1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-01 13:43:23 +01:00
Commit Graph

3949 Commits

Author SHA1 Message Date
SmithThe4th
b87e6d4a38
[SG-497] Prevent registering health check on self hosted (#3058)
* Prevent registering health check on self hosted

* Fixed linting issues

* Allow endpoint only when it is not self-hosted

* Fixed linting issues
2023-06-30 12:57:13 -04:00
renovate[bot]
c2b429c6de
Update bitwarden/gh-actions digest to 74f4ac0 (#2972)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-29 15:39:50 -06:00
Thomas Avery
74ab7e8672
[SM-771] Add new endpoint for bulk enabling users for Secrets Manager (#3020)
* Add new endpoint for bulk enabling users for sm

* Review updates
2023-06-29 12:42:44 -04:00
renovate[bot]
481004394f
Pin dependencies (#2968)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-29 11:41:11 -04:00
Justin Baur
3bffd480cb
Pin Microsoft.AspNetCore.Http (#3001) 2023-06-29 08:37:58 -05:00
M.A Heshmatkhah
140f0017e3
Fix problem with docker push (#2912)
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
2023-06-29 06:23:25 -07:00
Thomas Avery
d020c49c0e
[SM-788] Extract authorization from secret delete command (#3003)
* Extract authorization from secret delete command
2023-06-27 13:12:34 -05:00
Vince Grassia
c1723d9e90
DEVOPS-1446 - Update Build Workflow (#3047) 2023-06-27 11:18:51 -06:00
cturnbull-bitwarden
333145209e
[AC-1429] Add new secrets manager fields to organization edit page in admin portal (#3009)
* Added new secrets fields to organization edit page

* Reordered fields based on feedback from Priya
2023-06-27 10:23:23 +01:00
Justin Baur
e0b231a220
[PM-2697] Return UserDecryptionOptions Always (#3032)
* Add Comments to UserDecryptionOptions

* Move Feature Flag Check

* Remove SSO Config Check

* Move UserDecryptionOptions Creation

- Put logic in BaseRequestValidator

* Remove 'async'
2023-06-26 20:17:39 -04:00
SmithThe4th
e96fc56dc2
[SG-497] BEEEP - Health Checks API Project (#2237)
* health check services added

* health check extension added

* added get connection string

* made changes to hrslth check method

* Added database health check

* added identity server health check

* added identity server health check

* Added logger publisher

* latest changes

* removed file

* Added mail server check for dev

* Added authorization to health check url path

* commented

* Added exception to switch

* Removed exclude code coverage

* Added health check for redis

* Added todos

* Added storage queue checks

* Added checks for mail

* Removed unused references and fixed linting issue

* Lint issues

* Moved healthchecks to sharedWeb project and exposed builder as a parameter to configure more health checks based on a project

* Added health check to API project

* dependencies updated

* Removed ef core health check dependencies

* Added checks to only add a health check when the connection string exists, moved health check from startup to extension class

* Merged with master and fixed conflicts

* Fixed lint issues

* Added check for amazon ses

* merged with master

* fixed lint

* Removed Amazon SES health check
2023-06-26 15:04:21 -04:00
Alex Urbina
4c61d05b24
DEVOPS-1391 REFACTOR: server build workflow to use setup-docker-trust GitHub Action (#3040) 2023-06-23 11:12:54 -06:00
Michał Chęciński
62ae9cb695
Fix build: change self-host trigger workflow name (#3042) 2023-06-23 17:13:45 +02:00
Michał Chęciński
1ab7560a86
Fix build workflow (#3041) 2023-06-23 16:54:41 +02:00
Michał Chęciński
3522d8b084
[DEVOPS-1204] Migrate unified & it's build pipeline to self-host repo (#2988)
* Remove build self host workflow

* Remove docker-unified folder

* Add trigger for self host build in separate repo

* Change branch

* Fix
2023-06-23 09:23:47 +02:00
Jared Snider
a6ffadf086
PM-2731 - DevicesController.cs - Add new method GetExistenceByTypes (#3039)
* PM-2731 - DevicesController.cs - Add new method HasDevicesOfTypes to accept an array of DeviceType values and return a boolean if the authN user has at least a device of one of the given types.

* Dotnet format to pass lint rules

* PM-2731 - Update naming of HasDevicesOfTypes to be GetExistenceByTypes for increased clarity per PR feedback.

* PM-2731-Make GetExistenceByTypes route singular

* Update src/Api/Controllers/DevicesController.cs to use var

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-06-22 20:27:59 -04:00
Thomas Rittson
926d9bb5f2
Run dbo_future migrations for OAVR v2 cleanup and PolicyService refactor (#3005) 2023-06-22 05:06:03 +00:00
github-actions[bot]
a4dc10c777
Bumped version to 2023.5.1 (#3035)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-06-21 17:37:42 -04:00
Thomas Avery
bb3a9daf98
[SM-678] ClientSecret migration (#2943)
* Init ClientSecret migration

* Fix unit tests

* Move to src/Sql/dbo_future

* Formatting changes

* Update migration date for next release

* Swap to just executing sp_refreshview

* Fix formatting

* Add EF Migrations

* Rename to ClientSecretHash

* Fix unit test

* EF column rename

* Batch the migration

* Fix formatting

* Add deprecation notice to property

* Move data migration

* Swap to CREATE OR ALTER
2023-06-21 13:16:06 -05:00
cturnbull-bitwarden
7f8b6c0bce
[AC-362] Removed deprecated activate/deactivate endpoints (#2981) 2023-06-20 08:28:47 -04:00
Justin Baur
5a8e549194
[PM-1815] Include Member Decryption Type in Token Response (#2927)
* Include Member Decryption Type

* Make ICurrentContext protected from base class

* Return MemberDecryptionType

* Extend WebApplicationFactoryBase

- Allow for service subsitution

* Create SSO Tests

- Mock IAuthorizationCodeStore so the SSO process can be limited to Identity

* Add MemberDecryptionOptions

* Remove Unused Property Assertion

* Make MemberDecryptionOptions an Array

* Address PR Feedback

* Make HasAdminApproval Policy Aware

* Format

* Use Object Instead

* Add UserDecryptionOptions File
2023-06-19 10:16:15 -04:00
Thomas Avery
ca7ced4e43
Add check for org SM flag in client store (#3007) 2023-06-16 12:24:41 -05:00
Rui Tomé
c4614bfb3d
[AC-1144] Warn admins when removing or revoking users without master password (#2953)
* [AC-1144] Modified OrganizationUserUserDetails queries to include value for 'HasMasterPassword' property

* [AC-1144] Added 'HasMasterPassword' property to ProviderUserUserDetailsView

* [AC-1144] Added IProviderUserRepository.GetDetailsByIdAsync to get the details for a given ProviderUser.Id

* [AC-1144] Changed ProviderUsersController.Get to use ProviderUserRepository.GetDetailsByIdAsync

* [AC-1144] Modified OrganizationUsersController.Get to user OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to output HasMasterPassword value

* [AC-1144] Reverted changes for ProviderUser

* [AC-1144] Removed line break
2023-06-16 16:38:58 +01:00
Matt Bishop
53327b1993
[PM-2633] Warnings cleanup (#3010)
* Warnings cleanup

* One-line response with null

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Remove condition

* Fix lint from suggestion

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2023-06-16 10:02:05 -04:00
cyprain-okeke
5a12db18d1
[AC-1408] Update plan to include secrets manager (#2942)
* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Name the sm service account planId properly

* Update the secrets manager plan

* correcting the wrong amount for the seats

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2023-06-16 11:12:38 +01:00
Shane Melton
904b2fe205
[AC-1192] Create endpoints for new Device Approvals page (#2993)
* [AC-1192] Create new OrganizationAuthRequestsController.cs

* [AC-1192] Introduce OrganizationAdminAuthRequest model

* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository

* [AC-1192] Add new list pending organization auth requests endpoint

* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository

* [AC-1192] Make the response device identifier optional for admin approval requests

* [AC-1192] Add endpoint for bulk denying admin device auth requests

* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel

* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController

* [AC-1192] Secure new endpoints behind TDE feature flag

* [AC-1192] Formatting

* [AC-1192] Add sql migration script

* [AC-1192] Add optional OrganizationId column to AuthRequest entity

- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId

* [AC-1192] Format migration scripts

* [AC-1192] Fix failing AuthRequest EF unit test

* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability

* [AC-1192] Fix missing comma in migration file

* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive

* [AC-1192] Move request validation into helper method to reduce repetition

* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission

* [AC-1192] Introduce FeatureUnavailableException

* [AC-1192] Introduce RequireFeatureAttribute

* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController

* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column

* [AC-1192] More attempts to sync database migrations

* [AC-1192] Formatting

* [AC-1192] Remove unused reference to FeatureService

* [AC-1192] Change Id types from String to Guid

* [AC-1192] Add EncryptedString attribute

* [AC-1192] Remove redundant OrganizationId property

* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping

- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties

* [AC-1192] Remove OrganizationUser navigation property
2023-06-15 14:54:08 -07:00
Matt Gibson
bdd5e0916e
Platform/pm 2138/add nginx to known proxies (#3012)
* Add nginx to known proxies

* Only add nginx proxy if standard self host deployment

* Style changes

* Add forwarded headers config to events server

* Add known proxy forwarding to missing services

* Catch DNS errors in adding nginx proxy

* Update src/SharedWeb/Utilities/ServiceCollectionExtensions.cs

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-06-14 10:33:26 -04:00
mimartin12
73c721ede3
[DEVOPS-1377] - Publish version tag MsSqlMigratorUtility image to ACR (#3015) 2023-06-14 08:12:36 -06:00
Thomas Avery
3449d28c83
[SM-705] Extract Authorization from Access Token Commands (#2928)
* refactor authorization for access token commands

* Unit tests for authorization handler
2023-06-13 15:30:44 -05:00
Opeyemi
b7a40406af
add more comment to missing actions (#3013) 2023-06-13 14:57:30 +01:00
cyprain-okeke
fed0828677
[AC 1427]Add New Organisation Properties Update DB Objects and create migration (#2980)
* Add new properties to organization

* Add new properties to organization

* Create migration

* Add the columns to the view

* Fix the syntax error

* Change the namespaces

* Remove the comma on the stripe file

* Remove the  nulls

* Resolving the PR comments

* Add a refresh for OrganizationView

* Remove the True default values

* Resolve the comments
2023-06-12 23:48:17 +01:00
Justin Baur
5874ff42c3
[PM-1380] Modify Device Table (#2937)
* Update Models

- Add Controller Method

* Add MSSQL Migration

* Update SQL Proj

* Update SQL Migration

* Update Models

* Update SQL Project

* Add EF Migrations

* Switch to using Identifier

* Update Code Comment
2023-06-09 21:36:12 -04:00
Todd Martin
5f4a303180
Add ability for Billing role to edit premium. (#3004) 2023-06-09 21:27:24 -04:00
Rui Tomé
8e40e0bfeb
[AC-1345] Moved trials logic to a new function on _OrganizationFormScripts (#2917) 2023-06-09 14:15:56 +01:00
Thomas Avery
05f11a8ee1
[SM-706] Extract Authorization From Create/Update Secret Commands (#2896)
* Extract authorization from commands

* Swap to request model validation.

* Swap to pattern detection
2023-06-08 16:40:35 -05:00
Matt Bishop
6a9e7a1d0a
Project configuration tune-up (#2994) 2023-06-08 13:21:03 -04:00
Shane Melton
cc4b6bb2fa
[AC-1163] Manage users permissions should allow collection assignment (#2808)
* [AC-1163] Update ViewAllCollections method to include check for ManagerUsers permission

Users with ManagerUsers permission need to be able to view all collections in order to assign them to other users.

* [AC-1163] Revert change to CurrentContext

* [AC-1163] Add check for ManageUsers to list collections endpoint
2023-06-08 09:02:01 -07:00
Kyle Spearrin
27e75e4459
adjust cloud requirement to include user creation date (#2985) 2023-06-08 11:43:29 -04:00
Matt Gibson
e27ab5d6c3
Add nginx to known proxies (#3002)
* Add nginx to known proxies

* Only add nginx proxy if standard self host deployment

* Style changes
2023-06-08 08:41:36 -05:00
Rui Tomé
746dec6496
[PM-1270] Throw error when removing master password reset policy with TDE enabled (#2964)
* [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment

* [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment

* [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created

* [PM-1270] Removed unused method mock on unit test
2023-06-07 09:56:31 +01:00
Matt Bishop
90a28ad87f
Use global.json (#2996) 2023-06-02 16:04:18 -04:00
Todd Martin
4e8256328d
[PM-2464] Add ability for BW Portal Admins to edit transactions (#2991)
* Added new permission to admins.

* Added additional permission.
2023-06-01 17:22:06 -04:00
Matt Bishop
d2556dd5cf
Manage Docker with Renovate (#2982) 2023-06-01 10:38:57 -04:00
Rui Tomé
e837676cf9
[AC-1077] Updated Admin reset password subject line of email to “Your admin has initiated account recovery” (#2940) 2023-06-01 08:57:35 +01:00
Thomas Avery
d1155ee376
[SM-704] Extract Authorization For ServiceAccounts (#2869)
* Move to access query for project commands

* Swap to hasAccess method per action

* Swap to authorization handler pattern

* Move ProjectOperationRequirement to Core

* Add default throw + tests

* Extract authorization out of commands

* Unit tests for authorization handler

* Formatting

* Swap to reflection for testing switch

* Swap to check read & reflections in test

* fix wording on exception

* Refactor GetAccessClient into its own query

* Use accessClientQuery in project handler
2023-05-31 13:49:58 -05:00
Todd Martin
c08e2a7473
Allow self-hosted notifications to work for Login with Device approval (#2934)
* Added anonymous hub context.

* Added anonymous hub to nginx setup.

* Added deserialization options to ignore case on deserialization.
2023-05-31 11:12:43 -04:00
Vince Grassia
a62d0c5e52
Fix push version and latest step to ACR (#2984) 2023-05-30 20:31:14 -04:00
Shane Melton
767993e266
[AC-1104] [AC-1265] Allow custom users with import/export permission to get export organization ciphers (#2837)
* [AC-1265] Allow users with custom import/export permission to get organization ciphers

* [AC-1104] Fix to allow custom users with import/export permission to access all collections/ciphers in their organization

* [AC-1104] Remove redundant OrganizationAdmin checks
2023-05-30 16:30:19 -07:00
github-actions[bot]
ab1204e859
Bumped version to 2023.5.0 (#2983)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-05-30 17:34:19 -04:00
Justin Baur
61a0efbdfc
[PM-2444] Add Pipeline for Testing All Database Variants in CI (#2471)
* Add Pipeline

* Fix Lint

* Added a Change

* Update Pipeline

* Add Multi-Version Support

* Use Profile Switch for each profile

* Fix MySql

* Debug MySql

* Use Proper Seperator

* Add Allow User Variables=true

* Pipeline Work

* Expand Config for Postgres

* Change Config Key

* Add Debug Step

* Fix Debug Step

* Fix Tests

* Add Sleep

* Fix Tests

* Fix SQL Server Tests

* Add Sqlite

* Use Context Property

* Fix Tests

* Fix Test Logger

* Update AccountRevisionDate Check

* Fix Postgres Time Issues

* Formatting and Pipeline Update

* Remove Unneeded SqlServer Setting

* Update .github/workflows/infrastructure-tests.yml

Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>

---------

Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>
2023-05-30 13:25:55 -04:00