS script that can be used on Linux, either
Debian or Red-hat derived distros.

* Fix invalid trailing comma in secrets json example
2023-07-03 22:47:12 -04:00
Rui Tomé
b151605c28
[PM-2594] Added new property "CloudRegion" to GlobalSettings and ConfigResponseModel to be able to override the cloud url value for selfhost instances (#3024)
* [PM-2594] Added new property "CloudVault" to GlobalSettings and ConfigResponseModel to be able to override this value for selfhost instances

* [PM-2594] Renamed EnvironmentConfigResponseModel.CloudVault to CloudWebVault

* [PM-2594] Added default value for globalSettings__baseServiceUri__cloudWebVault on EnvironmentFileBuilder

* [PM-2594] Erased CloudWebVault environment variable and added CloudVaultRegion

* [PM-2594] Changed var name on EnvironmentFileBuilder

* [PM-2594] Renamed the env. variable and also the output property to CloudRegion
2023-07-03 21:43:13 +01:00
renovate[bot]
4e089286e5
Update actions/setup-dotnet action to v3 (#2977)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-03 10:46:36 -06:00
renovate[bot]
69ee329af8
Update actions/upload-artifact digest to 0b7f8ab (#2971)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-03 10:40:49 -06:00
renovate[bot]
3689fb701d
Update gh minor (#2974)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-03 10:36:42 -06:00
Matt Bishop
693f79c041
Add complexity to load tests via scenarios (#3034) 2023-07-03 10:30:05 -04:00
Justin Baur
b0214ae1be
[PM-863] Fix Organization Folders in EF Databases (#2856)
* Fix Setting Organization Folders

* Fix Formatting

* Added ReplaceAsync Test

* Fix SQL Server Test

* Update Replace Call Also

* Be Case Insensitive With Guids

* Fix Assignment to Cipher
2023-06-30 18:41:11 -04:00
Justin Baur
49e849deb9
[PM-1198] Modify AuthRequest Purge Job (#3048)
* Add PasswordlessAuth Settings

* Update Repository Method to Take TimeSpan

* Update AuthRequest_DeleteIfExpired

- Take Configurable Expiration
- Add Special Cases for AdminApproval AuthRequests

* Add AuthRequestRepositoryTests

* Run Formatting

* Remove Comment

* Fix Bug in EF Repo

* Add Test Covering Expired Rejected AuthRequest

* Use Longer Param Names

* Use Longer Names in Test Helpers
2023-06-30 14:13:31 -04:00
cd-bitwarden
3f3f52399b
[SM-716] Adding ability for service account to have write access (#3021)
* adding ability for service account to have write access

* Suggested changes

* fixing tests

* dotnet format changes

* Adding RunAsServiceAccountWIthPermission logic to ProjectAuthorizationhandlerTests

* Removing logic that prevents deleting and updating a secret. Adding Service Account logic to tests inside of secretAuthorizationhandlerTests.

* Removing Service Account from CanUpdateSecret_NotSupportedClientTypes_DoesNotSuceed because it is a supported client type now :)

* thomas sugested changes

* using Arg.Any<AccessClientType>() instead of default in tests

* merge conflict changes and code updates to remove service account tests that are  outdated

* fixing tests

* removing extra  spaces that lint hates
2023-06-30 17:17:41 +00:00
SmithThe4th
b87e6d4a38
[SG-497] Prevent registering health check on self hosted (#3058)
* Prevent registering health check on self hosted

* Fixed linting issues

* Allow endpoint only when it is not self-hosted

* Fixed linting issues
2023-06-30 12:57:13 -04:00
renovate[bot]
c2b429c6de
Update bitwarden/gh-actions digest to 74f4ac0 (#2972)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-29 15:39:50 -06:00
Thomas Avery
74ab7e8672
[SM-771] Add new endpoint for bulk enabling users for Secrets Manager (#3020)
* Add new endpoint for bulk enabling users for sm

* Review updates
2023-06-29 12:42:44 -04:00
renovate[bot]
481004394f
Pin dependencies (#2968)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-29 11:41:11 -04:00
Justin Baur
3bffd480cb
Pin Microsoft.AspNetCore.Http (#3001) 2023-06-29 08:37:58 -05:00
M.A Heshmatkhah
140f0017e3
Fix problem with docker push (#2912)
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
2023-06-29 06:23:25 -07:00
Thomas Avery
d020c49c0e
[SM-788] Extract authorization from secret delete command (#3003)
* Extract authorization from secret delete command
2023-06-27 13:12:34 -05:00
Vince Grassia
c1723d9e90
DEVOPS-1446 - Update Build Workflow (#3047) 2023-06-27 11:18:51 -06:00
cturnbull-bitwarden
333145209e
[AC-1429] Add new secrets manager fields to organization edit page in admin portal (#3009)
* Added new secrets fields to organization edit page

* Reordered fields based on feedback from Priya
2023-06-27 10:23:23 +01:00
Justin Baur
e0b231a220
[PM-2697] Return UserDecryptionOptions Always (#3032)
* Add Comments to UserDecryptionOptions

* Move Feature Flag Check

* Remove SSO Config Check

* Move UserDecryptionOptions Creation

- Put logic in BaseRequestValidator

* Remove 'async'
2023-06-26 20:17:39 -04:00
SmithThe4th
e96fc56dc2
[SG-497] BEEEP - Health Checks API Project (#2237)
* health check services added

* health check extension added

* added get connection string

* made changes to hrslth check method

* Added database health check

* added identity server health check

* added identity server health check

* Added logger publisher

* latest changes

* removed file

* Added mail server check for dev

* Added authorization to health check url path

* commented

* Added exception to switch

* Removed exclude code coverage

* Added health check for redis

* Added todos

* Added storage queue checks

* Added checks for mail

* Removed unused references and fixed linting issue

* Lint issues

* Moved healthchecks to sharedWeb project and exposed builder as a parameter to configure more health checks based on a project

* Added health check to API project

* dependencies updated

* Removed ef core health check dependencies

* Added checks to only add a health check when the connection string exists, moved health check from startup to extension class

* Merged with master and fixed conflicts

* Fixed lint issues

* Added check for amazon ses

* merged with master

* fixed lint

* Removed Amazon SES health check
2023-06-26 15:04:21 -04:00
Alex Urbina
4c61d05b24
DEVOPS-1391 REFACTOR: server build workflow to use setup-docker-trust GitHub Action (#3040) 2023-06-23 11:12:54 -06:00
Michał Chęciński
62ae9cb695
Fix build: change self-host trigger workflow name (#3042) 2023-06-23 17:13:45 +02:00
Michał Chęciński
1ab7560a86
Fix build workflow (#3041) 2023-06-23 16:54:41 +02:00
Michał Chęciński
3522d8b084
[DEVOPS-1204] Migrate unified & it's build pipeline to self-host repo (#2988)
* Remove build self host workflow

* Remove docker-unified folder

* Add trigger for self host build in separate repo

* Change branch

* Fix
2023-06-23 09:23:47 +02:00
Jared Snider
a6ffadf086
PM-2731 - DevicesController.cs - Add new method GetExistenceByTypes (#3039)
* PM-2731 - DevicesController.cs - Add new method HasDevicesOfTypes to accept an array of DeviceType values and return a boolean if the authN user has at least a device of one of the given types.

* Dotnet format to pass lint rules

* PM-2731 - Update naming of HasDevicesOfTypes to be GetExistenceByTypes for increased clarity per PR feedback.

* PM-2731-Make GetExistenceByTypes route singular

* Update src/Api/Controllers/DevicesController.cs to use var

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-06-22 20:27:59 -04:00
Thomas Rittson
926d9bb5f2
Run dbo_future migrations for OAVR v2 cleanup and PolicyService refactor (#3005) 2023-06-22 05:06:03 +00:00
github-actions[bot]
a4dc10c777
Bumped version to 2023.5.1 (#3035)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-06-21 17:37:42 -04:00
Thomas Avery
bb3a9daf98
[SM-678] ClientSecret migration (#2943)
* Init ClientSecret migration

* Fix unit tests

* Move to src/Sql/dbo_future

* Formatting changes

* Update migration date for next release

* Swap to just executing sp_refreshview

* Fix formatting

* Add EF Migrations

* Rename to ClientSecretHash

* Fix unit test

* EF column rename

* Batch the migration

* Fix formatting

* Add deprecation notice to property

* Move data migration

* Swap to CREATE OR ALTER
2023-06-21 13:16:06 -05:00
cturnbull-bitwarden
7f8b6c0bce
[AC-362] Removed deprecated activate/deactivate endpoints (#2981) 2023-06-20 08:28:47 -04:00
Justin Baur
5a8e549194
[PM-1815] Include Member Decryption Type in Token Response (#2927)
* Include Member Decryption Type

* Make ICurrentContext protected from base class

* Return MemberDecryptionType

* Extend WebApplicationFactoryBase

- Allow for service subsitution

* Create SSO Tests

- Mock IAuthorizationCodeStore so the SSO process can be limited to Identity

* Add MemberDecryptionOptions

* Remove Unused Property Assertion

* Make MemberDecryptionOptions an Array

* Address PR Feedback

* Make HasAdminApproval Policy Aware

* Format

* Use Object Instead

* Add UserDecryptionOptions File
2023-06-19 10:16:15 -04:00
Thomas Avery
ca7ced4e43
Add check for org SM flag in client store (#3007) 2023-06-16 12:24:41 -05:00
Rui Tomé
c4614bfb3d
[AC-1144] Warn admins when removing or revoking users without master password (#2953)
* [AC-1144] Modified OrganizationUserUserDetails queries to include value for 'HasMasterPassword' property

* [AC-1144] Added 'HasMasterPassword' property to ProviderUserUserDetailsView

* [AC-1144] Added IProviderUserRepository.GetDetailsByIdAsync to get the details for a given ProviderUser.Id

* [AC-1144] Changed ProviderUsersController.Get to use ProviderUserRepository.GetDetailsByIdAsync

* [AC-1144] Modified OrganizationUsersController.Get to user OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to output HasMasterPassword value

* [AC-1144] Reverted changes for ProviderUser

* [AC-1144] Removed line break
2023-06-16 16:38:58 +01:00
Matt Bishop
53327b1993
[PM-2633] Warnings cleanup (#3010)
* Warnings cleanup

* One-line response with null

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Remove condition

* Fix lint from suggestion

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2023-06-16 10:02:05 -04:00
cyprain-okeke
5a12db18d1
[AC-1408] Update plan to include secrets manager (#2942)
* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Name the sm service account planId properly

* Update the secrets manager plan

* correcting the wrong amount for the seats

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2023-06-16 11:12:38 +01:00
Shane Melton
904b2fe205
[AC-1192] Create endpoints for new Device Approvals page (#2993)
* [AC-1192] Create new OrganizationAuthRequestsController.cs

* [AC-1192] Introduce OrganizationAdminAuthRequest model

* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository

* [AC-1192] Add new list pending organization auth requests endpoint

* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository

* [AC-1192] Make the response device identifier optional for admin approval requests

* [AC-1192] Add endpoint for bulk denying admin device auth requests

* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel

* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController

* [AC-1192] Secure new endpoints behind TDE feature flag

* [AC-1192] Formatting

* [AC-1192] Add sql migration script

* [AC-1192] Add optional OrganizationId column to AuthRequest entity

- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId

* [AC-1192] Format migration scripts

* [AC-1192] Fix failing AuthRequest EF unit test

* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability

* [AC-1192] Fix missing comma in migration file

* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive

* [AC-1192] Move request validation into helper method to reduce repetition

* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission

* [AC-1192] Introduce FeatureUnavailableException

* [AC-1192] Introduce RequireFeatureAttribute

* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController

* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column

* [AC-1192] More attempts to sync database migrations

* [AC-1192] Formatting

* [AC-1192] Remove unused reference to FeatureService

* [AC-1192] Change Id types from String to Guid

* [AC-1192] Add EncryptedString attribute

* [AC-1192] Remove redundant OrganizationId property

* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping

- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties

* [AC-1192] Remove OrganizationUser navigation property
2023-06-15 14:54:08 -07:00
Matt Gibson
bdd5e0916e
Platform/pm 2138/add nginx to known proxies (#3012)
* Add nginx to known proxies

* Only add nginx proxy if standard self host deployment

* Style changes

* Add forwarded headers config to events server

* Add known proxy forwarding to missing services

* Catch DNS errors in adding nginx proxy

* Update src/SharedWeb/Utilities/ServiceCollectionExtensions.cs

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-06-14 10:33:26 -04:00
mimartin12
73c721ede3
[DEVOPS-1377] - Publish version tag MsSqlMigratorUtility image to ACR (#3015) 2023-06-14 08:12:36 -06:00