* Fix assigning Manage access to default collection
The previous implementation did not work when creating an org as a
provider because the ownerId is null in OrganizationService.SignUp.
Added a null check and handled assigning access in ProviderService
instead.
* Tweaks
* refactoring replace logic
* model for policies + authz handler + unit tests
* update AP repository
* add new endpoints to controller
* update unit tests and integration tests
---------
Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>
* Upgrade to Duende.Identity
* Linting
* Get rid of last IdentityServer4 package
* Fix identity test since Duende returns additional configuration
* Use Configure
PostConfigure is ran after ASP.NET's PostConfigure
so ConfigurationManager was already configured and our HttpHandler wasn't
being respected.
* Regenerate lockfiles
* Move to 6.0.4 for patches
* fixes with testing
* Add additional grant type supported in 6.0.4 and beautify
* Lockfile refresh
* Reapply lockfiles
* Apply change to new WebAuthn logic
* When automated merging fails me
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
* Upgrade to SDK v8
* Provide application properties
* Test adjustments
* Clean up tests
* Ensure project name is set
* Add a 'v' for Git tagging support
* Expose access policy discriminators
* Add people policy model and auth handler
* Add unit tests for authz handler
* Add people policies support in repo
* Add new endpoints and request/response models
* Update tests
* Add ability to fetch events by service account
* Extract GetDateRange into ApiHelpers util
* Add dapper implementation
* Add EF repo implementation
* Add authz handler case
* unit + integration tests for controller
* swap to read check
* Adding comments
* Fix integration tests from merge
* Enabled SM events controller for self-hosting
* restricting access to disabled orgs
* Unit Test Updates
* Update test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Covering all test cases
* making organization enabled NOT default
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Upgraded Braintree to 5.19.0
* Force evaluate of nuget packages
---------
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Add ProjectLimitQuery
* Add query to DI
* Add unit tests
* Add query to controller
* Add controller unit tests
* add integration tests
* rename query and variables
* More renaming
* Add support CanReadSecret authorization
* Extract base response model for secret
* Add support for SA bulk fetching event logging
* secret repository bug fix
* Add endpoint and request for bulk fetching secrets
* Swap to original reference event
* Add unit tests
* Add integration tests
* Add unit tests for authz handler
* update authz handler tests
---------
* Swagger fixes
Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com>
* Make Response Models return Guids instead of strings
* Change strings into guids in ScimApplicationFactory
---------
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* SM-768: Update EFCore and related packages to >= 7.0
* SM-768: Update more packages for the EF 7 upgrade
* SM-768: Update the PostgreSQL package
* SM-768: Run dotnet restore --force-evaluate
* SM-768: Revert package upgrades for 3 projects
* SM-768: Update the dotnet-ef tool
* health check services added
* health check extension added
* added get connection string
* made changes to hrslth check method
* Added database health check
* added identity server health check
* added identity server health check
* Added logger publisher
* latest changes
* removed file
* Added mail server check for dev
* Added authorization to health check url path
* commented
* Added exception to switch
* Removed exclude code coverage
* Added health check for redis
* Added todos
* Added storage queue checks
* Added checks for mail
* Removed unused references and fixed linting issue
* Lint issues
* Moved healthchecks to sharedWeb project and exposed builder as a parameter to configure more health checks based on a project
* Added health check to API project
* dependencies updated
* Removed ef core health check dependencies
* Added checks to only add a health check when the connection string exists, moved health check from startup to extension class
* Merged with master and fixed conflicts
* Fixed lint issues
* Added check for amazon ses
* merged with master
* fixed lint
* Removed Amazon SES health check
* Move to access query for project commands
* Swap to hasAccess method per action
* Swap to authorization handler pattern
* Move ProjectOperationRequirement to Core
* Add default throw + tests
* Extract authorization out of commands
* Unit tests for authorization handler
* Formatting
* Swap to reflection for testing switch
* Swap to check read & reflections in test
* fix wording on exception
* Refactor GetAccessClient into its own query
* Use accessClientQuery in project handler
* SM-695: Block create or update for admins on secrets outside of the org
* SM-695: Update test, org is required on project
* SM-695: Update tests to set matching org id in project
* SM-695: Ensure there is no more than 1 project connected to a secret, plus remove org admin check in the CreateSecretCommand.
* SM-695: Add integration tests for create and update secrets security fixes
* SM-695: Update Create and Update secret tests, a secret can only be in one project at a time
* Wire up read/write for secret list and secret response
* Fix trash
* Remove UserHasReadPermission
* Fix list by project
* Implement admin and service accounts for AccessToSecretAsync
* Resolve feedback
* Fix tests
* Rename function
* Change create to return true, true
* Remove duplicated access check