Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity
3,274 Commits 282 Branches 181 Tags 66 MiB
b2f41d2140
Commit Graph

3274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vince Grassia
27351762de
Upload Docker images to AWS ECR Nonprod Repositories (#1713) 2021-11-15 13:23:51 -05:00
Thomas Rittson
e3143271d7
[Key Connector] Prevent user from leaving org (#1715) 
* Block user from leaving org using Key Connector

* Add tests
 2021-11-15 19:46:13 +10:00
Thomas Rittson
c2975b003d
[Key Connector] Fix policy checks and other pre-reqs (#1711) 
* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
 2021-11-15 19:25:10 +10:00
Oscar Hinton
f1c41257b3
Allow disabling key connector if no user is enrolled (#1712) 2021-11-12 14:38:31 +01:00
Addison Beck
6b629feb03
[bug] Drop unused db column UsesCryptoAgent (#1704) 2021-11-09 12:33:18 -05:00
Kyle Spearrin
77f9f5fe72
remove dynamic names from admin confirm dialogs (#1703) 2021-11-09 12:13:23 -05:00
Kyle Spearrin
327e784336
Added middleware for general security headers (#1700) 2021-11-09 11:37:14 -05:00
Kyle Spearrin
f26a235964
set MaxResponseContentBufferSize to 5 MB (#1702) 2021-11-09 11:32:23 -05:00
Kyle Spearrin
2f0638ce8c
sanitize notification hub tag inputs (#1697) 2021-11-09 11:25:18 -05:00
Kyle Spearrin
fcc1a4e10c
add missing csrf token validation to admin (#1696) 2021-11-09 11:22:08 -05:00
Kyle Spearrin
9582e94232
add ::ffff: to internal ip check (#1701) 
* add ::ffff: to internal ip check

* check StartsWith
 2021-11-09 11:16:54 -05:00
Oscar Hinton
fd37cb5a12
Add support for Key Connector OTP and account migration (#1663) 
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
 2021-11-09 16:37:32 +01:00
Thomas Rittson
f6bc35b2d0
Fix typos in EF migrations (#1693) 
* Fix typos in postgres migrations

* Fix extension of migration script
 2021-11-09 07:40:01 +10:00
Kyle Spearrin
7cc7b84eaf
use fixed-time comparison of secrets (#1698) 2021-11-08 15:55:42 -05:00
Vince Grassia
c07794e907
Change Release workflow to allow releases from 'rc' and 'hotfix' branches (#1690) 2021-11-08 13:39:32 -05:00
Kyle Spearrin
5aa492e886
validate service url schema (#1695) 2021-11-08 11:47:03 -05:00
Oscar Hinton
1aa25f2712
Add checks for vault timeout policy (#1694) 2021-11-08 14:37:40 +01:00
Donald Nairn
7837a850eb
Fix minor typos in docs (#1692) 2021-11-08 12:43:14 +01:00
Kyle Spearrin
10c5a29c47
Prevent XSS possibility from SSO SAML Service URLs (#1691) 
* validate sso service urls for HTML meta chars

* also check for double quotes
 2021-11-05 14:49:45 -04:00
Joseph Flinn
68e20fe649
Updating the swashbuckle package in Api (#1685) 2021-11-04 09:29:19 -07:00
Thomas Rittson
0cb8da2fd8
Add Field.LinkedId (#1617) 2021-11-04 07:27:15 +10:00
Thomas Rittson
98c167b1c1
Improve local dev setup for SSO project (#1664) 
* Add default SSO appsettings for development

* Add Sso project to setup_secrets.ps1 script

* Use hashmap instead of array
 2021-11-03 07:12:43 +10:00
Thomas Rittson
e57bef6af4
Fix policy enforcement against invited users (#1680) 2021-11-03 07:08:13 +10:00
Chad Scharf
07b8e2a946
Self-Hosted Server Release v1.44.1 (#1683) 
Self-Hosted Server Release v1.44.1 with Web v2.24.2
 2021-11-02 13:22:17 -04:00
Joseph Flinn
630376400f
Dependency updates (#1681) 
* fix: util/Nginx/Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-1277346
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-1277349
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-1277350
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569403
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569406

* fix: util/Nginx/Dockerfile-k8s to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-1277346
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-1277349
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-1277350
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569403
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569406

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
 2021-11-02 09:49:00 -07:00
Thomas Rittson
7473a96b27
Update PR template to remind about EF migrations (#1679) 
* Update PR template to remind about EF migrations

* Update wording
 2021-11-02 08:22:17 +10:00
Justin Baur
4c9d9b248c
Fix bug in TaxInfo (#1682) 
* Fixed bug in TaxInfo

* Added a few more tests to TaxInfoTests

* Added tests for HasTaxId
 2021-11-01 12:13:31 -04:00
SudoEvan
dcc11e3819
Added unit tests for StrictEmailAddressListAttribute in Bit.Core.Utilities (#1652) 
* Added unit tests for StrictEmailAddressListAttribute in Bit.Core.Utilities

* Fixed list format; added a null test on StrictEmailAddressListAttribute in Utilities
 2021-10-29 12:24:53 -04:00
Justin Baur
114f58aa8e
Fix tests (#1675) 
* Fix SendServiceTests that arose from merge

* Fixed SendService tests to be inline with spec

* Reorder usings
 2021-10-28 15:47:58 -04:00
Justin Baur
d854332643
Unit Tests for hot spots (#1454) 
* Add TaxInfoTests

* Add UserTests

* Add SendServicTests

* Added IconFetchingServicesTests

* Add endline
 2021-10-28 14:30:41 -04:00
Joseph Flinn
7d6f7436a8
Version Bump 1.44.1 (#1674) 2021-10-27 15:35:55 -07:00
Joseph Flinn
19ca3ee374
Enabling deploys to the QA environment from branches with slashes in the name (#1673) 2021-10-27 12:44:54 -07:00
Matt Gibson
cb815c2f14
Allow managers to create self-assigned collections (#1672) 2021-10-27 13:06:23 -05:00
Joseph Flinn
52d1bade06
Hotfix/release workflow (#1671) 
* fixing release workflow app service deploys

* adding the release branch as a conditional to the docker-stub build

* Add in missing 'if' statement for 'release' branch in Docker Stub step

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
 2021-10-27 08:45:33 -07:00
Thomas Rittson
818b3b5d9d
Add PR template (#1668) 2021-10-27 19:01:00 +10:00
Joseph Flinn
8683cbfe33
fixing parameter mismatch (#1670) 2021-10-26 19:18:54 -07:00
Joseph Flinn
fa1989bfed
fixing the error in the release workflow (#1669) 2021-10-26 18:56:06 -07:00
Joseph Flinn
e2c8fa7002
Replacing the DCT setup. There was a sneaky line that was different which is making our build of the EventsProcessor image break (#1667) 2021-10-26 15:02:19 -07:00
Joseph Flinn
9a629a410c
Allow Docker access to new release branching strategy (#1666) 
* allowing the new release branch to push its docker images

* Switching to our action to set up DCT
 2021-10-26 14:22:47 -07:00
Joseph Flinn
f783770fcd
Version bump to 1.44.0 (#1665) 2021-10-26 13:47:34 -07:00
Matt Gibson
8f0115e62f
Check canScale when scaling for sso (#1661) 
* Check canScale when scaling for sso

* PR review

Use AutoAddSeats to add seats in a consistent way.
This requires moving user check out of that method.

* User logic moved out of method
 2021-10-25 10:19:37 -05:00
Oscar Hinton
c5d5601464
Add support for crypto agent (#1623) 2021-10-25 15:09:14 +02:00
Daniel James Smith
dea694193f
Add teams trial button to Edit Org Page (#1662) 
* Add teams trial button to Edit Org Page

* Fix formatting
 2021-10-25 14:28:17 +02:00
Joseph Flinn
f3d6a43025
Change protected release branch to release (#1656) 
* Adding a contraint around the new release branch strategy

* Adding a constraint on what CI code can be used to release the release branch

* updating the self host docker image building and releasing

* removing master branch release ci code execution

* updating some verbiage
 2021-10-22 08:41:38 -07:00
Vince Grassia
7da15af92f
Add New Relic monitoring package to Notifications project (#1643) 2021-10-22 10:22:25 -04:00
Matt Gibson
e744ffe499
Default autoscaling to off (#1659) 
* Default autoscaling to off

* Update util/Migrator/DbScripts/2021-10-21_00_DefaultAutoscaleLimitToCurrentSeats.sql

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update util/Migrator/DbScripts/2021-10-21_00_DefaultAutoscaleLimitToCurrentSeats.sql

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update util/MySqlMigrations/Scripts/2021-10-21_00_SetMaxAutoscaleSeatCount.sql

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
 2021-10-22 08:11:14 -05:00
Ben Gray
4edc75d21d
Fix proper naming and download link (#1660) 2021-10-22 09:59:09 +02:00
Joseph Flinn
423ff99bda
Disabling the temporary prod-deploy workflow (#1655) 2021-10-21 10:31:26 -07:00
Matt Gibson
5d163eb5bd
Only check assigned collections if lacking privs for all (#1657) 2021-10-20 16:17:40 -05:00
Kyle Spearrin
de3f1005fc
add various status counts to org information (#1647) 2021-10-20 17:10:51 -04:00