1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00
Commit Graph

1288 Commits

Author SHA1 Message Date
Chad Scharf
5c5544a4f4
Update forgot password help URL (#1050) 2020-12-18 11:44:15 -05:00
Chad Scharf
246cac1a33
Allow SHA1 inbound sigs from Idp (#1047) 2020-12-18 11:26:52 -05:00
Vincent Salucci
136c39fa50
Initial commit of SingleOrg downstream policy checks (#1038) 2020-12-16 16:02:54 -06:00
Oscar Hinton
0f1af2333e
Add support for Emergency Access (#1000)
* Add support for Emergency Access

* Add migration script

* Review comments

* Ensure grantor has premium when inviting new grantees.

* Resolve review comments

* Remove two factor references
2020-12-16 14:36:47 -05:00
Vincent Salucci
70f5fd5030
[Policy] Personal Ownership (#1013)
* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
2020-12-11 10:45:26 -06:00
Addison Beck
fee5c932db
started charging sales tax on seat/storage upgrades and auto renewals (#1034)
* started charging sales tax on seat/storage upgrades and auto renewals

* Code review fixes for auto-renewing subscriptions charging sales tax
2020-12-09 14:04:46 -05:00
Kyle Spearrin
01d4d97ef1
Ensure that users are confirmed status (#1033) 2020-12-09 12:04:14 -05:00
Matt Gibson
7eaf7ab770
[Bug] Fix cipher clone yielding incorrect RevisionDate (#1031)
* Fix cipher clone yielding incorrect RevisionDate

* PR fixes

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-12-07 19:35:34 -06:00
Addison Beck
085987d2f1
fixed a broken link and removed a duplicate property (#1029) 2020-12-07 09:18:25 -05:00
Vincent Salucci
09aea4ed38
[Bug] Improve SSO user provision flow (#1022)
* Initial commit of provisioning updates

* Updated strings

* removed extra BANG

* Separated orgUsers db lookup - prioritized existing user Id

* Updated create sso record method // Added sproc for org/email retrieval
2020-12-04 16:45:54 -06:00
Addison Beck
b877c25234
Implemented tax collection for subscriptions (#1017)
* Implemented tax collection for subscriptions

* Cleanup for Sales Tax

* Cleanup for Sales Tax

* Changes a constraint to an index for checking purposes

* Added and implemented a ReadById method for TaxRate

* Code review fixes for Tax Rate implementation

* Code review fixes for Tax Rate implementation

* Made the SalesTax migration script rerunnable
2020-12-04 12:05:16 -05:00
Chad Scharf
77e704e620
ensure fail isn't overwritten with success result (#1018) 2020-12-02 17:15:21 -05:00
Kyle Spearrin
c0defd8971
require device info when authing (#1014) 2020-12-01 16:42:41 -05:00
Matt Gibson
edf30974dc
Validate cipher updates with revision date (#994)
* Add last updated validation to cipher replacements

* Add AutoFixture scaffolding.

AutoDataAttributes and ICustomizations are meant to automatically
produce valid test input. Examples are the Cipher customizations,
which enforce the model's mutual exclusivity of UserId and
OrganizationId.

FixtureExtensions create a fluent way to generate SUTs. We currently
use parameter injection to fascilitate service testing, which is nicely
handled by AutoNSubstitute. However, in order to gain access to the
substitutions, we need to Freeze them onto the Fixture. The For fluent
method allows specifying a Freeze to a specific type's constructor and
optionally to a parameter name in that constructor.

* Unit tests for single Cipher update version checks

* Fix test runner

Test runner requires Microsoft.NET.Test.Sdk

* Move to provider model for SUT generation

This model differs from previous in that you no longer need to specify
which dependencies you would like access to. Instead, all are
remembered and can be queried through the sutProvider.

* User cipher provided by Put method reads

Every put method already reads all relevant ciphers from database,
there's no need to re-read them.

JSON serialization of datetimes seems to leave truncate at second
precision. Verify last known date time is within one second rather than
exact.

* validate revision date for share many requests

* Update build script to use Github environment path

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-11-23 08:48:05 -06:00
Kyle Spearrin
58eb0510ca
add sends to sync response (#1002) 2020-11-18 13:55:50 -05:00
Chad Scharf
80f2bf9260
Fix null email parameter from missing email claim (#993) 2020-11-13 11:26:05 -05:00
Addison Beck
fefa0e2dea
Dont run custom token logic for org based client_ids explicitly (#992)
* Dont run custom token logic for org based client_ids explicitly

* org to organization
2020-11-13 10:07:49 -05:00
Addison Beck
e35faf1335
Performed some null checks (#991) 2020-11-13 08:53:36 -05:00
Addison Beck
dc69f4bd46
Changed the return type for BuildIdentityClaims() (#989) 2020-11-11 10:56:22 -05:00
Addison Beck
25a9991908
Implement User-based API Keys (#981)
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
2020-11-10 15:15:29 -05:00
Vincent Salucci
d9cd7551fe
[Exemption] Updated policy messages (#984)
* Updated messages // added exemption message // added callout

* updated strings - futureproofing
2020-11-10 09:53:44 -06:00
Kyle Spearrin
26fb6fc3b7 remove premium checks for internal testing 2020-11-05 12:43:08 -05:00
Kyle Spearrin
82dd364e65
Send APIs (#979)
* send work

* fix sql proj file

* update

* updates

* access id

* delete job

* fix delete job

* local send storage

* update sprocs for null checks
2020-11-02 15:55:49 -05:00
Vincent Salucci
a5db233e51
[Require SSO] Added service layer dependent policy check (#977)
* Added service layer dependent policy check

* Updated to SingleOrg
2020-10-27 14:08:19 -05:00
Addison Beck
0eccfb8784
changed all OnlyOrg wording to be SingleOrg instead (#974)
* changed all OnlyOrg wording to be SingleOrg instead

* missed an OnlyOrg to change to SingleOrg
2020-10-27 10:28:41 -04:00
Vincent Salucci
66e44759f0
[Require SSO] Enterprise policy enforcement (#970)
* Initial commit of require sso authentication policy enforcement

* Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future

* Update policy name // adjusted conditional to demorgan's

* Updated sproc // Added migrator script

* Added .sql file extension to DeleteOrgUserWithOrg migrator script

* Added policy // edit // strings // validation to business portal

* Change requests from review // Added Owner & Admin exemption

* Updated repository function used to get org user's type

* Updated with requested changes
2020-10-26 11:56:16 -05:00
Addison Beck
e872b4df9d
Only org policy (#962)
* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
Vincent Salucci
50cf16a3fb
[SSO] New user provision flow (#945)
* Initial commit of accept user during set password flow

* changed new org user from accepted to invited // moved another check to token accept function

* Revised some white space // Moved business logic to UserService

* Fixed UserServiceTest

* Removed some white-space

* Removed more white-space

* Final white-space issues
2020-10-13 15:00:33 -05:00
Addison Beck
9848f12638
enabled SSO when needed when upgrading from a free plan (#960) 2020-10-07 15:03:47 -04:00
Chad Scharf
a74778de3a
Update ACS path to embed Organization ID (#955) 2020-10-01 15:05:09 -04:00
Chad Scharf
3b8cbe631f
Implemented new OIDC redirect behavior (#954) 2020-09-29 17:06:17 -04:00
Addison Beck
845f9f5245
Fixed storage issue when upgrading from a free plan (#942) 2020-09-18 14:10:30 -04:00
Chad Scharf
a75077d703
Fixed resource and err msg for user provisioning (#939) 2020-09-16 15:02:18 -04:00
Kyle Spearrin
1c6c599b8d
Created sso config service with save (#936) 2020-09-15 10:17:44 -04:00
Chad Scharf
692b3970af
SSO config revision date not updating fix (#934) 2020-09-14 21:22:24 -04:00
Vincent Salucci
c0e99d4047
Removed security stamp rotation during set-password SSO flow (#933) 2020-09-14 14:27:30 -05:00
Addison Beck
1880889325
added localization variables to sso account controller (#930)
* added localization variables to sso account controller

* Used the correct method for server side localization
2020-09-11 19:36:49 -04:00
Chad Scharf
b429f6908d
Added X.509 cert validation copy value buttons (#923) 2020-09-09 11:32:33 -04:00
Chad Scharf
a997440e3d
Added SP ACS URL to Config Screen (#920) 2020-09-08 13:04:26 -04:00
Kyle Spearrin
44c3dc4786 fix base seats on teams 2019 2020-09-07 09:19:33 -04:00
Addison Beck
a8277cc58b
updated stripe plan id for family (#916)
* updated stripe plan id for family

* updated famiies 2020 plan plan id
2020-09-06 00:48:04 -04:00
Chad Scharf
f27df01158
update portal landing page with tiles (#915) 2020-09-05 23:06:15 -04:00
Chad Scharf
ed99b99bc1
Move SSO core to Core lib, new resource strings (#911)
* Move SSO core to Core lib, new resource strings

* Missed resource strings for lookup
2020-09-04 10:42:47 -04:00
Addison Beck
5842284915
added custom plan item to the static store (#907) 2020-09-02 15:52:45 -04:00
Chad Scharf
f15768db62
GlobalSettings SSO cache timeout setting in sec (#906)
* GlobalSettings SSO cache timeout setting in sec

* Rename cache duration/lifetime property
2020-09-02 14:51:53 -04:00
Chad Scharf
055fa4b86f
New resource strings for SSO and Redirect pages (#905) 2020-09-02 14:13:27 -04:00
Kyle Spearrin
4439e6b25e use internal URL 2020-09-01 12:28:03 -04:00
Kyle Spearrin
c6aaa1276d AdjustIdentityServerConfig for authorization_endpoint 2020-09-01 12:13:08 -04:00
Kyle Spearrin
ba84c59b5d custom DiscoveryResponseGenerator and helpers 2020-09-01 07:38:36 -04:00
Kyle Spearrin
7a72da5725 fix deprecated mailkit MailboxAddress ctor 2020-08-28 14:21:16 -04:00
Kyle Spearrin
38728143d8
Added static client store (#899) 2020-08-28 13:32:15 -04:00
Chad Scharf
db7d05b52f
Added PreValidate endpoint on Account controller (#896)
* Added PreValidate endpoint on Account controller

* Fixed IHttpClientFactory implementation

* Core localization and org sproc fix

* Pass culture, fixed sso middleware bug
2020-08-28 12:14:23 -04:00
Kyle Spearrin
303b9a7875
Allow org update api on self hosted for identifier only (#898) 2020-08-28 11:22:19 -04:00
Matt Smith
00a1e8e833
Add UseBusinessPortal to OrgUserOrgDetails. (#894) 2020-08-27 11:11:59 -05:00
Addison Beck
59f8467f7c
Create sso user api (#886)
* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-26 14:12:04 -04:00
Chad Scharf
1c04e30689
Requested configuration cleanup for sso (#891) 2020-08-26 08:45:10 -04:00
Kyle Spearrin
2cd6d4f61a
plan adjustments (#890) 2020-08-25 14:23:36 -04:00
Chad Scharf
2fb18d8cf2
Extracted logic to get Identity cert (#889) 2020-08-25 13:15:59 -04:00
Kyle Spearrin
66e67d2172
map plantype to old strings for license hash (#882) 2020-08-21 17:44:45 -04:00
Kyle Spearrin
e41aca81de
allows dev runs to load a common idserv cert (#881) 2020-08-21 11:58:22 -04:00
Kyle Spearrin
a8c20d1c32
pass down version properly to generate license (#880) 2020-08-20 10:12:27 -04:00
Contribucious
8383a0866f
Add Yandex to global equivalent domains list (#876)
* [enum] Add Yandex to global equivalent domains list

Exhaustive list of Yandex domain names obtained by contacting their support.

* [Dictionary] Add Yandex to global equivalent domains list

Exhaustive list of Yandex domain names obtained by contacting their support.
2020-08-19 18:09:39 -04:00
Chad Scharf
8884157427
Added get for sso config repo by revision date (#878) 2020-08-19 13:35:17 -04:00
Contribucious
80f57d22a7
Remove amazon.co.nz from Amazon equivalent domains (redirect) (#875)
After further research, amazon.co.nz has never been more than a redirect (in order: to amazon.com, amazon.co.uk then back to amazon.com). See PR for more information.
2020-08-18 18:42:10 -04:00
Kyle Spearrin
2872bda6fe
tool to generate licenses (#874)
* tool to generate licenses

* code review feedback
2020-08-18 17:00:21 -04:00
Addison Beck
c65c52d997
Plan updates cleanup (#872)
* updated teams feature set for new plans

* removed whitespace

* alphabatized some properties
2020-08-17 10:45:37 -04:00
Kyle Spearrin
d190c4bd0f
Update APIs to collect other set password info (#870) 2020-08-17 10:40:35 -04:00
Contribucious
af85e17486
[Equivalent domains] Fix for the special case "eBay India" (#871)
See explanations in the PR.
2020-08-17 09:46:17 -04:00
Contribucious
2c430190cb
Add all missing entries to Ebay equivalent domains (#869)
(+ sort the Ebay list alphabetically)
2020-08-14 09:54:05 -04:00
Chad Scharf
38f7fff2f9
Added new SAML2 enums for configuration (#868) 2020-08-13 20:11:23 -04:00
Contribucious
6aed80a67d
Add amazon.{com.br, sa} to Amazon equivalent domains (#864)
(+ sort the Amazon list alphabetically)
2020-08-13 17:38:32 -04:00
Kyle Spearrin
cd926ca8f6
allow user registration for sso (#865) 2020-08-13 17:30:10 -04:00
Kyle Spearrin
4d8090d75e
Fix 2fa dictionary on identity response (#863) 2020-08-13 16:04:50 -04:00
Kyle Spearrin
783b4804ec
SSO support (#862)
* [SSO] Added change password API (#836)

* Created API for updating password with no current comparison

* Changed name of method and request // Added user has password error flow

* Updated user service method name // Updated string null/empty check

* Replaced hardcoded sso domain hints with config loader (#850)

* Replaced hardcoded sso domain hints with config loader

* use async/await for sso config loader

* Update AccountsController.cs

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
2020-08-12 17:03:09 -04:00
Kyle Spearrin
056b4b9bf4
add api support for updating org identifier (#861)
* add api support for updating org identifier

* add identifier to response as well

* implement in EF repo
2020-08-12 16:38:22 -04:00
Addison Beck
c8220fdfa6
Plan And Price Updates (#859)
* Expanded the Plan model to make plan & product data a bit more dynamic 
* Created a Product enum to track versioned instances of the same plan
* Created and API call and Response model for getting plan & product data from the server
2020-08-11 14:19:56 -04:00
Timo N
61b11e398b
Added netcup to global equivalent domains list (#600) 2020-08-11 09:06:57 -04:00
Chad Scharf
5878d1b0db
Ref event should be base64 encoded (#853) 2020-08-06 20:29:35 -04:00
Jeremy Lin
562082e9ca
Add a complete list of Eventbrite equivalent domains (#851)
This list was extracted using:

$ curl -s https://www.eventbrite.com/ |
    tr '"' '\n' |
    grep -o 'www\.eventbrite\.[^/]*' |
    sed 's/www\.//' |
    sort -u
2020-08-06 14:07:45 -04:00
Kyle Spearrin
004e3c58ee
added more client redirect uris for clis (#849) 2020-08-05 10:53:55 -04:00
Kyle Spearrin
44717b2d4c remove non-verified eventbrite equivalent domains 2020-08-04 08:02:44 -04:00
Chad Scharf
b5ac20ec9f
Correct connection string for res queue (#847) 2020-08-03 15:22:38 -04:00
David Lemayian
ca224c1782
update welcome email download urls (#844)
* update welcome email download urls

Very cool service! Noticed the download urls in the welcome email didn't take me to the downloads. Hope this fixes it?

* Update Welcome.html.hbs

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-01 16:18:40 -04:00
Kyle Spearrin
623cd36bd4
upgrade identity server 4 to v4 (#842)
* upgrade identity server 4 to v4

* remove script ref
2020-07-30 17:00:13 -04:00
Kyle Spearrin
aa1665065d
add missing RedirectUris (#840) 2020-07-28 22:49:13 -04:00
Kyle Spearrin
c53e8cbf9d
return if org user has sso binding (#839) 2020-07-28 21:11:45 -04:00
Kyle Spearrin
2c4752f4ac
Sso user table, model and repo stubbed out (#837)
* Sso user table, model and repo stubbed out

* switch to nullable org id, bigint id

* update GetBySsoUserAsync

* cleanup migrator file

* fix EF user repo

* fix pg repo

* is `IS NULL` checks

* unique indexes

* update migration scripts

* add another unique index

* remove old script
2020-07-28 10:03:09 -04:00
Kyle Spearrin
69e8860767
Assign usepolicies when upgrading (#838) 2020-07-28 09:28:11 -04:00
Kyle Spearrin
5de236f294 update libs 2020-07-27 20:36:17 -04:00
Addison Beck
229478adae
Feature.web.534.allow multi select in org vault (#830)
* Set up API methods for bulk admin delete
2020-07-22 11:38:53 -05:00
Matt Portune
51fd87df0b
Added UseSso bool to Organization (#834)
* Added UseSso bool to org

* Update fields in migration script

* bump version & check enabled flag on ssoConfig
2020-07-22 09:38:39 -04:00
Chad Scharf
83e9468502
Transition reference id to data (#828)
* Transition reference id to data

* field length and request model updates
2020-07-20 15:19:46 -04:00
Kyle Spearrin
5892d52ed5 fix protocol 2020-07-16 08:03:57 -04:00
Kyle Spearrin
0d0c6c7167
sso integrations (#822)
* stub out hybrid sso

* support for PKCE authorization_code clients

* sso service urls

* sso client key

* abstract request validator

* support for verifying password

* custom AuthorizationCodeStore that does not remove codes

* cleanup

* comment

* created master password

* ResetMasterPassword

* rename Sso client to OidcIdentity

* update env builder

* bitwarden sso project in docker-compose

* sso path in nginx config
2020-07-16 08:01:39 -04:00
Chad Scharf
2742b414fd
reference event changes and cleanup (#823) 2020-07-15 12:38:45 -04:00
Matt Portune
92238eb0a9
Additional changes for enterprise portal sso config (#819)
* Additional changes for enterprise portal sso config

* Requested changes

* rename enum to Saml2

* Limit to one SSO config per org
2020-07-13 15:58:59 -04:00
Chad Scharf
7af50172e0
Reference event service implementation (#811)
* Reference event service implementation

* Fix IReferenceable implementation of Id

* add structure to event body
2020-07-07 12:01:34 -04:00
Vincent Salucci
b4524fbcb6
Added BusinessPortal property for use on client side (#810) 2020-07-06 12:59:57 -05:00
Chad Scharf
a37706eba1
Restore original collection method (#804) 2020-06-30 11:52:50 -04:00
Chad Scharf
d7b00f6c27
Subscription update to maintain auto charge (#803) 2020-06-29 20:29:19 -04:00