1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-05 14:23:30 +01:00
Commit Graph

276 Commits

Author SHA1 Message Date
Vincent Salucci
19d5817f8f
[Captcha] Implement failed logins ceiling (#1870)
* [Hacker1] Failed Login Attempts Captcha

* [Captcha] Implement failed logins ceiling

* Formatting

* Updated approach after implementation talks with Kyle

* Updated email templates // Updated calling arch for failed attempts

* Formatting

* Updated 2fa email links

* Renamed baserequest methods to better match their actions

* EF migrations/scripts

* Updated with requested changes

* Defaults for MaxiumumFailedLoginAttempts
2022-03-02 15:45:00 -06:00
Oscar Hinton
ac8ca46f0f
Remove the u2f lib (#1820) 2022-01-24 12:14:04 +01:00
Oscar Hinton
2ed588d005
Fix case inconsitency in provider migration (#1806) 2022-01-12 15:25:15 +01:00
Matt Gibson
757927e02a
Null org, org user ids, and friendly name to indicate invalid, unused sponsorship state (#1738)
* Null org, org user ids, and friendly name to indicate invalid, unused sponsorship state

* Match EF queries to MSSQL sprocs
2021-12-01 14:34:56 -06:00
Matt Gibson
fa3f1ad0ce
Null out sponsorship values when foreign key deleted (#1733)
This allows us to maintain record of sponsorships up
until they are explicitly removed. Fixes issues where removing
sponsorships from organizations with invalid sponsorships would error
2021-11-24 08:26:11 -06:00
Matt Gibson
33edc8eba0
Families for Enterprise (#1714)
* Create common test infrastructure project

* Add helpers to further type PlanTypes

* Enable testing of ASP.net MVC controllers

Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.

* Workaround for broken MemberAutoDataAttribute

https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.

This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.

* WIP: Organization sponsorship flow

* Add Attribute to use the Bit Autodata dependency chain

BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.

Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.

* WIP: scaffolding for families for enterprise sponsorship flow

* Fix broken tests

* Create sponsorship offer (#1688)

* Initial db work (#1687)

* Add organization sponsorship databases to all providers

* Generalize create and update for database, specialize in code

* Add PlanSponsorshipType to db model

* Write valid json for test entries

* Initial scaffolding of emails (#1686)

* Initial scaffolding of emails

* Work on adding models for FamilyForEnterprise emails

* Switch verbage

* Put preliminary copy in emails

* Skip test

* Families for enterprise/stripe integrations (#1699)

* Add PlanSponsorshipType to static store

* Add sponsorship type to token and creates sponsorship

* PascalCase properties

* Require sponsorship for remove

* Create subscription sponsorship helper class

* Handle Sponsored subscription changes

* Add sponsorship id to subscription metadata

* Make sponsoring references nullable

This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons

* WIP: Validate and remove subscriptions

* Update sponsorships on organization and org user delete

* Add friendly name to organization sponsorship

* Add sponsorship available boolean to orgDetails

* Add sponsorship service to DI

* Use userId to find org users

* Send f4e offer email

* Simplify names of f4e mail messages

* Fix Stripe org default tax rates

* Universal sponsorship redeem api

* Populate user in current context

* Add product type to organization details

* Use upgrade path to change sponsorship

Sponsorships need to be annual to match the GB add-on charge rate

* Use organization and auth to find organization sponsorship

* Add resend sponsorship offer api endpoint

* Fix double email send

* Fix sponsorship upgrade options

* Add is sponsored item to subscription response

* Add sponsorship validation to upcoming invoice webhook

* Add sponsorship validation to upcoming invoice webhook

* Fix organization delete sponsorship hooks

* Test org sponsorship service

* Fix sproc

* Create common test infrastructure project

* Add helpers to further type PlanTypes

* Enable testing of ASP.net MVC controllers

Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.

* Workaround for broken MemberAutoDataAttribute

https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.

This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.

* WIP: Organization sponsorship flow

* Add Attribute to use the Bit Autodata dependency chain

BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.

Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.

* WIP: scaffolding for families for enterprise sponsorship flow

* Fix broken tests

* Create sponsorship offer (#1688)

* Initial db work (#1687)

* Add organization sponsorship databases to all providers

* Generalize create and update for database, specialize in code

* Add PlanSponsorshipType to db model

* Write valid json for test entries

* Initial scaffolding of emails (#1686)

* Initial scaffolding of emails

* Work on adding models for FamilyForEnterprise emails

* Switch verbage

* Put preliminary copy in emails

* Skip test

* Families for enterprise/stripe integrations (#1699)

* Add PlanSponsorshipType to static store

* Add sponsorship type to token and creates sponsorship

* PascalCase properties

* Require sponsorship for remove

* Create subscription sponsorship helper class

* Handle Sponsored subscription changes

* Add sponsorship id to subscription metadata

* Make sponsoring references nullable

This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons

* WIP: Validate and remove subscriptions

* Update sponsorships on organization and org user delete

* Add friendly name to organization sponsorship

* Add sponsorship available boolean to orgDetails

* Add sponsorship service to DI

* Use userId to find org users

* Send f4e offer email

* Simplify names of f4e mail messages

* Fix Stripe org default tax rates

* Universal sponsorship redeem api

* Populate user in current context

* Add product type to organization details

* Use upgrade path to change sponsorship

Sponsorships need to be annual to match the GB add-on charge rate

* Use organization and auth to find organization sponsorship

* Add resend sponsorship offer api endpoint

* Fix double email send

* Fix sponsorship upgrade options

* Add is sponsored item to subscription response

* Add sponsorship validation to upcoming invoice webhook

* Add sponsorship validation to upcoming invoice webhook

* Fix organization delete sponsorship hooks

* Test org sponsorship service

* Fix sproc

* Fix build error

* Update emails

* Fix tests

* Skip local test

* Add newline

* Fix stripe subscription update

* Finish emails

* Skip test

* Fix unit tests

* Remove unused variable

* Fix unit tests

* Switch to handlebars ifs

* Remove ending email

* Remove reconfirmation template

* Switch naming convention

* Switch naming convention

* Fix migration

* Update copy and links

* Switch to using Guid in the method

* Remove unneeded css styles

* Add sql files to Sql.sqlproj

* Removed old comments

* Made name more verbose

* Fix SQL error

* Move unit tests to service

* Fix sp

* Revert "Move unit tests to service"

This reverts commit 1185bf3ec8.

* Do repository validation in service layer

* Fix tests

* Fix merge conflicts and remove TODO

* Remove unneeded models

* Fix spacing and formatting

* Switch Org -> Organization

* Remove single use variables

* Switch method name

* Fix Controller

* Switch to obfuscating email

* Fix unit tests

Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 17:25:06 -05:00
Oscar Hinton
f866b25e43
Key Connector feature toggle (#1716) 2021-11-17 11:46:35 +01:00
Addison Beck
6b629feb03
[bug] Drop unused db column UsesCryptoAgent (#1704) 2021-11-09 12:33:18 -05:00
Oscar Hinton
fd37cb5a12
Add support for Key Connector OTP and account migration (#1663)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 16:37:32 +01:00
Thomas Rittson
e57bef6af4
Fix policy enforcement against invited users (#1680) 2021-11-03 07:08:13 +10:00
Oscar Hinton
c5d5601464
Add support for crypto agent (#1623) 2021-10-25 15:09:14 +02:00
Matt Gibson
e744ffe499
Default autoscaling to off (#1659)
* Default autoscaling to off

* Update util/Migrator/DbScripts/2021-10-21_00_DefaultAutoscaleLimitToCurrentSeats.sql

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update util/Migrator/DbScripts/2021-10-21_00_DefaultAutoscaleLimitToCurrentSeats.sql

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update util/MySqlMigrations/Scripts/2021-10-21_00_SetMaxAutoscaleSeatCount.sql

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-10-22 08:11:14 -05:00
Vince Grassia
15eeb9d650
Update SQL files to be backwards compatible when adding columns (#1635)
* Update SQL files to be backwards compatible when adding columns

* Remove 'UseResetPasswordCustomOrg' SQL script
2021-10-15 12:28:21 -04:00
Matt Gibson
7802c2b969
⚠️ Do not specify database in migration files (#1628)
* Do not specify database in migration files

* Rename migrations to force them to re-run

* Use new migration files

* Rename EF migrations
2021-10-11 10:20:21 -05:00
Matt Gibson
bd297fb7a2
SqlServer split manage collection permission (#1594)
* SqlServer split manage collection permission

* Clarify names

* Test claims generation

* Test permission serialization

* Simplify claims building

* Use new collections permissions

* Throw on use of deprecated permissions

* Lower case all claims

* Remove todos

* Clean nonexistent project from test solution

* JsonIgnore for both system and newtonsoft json

* Make migrations more robust to multiple runs

* remove duplicate usings

* Remove obsolete permissions

* Test solutions separately to detect failures

* Handle dos line endings

* Fix collections create/update permissions

* Change restore cipher to edit permissions

* Improve formatting

* Simplify map

* Refactor test
2021-10-05 11:12:05 -05:00
Thomas Rittson
66629b2f1c
Refactor policy checks (#1536)
* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
2021-09-28 06:54:28 +10:00
Matt Gibson
d39f45c81c
Organization autoscaling (#1585)
* Add autoscale fields to Organization

* Add autoscale setting changes

* Autoscale organizations

updates InviteUsersAsync to support all invite sources.

sends an email to org owners when organization autoscaled

* All organizations autoscale

Disabling autoscaling can be done by setting max seats to current seats.

We only warn about autoscaling on the first autoscaling event.

* Fix tests

* Bug fixes

* Simplify subscription update logic

* Void invoices that fail to delete

Stripe no longer allows deletion of draft invoices that were created as part of subscription updates. It's necessary to void out these invoices without sending tem to the client.

* Notify org owners when their subscription runs out of seats

* Use datetime for notifications

Allows for later re-sending email if we want to periodically remind
owners

* Do not update subscription if it already matches new quatity

* Include all migrations

* Remove unnecessary inline styling

* SubscriptionUpdate handles update decisions

* Remove unnecessary html setter

* PR review

* Use minimum access for class methods
2021-09-23 05:36:08 -05:00
Oscar Hinton
c22e48c1b4
Resolve error when deleting an account connected to a provider (#1580) 2021-09-15 20:34:06 +02:00
Oscar Hinton
02866623f2
Add OrganizationUser_ReadByMinimumRole to Sql.sqlproj (#1555) 2021-09-07 15:42:44 +02:00
Thomas Rittson
8f27f21ce0
Remove stale SsoUser objects from database (#1560)
* Add SsoUser_ReadByUserIdOrganizationId

* Automatically reset stale/duplicate Sso links

* Fix typo

* Check for stale Sso link in existing user flow

* Delete any stale user record before provisioning new user

* Check for existing db query before creating

* PR feedback updates

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-09-03 10:54:41 -04:00
Thomas Rittson
4bc683c38d
Increase sales tax precision from 2 to 3 decimal places (#1525)
* Allow for tax rates with 3 decimal places

* Update input validation

* Increase precision of create procedure
2021-08-24 06:52:59 +10:00
Addison Beck
87fb3f533c
fixed a bad migration change (#1511) 2021-08-12 13:06:02 -04:00
Addison Beck
b726b08ea1
added a status check to the read by minimum role proc (#1498) 2021-08-10 06:59:54 -04:00
Vince Grassia
a31c231749
Fix UserKdf and UserApiKey migrations to only update null values (#1494) 2021-08-03 15:54:47 -04:00
Thomas Rittson
8d2b36d187
Fix conflicting group permissions (#1473)
* Return collection with highest permission levels

* Revert "Return collection with highest permission levels"

This reverts commit 06e0f3b73e.

* Combine duplicate collectionDetails

* Update EF to combine duplicate CollectionDetails

* Delete unneeded using statements
2021-08-02 11:49:27 +10:00
Vincent Salucci
545d5f942b
[Reset Password v1] Fixed ForcePasswordReset migration script (#1484) 2021-07-23 08:48:34 -05:00
Oscar Hinton
792fb377dd
[Provider] Prevent including pending organizations in SyncResponse (#1482) 2021-07-22 22:18:34 +02:00
Oscar Hinton
259bf8d760
Add events for Creating, Adding and Removing ProviderOrganizations (#1475) 2021-07-21 19:40:38 +02:00
Vincent Salucci
4e486e5f5d
[Reset Password v1] Update DB for Forced Reset (#1467)
* [Reset Password v1] Force Temp Password Changes

* Updated EF migrations/scripts

* Updating user sprocs with default bit value
2021-07-21 11:47:11 -05:00
Addison Beck
5ec37b96b4
Organization User Accepted Invite Email Notifications (#1465) 2021-07-16 13:49:27 -04:00
Oscar Hinton
f6ebb20847
[Provider] Add support for events (#1447) 2021-07-15 16:37:27 +02:00
Addison Beck
b13dda2799
Postgres & MySql Support For Self-Hosted Installations (#1386)
* EF Database Support Init (#1221)

* scaffolding for ef support

* deleted old postgres repos

* added tables to oncreate

* updated all the things to .NET 5

* Addition to #1221: Migrated DockerFiles from dotnet/3.1 to  5.0 (#1223)

* Migrated DockerFiles from dotnet/3.1 to  5.0

* Migrated SSO/Dockerfile from dotnet 3.1 to 5.0

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* EFDatabaseSupport: Updated links and description in README.md and SETUP.md (#1232)

* Updated requirements in README.md

* Updated link to documentation of app-secrets

* upgraded dotnet version to 5.0

* Ef database support implementation examples (#1265)

* mostly finished testing the user repo

* finished testing user repo

* finished org, user, ssoconfig, and ssouser ef implementations

* removed unused prop

* fixed a sql file

* fixed a spacing issue

* fixed a spacing issue

* removed extra database creation

* refactoring

* MsSql => SqlServer

* refactoring

* code review fixes

* build fix

* code review

* continued attempts to fix the the build

* skipped another test

* finished all create test

* initial pass at several repos

* continued building out repos

* initial pass at several repos

* initial pass at device repo

* initial pass at collection repo

* initial run of all Entity Framework implementations

* signup, signin, create/edit ciphers works

* sync working

* all web vault pages seem to load with 100% 200s

* bulkcopy, folders, and favorites

* group and collection management

* sso, groups, emergency access, send

* get basic creates matching on all repos

* got everything building again post merge

* removed some IDE config files

* cleanup

* no more notimplemented methods in the cipher repo

* no more not implementeds everywhere

* cleaned up schema/navigation properties and fixed tests

* removed a sql comment that was written in c# style

* fixed build issues from merge

* removed unsupported db providers

* formatting

* code review refactors

* naming cleanup for queries

* added provider methods

* cipher repo cleanup

* implemented several missing procedures from the EF implementation surround account revision dates, keys, and storage

* fixed the build

* added a null check

* consolidated some cipher repo methods

* formatting fix

* cleaned up indentation of queries

* removed .idea file

* generated postgres migrations

* added mysql migrations

* formatting

* Bug Fixes & Formatting

* Formatting

* fixed a bug with bulk import when using MySql

* code review fixes

* fixed the build

* implemented new methods

* formatting

* fixed the build

* cleaned up select statements in ef queries

* formatting

* formatting

* formatting

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2021-07-08 16:35:48 +00:00
Oscar Hinton
feb3106f37
[Provider] Create and access child organizations (#1427) 2021-07-08 17:05:32 +02:00
Thomas Rittson
908e1504af
Fix bulk fingerprints (#1442)
* Fix fingerprint phrases in bulk confirm modal

* Fix indentation
2021-07-07 20:21:52 +10:00
Oscar Hinton
43f7271147
[Provider] Setup provider (#1378) 2021-06-30 09:35:26 +02:00
Vincent Salucci
2d41edf1f9
[Reset Password] Updated OrgResetPasswordAbilityAndRsaKeys sql script (#1418)
* Updated OrgResetPasswordAbilityAndRsaKeys sql script

* Removed unnecessary null check
2021-06-28 12:15:55 -05:00
Vincent Salucci
658f79b80e
[Reset Password] Update Custom orgs for UseResetPassword (#1399)
* [Reset Password] Update Custom orgs for UseResetPassword

* Improved script content
2021-06-16 14:40:27 -05:00
Oscar Hinton
fe1ffb6a22
[Provider] Server entities and models (#1370)
* Mock out provider models and service

* Implement CreateAsync, CompleteSetupAsync, UpdateAsync, InviteUserAsync and ResendInvitesAsync

* Implement AcceptUserAsync and ConfirmUsersAsync

* Implement SaveUserAsync and DeleteUserAsync

* Add email templates

* Add admin operations for providers

* Fix mail template names

* Rename roles

* Verify provider has provideradmin

* Add self hosted check to admin controller

* Resolve review comments

* Update sql queries

* Change create provider to use email instead of userId
2021-06-03 18:58:29 +02:00
Matt Gibson
a7d700f1cb
Explicitly set quoted identifier on for problem objects (#1360) 2021-06-01 14:52:22 -05:00
Oscar Hinton
fffdd17915
Fix typo in bulk reinvinte migration (#1357) 2021-05-27 17:29:23 +02:00
Oscar Hinton
d4cf6d929a
Bulk Confirm (#1345)
* Add support for bulk confirm

* Add missing sproc to migration

* Change ConfirmUserAsync to internally use ConfirmUsersAsync

* Refactor to be a bit more readable

* Change BulkReinvite and BulkRemove to return a list of errors/success

* Refactor

* Fix removing owner preventing removing non owners

* Add another unit test

* Use fixtures for OrganizationUser and Policies

* Fix spelling
2021-05-25 19:23:47 +02:00
Oscar Hinton
61307e11b0
Provider: Initial db structure (#1309)
* Initial db structure
2021-05-20 14:39:26 +02:00
Matt Gibson
785e788cb6
Support large organization sync (#1311)
* Increase organization max seat size from 30k to 2b (#1274)

* Increase organization max seat size from 30k to 2b

* PR review. Do not modify unless state matches expected

* Organization sync simultaneous event reporting (#1275)

* Split up azure messages according to max size

* Allow simultaneous login of organization user events

* Early resolve small event lists

* Clarify logic

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Improve readability

This comes at the cost of multiple serializations, but the
 improvement in wire-time should more than make up for this
 on message where serialization time matters

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Queue emails (#1286)

* Extract common Azure queue methods

* Do not use internal entity framework namespace

* Prefer IEnumerable to IList unless needed

All of these implementations were just using `Count == 1`,
which is easily replicated. This will be used when abstracting Azure queues

* Add model for azure queue message

* Abstract Azure queue for reuse

* Creat service to enqueue mail messages for later processing

Azure queue mail service uses Azure queues.
Blocking just blocks until all the work is done -- This is
how emailing works today

* Provide mail queue service to DI

* Queue organization invite emails for later processing

All emails can later be added to this queue

* Create Admin hosted service to process enqueued mail messages

* Prefer constructors to static generators

* Mass delete organization users (#1287)

* Add delete many to Organization Users

* Correct formatting

* Remove erroneous migration

* Clarify parameter name

* Formatting fixes

* Simplify bump account revision sproc

* Formatting fixes

* Match file names to objects

* Indicate if large import is expected

* Early pull all existing users we were planning on inviting (#1290)

* Early pull all existing users we were planning on inviting

* Improve sproc name

* Batch upsert org users (#1289)

* Add UpsertMany sprocs to OrganizationUser

* Add method to create TVPs from any object.

Uses DbOrder attribute to generate.
Sproc will fail unless TVP column order matches that of the db type

* Combine migrations

* Correct formatting

* Include sql objects in sql project

* Keep consisten parameter names

* Batch deletes for performance

* Correct formatting

* consolidate migrations

* Use batch methods in OrganizationImport

* Declare @BatchSize

* Transaction names limited to 32 chars

Drop sproc before creating it if it exists

* Update import tests

* Allow for more users in org upgrades

* Fix formatting

* Improve class hierarchy structure

* Use name tuple types

* Fix formatting

* Front load all reflection

* Format constructor

* Simplify ToTvp as class-specific extension

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-05-17 09:43:02 -05:00
Oscar Hinton
e2f633dace
Bulk re-invite of org users (#1316)
* Add APIs for Bulk reinvinte

* Resolve review comments.
2021-05-12 11:18:25 +02:00
Vincent Salucci
70ab5b25a1
[Reset Password] Organization Key Pair (#1292)
* [Reset Password] Organization Key Pair

* Fixed type in Organization_ReadAbilites sproc

* Fixed broken unit test by making sure premium addon was false

* Updated PublicKey decorator and removed unecessary validation
2021-05-06 14:53:12 -05:00
Oscar Hinton
6ada46f906
Fix password re-prompt not working in org view (#1296)
* Fix password reprompt not working in org view

* Also fix Cipher_UpdateWithCollections and CipherDetails_CreateWithCollections. Rename migration script
2021-05-04 20:36:35 +02:00
Oscar Hinton
2054e5a926
Password re-prompt (#1269)
* Add support for password re-prompt
2021-04-29 15:43:44 +02:00
Kyle Spearrin
597fa01344
job to delete trashed ciphers nightly (#1243)
* job to delete trashed items nightly

* remove script from migration project file

* admin setting for controlling trash deleting dates
2021-04-02 11:14:21 -04:00
Oscar Hinton
339292f536
Fix emergency access migration not working (#1244) 2021-03-29 17:28:36 +02:00
Thomas Rittson
688cc00d48
Hide email address in Sends (#1234)
* Add send HideEmail to tables and models

* Respect HideEmail setting for Sends

* Recreate SendView to include new HideEmail column

* Enforce new Send policy

* Insert default value for new HideEmail column

* Delete c95d7598-71cc-4eab-8b08-aced0045198b.json

* Remove unrelated files

* Revert disableSendPolicy, add sendOptionsPolicy

* Minor style fixes

* Update SQL project with Send.HideEmail column

* unit test SendOptionsPolicy.DisableHideEmail

* Add SendOptionsPolicy to Portal

* Make HideEmail nullable, fix migrator script

* Remove NOT NULL constraint from HideEmail

* Fix style

* Make HideEmail nullable

* minor fixes to model and error message

* Move SendOptionsExemption banner

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
Chad Scharf
a2f33176aa
Fix column NULLness for OrganizationUser table (#1239)
Fix column `NULL`ness for OrganizationUser table in Upgrade script; prior PR I missed in the upgrade script submitted that the ALTER COLUMN statement incorrectly set the column to `NOT NULL` when the table definition had it correctly as `NULL`.
2021-03-24 12:50:57 -04:00
Vincent Salucci
0cfd50382d
[Reset Password] Update all existing tables/sprocs/migrator scripts (#1235) 2021-03-23 16:04:11 -05:00
Oscar Hinton
07f37d1f74
WebAuthn (#903) 2021-03-22 23:21:43 +01:00
Vincent Salucci
7309a37bdc
[Bug] Updated incorrect formatting/spelling on migrator script (#1228) 2021-03-22 10:24:28 -05:00
Daniel James Smith
aea85ea0eb
Fixes #1101: Extend email column length to 256 characters (MSSQL) (#1191)
* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - Installation

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - User

* Fixes bitwarden/server/#1101 - Extended length of BillingEmail column to 256 characters - Organization

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - OrganizationUser

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - EmergencyAccess

* Fixes bitwarden/server/bitwarden#1101 - Fixed issues after PR review
2021-03-18 16:43:49 -04:00
Thomas Rittson
3850f0e400
Fix empty grantee or grantor names in emergency access emails (#1162)
* Fix empty grantee or grantor names in emails

* Add migrator dbscript for changes to ReadToNotify
2021-02-26 08:11:58 +10:00
Matt Gibson
79cc6df0fd
Delete sends belonging to user on user delete (#1116)
* Delete sends belonging to user on user delete

* Update User_DeleteById.sql

* Clean up bad autoformats

Co-authored-by: Addison Beck <abeck@bitwarden.com>

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-02-05 12:37:55 -06:00
Addison Beck
63fcdc1418
Implemented Custom role and permissions (#1057)
* Implemented Custom role and permissions

* Converted permissions columns to a json blob

* Code review fixes for Permissions

* sql build fix

* Update Permissions.cs

* formatting

* Update IOrganizationService.cs

* reworked a conditional

* built out tests for relevant organization service methods

* removed unused usings

* fixed a broken test and a bad empty string init

* removed 'Attribute' from some attribute instances
2021-01-12 11:02:39 -05:00
Matt Gibson
5aba9f7549
Add cipher response to restore (#1072)
* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
2021-01-08 08:52:42 -06:00
Addison Beck
6143ad2b95
fixed a copy/paste bug in the tax rate migration script (#1077) 2021-01-07 16:36:18 -05:00
Chad Scharf
4825998ba5
Fix sproc name mismatch in migration sql (#1066) 2020-12-30 16:21:14 -05:00
Oscar Hinton
0f1af2333e
Add support for Emergency Access (#1000)
* Add support for Emergency Access

* Add migration script

* Review comments

* Ensure grantor has premium when inviting new grantees.

* Resolve review comments

* Remove two factor references
2020-12-16 14:36:47 -05:00
Vincent Salucci
70f5fd5030
[Policy] Personal Ownership (#1013)
* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
2020-12-11 10:45:26 -06:00
Vincent Salucci
09aea4ed38
[Bug] Improve SSO user provision flow (#1022)
* Initial commit of provisioning updates

* Updated strings

* removed extra BANG

* Separated orgUsers db lookup - prioritized existing user Id

* Updated create sso record method // Added sproc for org/email retrieval
2020-12-04 16:45:54 -06:00
Addison Beck
b877c25234
Implemented tax collection for subscriptions (#1017)
* Implemented tax collection for subscriptions

* Cleanup for Sales Tax

* Cleanup for Sales Tax

* Changes a constraint to an index for checking purposes

* Added and implemented a ReadById method for TaxRate

* Code review fixes for Tax Rate implementation

* Code review fixes for Tax Rate implementation

* Made the SalesTax migration script rerunnable
2020-12-04 12:05:16 -05:00
Addison Beck
25a9991908
Implement User-based API Keys (#981)
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
2020-11-10 15:15:29 -05:00
Kyle Spearrin
82dd364e65
Send APIs (#979)
* send work

* fix sql proj file

* update

* updates

* access id

* delete job

* fix delete job

* local send storage

* update sprocs for null checks
2020-11-02 15:55:49 -05:00
Vincent Salucci
66e44759f0
[Require SSO] Enterprise policy enforcement (#970)
* Initial commit of require sso authentication policy enforcement

* Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future

* Update policy name // adjusted conditional to demorgan's

* Updated sproc // Added migrator script

* Added .sql file extension to DeleteOrgUserWithOrg migrator script

* Added policy // edit // strings // validation to business portal

* Change requests from review // Added Owner & Admin exemption

* Updated repository function used to get org user's type

* Updated with requested changes
2020-10-26 11:56:16 -05:00
Addison Beck
e872b4df9d
Only org policy (#962)
* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
Addison Beck
dfe5c571b9
Delete OrgUsers When Deleting An Org (#964)
* deleted orgUsers when deleting an org

* sql formatting
2020-10-13 11:26:55 -04:00
Kyle Spearrin
8510a753a8
delete sso config when deleting org (#904)
* delete ssouser on org and user delete

* delete sso config when deleting org
2020-09-02 10:48:15 -04:00
Kyle Spearrin
47224913d4
delete ssouser on org and user delete (#902) 2020-09-01 16:05:37 -04:00
Kyle Spearrin
9faa9406a6
delete sso user when deleting org user (#901) 2020-09-01 15:07:47 -04:00
Chad Scharf
db7d05b52f
Added PreValidate endpoint on Account controller (#896)
* Added PreValidate endpoint on Account controller

* Fixed IHttpClientFactory implementation

* Core localization and org sproc fix

* Pass culture, fixed sso middleware bug
2020-08-28 12:14:23 -04:00
Addison Beck
59f8467f7c
Create sso user api (#886)
* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-26 14:12:04 -04:00
Chad Scharf
8884157427
Added get for sso config repo by revision date (#878) 2020-08-19 13:35:17 -04:00
Kyle Spearrin
cd926ca8f6
allow user registration for sso (#865) 2020-08-13 17:30:10 -04:00
Kyle Spearrin
056b4b9bf4
add api support for updating org identifier (#861)
* add api support for updating org identifier

* add identifier to response as well

* implement in EF repo
2020-08-12 16:38:22 -04:00
Kyle Spearrin
623cd36bd4
upgrade identity server 4 to v4 (#842)
* upgrade identity server 4 to v4

* remove script ref
2020-07-30 17:00:13 -04:00
Kyle Spearrin
68915a452e missing go 2020-07-28 21:53:12 -04:00
Kyle Spearrin
c53e8cbf9d
return if org user has sso binding (#839) 2020-07-28 21:11:45 -04:00
Kyle Spearrin
2c4752f4ac
Sso user table, model and repo stubbed out (#837)
* Sso user table, model and repo stubbed out

* switch to nullable org id, bigint id

* update GetBySsoUserAsync

* cleanup migrator file

* fix EF user repo

* fix pg repo

* is `IS NULL` checks

* unique indexes

* update migration scripts

* add another unique index

* remove old script
2020-07-28 10:03:09 -04:00
Addison Beck
229478adae
Feature.web.534.allow multi select in org vault (#830)
* Set up API methods for bulk admin delete
2020-07-22 11:38:53 -05:00
Matt Portune
51fd87df0b
Added UseSso bool to Organization (#834)
* Added UseSso bool to org

* Update fields in migration script

* bump version & check enabled flag on ssoConfig
2020-07-22 09:38:39 -04:00
Chad Scharf
83e9468502
Transition reference id to data (#828)
* Transition reference id to data

* field length and request model updates
2020-07-20 15:19:46 -04:00
Kyle Spearrin
cc9d18f6d2
add missing [ViewPassword] true (#799) 2020-06-27 15:09:04 -04:00
Matt Portune
0b1e49bc0a Remove Id from SsoConfig_Create sproc 2020-06-26 16:47:41 -04:00
Matt Portune
9f919bbea9 move Id assignment to after insert 2020-06-25 18:28:08 -04:00
Matt Portune
f46023f2f5 requested changes 2020-06-25 18:06:27 -04:00
Matt Portune
39a81af3e9 DAL & CRUD for SSO 2020-06-25 16:42:29 -04:00
Chad Scharf
fca7b162bf Reference id storage and signup 2020-06-25 12:28:22 -04:00
Matt Portune
f471237ce4 Update migration 2020-06-24 16:14:59 -04:00
Matt Portune
81879f804b fixed field name during name check 2020-06-24 15:21:48 -04:00
Matt Portune
448032668e fixed syntax error in migration 2020-06-24 15:18:42 -04:00
Matt Portune
05891f2122 Requested updates 2020-06-24 12:24:36 -04:00
Matt Portune
09df3f64d3 Updates to SSO config DB setup 2020-06-23 23:54:27 -04:00
Matt Portune
aa19be2c0c formatting 2020-06-22 10:45:37 -04:00
Matt Portune
d0a98d6cf3 Added missing migration functionality 2020-06-22 09:49:16 -04:00
Matt Portune
519226f824 formatting 2020-06-21 23:42:27 -04:00
Matt Portune
8e7cb082ad DB support for SSO config 2020-06-21 23:35:42 -04:00
hinton
24a458416e Add missing go after create type. 2020-05-26 20:56:10 +02:00
hinton
bf7f541664 Add go after last statement. 2020-05-26 20:53:49 +02:00
hinton
4c1ba235d8 Delete procedures before droping type 2020-05-23 12:06:05 +02:00
hinton
14a8224a99 Be explicit about AccessAll for ViewPassword 2020-05-23 11:06:41 +02:00
hinton
1c0095b122 Be explicit with AccessAll and fix bug in create/update cipher 2020-05-23 10:36:35 +02:00
hinton
54f3ab5863 Add database migration script for hidden passwords 2020-05-22 22:52:08 +02:00
Kyle Spearrin
343ef92a20
Sproc tweaks (#730)
* do not follow local hosts or ip addresses

* remove cron from mssql

* migration script

* Use joins instead of temp tables

* update migration script with join changes
2020-05-21 11:35:00 -04:00
Chad Scharf
43501e643f [Soft Delete] - cleanup whitespace in Cipher_Restore 2020-04-10 10:51:27 -04:00
Chad Scharf
598e1ff92b [Soft Delete] - Add not null/is null filters to soft delete and restore sprocs 2020-04-09 15:25:17 -04:00
Chad Scharf
7f22088d5f Fix delcaration of @UtcNow variable 2020-04-02 14:08:19 -04:00
Chad Scharf
eb34cc49c6 Fixed date time precision assignment for DeletedDate and RevisionDate (performance + match/data quality) 2020-04-02 13:45:53 -04:00
Chad Scharf
d07f27f274 [Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update 2020-04-01 16:39:27 -04:00
Chad Scharf
d014a597dd [Soft Delete] - API updates for soft delete + retrieval 2020-04-01 13:00:25 -04:00
Chad Scharf
55b937ff68 Updated PR comments, changed smart defaults for behavior, updated Cipher table index 2020-03-27 10:23:37 -04:00
Chad Scharf
bc46eccf70 Deleted date on Cipher table, related sprocs and repositories updated 2020-03-26 19:32:37 -04:00
Kyle Spearrin
81424a8526
Enforce 2fa policy (#654) 2020-02-19 14:56:16 -05:00
Kyle Spearrin
725522128c sync org policies to client devices 2020-01-28 15:33:32 -05:00
Kyle Spearrin
f3f1ac57d2 refactor policy apis 2020-01-20 08:53:15 -05:00
Kyle Spearrin
ff8731c82f add usepolicies to org profile object 2020-01-15 15:17:32 -05:00
Kyle Spearrin
e8054df5b4 use policies property for orgs 2020-01-15 15:00:54 -05:00
Kyle Spearrin
58faf5266b policy events 2020-01-15 09:43:49 -05:00
Kyle Spearrin
4e4644e17d stub out organization policy db schema 2020-01-06 14:26:48 -05:00
Kyle Spearrin
35804e10cf collection cipher query improvements 2019-05-28 23:55:47 -04:00
Kyle Spearrin
d34cde7579 group name fix 2019-05-15 22:38:52 -04:00
Kyle Spearrin
b4148d3532 fix issues on cipher admin endpoints 2019-05-01 09:38:13 -04:00
Kyle Spearrin
3a1e24976b move migrator project to util 2019-03-25 13:23:50 -04:00