1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00
Commit Graph

2605 Commits

Author SHA1 Message Date
Thomas Avery
11b6e5d21d
Fix for displaying email address in email template (#2015) 2022-05-25 11:42:34 -05:00
Justin Baur
f235938c41
Change OrgUser Delete Behavior (#2010)
* Fix OrgUserDelete sprocs

* Update Sqlproj
2022-05-23 15:50:54 -04:00
Thomas Avery
0c925f92c9
Fix port number for vs profile Api-SelfHost (#2011) 2022-05-23 14:22:04 -05:00
Justin Baur
719abc7e61
[BEEEP] Integration tests (#1945)
* Add api integration tests

* Add some stuff

* Make program mockable

* Work on IntegrationTests for Identity

* Formatting

* Update packages.lock.json

* Update more packages.lock.json

* Update all packages.lock.json

* Fix InMemory configuration

* Actually fix test configuration

* Fix tests for CI

* Fix event service

* Force EF EventRepository

* Add client_credentials test

* Remove Api.IntegrationTest

* Remove Api Program changes

* Cleanup

* Add more Auth-Email tests

* Run formatting

* Address some PR feedback

* Move integration stuff to it's own common project

* Ran linter

* Add shared project to test solution

* Remove sln changes

* Clean usings

* Add more coverage

* Address PR feedback
2022-05-20 15:24:59 -04:00
Carlos J. Muentes
452472deab
CSA-1 - adding master password authentication when enrolling in passw… (#1940)
* CSA-2 - adding master password authentication when enrolling in password reset

* Getting user by principal rather than ID

* Removing unnecessary userId call

* Use secret verification for re-auth api requests

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2022-05-19 14:55:42 -05:00
Matt Gibson
60e36a8f0f
Add InstallationId to event responses (#2007) 2022-05-19 09:58:47 -05:00
Federico Maccaroni
e314537713
PS-661 Fix Captcha Bypass Token Validation (#2004) 2022-05-19 10:15:49 -03:00
Justin Baur
53241f16e0
Add Additional Logging to Self-hosted installs for F4E (#1999)
* Add logging to SH logs

* Fix tests
2022-05-16 09:57:00 -04:00
Justin Baur
6b484e29a7
Switch to sending org name in cloud invite (#2002) 2022-05-16 09:50:33 -04:00
Federico Maccaroni
2e2d3075d1
EC-198 Added feature flag for 2FA Email for new device login (#1993)
* EC-198 added global setting flag for 2FA email on new device login feature

* EC-198 Removed is development environment check on 2FA email new device login given that we can now rely on the global settings feature flag

* EC-198 Improved IGlobalSettings and UserService code for testing
2022-05-13 10:48:48 -03:00
Matt Gibson
c54c39b28c
Feature/self hosted families for enterprise (#1991)
* Families for enterprise/split up organization sponsorship service (#1829)

* Split OrganizationSponsorshipService into commands

* Use tokenable for token validation

* Use interfaces to set up for DI

* Use commands over services

* Move service tests to command tests

* Value types can't be null

* Run dotnet format

* Update src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/CancelSponsorshipCommand.cs

Co-authored-by: Justin Baur <admin@justinbaur.com>

* Fix controller tests

Co-authored-by: Justin Baur <admin@justinbaur.com>

* Families for enterprise/split up organization sponsorship service (#1875)

* Split OrganizationSponsorshipService into commands

* Use tokenable for token validation

* Use interfaces to set up for DI

* Use commands over services

* Move service tests to command tests

* Value types can't be null

* Run dotnet format

* Update src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/CancelSponsorshipCommand.cs

Co-authored-by: Justin Baur <admin@justinbaur.com>

* Fix controller tests

* Split create and send sponsorships

* Split up create sponsorship

* Add self hosted commands to dependency injection

* Add field to store cloud billing sync key on self host instances

* Fix typo

* Fix data protector purpose of sponsorship offers

* Split cloud and selfhosted sponsorship offer tokenable

* Generate offer from self hosted with all necessary auth data

* Add Required properties to constructor

* Split up cancel sponsorship command

* Split revoke sponsorship command between cloud and self hosted

* Fix/f4e multiple sponsorships (#1838)

* Use sponosorship from validate to redeem

* Update tests

* Format

* Remove sponsorship service

* Run dotnet format

* Fix self hosted only controller attribute

* Clean up file structure and fixes

* Remove unneeded tokenables

* Remove obsolete commands

* Do not require file/class prefix if unnecessary

* Update Organizaiton sprocs

* Remove unnecessary models

* Fix tests

* Generalize LicenseService path calculation

Use async file read and deserialization

* Use interfaces for testability

* Remove unused usings

* Correct test direction

* Test license reading

* remove unused usings

* Format

Co-authored-by: Justin Baur <admin@justinbaur.com>

* Improve DataProtectorTokenFactory test coverage (#1884)

* Add encstring to server

* Test factory

Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>

* Format

* Remove SymmetricKeyProtectedString

Not needed

* Set ForcInvalid

Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>

* Feature/self f4e/api keys (#1896)

* Add in ApiKey

* Work on API Key table

* Work on apikey table

* Fix response model

* Work on information for UI

* Work on last sync date

* Work on sync status

* Work on auth

* Work on tokenable

* Work on merge

* Add custom requirement

* Add policy

* Run formatting

* Work on EF Migrations

* Work on OrganizationConnection

* Work on database

* Work on additional database table

* Run formatting

* Small fixes

* More cleanup

* Cleanup

* Add RevisionDate

* Add GO

* Finish Sql project

* Add newlines

* Fix stored proc file

* Fix sqlproj

* Add newlines

* Fix table

* Add navigation property

* Delete Connections when organization is deleted

* Add connection validation

* Start adding ID column

* Work on ID column

* Work on SQL migration

* Work on migrations

* Run formatting

* Fix test build

* Fix sprocs

* Work on migrations

* Fix Create table

* Fix sproc

* Add prints to migration

* Add default value

* Update EF migrations

* Formatting

* Add to integration tests

* Minor fixes

* Formatting

* Cleanup

* Address PR feedback

* Address more PR feedback

* Fix formatting

* Fix formatting

* Fix

* Address PR feedback

* Remove accidential change

* Fix SQL build

* Run formatting

* Address PR feedback

* Add sync data to OrganizationUserOrgDetails

* Add comments

* Remove OrganizationConnectionService interface

* Remove unused using

* Address PR feedback

* Formatting

* Minor fix

* Feature/self f4e/update db (#1930)

* Fix migration

* Fix TimesRenewed

* Add comments

* Make two properties non-nullable

* Remove need for SponsoredOrg on SH (#1934)

* Remove need for SponsoredOrg on SH

* Add Family prefix

* Add check for enterprise org on BillingSync key (#1936)

* [PS-10] Feature/sponsorships removed at end of term (#1938)

* Rename commands to min unique names

* Inject revoke command based on self hosting

* WIP: Remove/Revoke marks to delete

* Complete WIP

* Improve remove/revoke tests

* PR review

* Fail validation if sponsorship has failed to sync for 6 months

* Feature/do not accept old self host sponsorships (#1939)

* Do not accept >6mo old self-hosted sponsorships

* Give disabled grace period of 3 months

* Fix issues of Sql.proj differing from migration outcome (#1942)

* Fix issues of Sql.proj differing from migration outcome

* Yoink int tests

* Add missing assert helpers

* Feature/org sponsorship sync (#1922)

* Self-hosted side sync first pass

TODO:
* flush out org sponsorship model
* implement cloud side
* process cloud-side response and update self-hosted records

* sync scaffolding second pass

* remove list of Org User ids from sync and begin work on SelfHostedRevokeSponsorship

* allow authenticated http calls from server to return a result

* update models

* add logic for sync and change offer email template

* add billing sync key and hide CreateSponsorship without user

* fix tests

* add job scheduling

* add authorize attributes to endpoints

* separate models into data/model and request/response

* batch sync more, add EnableCloudCommunication for testing

* send emails in bulk

* make userId and sponsorshipType non nullable

* batch more on self hosted side of sync

* remove TODOs and formatting

* changed logic of cloud sync

* let BaseIdentityClientService handle all logging

* call sync from scheduled job on self host

* create bulk db operations for OrganizationSponsorships

* remove SponsoredOrgId from sync, return default from server http call

* validate BillingSyncKey during sync

revert changes to CreateSponsorshipCommand

* revert changes to ICreateSponsorshipCommand

* add some tests

* add DeleteExpiredSponsorshipsJob

* add cloud sync test

* remove extra method

* formatting

* prevent new sponsorships from disabled orgs

* update packages

* - pulled out send sponsorship command dependency from sync on cloud
- don't throw error when sponsorships are empty
- formatting

* formatting models

* more formatting

* remove licensingService dependency from selfhosted sync

* use installation urls and formatting

* create constructor for RequestModel and formatting

* add date parameter to OrganizationSponsorship_DeleteExpired

* add new migration

* formatting

* rename OrganizationCreateSponsorshipRequestModel to OrganizationSponsorshipCreateRequestModel

* prevent whole sync from failing if one sponsorship type is unsupported

* deserialize config and billingsynckey from org connection

* alter log message when sync disabled

* Add grace period to disabled orgs

* return early on self hosted if there are no sponsorships in database

* rename BillingSyncConfig

* send sponsorship offers from controller

* allow config to be a null object

* better exception handling in sync scheduler

* add ef migrations

* formatting

* fix tests

* fix validate test

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix OrganizationApiKey issues (#1941)

Co-authored-by: Justin Baur <admin@justinbaur.com>

* Feature/org sponsorship self hosted tests (#1947)

* Self-hosted side sync first pass

TODO:
* flush out org sponsorship model
* implement cloud side
* process cloud-side response and update self-hosted records

* sync scaffolding second pass

* remove list of Org User ids from sync and begin work on SelfHostedRevokeSponsorship

* allow authenticated http calls from server to return a result

* update models

* add logic for sync and change offer email template

* add billing sync key and hide CreateSponsorship without user

* fix tests

* add job scheduling

* add authorize attributes to endpoints

* separate models into data/model and request/response

* batch sync more, add EnableCloudCommunication for testing

* send emails in bulk

* make userId and sponsorshipType non nullable

* batch more on self hosted side of sync

* remove TODOs and formatting

* changed logic of cloud sync

* let BaseIdentityClientService handle all logging

* call sync from scheduled job on self host

* create bulk db operations for OrganizationSponsorships

* remove SponsoredOrgId from sync, return default from server http call

* validate BillingSyncKey during sync

revert changes to CreateSponsorshipCommand

* revert changes to ICreateSponsorshipCommand

* add some tests

* add DeleteExpiredSponsorshipsJob

* add cloud sync test

* remove extra method

* formatting

* prevent new sponsorships from disabled orgs

* update packages

* - pulled out send sponsorship command dependency from sync on cloud
- don't throw error when sponsorships are empty
- formatting

* formatting models

* more formatting

* remove licensingService dependency from selfhosted sync

* use installation urls and formatting

* create constructor for RequestModel and formatting

* add date parameter to OrganizationSponsorship_DeleteExpired

* add new migration

* formatting

* rename OrganizationCreateSponsorshipRequestModel to OrganizationSponsorshipCreateRequestModel

* prevent whole sync from failing if one sponsorship type is unsupported

* deserialize config and billingsynckey from org connection

* add mockHttp nuget package and use httpclientfactory

* fix current tests

* WIP of creating tests

* WIP of new self hosted tests

* WIP self hosted tests

* finish self hosted tests

* formatting

* format of interface

* remove extra config file

* added newlines

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix Organization_DeleteById (#1950)

* Fix Organization_Delete

* Fix L

* [PS-4] block enterprise user from sponsoring itself (#1943)

* [PS-248] Feature/add connections enabled endpoint (#1953)

* Move Organization models to sub namespaces

* Add Organization Connection api endpoints

* Get all connections rather than just enabled ones

* Add missing services to DI

* pluralize private api endpoints

* Add type protection to org connection request/response

* Fix route

* Use nullable Id to signify no connection

* Test Get Connections enabled

* Fix data discoverer

* Also drop this sproc for rerunning

* Id is the OUTPUT of create sprocs

* Fix connection config parsing

* Linter fixes

* update sqlproj file name

* Use param xdocs on methods

* Simplify controller path attribute

* Use JsonDocument to avoid escaped json in our response/request strings

* Fix JsonDoc tests

* Linter fixes

* Fix ApiKey Command and add tests (#1949)

* Fix ApiKey command

* Formatting

* Fix test failures introduced in #1943 (#1957)

* Remove "Did you know?" copy from emails. (#1962)

* Remove "Did you know"

* Remove jsonIf helper

* Feature/fix send single sponsorship offer email (#1956)

* Fix sponsorship offer email

* Do not sanitize org name

* PR feedback

* Feature/f4e sync event [PS-75] (#1963)

* Create sponsorship sync event type

* Add InstallationId to Event model

* Add combinatorics-based test case generators

* Log sponsorships sync event on sync

* Linter and test fixes

* Fix failing test

* Migrate sprocs and view

* Remove unused `using`s

* [PS-190] Add manual sync trigger in self hosted (#1955)

* WIP add button to admin project for billing sync

* add connection table to view page

* minor fixes for self hosted side of sync

* fixes number of bugs for cloud side of sync

* deserialize before returning for some reason

* add json attributes to return models

* list of sponsorships parameter is immutable, add secondary list

* change sproc name

* add error handling

* Fix tests

* modify call to connection

* Update src/Admin/Controllers/OrganizationsController.cs

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* undo change to sproc name

* simplify logic

* Update src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/Cloud/CloudSyncSponsorshipsCommand.cs

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* register services despite if self hosted or cloud

* remove json properties

* revert merge conflict

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Update OrganizationSponsorship valid until when updating org expirati… (#1966)

* Update OrganizationSponsorship valid until when updating org expiration date

* Linter fixes

* [PS-7] change revert email copy and add ValidUntil to sponsorship (#1965)

* change revert email copy and add ValidUntil to sponsorship

* add 15 days if no ValidUntil

* Chore/merge/self hosted families for enterprise (#1972)

* Log swallowed HttpRequestExceptions (#1866)

Co-authored-by: Hinton <oscar@oscarhinton.com>

* Allow for utilization of  readonly db connection (#1937)

* Bump the pin of the download-artifacts action to bypass the broken GitHub api (#1952)

* Bumped version to 1.48.0 (#1958)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* [EC-160] Give Provider Users access to all org ciphers and collections (#1959)

* Bumped version to 1.48.1 (#1961)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Avoid sending "user need confirmation" emails when there are no org admins (#1960)

* Remove noncompliant users for new policies (#1951)

* [PS-284] Allow installation clients to not need a user. (#1968)

* Allow installation clients to not need a user.

* Run formatting

Co-authored-by: Andrei <30410186+Manolachi@users.noreply.github.com>
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Justin Baur <136baur@gmail.com>

* Fix/license file not found (#1974)

* Handle null license

* Throw hint message if license is not found by the admin project.

* Use CloudOrganizationId from Connection config

* Change test to support change

* Fix test

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Feature/f4e selfhosted rename migration to .sql (#1971)

* rename migration to .sql

* format

* Add unit tests to self host F4E (#1975)

* Work on tests

* Added more tests

* Run linting

* Address PR feedback

* Fix AssertRecent

* Linting

* Fixed empty tests

* Fix/misc self hosted f4e (#1973)

* Allow setting of ApiUri

* Return updates sponsorshipsData objects

* Bind arguments by name

* Greedy load sponsorships to email.

When upsert was called, it creates Ids on _all_ records, which meant
that the lazy-evaluation from this call always returned an empty list.

* add scope for sync command DI in job. simplify error logic

* update the sync job to get CloudOrgId from the BillingSyncKey

Co-authored-by: Jacob Fink <jfink@bitwarden.com>

* Chore/merge/self hosted families for enterprise (#1987)

* Log swallowed HttpRequestExceptions (#1866)

Co-authored-by: Hinton <oscar@oscarhinton.com>

* Allow for utilization of  readonly db connection (#1937)

* Bump the pin of the download-artifacts action to bypass the broken GitHub api (#1952)

* Bumped version to 1.48.0 (#1958)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* [EC-160] Give Provider Users access to all org ciphers and collections (#1959)

* Bumped version to 1.48.1 (#1961)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Avoid sending "user need confirmation" emails when there are no org admins (#1960)

* Remove noncompliant users for new policies (#1951)

* [PS-284] Allow installation clients to not need a user. (#1968)

* Allow installation clients to not need a user.

* Run formatting

* Use accept flow for sponsorship offers (#1964)

* PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)

* [Bug] Skip WebAuthn 2fa event logs during login flow (#1978)

* [Bug] Supress WebAuthn 2fa event logs during login process

* Formatting

* Simplified method call with new paramter input

* Update RealIps Description (#1980)

Describe the syntax of the real_ips configuration key with an example, to prevent type errors in the `setup` container when parsing `config.yml`

* add proper URI validation to duo host (#1984)

* captcha scores (#1967)

* captcha scores

* some api fixes

* check bot on captcha attribute

* Update src/Core/Services/Implementations/HCaptchaValidationService.cs

Co-authored-by: e271828- <e271828-@users.noreply.github.com>

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>

* ensure no path specific in duo host (#1985)

Co-authored-by: Andrei <30410186+Manolachi@users.noreply.github.com>
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Justin Baur <136baur@gmail.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Jordan Cooks <notnamed@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>

* Address feedback (#1990)

Co-authored-by: Justin Baur <admin@justinbaur.com>
Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Justin Baur <136baur@gmail.com>
Co-authored-by: Andrei <30410186+Manolachi@users.noreply.github.com>
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Jordan Cooks <notnamed@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>
2022-05-10 16:12:09 -05:00
Thomas Rittson
1efb25608c
Fix ManageBilling permission check (#1988) 2022-05-10 16:37:13 +10:00
Thomas Rittson
227b725514
[EC-152] Hide Subscription/Billing information for Provider-managed organizations (#1970)
* Block billing endpoints if org is managed by Provider
2022-05-10 12:19:22 +10:00
Kyle Spearrin
06c9b123f9
ensure no path specific in duo host (#1985) 2022-05-09 16:00:00 -04:00
Kyle Spearrin
3ffd240287
captcha scores (#1967)
* captcha scores

* some api fixes

* check bot on captcha attribute

* Update src/Core/Services/Implementations/HCaptchaValidationService.cs

Co-authored-by: e271828- <e271828-@users.noreply.github.com>

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>
2022-05-09 12:25:13 -04:00
Kyle Spearrin
a5bfc0554b
add proper URI validation to duo host (#1984) 2022-05-09 12:00:05 -04:00
Vincent Salucci
8b1a6b4ad3
[Bug] Skip WebAuthn 2fa event logs during login flow (#1978)
* [Bug] Supress WebAuthn 2fa event logs during login process

* Formatting

* Simplified method call with new paramter input
2022-04-28 16:42:47 -05:00
Federico Maccaroni
a7a45893a3
PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977) 2022-04-28 13:14:09 -03:00
Matt Gibson
68f875b3d9
Use accept flow for sponsorship offers (#1964) 2022-04-27 11:03:14 -05:00
Justin Baur
972657f982
[PS-284] Allow installation clients to not need a user. (#1968)
* Allow installation clients to not need a user.

* Run formatting
2022-04-22 16:40:38 -04:00
Thomas Rittson
669d44c170
Remove noncompliant users for new policies (#1951) 2022-04-22 08:13:02 +10:00
Oscar Hinton
de997a2246
Avoid sending "user need confirmation" emails when there are no org admins (#1960) 2022-04-20 21:05:21 +02:00
Thomas Rittson
ec9dd8e16b
[EC-160] Give Provider Users access to all org ciphers and collections (#1959) 2022-04-20 09:59:00 +02:00
sneakernuts
d1e4a43964
Allow for utilization of readonly db connection (#1937) 2022-04-08 21:20:23 +00:00
Andrei
95acc79ebb
Log swallowed HttpRequestExceptions (#1866)
Co-authored-by: Hinton <oscar@oscarhinton.com>
2022-04-07 12:37:11 +02:00
sneakernuts
0e88720d3a
Logging config changes (#1935)
* Logging config changes

* Regenerated packages.lock.json files

* fixed up more typos and regenerated json
2022-04-05 15:19:16 +00:00
AHL
af152811af
Issue 1362: Proposed change for controllers parsing string GUIDs. (#1887)
Co-authored-by: alexanderhlee <alexanderhlee@gmail.com>
2022-04-05 10:08:37 +02:00
Vincent Salucci
9a1a7543c5
[euvr] Separate Billing Payment/History APIs (#1932)
* [euvr] Separate Billing Payment/History APIs

* Formatting

* Created AccountsBillingController // Deprecated GetBilling // Simplified PaymentService helpers

* Formatting
2022-04-04 11:40:28 -05:00
Federico Maccaroni
6f60d24f5a
Email verification for new devices (#1931)
* PS-56 Added Email 2FA on login with new devices that don't have any 2FA enabled

* PS-56 Fixed wrong argument in VerifyTwoFactor call
2022-04-01 17:08:47 -03:00
Lauren N. Liberda
971914871d
add some european takeaway domains to global domains (#1915) 2022-03-27 16:54:05 +02:00
Matt Gibson
860a552bc7
Fix swapped launch settings default (#1925) 2022-03-25 16:11:01 -04:00
Matt Gibson
4814cef245
Feature/self hosted development (#1921)
* Add self-host option to migration runner

* Add Self-host launch options

* Add self-hosted settings override

Let's a single secrets/env config file control both
cloud and self-hosted settings by allowing
overrides to cloud settings with self-hosted

* Allow dev-signed licenses on dev self-hosted

* Allow setting bitwarden cloud api url

Useful for testing api integration between installations and cloud

* Remove testing echoes

* Remove run config property groups

* Use `getopts` for options

* Pass in full environment
2022-03-21 17:13:00 -05:00
Matt Gibson
a8f55bc10d
Seek to origin of MemoryStream before use (#1918) 2022-03-16 10:38:13 -05:00
Oscar Hinton
e8cb8b67c9
Fix license signature containing LicenseType (#1917) 2022-03-16 16:15:36 +01:00
Matt Gibson
eee5caf1f8
Seek to origin of MemoryStream before use (#1916) 2022-03-16 10:01:16 -05:00
Matt Gibson
9a9c9d4bf6
Add error handling to identity accounts controller (#1909) 2022-03-14 20:08:01 -05:00
Chad Scharf
76ddcfa2dc
Fix org manager check on export (#1906)
* Fix org manager check on export

* Fix filter typo from collection to cipher
2022-03-14 15:34:22 -04:00
Vincent Salucci
7046aecfd5
[Captcha] BUG Add null checks | Make ceiling default to zero (#1903)
* [Captcha] BUG Add null checks | Make ceiling default to zero

* Formatting
2022-03-09 12:07:06 -06:00
Justin Baur
dd37745736
Fix OneLogin Import (#1899)
* Add PermissiveStringConverter

* Formatting

* Add value check

* Fix PR feedback

* Run formatter
2022-03-08 13:22:47 -05:00
Matt Gibson
a725802476
Handle null user in captch tokenable (#1897)
* Handle null user in captch tokenable

* Update test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2022-03-08 08:21:54 -06:00
Robyn MacCallum
4deb138fd9
Ignore case on AutoEnrollEnabled so it is deserialized properly (#1900) 2022-03-07 16:53:30 -05:00
Oscar Hinton
a92d4f9bde
Cleanup node scripts (#1858) 2022-03-03 23:53:09 +01:00
Thomas Rittson
3443fe952b
Don't send default SsoConfigurationData to clients (#1879) 2022-03-04 07:09:55 +10:00
Robyn MacCallum
17b22ca5a9
Add attachments check before moving ciphers to a free org (#1890) 2022-03-02 17:37:36 -05:00
Vincent Salucci
19d5817f8f
[Captcha] Implement failed logins ceiling (#1870)
* [Hacker1] Failed Login Attempts Captcha

* [Captcha] Implement failed logins ceiling

* Formatting

* Updated approach after implementation talks with Kyle

* Updated email templates // Updated calling arch for failed attempts

* Formatting

* Updated 2fa email links

* Renamed baserequest methods to better match their actions

* EF migrations/scripts

* Updated with requested changes

* Defaults for MaxiumumFailedLoginAttempts
2022-03-02 15:45:00 -06:00
Kyle Spearrin
4cbe05da3c
SendGrid Mail Delivery Provider (#1892)
* add sendgrid mail delivery service

* <

* remove duplicate code

* fix test by using ISendGridClient interface
2022-03-01 19:09:51 -05:00
Chad Scharf
a7a39fb54d
CSA-6 Fix/remove artifact binding (#1885)
* Remove artifact binding, add validation

* Re-add JSON properties but eviscerate them
2022-02-28 13:43:49 -05:00
Oscar Hinton
95998292f7
Ensure we require premium for u2f (#1869) 2022-02-16 20:28:20 +01:00
Oscar Hinton
8d6c49f656
Add lock files for NuGet (#1855) 2022-02-10 15:40:31 +01:00
Justin Baur
1b0d18a7c5
Switch to Legacy Deserialization (#1851) 2022-02-09 10:39:45 -05:00
Oscar Hinton
f824a2aaf1
Revert to using newtonsoft for saving org TwoFactorProviders (#1850) 2022-02-09 14:46:37 +01:00
Oscar Hinton
e05fce18bd
Resolve being unable to configure duo (System.Text.Json) (#1847) 2022-02-09 14:12:31 +01:00
Oscar Hinton
2ed8be75dd
Fix organization duo 2fa not working due to switch to System.Text.Json (#1846) 2022-02-09 13:45:20 +01:00
Daniel James Smith
cecf052b33
Remove falsely added Microsoft.Azure.Storage.Blobs (#1845) 2022-02-09 13:32:40 +01:00
Oscar Hinton
9c98f0358b
Fix newtonsoft complaining about U2f keys (#1844) 2022-02-09 13:05:03 +01:00
Oscar Hinton
11144e70ea
Partial revert of #1803 since Azure.Cosmos still uses newtonsoft (#1843) 2022-02-09 13:04:55 +01:00
Justin Baur
b1cd42e394
Fix json only serializing base properties (#1840)
* Fix json only serializing base properties

* Run formatting

* Switch to returning concrete type

* Update method name
2022-02-07 10:28:11 -05:00
Oscar Hinton
f56d2ecae5
[Hotfix] Fix attachment download (#1841) 2022-02-07 15:46:20 +01:00
Oscar Hinton
cd61c826f9
[BEEEP] Add explicit error message when uploading the wrong license type (#1831) 2022-02-07 09:43:00 +01:00
Justin Baur
240b6e7463
Update File Size to allow null (#1839)
* Update File Size to allow null

* Remove unneeded nullable number
2022-02-03 13:23:43 -05:00
Matt Gibson
5f2da6e4b7
Fix/identity service model validation (#1837)
* Fix indentation

* Fix comment

* Extract ModelStateValidationFilter add to Indentity MVC opts

* Remove unnecessary base constructor call
2022-02-02 13:26:15 -06:00
Justin Baur
9e074bca49
Revert TwoFactorProviders to be saved with numerical value (#1828)
* Add enum key resolver

* Change tests to reflect changes
2022-02-02 14:21:11 -05:00
Matt Gibson
8ce4d56a91
Fix/f4e multiple sponsorships (#1838)
* Use sponosorship from validate to redeem

* Update tests

* Format
2022-02-02 12:59:47 -06:00
Vincent Salucci
452677e441
[Icons] Update not found image (#1836) 2022-02-01 23:09:24 -06:00
Addison Beck
1e68958b20
[bug] Adjust permissions logic for putting users to a collection (#1834) 2022-02-01 13:30:37 -05:00
Justin Baur
b47c30d4f4
Fix organization_license not reading camelCase (#1832)
* Fix organization_license not reading camelCase

* Fix formatting
2022-02-01 12:26:50 -05:00
Oscar Hinton
a9a5417350
Fix WebAuthn not working after move to System.Text.Json (#1818) 2022-01-24 18:13:43 +01:00
Oscar Hinton
ac8ca46f0f
Remove the u2f lib (#1820) 2022-01-24 12:14:04 +01:00
Justin Baur
5268f2781e
Start Migration from Newtonsoft.Json to System.Text.Json (#1803)
* Start switch to System.Text.Json

* Work on switching to System.Text.Json

* Main work on STJ refactor

* Fix build errors

* Run formatting

* Delete unused file

* Use legacy for two factor providers

* Run formatter

* Add TokenProviderTests

* Run formatting

* Fix merge issues

* Switch to use JsonSerializer

* Address PR feedback

* Fix formatting

* Ran formatter

* Switch to async

* Ensure Enums are serialized as strings

* Fix formatting

* Enqueue single items as arrays

* Remove CreateAsync method on AzureQueueService
2022-01-21 09:36:25 -05:00
Oscar Hinton
68a8092235
[Emergency Access] Add premium check (#1815) 2022-01-18 16:05:12 +01:00
Oscar Hinton
0def1830af
Move identity endpoints to Identity service (#1807) 2022-01-17 13:21:51 +01:00
Federico Maccaroni
56ee3bd290
Fix silent push notifications for iOS, it should not contain alert, badge nor sound keys in aps (#1808) 2022-01-14 10:52:50 -03:00
Justin Baur
486845242f
Fix EF bugs (#1791) 2022-01-13 15:38:05 -05:00
Oscar Hinton
e4a10aae27
Split out repositories to Infrastructure.Dapper / EntityFramework (#1759) 2022-01-11 10:40:51 +01:00
Matt Gibson
e2c6fc81f4
Feature/token service (#1785)
* Implement draft token service

* Add tokenizer and factory

* Handle expiring tokens through base class

* Allow direct token validity checks

* Add safe unprotect to tokenizer

* Add interface to tokenizer factory

* Use tokenizer

* Fix rebase

* Handle cleartext prefix in tokenizer base

* Use epoch milliseconds for expiration in tokens

* Use tokenizers

* Test tokens

* Linter fixes

* Add TokenizerFactory to DI services

* Test epoch milliseconds deserialization

* Use separate injectables for each token type

* Fix directory

* Add functional unprotect to token

* Fix namespace and correct object names

* Remove Tokenable interface

* Test remaining Tokens classes

* Dotnet format

* Fix sut provider errors with update

* Remove useless property

Co-authored-by: Hinton <oscar@oscarhinton.com>
2022-01-10 09:58:16 -06:00
Daniel James Smith
355bf2127b
Migrate deprecated Microsoft.Azure.Storage.Blob to Azure.Storage.Blobs (#1732)
* Migrate from deprecated Microsoft.Azure.Storage to Azure.Storage.Blobs

* Remove and order usings

* Do not fetch BlobProperties before uploading a new file.

* Save an api call by calling GetPropertiesAsync and catching an error instead of calling Exists first

* Formatted files

* Verified ContentLength is the correct blob property for file-size

* Use a generic Exception catch for file validation

* Added a catch all to the GetBlobCertificateAsync in case something throws

* Remove and sort using

* Changes after running dotnet-format

* Remove checks for CanGenerateSasUri
2021-12-22 19:47:35 +01:00
Justin Baur
bb34de74cb
Freshsales integration (#1782)
* Add FreshsalesController

* Add better errors

* Fix formatting issues

* Add comments

* Add Billing.Test to solution files

* Fix unit test

* Format code

* Address PR feedback
2021-12-22 13:27:52 -05:00
Jake Fink
8cbf1906ae
Allow MP policy check when registering via SSO (#1779)
* add endpoint to policies for invited users

* convert serialization to use built in dotnet tool
2021-12-21 12:10:01 -05:00
Thomas Rittson
cf5f2bf249
Fix error if user has access to all collections (#1774) 2021-12-20 15:28:07 +10:00
Haneef
5a8f334550
Added transferwise equivalent domains (#1743)
* Added transferwise domains

TransferWise.com and Wise.com

* Remove empty line

Co-authored-by: Daniel James Smith <djsmith@web.de>
2021-12-19 14:00:08 +01:00
huntb4646
224bfb6ff1
Add wellsfargoadvisors.com as equivalent domain (#1722)
wellsfargoadvisors.com uses the same authentication as wellsfargo.com and Wells Fargo's other sites. It should be considered an equivalent domain for these purposes.
2021-12-17 17:55:17 +01:00
huntb4646
2f518fb93f
Add Ubisoft equivalent domains (#1723)
* Add Ubisoft to Global Equivalent Domain enum

* Add Ubisoft equivalent domains list

Adding ubisoft.com and ubi.com as equivalent domains under new list.
2021-12-17 17:45:01 +01:00
Jake Fink
11aafac915
remove re-throws of exceptions, which clear the stack trace (#1760)
* remove re-throws of exceptions, which clear the stack trace

* remove whitespace
2021-12-16 15:35:07 -05:00
Oscar Hinton
23b0a1f9df
Run dotnet format (#1764) 2021-12-16 15:35:09 +01:00
Matt Gibson
e999f66a28
Send invites for both all collection and limited collection users (#1765)
* Send invites for both all collection and limited collection users

* Test all access and limited access invites

* Remove comment
2021-12-14 10:29:31 -06:00
Oscar Hinton
63f6dd9a24
Move request/response models (#1754) 2021-12-14 16:05:07 +01:00
Thomas Rittson
3ae573bd8d
Make optional ssoConfig fields nullable (#1752) 2021-12-14 20:02:22 +10:00
Vince Grassia
2ec10cfd2a
Standardize '/version' endpoint on all services (#1755) 2021-12-09 15:45:45 -05:00
Oscar Hinton
d3673cdc85
Remove support for PascalCase (Use camelCase in prod) (#1753) 2021-12-09 14:38:18 +01:00
Oscar Hinton
71c4b53999
Fix recursive call in TwoFactorWebAuthnDeleteRequestModel (#1750)
* Fix recursive call in TwoFactorwebAuthnDeleteRequestModel

* Add new befoer IEnumerable

* Use virtual and override
2021-12-08 12:43:21 -05:00
Matt Gibson
d7e92dae5b
Determine self hosted from global settings (#1744) 2021-12-07 10:52:36 -06:00
Matt Gibson
9177ad1ca8
Parse enqueued mail message model to object (#1742)
* Parse enqueued mail message model to object

The model of an MailQueueMessage is of type object to enable enqueueing
of any message. However, this means the we are not able to parse a
serialized json object back into the original object.
Provide the model type to enable this deserialization

* Use ExpandoObject for deserialized queue message model
2021-12-03 12:12:46 -06:00
Oscar Hinton
71229c2366
Streamline error message for removed user account with CME (#1741) 2021-12-02 18:38:27 +00:00
Matt Gibson
a70564cea8
Families for enterprise/fix new org sponsorship after deleted sponsored org (#1740)
* Sponsorship exists only if sponsored org is not null

* Replace existing sponsorship if necessary

* Update src/Core/Services/Implementations/OrganizationSponsorshipService.cs

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>

* Fix tests

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
2021-12-02 10:27:41 -06:00
Matt Gibson
dc3d70cf3a
Pay 0 cost invoices that have not been paid (#1739) 2021-12-01 14:41:05 -06:00
Matt Gibson
757927e02a
Null org, org user ids, and friendly name to indicate invalid, unused sponsorship state (#1738)
* Null org, org user ids, and friendly name to indicate invalid, unused sponsorship state

* Match EF queries to MSSQL sprocs
2021-12-01 14:34:56 -06:00
Daniel James Smith
ad18adf471
Migrate deprecated Microsoft.Azure.EventGrid to Azure.Messaging.EventGrid (#1731)
* Migrate from deprecated Microsoft.Azure.EventGrid to Azure.Messaging.EventGrid

* Fixed retrieval/parsing of EventGridEvents

* Fixed an issue where the events where not handled by the registered event handlers
2021-11-30 19:47:56 +01:00
Thomas Rittson
90a2a55438
Fix Stripe object lock timeouts (#1735)
* Fix Stripe object lock timeouts

* Move stripe config into globalSetting.stripe
* add MaxNetworkRetries config option with smart defaults

* Rename stripeApiKey to apiKey
2021-11-29 10:01:51 +10:00
Matt Gibson
8dffb27667
Families for enterprise/add sponsorship prevalidate (#1734)
* Add sponsorship prevalidate endpoint

* Test pre validate endpoint

* Fix tests

* Rename variable
2021-11-24 14:18:52 -06:00
Matt Gibson
fa3f1ad0ce
Null out sponsorship values when foreign key deleted (#1733)
This allows us to maintain record of sponsorships up
until they are explicitly removed. Fixes issues where removing
sponsorships from organizations with invalid sponsorships would error
2021-11-24 08:26:11 -06:00
Thomas Rittson
29d3e1fd2b
Fix null error when leaving organization (#1730)
* Fix null error when leaving organization

* Update tests
2021-11-22 19:55:25 +10:00
Thomas Rittson
7e3e87ed39
Update error message for leaving org with CME (#1729) 2021-11-22 08:22:28 +10:00
Matt Gibson
33edc8eba0
Families for Enterprise (#1714)
* Create common test infrastructure project

* Add helpers to further type PlanTypes

* Enable testing of ASP.net MVC controllers

Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.

* Workaround for broken MemberAutoDataAttribute

https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.

This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.

* WIP: Organization sponsorship flow

* Add Attribute to use the Bit Autodata dependency chain

BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.

Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.

* WIP: scaffolding for families for enterprise sponsorship flow

* Fix broken tests

* Create sponsorship offer (#1688)

* Initial db work (#1687)

* Add organization sponsorship databases to all providers

* Generalize create and update for database, specialize in code

* Add PlanSponsorshipType to db model

* Write valid json for test entries

* Initial scaffolding of emails (#1686)

* Initial scaffolding of emails

* Work on adding models for FamilyForEnterprise emails

* Switch verbage

* Put preliminary copy in emails

* Skip test

* Families for enterprise/stripe integrations (#1699)

* Add PlanSponsorshipType to static store

* Add sponsorship type to token and creates sponsorship

* PascalCase properties

* Require sponsorship for remove

* Create subscription sponsorship helper class

* Handle Sponsored subscription changes

* Add sponsorship id to subscription metadata

* Make sponsoring references nullable

This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons

* WIP: Validate and remove subscriptions

* Update sponsorships on organization and org user delete

* Add friendly name to organization sponsorship

* Add sponsorship available boolean to orgDetails

* Add sponsorship service to DI

* Use userId to find org users

* Send f4e offer email

* Simplify names of f4e mail messages

* Fix Stripe org default tax rates

* Universal sponsorship redeem api

* Populate user in current context

* Add product type to organization details

* Use upgrade path to change sponsorship

Sponsorships need to be annual to match the GB add-on charge rate

* Use organization and auth to find organization sponsorship

* Add resend sponsorship offer api endpoint

* Fix double email send

* Fix sponsorship upgrade options

* Add is sponsored item to subscription response

* Add sponsorship validation to upcoming invoice webhook

* Add sponsorship validation to upcoming invoice webhook

* Fix organization delete sponsorship hooks

* Test org sponsorship service

* Fix sproc

* Create common test infrastructure project

* Add helpers to further type PlanTypes

* Enable testing of ASP.net MVC controllers

Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.

* Workaround for broken MemberAutoDataAttribute

https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.

This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.

* WIP: Organization sponsorship flow

* Add Attribute to use the Bit Autodata dependency chain

BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.

Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.

* WIP: scaffolding for families for enterprise sponsorship flow

* Fix broken tests

* Create sponsorship offer (#1688)

* Initial db work (#1687)

* Add organization sponsorship databases to all providers

* Generalize create and update for database, specialize in code

* Add PlanSponsorshipType to db model

* Write valid json for test entries

* Initial scaffolding of emails (#1686)

* Initial scaffolding of emails

* Work on adding models for FamilyForEnterprise emails

* Switch verbage

* Put preliminary copy in emails

* Skip test

* Families for enterprise/stripe integrations (#1699)

* Add PlanSponsorshipType to static store

* Add sponsorship type to token and creates sponsorship

* PascalCase properties

* Require sponsorship for remove

* Create subscription sponsorship helper class

* Handle Sponsored subscription changes

* Add sponsorship id to subscription metadata

* Make sponsoring references nullable

This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons

* WIP: Validate and remove subscriptions

* Update sponsorships on organization and org user delete

* Add friendly name to organization sponsorship

* Add sponsorship available boolean to orgDetails

* Add sponsorship service to DI

* Use userId to find org users

* Send f4e offer email

* Simplify names of f4e mail messages

* Fix Stripe org default tax rates

* Universal sponsorship redeem api

* Populate user in current context

* Add product type to organization details

* Use upgrade path to change sponsorship

Sponsorships need to be annual to match the GB add-on charge rate

* Use organization and auth to find organization sponsorship

* Add resend sponsorship offer api endpoint

* Fix double email send

* Fix sponsorship upgrade options

* Add is sponsored item to subscription response

* Add sponsorship validation to upcoming invoice webhook

* Add sponsorship validation to upcoming invoice webhook

* Fix organization delete sponsorship hooks

* Test org sponsorship service

* Fix sproc

* Fix build error

* Update emails

* Fix tests

* Skip local test

* Add newline

* Fix stripe subscription update

* Finish emails

* Skip test

* Fix unit tests

* Remove unused variable

* Fix unit tests

* Switch to handlebars ifs

* Remove ending email

* Remove reconfirmation template

* Switch naming convention

* Switch naming convention

* Fix migration

* Update copy and links

* Switch to using Guid in the method

* Remove unneeded css styles

* Add sql files to Sql.sqlproj

* Removed old comments

* Made name more verbose

* Fix SQL error

* Move unit tests to service

* Fix sp

* Revert "Move unit tests to service"

This reverts commit 1185bf3ec8.

* Do repository validation in service layer

* Fix tests

* Fix merge conflicts and remove TODO

* Remove unneeded models

* Fix spacing and formatting

* Switch Org -> Organization

* Remove single use variables

* Switch method name

* Fix Controller

* Switch to obfuscating email

* Fix unit tests

Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 17:25:06 -05:00
Oscar Hinton
be164967b3
Add usesKeyConnector to organizationUserUserDetailsResponseModel (#1726) 2021-11-19 15:04:23 +01:00
Thomas Rittson
cfd6123974
[Key Connector] Add event logging for first SSO login (#1724)
* Add null checks to fix logging from SSO controller

* Add FirstSsoLogin event logging
2021-11-19 07:42:35 +10:00
Oscar Hinton
6008715abc
Add check to ensure admins or owners arn't enrolled in key connector (#1725) 2021-11-18 21:56:13 +01:00
Thomas Rittson
2dc29e51d1
Fix bug preventing user from leaving org (#1721) 2021-11-18 21:15:22 +10:00
Thomas Rittson
9f96e4ce90
Disable EA Takeover if grantor uses Key Connector (#1718) 2021-11-18 07:47:43 +10:00
Oscar Hinton
f866b25e43
Key Connector feature toggle (#1716) 2021-11-17 11:46:35 +01:00
Thomas Rittson
cdb622d4aa
Add ApiUseKeyConnector flag to token response (#1710) 2021-11-16 06:54:28 +10:00
Thomas Rittson
e3143271d7
[Key Connector] Prevent user from leaving org (#1715)
* Block user from leaving org using Key Connector

* Add tests
2021-11-15 19:46:13 +10:00
Thomas Rittson
c2975b003d
[Key Connector] Fix policy checks and other pre-reqs (#1711)
* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
Oscar Hinton
f1c41257b3
Allow disabling key connector if no user is enrolled (#1712) 2021-11-12 14:38:31 +01:00
Kyle Spearrin
77f9f5fe72
remove dynamic names from admin confirm dialogs (#1703) 2021-11-09 12:13:23 -05:00
Kyle Spearrin
327e784336
Added middleware for general security headers (#1700) 2021-11-09 11:37:14 -05:00
Kyle Spearrin
f26a235964
set MaxResponseContentBufferSize to 5 MB (#1702) 2021-11-09 11:32:23 -05:00
Kyle Spearrin
2f0638ce8c
sanitize notification hub tag inputs (#1697) 2021-11-09 11:25:18 -05:00
Kyle Spearrin
fcc1a4e10c
add missing csrf token validation to admin (#1696) 2021-11-09 11:22:08 -05:00
Kyle Spearrin
9582e94232
add ::ffff: to internal ip check (#1701)
* add ::ffff: to internal ip check

* check StartsWith
2021-11-09 11:16:54 -05:00
Oscar Hinton
fd37cb5a12
Add support for Key Connector OTP and account migration (#1663)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 16:37:32 +01:00
Kyle Spearrin
7cc7b84eaf
use fixed-time comparison of secrets (#1698) 2021-11-08 15:55:42 -05:00
Kyle Spearrin
5aa492e886
validate service url schema (#1695) 2021-11-08 11:47:03 -05:00
Oscar Hinton
1aa25f2712
Add checks for vault timeout policy (#1694) 2021-11-08 14:37:40 +01:00
Kyle Spearrin
10c5a29c47
Prevent XSS possibility from SSO SAML Service URLs (#1691)
* validate sso service urls for HTML meta chars

* also check for double quotes
2021-11-05 14:49:45 -04:00
Joseph Flinn
68e20fe649
Updating the swashbuckle package in Api (#1685) 2021-11-04 09:29:19 -07:00
Thomas Rittson
0cb8da2fd8
Add Field.LinkedId (#1617) 2021-11-04 07:27:15 +10:00
Thomas Rittson
e57bef6af4
Fix policy enforcement against invited users (#1680) 2021-11-03 07:08:13 +10:00
Justin Baur
4c9d9b248c
Fix bug in TaxInfo (#1682)
* Fixed bug in TaxInfo

* Added a few more tests to TaxInfoTests

* Added tests for HasTaxId
2021-11-01 12:13:31 -04:00
Matt Gibson
cb815c2f14
Allow managers to create self-assigned collections (#1672) 2021-10-27 13:06:23 -05:00
Matt Gibson
8f0115e62f
Check canScale when scaling for sso (#1661)
* Check canScale when scaling for sso

* PR review

Use AutoAddSeats to add seats in a consistent way.
This requires moving user check out of that method.

* User logic moved out of method
2021-10-25 10:19:37 -05:00
Oscar Hinton
c5d5601464
Add support for crypto agent (#1623) 2021-10-25 15:09:14 +02:00
Daniel James Smith
dea694193f
Add teams trial button to Edit Org Page (#1662)
* Add teams trial button to Edit Org Page

* Fix formatting
2021-10-25 14:28:17 +02:00
Vince Grassia
7da15af92f
Add New Relic monitoring package to Notifications project (#1643) 2021-10-22 10:22:25 -04:00
Matt Gibson
5d163eb5bd
Only check assigned collections if lacking privs for all (#1657) 2021-10-20 16:17:40 -05:00
Kyle Spearrin
de3f1005fc
add various status counts to org information (#1647) 2021-10-20 17:10:51 -04:00
Matt Gibson
216395f541
Create collections allows view all access (#1653)
* Create collections allows view all access

* Add missing permission to read users
2021-10-20 10:31:17 -05:00
Joseph Flinn
c04c4e6e4a
Bumping the SqlClient version (#1646) 2021-10-19 11:56:05 -07:00
Matt Gibson
5b1d8c723a
Early return default on null user (#1645)
Clearly, no known device exists for an unknown user.
2021-10-19 09:48:23 -05:00
Matt Gibson
18006591fc
Add autoscale to SSO auto provision (#1642) 2021-10-19 07:00:44 -05:00
Oscar Hinton
4fee17fdde
Add logic to handle providers password reseting users (#1632) 2021-10-14 17:44:20 +02:00
Oscar Hinton
964e262d44
Simplify development environment setup (#1588) 2021-10-13 19:30:03 +02:00
Matt Gibson
44f30e7948
Remove erroneous not (#1629) 2021-10-11 09:53:19 -05:00
Vince Grassia
fd6cdd019e
Update code to log to Azure Cosmos DB (#1624)
* Update code to log to Azure Cosmos DB using latest SDK.
2021-10-11 10:16:19 -04:00
Matt Gibson
8a5a371a8f
Allow bypass of captcha token if the device is known (#1626) 2021-10-08 18:59:35 -05:00
Joseph Flinn
ee7b608a46
revamping the build scripts (#1620) 2021-10-08 09:53:56 -07:00
വചൻ
00312716c2
Update web vault link on mail template (#1606)
* Update OrganizationUserAccepted.html.hbs

* Update OrganizationUserAccepted.html.hbs

* oops remove extra web vault
2021-10-07 08:11:59 -05:00
Matt Gibson
5a2d988375
Correct seat counts (#1621) 2021-10-07 08:05:02 -05:00
Oscar Hinton
f63a0711dc
Add some missing defaults to SSO Api (#1619) 2021-10-06 19:36:03 +02:00
Oscar Hinton
79447b6671
Remove Business Portal (#1614) 2021-10-06 10:39:13 +02:00
Matt Gibson
bd297fb7a2
SqlServer split manage collection permission (#1594)
* SqlServer split manage collection permission

* Clarify names

* Test claims generation

* Test permission serialization

* Simplify claims building

* Use new collections permissions

* Throw on use of deprecated permissions

* Lower case all claims

* Remove todos

* Clean nonexistent project from test solution

* JsonIgnore for both system and newtonsoft json

* Make migrations more robust to multiple runs

* remove duplicate usings

* Remove obsolete permissions

* Test solutions separately to detect failures

* Handle dos line endings

* Fix collections create/update permissions

* Change restore cipher to edit permissions

* Improve formatting

* Simplify map

* Refactor test
2021-10-05 11:12:05 -05:00
Kyle Spearrin
f58b9fcab4
uncomment to require auth-email header (#1604) 2021-09-30 11:24:29 -04:00
Matt Gibson
9de9be8f20
Only test canScale is an org needs to scale for an invite (#1608) 2021-09-28 15:18:44 -05:00
Oscar Hinton
63c8070b01
Add Stripe Adapter and IBraintreeGateway to DI (#1596) 2021-09-27 23:01:13 +02:00
Thomas Rittson
66629b2f1c
Refactor policy checks (#1536)
* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
2021-09-28 06:54:28 +10:00
Matt Gibson
3d74f514ad
Early return zero or negative amount invoices (#1595)
Stripe handles these by immediately finalizing as paid and crediting
their account the appropriate amount.
2021-09-27 09:20:47 -05:00
Addison Beck
bccd7eb0ba
add web fonts directly to styles for web apps (#1598) 2021-09-24 15:55:18 -04:00
Matt Gibson
d39f45c81c
Organization autoscaling (#1585)
* Add autoscale fields to Organization

* Add autoscale setting changes

* Autoscale organizations

updates InviteUsersAsync to support all invite sources.

sends an email to org owners when organization autoscaled

* All organizations autoscale

Disabling autoscaling can be done by setting max seats to current seats.

We only warn about autoscaling on the first autoscaling event.

* Fix tests

* Bug fixes

* Simplify subscription update logic

* Void invoices that fail to delete

Stripe no longer allows deletion of draft invoices that were created as part of subscription updates. It's necessary to void out these invoices without sending tem to the client.

* Notify org owners when their subscription runs out of seats

* Use datetime for notifications

Allows for later re-sending email if we want to periodically remind
owners

* Do not update subscription if it already matches new quatity

* Include all migrations

* Remove unnecessary inline styling

* SubscriptionUpdate handles update decisions

* Remove unnecessary html setter

* PR review

* Use minimum access for class methods
2021-09-23 05:36:08 -05:00
Matt Gibson
62a0ca881f
Process collections client-side (#1591)
CollectionDetails is not an entity and so cannot be processed server-side
2021-09-21 13:18:11 -05:00
Joseph Flinn
cd321f2267
updating the dotnet framework for the eventsprocessor docker conatiner for the QA environment (#1590) 2021-09-20 13:44:38 -07:00
Oscar Hinton
c22e48c1b4
Resolve error when deleting an account connected to a provider (#1580) 2021-09-15 20:34:06 +02:00
Vincent Salucci
00332e72e4
[SSO Auto Enroll] Add API for auto enroll status retrieval (#1583)
* [SSO Auto Enroll] Add API for auto enroll status retrieval

* Add another user check to API

* Updated vague boolean name
2021-09-15 12:23:47 -05:00
Matt Gibson
97b27220dd
Use invoice to pay if subscription set to invoice (#1571)
* Use invoice to pay if subscription set to invoice

* Apply suggestions from code review

Co-authored-by: Addison Beck <abeck@bitwarden.com>

* PR review

Move to subscriber model for subscription updates.

Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-09-14 08:18:06 -05:00
Oscar Hinton
e070a0a5c1
Add policy for DisablePersonalVaultExport (#1577) 2021-09-13 11:20:53 +02:00
Thomas Rittson
d8e9357e74
Add Linked type to custom field types (#1540) 2021-09-13 16:34:26 +10:00
Vincent Salucci
c0f53d7371
[Reset Password] ForcePasswordReset in AuthResult (#1576) 2021-09-10 16:51:46 -05:00
Oscar Hinton
57dd6c7294
Retry quartz initialization (#1570) 2021-09-09 18:13:48 +02:00
Joseph Flinn
d07a68e3cc
Add configuration support for QA cloud environment (#1572)
* Adding a QA environment specific configuration

* separating the bitwarden environment and stripe environment checks

* adding a logging statement for the PayPal webhook key check

* adding more logging

* switched logging type

* Changing the log level on the PayPal webhook. Removing the debugging log from the Stripe Controller
2021-09-08 13:09:54 -07:00
Thomas Rittson
01f0b6184f
Enforce Personal Ownership policy when importing (#1565) 2021-09-08 07:20:05 +10:00
Oscar Hinton
18adbc9c74
Add Maximum Vault Timeout Policy (#1559) 2021-09-07 20:18:34 +02:00
Oscar Hinton
02866623f2
Add OrganizationUser_ReadByMinimumRole to Sql.sqlproj (#1555) 2021-09-07 15:42:44 +02:00
Thomas Rittson
8f27f21ce0
Remove stale SsoUser objects from database (#1560)
* Add SsoUser_ReadByUserIdOrganizationId

* Automatically reset stale/duplicate Sso links

* Fix typo

* Check for stale Sso link in existing user flow

* Delete any stale user record before provisioning new user

* Check for existing db query before creating

* PR feedback updates

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-09-03 10:54:41 -04:00
Matt Gibson
db0ef226c4
Fix stripe invoice time on seat adjust (#1564)
* Finalize and void subscription updates

Stripe does not allow deletion of invoices created as subscription updates.
Instead, finalize it and void it out without sending to the customer.

* Store and Restore invoice days until due

Currently, we're overwriting customer invoice lead times whenever they
attempt to update their seat count. Changes are now updated to previous
behavior after our seat adjustment work

* PR Comments
2021-09-03 08:55:29 -05:00
Daniel James Smith
f803e7664e
Updated nuget packages to use newest .Net 5.0.9 (#1547) 2021-09-01 11:36:37 +02:00
Vincent Salucci
f2520ed7be
[Reset Password] Enable force password reset (#1557) 2021-08-31 14:23:06 -05:00
Thomas Rittson
e1908cd6b5
Add support for international domain names (IDN) in email addresses (#1512)
* Adjust email address checking to handle unicode

* ASCII only in local part
* allow unicode in second-level and top-level domain

* Add PunyEncoding/Decoding methods and tests

* Use PunyEncoding for outbound email recipients

* Use MailKit for punycode, handle edge cases

* Punyencode all email addresses in mailServices

* Remove punyencoding from HandlebarsMailService

* Add to punyencoding tests

* Use more inclusive e-mail error

* Fix comment wording

* Apply StrictEmail checking to emergency access invite

* Remove punyDecode helper
2021-08-31 13:49:11 +10:00
Oscar Hinton
b815813dba
Remove providerUserRepository from currentContext in NotificationsHub. (#1549) 2021-08-30 18:19:46 +02:00
Thomas Rittson
4bc683c38d
Increase sales tax precision from 2 to 3 decimal places (#1525)
* Allow for tax rates with 3 decimal places

* Update input validation

* Increase precision of create procedure
2021-08-24 06:52:59 +10:00
Oscar Hinton
bc003c4449
Add support for managing organizations through providers using the business portal (#1521) 2021-08-23 07:32:29 -05:00
Luc
74218d4639
Include admin reset on trial (#1530)
Objective
The "Enterprise Trial button" was missing the admin reset feature on press. Add the checkbox to selected features when pressed.

Code Changes
Add checked property for UseResetPassword
2021-08-20 15:57:50 -04:00
Thomas Rittson
a735bdd027
Fix sales tax error if using PayPal or credit (#1524)
Add sales tax information to previewInvoice, which is used to calculate
the amount of the PayPal or account credit charge. Without this, the
charged amount and Stripe subscription amounts are different and throws
an error.
2021-08-19 15:21:06 +10:00
Addison Beck
4400fdf57d
changed the value of the DirectorySynced event (#1520) 2021-08-17 16:19:15 -04:00
Oscar Hinton
34995ead1f
Refactor email template to resolve logo not being centred (#1516) 2021-08-17 20:54:06 +02:00
Addison Beck
4645914383
Reference Events Fixups (#1518)
* made salesAssistedTrialStarted nullable

* removed conditional logic surrounding directory sync events

* changed the value of the CipherCreated reference event enum
2021-08-17 13:12:55 -04:00
Matt Gibson
1779d33a66
Verify Send file does not exist before saving file (#1515)
* Verify Send file does not exist before saving file

* Fix flaky test
2021-08-17 08:37:00 -05:00
Matt Gibson
48aa54949b
Allow api key as captcha token (#1513)
This allows legitimate users to permanently bypass captcha once
they've successfully logged in. Will allow unmonitored scripts more
resilience to captcha requirements
2021-08-13 08:52:52 -05:00
Addison Beck
824645250e
toggled the force password reset flow off (#1510)
* toggled the force password reset flow off

* Update UserService.cs
2021-08-12 13:09:08 -04:00
Addison Beck
f55708d748
built out the organization edit event from the admin portal (#1508)
* built out the organization edit event from the admin portal

* removed unneeded override

* added some space

* fixed the space
2021-08-11 12:44:30 -04:00
Thomas Rittson
eb6aaad57a
Use RequestSizeLimit for all file upload endpoints (#1507)
* Enforce upload size limits via RequestSizeLimit instead of if statements
* 101mb limit for legacy uploads, 501mb limit for all other
* Only allow v2 local storage for self-hosted instances
2021-08-11 08:14:28 +10:00
Thomas Rittson
f92628fb80
Use UrlB64 encoding for auth-email header (#1503) 2021-08-11 06:21:46 +10:00
Vince Grassia
179543d790
Add 'alive' endpoint to Admin and Identity services (#1505)
* Add 'alive' endpoint to Admin and Identity services

* Move 'alive' endpoint for Admin to Home Controller
2021-08-10 15:29:13 -04:00
Addison Beck
7928b25796
Added Several New Reference Events (#1500)
* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
2021-08-10 14:38:58 -04:00
Joseph Flinn
2e1df91232
Update qa env (#1504)
* deploying directly to the production slot of the App Service

* Update Azure Service Bus package

* adding a app service shutdown to qa

* reverting QA env deploy change

* Update qa-deploy workflow with debugging statement

* Disable start/stop in QA deploy workflow

* Fix UserKdf and UserApiKey migrations to only update null values (#1494)

* Add proper New Relic NuGet package for .NET 5

* Test NewRelic changes

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2021-08-10 11:15:16 -07:00
Matt Gibson
842a1c2e37
Tweak provider views (#1499)
* Add Organizations to provider views

Remove enabled/disabled toggle from provider. It's currently not used.

* Remove provider Delete

There are implications to deleting providers on the organizations they manage.
We want to think through this flow before allowing delete from the
admin portal.

* Use toastr to display production exception messages.

Update build actions to upgrade npm to v7.

Use a custom error handler in production which displays a toast of the
exception message and redirect to the offending page

* Clarify provider create error message
2021-08-10 11:28:00 -05:00
Matt Gibson
5dc6013e37
Provider qa feedback (#1501)
* Title case buttons

* Throw if provider tries to add a non-business organization

* Allow only one admin OR owner roll in a free org per user

Boolean operators were not properly assocated
and ownership of an org was precluding confirmation into any other
organization

* Limit email length

* Require email domain with top level domain

* Do not allow email domains to end in invalid characters

* Fix free org tests
2021-08-10 11:16:10 -05:00
Addison Beck
b726b08ea1
added a status check to the read by minimum role proc (#1498) 2021-08-10 06:59:54 -04:00
Vincent Salucci
53a93ffcea
[Reset Password v1] Updated force password reset models (#1492) 2021-08-05 13:00:24 -05:00
Addison Beck
152f1f7a9b
Allow Resending Provider Setup Emails From The Admin Portal (#1497)
* Added a button for resending provider setup emails

* Fixed a case typo in a stored procedure

* Turned a couple lines of code into a method call

* Added service level validation against inviting users for MSP invites

* Code review improvements for provider invites

created a factory for provider user invites

wrote tests for provider invite permissions"

* changed a few exception types
2021-08-05 10:39:05 -04:00
Matt Gibson
cfc7fa071b
Record when a provider user accesses a clients vault (#1496)
* Record when a provider user accesses a clients vault

* Do not allow removal from provider unless owner exists

* PR Review

* Null safe event processing
* append `Async` to async methods
2021-08-05 07:50:41 -05:00
Thomas Rittson
b1ed6d2c21
Fix upload limits for direct uploads (again) (#1479)
* Use constants to represent file size limits

* Allow uploads of up to 500mb for self-hosted

* Set nginx max body size to 505mb

* Add reminder about updating nginx/proxy.conf
2021-08-04 09:00:30 +10:00
Matt Gibson
f37c87c0e1
Change display name of provider view properties (#1491)
Note, ProviderAdmin info section is being updated in another PR
2021-08-02 13:19:26 -05:00