1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00
Commit Graph

950 Commits

Author SHA1 Message Date
Matt Portune
744e8f1a13
Update AppId.hbs (#1495) 2021-08-04 15:49:55 -04:00
Thomas Rittson
b1ed6d2c21
Fix upload limits for direct uploads (again) (#1479)
* Use constants to represent file size limits

* Allow uploads of up to 500mb for self-hosted

* Set nginx max body size to 505mb

* Add reminder about updating nginx/proxy.conf
2021-08-04 09:00:30 +10:00
Vince Grassia
a31c231749
Fix UserKdf and UserApiKey migrations to only update null values (#1494) 2021-08-03 15:54:47 -04:00
Thomas Rittson
8d2b36d187
Fix conflicting group permissions (#1473)
* Return collection with highest permission levels

* Revert "Return collection with highest permission levels"

This reverts commit 06e0f3b73e.

* Combine duplicate collectionDetails

* Update EF to combine duplicate CollectionDetails

* Delete unneeded using statements
2021-08-02 11:49:27 +10:00
Mart
fdaf6b14d4
enh(mysql) Enforce ENGINE=InnoDB (#1470)
* enh(mysql) Enforce ENGINE=InnoDB

* enh(mysql) Enforce ENGINE=InnoDB
2021-07-29 17:12:57 -04:00
Vincent Salucci
545d5f942b
[Reset Password v1] Fixed ForcePasswordReset migration script (#1484) 2021-07-23 08:48:34 -05:00
Oscar Hinton
792fb377dd
[Provider] Prevent including pending organizations in SyncResponse (#1482) 2021-07-22 22:18:34 +02:00
Oscar Hinton
259bf8d760
Add events for Creating, Adding and Removing ProviderOrganizations (#1475) 2021-07-21 19:40:38 +02:00
Vincent Salucci
4e486e5f5d
[Reset Password v1] Update DB for Forced Reset (#1467)
* [Reset Password v1] Force Temp Password Changes

* Updated EF migrations/scripts

* Updating user sprocs with default bit value
2021-07-21 11:47:11 -05:00
Addison Beck
5ec37b96b4
Organization User Accepted Invite Email Notifications (#1465) 2021-07-16 13:49:27 -04:00
Addison Beck
752aa70924
Setup naming convention for Entity Framework migrations (#1464) 2021-07-15 15:39:54 +00:00
Oscar Hinton
f6ebb20847
[Provider] Add support for events (#1447) 2021-07-15 16:37:27 +02:00
Vince Grassia
eb0b8da911
Fix for Identity.pfx containing multiple certs (#1457)
* Fix for Identity.pfx containing multiple certs

* Remove unused import

* Update fix to use existing certificate and key instead of generating new
2021-07-14 14:41:15 -04:00
Vince Grassia
a003ee39c2
Fix typo in backup-db.sql (#1459) 2021-07-14 10:49:10 -04:00
Vince Grassia
1941ba0a41
Fix minor bug when testing if database already exists (#1452)
* Fix minor bug when testing if database already exists

* Add newline at end of file

* Remove unused import
2021-07-09 15:51:28 -07:00
Joseph Flinn
def1a86348
removing redundant cert reference (#1451) 2021-07-09 14:52:48 -07:00
Addison Beck
4a828ad440
Migration Fix (#1448)
* created stubs for missing ef provider methods

* fixed the initial postgres migration
2021-07-08 19:46:13 +00:00
Addison Beck
b13dda2799
Postgres & MySql Support For Self-Hosted Installations (#1386)
* EF Database Support Init (#1221)

* scaffolding for ef support

* deleted old postgres repos

* added tables to oncreate

* updated all the things to .NET 5

* Addition to #1221: Migrated DockerFiles from dotnet/3.1 to  5.0 (#1223)

* Migrated DockerFiles from dotnet/3.1 to  5.0

* Migrated SSO/Dockerfile from dotnet 3.1 to 5.0

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* EFDatabaseSupport: Updated links and description in README.md and SETUP.md (#1232)

* Updated requirements in README.md

* Updated link to documentation of app-secrets

* upgraded dotnet version to 5.0

* Ef database support implementation examples (#1265)

* mostly finished testing the user repo

* finished testing user repo

* finished org, user, ssoconfig, and ssouser ef implementations

* removed unused prop

* fixed a sql file

* fixed a spacing issue

* fixed a spacing issue

* removed extra database creation

* refactoring

* MsSql => SqlServer

* refactoring

* code review fixes

* build fix

* code review

* continued attempts to fix the the build

* skipped another test

* finished all create test

* initial pass at several repos

* continued building out repos

* initial pass at several repos

* initial pass at device repo

* initial pass at collection repo

* initial run of all Entity Framework implementations

* signup, signin, create/edit ciphers works

* sync working

* all web vault pages seem to load with 100% 200s

* bulkcopy, folders, and favorites

* group and collection management

* sso, groups, emergency access, send

* get basic creates matching on all repos

* got everything building again post merge

* removed some IDE config files

* cleanup

* no more notimplemented methods in the cipher repo

* no more not implementeds everywhere

* cleaned up schema/navigation properties and fixed tests

* removed a sql comment that was written in c# style

* fixed build issues from merge

* removed unsupported db providers

* formatting

* code review refactors

* naming cleanup for queries

* added provider methods

* cipher repo cleanup

* implemented several missing procedures from the EF implementation surround account revision dates, keys, and storage

* fixed the build

* added a null check

* consolidated some cipher repo methods

* formatting fix

* cleaned up indentation of queries

* removed .idea file

* generated postgres migrations

* added mysql migrations

* formatting

* Bug Fixes & Formatting

* Formatting

* fixed a bug with bulk import when using MySql

* code review fixes

* fixed the build

* implemented new methods

* formatting

* fixed the build

* cleaned up select statements in ef queries

* formatting

* formatting

* formatting

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2021-07-08 16:35:48 +00:00
Oscar Hinton
feb3106f37
[Provider] Create and access child organizations (#1427) 2021-07-08 17:05:32 +02:00
Thomas Rittson
908e1504af
Fix bulk fingerprints (#1442)
* Fix fingerprint phrases in bulk confirm modal

* Fix indentation
2021-07-07 20:21:52 +10:00
Chad Scharf
624b5e40c6
Fallback for null/default database name (#1429) 2021-07-02 13:08:53 -04:00
Vince Grassia
bdcfbb3b43
Allow for changing database name (#1397)
* Remove hard coded database name

* Update permissions on build scripts

* Update Setup project and run scripts for configuring database name

* Remove hyphen from database name flag

* Update with suggested changes, still needs testing

* Revert SQL statements to concatenantion for testing

* Fix typo

* Update util/Setup/EnvironmentFileBuilder.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update SQL commands to prevent SQL injection attacks

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-07-02 10:52:34 -04:00
Oscar Hinton
43f7271147
[Provider] Setup provider (#1378) 2021-06-30 09:35:26 +02:00
Vincent Salucci
2d41edf1f9
[Reset Password] Updated OrgResetPasswordAbilityAndRsaKeys sql script (#1418)
* Updated OrgResetPasswordAbilityAndRsaKeys sql script

* Removed unnecessary null check
2021-06-28 12:15:55 -05:00
Vincent Salucci
658f79b80e
[Reset Password] Update Custom orgs for UseResetPassword (#1399)
* [Reset Password] Update Custom orgs for UseResetPassword

* Improved script content
2021-06-16 14:40:27 -05:00
Oscar Hinton
1796b1dd8e
Disable launchBrowser launchSetting (#1400) 2021-06-16 18:36:23 +02:00
Matt Portune
ac7ee873ac
Remove md5 and sha1 cert fingerprints (#1391) 2021-06-14 09:00:56 -04:00
Matt Portune
13a97b2645
Update AppId.hbs (#1388) 2021-06-10 16:57:09 -04:00
Oscar Hinton
fe1ffb6a22
[Provider] Server entities and models (#1370)
* Mock out provider models and service

* Implement CreateAsync, CompleteSetupAsync, UpdateAsync, InviteUserAsync and ResendInvitesAsync

* Implement AcceptUserAsync and ConfirmUsersAsync

* Implement SaveUserAsync and DeleteUserAsync

* Add email templates

* Add admin operations for providers

* Fix mail template names

* Rename roles

* Verify provider has provideradmin

* Add self hosted check to admin controller

* Resolve review comments

* Update sql queries

* Change create provider to use email instead of userId
2021-06-03 18:58:29 +02:00
Matt Gibson
a7d700f1cb
Explicitly set quoted identifier on for problem objects (#1360) 2021-06-01 14:52:22 -05:00
Matt Portune
0e76371d0d
Android FIDO2 Asset Links (#1359)
* asset links for Android FIDO2

* added release & debug fingerprints
2021-05-27 13:00:38 -04:00
Vince Grassia
21003c61ab
Update output directory for dotnet builds (#1358)
* Update output directory for dotnet builds

* Update Dotnet build output path
2021-05-27 12:16:12 -04:00
Oscar Hinton
fffdd17915
Fix typo in bulk reinvinte migration (#1357) 2021-05-27 17:29:23 +02:00
Oscar Hinton
d4cf6d929a
Bulk Confirm (#1345)
* Add support for bulk confirm

* Add missing sproc to migration

* Change ConfirmUserAsync to internally use ConfirmUsersAsync

* Refactor to be a bit more readable

* Change BulkReinvite and BulkRemove to return a list of errors/success

* Refactor

* Fix removing owner preventing removing non owners

* Add another unit test

* Use fixtures for OrganizationUser and Policies

* Fix spelling
2021-05-25 19:23:47 +02:00
Oscar Hinton
61307e11b0
Provider: Initial db structure (#1309)
* Initial db structure
2021-05-20 14:39:26 +02:00
Matt Gibson
785e788cb6
Support large organization sync (#1311)
* Increase organization max seat size from 30k to 2b (#1274)

* Increase organization max seat size from 30k to 2b

* PR review. Do not modify unless state matches expected

* Organization sync simultaneous event reporting (#1275)

* Split up azure messages according to max size

* Allow simultaneous login of organization user events

* Early resolve small event lists

* Clarify logic

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Improve readability

This comes at the cost of multiple serializations, but the
 improvement in wire-time should more than make up for this
 on message where serialization time matters

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Queue emails (#1286)

* Extract common Azure queue methods

* Do not use internal entity framework namespace

* Prefer IEnumerable to IList unless needed

All of these implementations were just using `Count == 1`,
which is easily replicated. This will be used when abstracting Azure queues

* Add model for azure queue message

* Abstract Azure queue for reuse

* Creat service to enqueue mail messages for later processing

Azure queue mail service uses Azure queues.
Blocking just blocks until all the work is done -- This is
how emailing works today

* Provide mail queue service to DI

* Queue organization invite emails for later processing

All emails can later be added to this queue

* Create Admin hosted service to process enqueued mail messages

* Prefer constructors to static generators

* Mass delete organization users (#1287)

* Add delete many to Organization Users

* Correct formatting

* Remove erroneous migration

* Clarify parameter name

* Formatting fixes

* Simplify bump account revision sproc

* Formatting fixes

* Match file names to objects

* Indicate if large import is expected

* Early pull all existing users we were planning on inviting (#1290)

* Early pull all existing users we were planning on inviting

* Improve sproc name

* Batch upsert org users (#1289)

* Add UpsertMany sprocs to OrganizationUser

* Add method to create TVPs from any object.

Uses DbOrder attribute to generate.
Sproc will fail unless TVP column order matches that of the db type

* Combine migrations

* Correct formatting

* Include sql objects in sql project

* Keep consisten parameter names

* Batch deletes for performance

* Correct formatting

* consolidate migrations

* Use batch methods in OrganizationImport

* Declare @BatchSize

* Transaction names limited to 32 chars

Drop sproc before creating it if it exists

* Update import tests

* Allow for more users in org upgrades

* Fix formatting

* Improve class hierarchy structure

* Use name tuple types

* Fix formatting

* Front load all reflection

* Format constructor

* Simplify ToTvp as class-specific extension

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-05-17 09:43:02 -05:00
Justin Baur
d21ca83a20
Add Directory.Build.props (#1314)
* Add Directory.Build.props

* Remove unneeded props
2021-05-12 13:03:21 -04:00
Oscar Hinton
e2f633dace
Bulk re-invite of org users (#1316)
* Add APIs for Bulk reinvinte

* Resolve review comments.
2021-05-12 11:18:25 +02:00
Vincent Salucci
70ab5b25a1
[Reset Password] Organization Key Pair (#1292)
* [Reset Password] Organization Key Pair

* Fixed type in Organization_ReadAbilites sproc

* Fixed broken unit test by making sure premium addon was false

* Updated PublicKey decorator and removed unecessary validation
2021-05-06 14:53:12 -05:00
Oscar Hinton
6ada46f906
Fix password re-prompt not working in org view (#1296)
* Fix password reprompt not working in org view

* Also fix Cipher_UpdateWithCollections and CipherDetails_CreateWithCollections. Rename migration script
2021-05-04 20:36:35 +02:00
Oscar Hinton
2054e5a926
Password re-prompt (#1269)
* Add support for password re-prompt
2021-04-29 15:43:44 +02:00
Kyle Spearrin
83e68bce06
enable default appsettings for self hosted installs (#1263)
* enable default appsettings for self hosted installs

* change setters to use arrow functions

* fix tests

* fix global settings ref
2021-04-09 09:48:43 -04:00
Vince Grassia
0366c0efef
Add install-id, install-key, and skip-ssl flags to Setup Project (#1260)
* Add install-id, install-key, and skip-ssl flags

* Update util/Setup/CertBuilder.cs

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>

* Update util/Setup/Program.cs

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>

* Remove redundant variable assignment

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2021-04-06 14:39:27 -04:00
Kyle Spearrin
597fa01344
job to delete trashed ciphers nightly (#1243)
* job to delete trashed items nightly

* remove script from migration project file

* admin setting for controlling trash deleting dates
2021-04-02 11:14:21 -04:00
Oscar Hinton
339292f536
Fix emergency access migration not working (#1244) 2021-03-29 17:28:36 +02:00
Thomas Rittson
688cc00d48
Hide email address in Sends (#1234)
* Add send HideEmail to tables and models

* Respect HideEmail setting for Sends

* Recreate SendView to include new HideEmail column

* Enforce new Send policy

* Insert default value for new HideEmail column

* Delete c95d7598-71cc-4eab-8b08-aced0045198b.json

* Remove unrelated files

* Revert disableSendPolicy, add sendOptionsPolicy

* Minor style fixes

* Update SQL project with Send.HideEmail column

* unit test SendOptionsPolicy.DisableHideEmail

* Add SendOptionsPolicy to Portal

* Make HideEmail nullable, fix migrator script

* Remove NOT NULL constraint from HideEmail

* Fix style

* Make HideEmail nullable

* minor fixes to model and error message

* Move SendOptionsExemption banner

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
Chad Scharf
a2f33176aa
Fix column NULLness for OrganizationUser table (#1239)
Fix column `NULL`ness for OrganizationUser table in Upgrade script; prior PR I missed in the upgrade script submitted that the ALTER COLUMN statement incorrectly set the column to `NOT NULL` when the table definition had it correctly as `NULL`.
2021-03-24 12:50:57 -04:00
Vincent Salucci
0cfd50382d
[Reset Password] Update all existing tables/sprocs/migrator scripts (#1235) 2021-03-23 16:04:11 -05:00
Joseph Flinn
7bb26a7203
K8s Proxy CI Build (#1233)
* adding the new k8s-proxy container to the server build

* updating the file path fore the new dockerfile
2021-03-23 11:19:01 -07:00
Oscar Hinton
07f37d1f74
WebAuthn (#903) 2021-03-22 23:21:43 +01:00
Vincent Salucci
7309a37bdc
[Bug] Updated incorrect formatting/spelling on migrator script (#1228) 2021-03-22 10:24:28 -05:00
Thomas Rittson
fd42b227b3
Update dev setup guide (#1222)
* Update dev setup guide with current best practice

* Minor amendments to setup instructions

* Move vault_dev migrator script to its own file

* Fix typo, use command line args for SA_PASSWORD

* Move setup guide to its own file

* fix typo
2021-03-22 07:56:31 +10:00
Daniel James Smith
aea85ea0eb
Fixes #1101: Extend email column length to 256 characters (MSSQL) (#1191)
* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - Installation

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - User

* Fixes bitwarden/server/#1101 - Extended length of BillingEmail column to 256 characters - Organization

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - OrganizationUser

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - EmergencyAccess

* Fixes bitwarden/server/bitwarden#1101 - Fixed issues after PR review
2021-03-18 16:43:49 -04:00
Thomas Rittson
3850f0e400
Fix empty grantee or grantor names in emergency access emails (#1162)
* Fix empty grantee or grantor names in emails

* Add migrator dbscript for changes to ReadToNotify
2021-02-26 08:11:58 +10:00
Chad Scharf
cc964ccb9c
Add https://2fa.directory to CSP (#1156)
* Add https://2fa.directory to CSP

* remove old domain for towfactorauth.org
2021-02-22 19:15:58 -05:00
Jungley
7065bba56f
支持更多的 nginx 配置 (#1136) 2021-02-11 16:11:36 -05:00
Matt Gibson
79cc6df0fd
Delete sends belonging to user on user delete (#1116)
* Delete sends belonging to user on user delete

* Update User_DeleteById.sql

* Clean up bad autoformats

Co-authored-by: Addison Beck <abeck@bitwarden.com>

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-02-05 12:37:55 -06:00
Kyle Spearrin
61675342c3
added duofederal.com to allowed duo domains (#1091) 2021-01-15 16:59:51 -05:00
Addison Beck
63fcdc1418
Implemented Custom role and permissions (#1057)
* Implemented Custom role and permissions

* Converted permissions columns to a json blob

* Code review fixes for Permissions

* sql build fix

* Update Permissions.cs

* formatting

* Update IOrganizationService.cs

* reworked a conditional

* built out tests for relevant organization service methods

* removed unused usings

* fixed a broken test and a bad empty string init

* removed 'Attribute' from some attribute instances
2021-01-12 11:02:39 -05:00
Matt Gibson
5aba9f7549
Add cipher response to restore (#1072)
* Return revised ciphers on restore api call

* Return restored date from restore sproc

* Test Restore updates passed in ciphers

This is necessary for CipherController to appropriately return the
up-to-date ciphers without an extra db call to read them.

* Add missing SELECT
2021-01-08 08:52:42 -06:00
Addison Beck
6143ad2b95
fixed a copy/paste bug in the tax rate migration script (#1077) 2021-01-07 16:36:18 -05:00
Chad Scharf
4825998ba5
Fix sproc name mismatch in migration sql (#1066) 2020-12-30 16:21:14 -05:00
Mart
0f962809bc
Fix mssql healthcheck (#1055)
Let's let some more time for the container to start
2020-12-21 10:30:36 -05:00
Joseph Flinn
97ba472606
Make nginx Content-Security-Policy configurable (#1048)
* Adding the nginx head Content-Security-Policy to the Configuration file

* fixing whitespace formatting

* adding a '+' that got removed
2020-12-18 07:58:35 -08:00
Oscar Hinton
0f1af2333e
Add support for Emergency Access (#1000)
* Add support for Emergency Access

* Add migration script

* Review comments

* Ensure grantor has premium when inviting new grantees.

* Resolve review comments

* Remove two factor references
2020-12-16 14:36:47 -05:00
Kai Bröker
9bb63b86f0
Update Dockerfile (#1040) 2020-12-16 11:16:03 -05:00
David Lundgren
d63eb376c4
Allow for slight customization of the mssql db backup interval (#1008)
* Allow for slight customization of the mssql db backup interval

* Honor env TZ if set and clean up -u in sleep calculation
2020-12-15 11:08:30 -05:00
Vincent Salucci
70f5fd5030
[Policy] Personal Ownership (#1013)
* Initial commit of disable personal vault policy

* Added new sproc // updated policy check (was missing conditionals)

* Updated DeMorgan's law logic
2020-12-11 10:45:26 -06:00
Mart
8d9b1ff214
Fix mssql healthcheck (#1030)
Let's let time for the container to start
2020-12-07 14:57:36 -05:00
Vincent Salucci
09aea4ed38
[Bug] Improve SSO user provision flow (#1022)
* Initial commit of provisioning updates

* Updated strings

* removed extra BANG

* Separated orgUsers db lookup - prioritized existing user Id

* Updated create sso record method // Added sproc for org/email retrieval
2020-12-04 16:45:54 -06:00
Addison Beck
b877c25234
Implemented tax collection for subscriptions (#1017)
* Implemented tax collection for subscriptions

* Cleanup for Sales Tax

* Cleanup for Sales Tax

* Changes a constraint to an index for checking purposes

* Added and implemented a ReadById method for TaxRate

* Code review fixes for Tax Rate implementation

* Code review fixes for Tax Rate implementation

* Made the SalesTax migration script rerunnable
2020-12-04 12:05:16 -05:00
Addison Beck
25a9991908
Implement User-based API Keys (#981)
* added column ApiKey to dbo.User

* added dbo.User.ApiKey to User_Update

* added dbo.User.ApiKey to User_Create

* wrote migration script for implementing dbo.User.ApiKey

* Added ApiKey prop to the User table model

* Created AccountsController method for getting a user's API Key

* Created AccountsController method for rotating a user API key

* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli

* Added a new conditional to ClientStore to account for user API keys

* Wrote unit tests for new user API Key methods

* Added a refresh of dbo.UserView to new migration script for ApiKey

* Let client_credentials grants into the custom token logic

* Cleanup for ApiKey auth in the CLI feature

* Created user API key on registration

* Removed uneeded code for user API keys

* Changed a .Contains() to a .StartsWith() in ClientStore

* Changed index that an array is searched on

* Added more claims to the user apikey clients

* Moved some claim finding logic to a helper method
2020-11-10 15:15:29 -05:00
Kyle Spearrin
c466acf081 adjust params for attachments server 2020-11-05 11:39:15 -05:00
Kyle Spearrin
dacb2a8e2b fix null or whitespace logic 2020-11-04 16:15:38 -05:00
Kyle Spearrin
d2ab098ca5 configure send for self-host 2020-11-03 14:29:07 -05:00
Kyle Spearrin
82dd364e65
Send APIs (#979)
* send work

* fix sql proj file

* update

* updates

* access id

* delete job

* fix delete job

* local send storage

* update sprocs for null checks
2020-11-02 15:55:49 -05:00
Vincent Salucci
66e44759f0
[Require SSO] Enterprise policy enforcement (#970)
* Initial commit of require sso authentication policy enforcement

* Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future

* Update policy name // adjusted conditional to demorgan's

* Updated sproc // Added migrator script

* Added .sql file extension to DeleteOrgUserWithOrg migrator script

* Added policy // edit // strings // validation to business portal

* Change requests from review // Added Owner & Admin exemption

* Updated repository function used to get org user's type

* Updated with requested changes
2020-10-26 11:56:16 -05:00
Addison Beck
e872b4df9d
Only org policy (#962)
* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues
2020-10-20 02:48:10 -04:00
Addison Beck
dfe5c571b9
Delete OrgUsers When Deleting An Org (#964)
* deleted orgUsers when deleting an org

* sql formatting
2020-10-13 11:26:55 -04:00
Kyle Spearrin
00aaa64285 accept larger headers 2020-09-02 16:44:54 -04:00
Kyle Spearrin
8510a753a8
delete sso config when deleting org (#904)
* delete ssouser on org and user delete

* delete sso config when deleting org
2020-09-02 10:48:15 -04:00
Kyle Spearrin
47224913d4
delete ssouser on org and user delete (#902) 2020-09-01 16:05:37 -04:00
Kyle Spearrin
9faa9406a6
delete sso user when deleting org user (#901) 2020-09-01 15:07:47 -04:00
Kyle Spearrin
01bae115a5 proxy for sso connector 2020-09-01 12:44:45 -04:00
Kyle Spearrin
6e0921dcc1 proxy_buffers 2020-08-31 16:44:18 -04:00
Kyle Spearrin
6e7d618e52 correct nginx sso pathing 2020-08-28 13:44:50 -04:00
Kyle Spearrin
f0210cd798 correct identity pathing from nginx 2020-08-28 13:44:01 -04:00
Chad Scharf
db7d05b52f
Added PreValidate endpoint on Account controller (#896)
* Added PreValidate endpoint on Account controller

* Fixed IHttpClientFactory implementation

* Core localization and org sproc fix

* Pass culture, fixed sso middleware bug
2020-08-28 12:14:23 -04:00
Kyle Spearrin
526bdfdb05 update nginx proxy for portal pathing 2020-08-27 16:26:12 -04:00
Kyle Spearrin
0607050024
update self-host for sso and portal (#893) 2020-08-26 17:48:31 -04:00
Addison Beck
59f8467f7c
Create sso user api (#886)
* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* Update AccountsController.cs

* facilitate linking/unlinking existing users from an sso enabled org

* added user_identifier to identity methods for sso

* moved sso user delete method to account controller

* fixed a broken test

* added a token to the existing user sso link flow

* added a token to the existing user sso link flow

* fixed a typo

* added an event log for unlink ssoUser records

* fixed a merge issue

* fixed a busted test

* fixed a busted test

* ran a formatter over everything & changed .vscode settings in .gitignore

* chagned a variable to use string interpolation

* removed a blank line

* Changed TokenPurpose enum to a static class of strings

* code review cleanups

* formatting fix

* Changed parameters & logging for delete sso user

* changed th method used to get organization user for deleting sso user records

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-26 14:12:04 -04:00
Chad Scharf
8884157427
Added get for sso config repo by revision date (#878) 2020-08-19 13:35:17 -04:00
Kyle Spearrin
cd926ca8f6
allow user registration for sso (#865) 2020-08-13 17:30:10 -04:00
Kyle Spearrin
056b4b9bf4
add api support for updating org identifier (#861)
* add api support for updating org identifier

* add identifier to response as well

* implement in EF repo
2020-08-12 16:38:22 -04:00
Kyle Spearrin
623cd36bd4
upgrade identity server 4 to v4 (#842)
* upgrade identity server 4 to v4

* remove script ref
2020-07-30 17:00:13 -04:00
Kyle Spearrin
047c2ad3ab comment out sso in nginx config 2020-07-29 10:01:36 -04:00
Kyle Spearrin
307ac437d5 remove sso container ref 2020-07-29 09:50:11 -04:00
Kyle Spearrin
68915a452e missing go 2020-07-28 21:53:12 -04:00
Kyle Spearrin
c53e8cbf9d
return if org user has sso binding (#839) 2020-07-28 21:11:45 -04:00
Kyle Spearrin
2c4752f4ac
Sso user table, model and repo stubbed out (#837)
* Sso user table, model and repo stubbed out

* switch to nullable org id, bigint id

* update GetBySsoUserAsync

* cleanup migrator file

* fix EF user repo

* fix pg repo

* is `IS NULL` checks

* unique indexes

* update migration scripts

* add another unique index

* remove old script
2020-07-28 10:03:09 -04:00
Kyle Spearrin
5de236f294 update libs 2020-07-27 20:36:17 -04:00
Addison Beck
229478adae
Feature.web.534.allow multi select in org vault (#830)
* Set up API methods for bulk admin delete
2020-07-22 11:38:53 -05:00
Matt Portune
51fd87df0b
Added UseSso bool to Organization (#834)
* Added UseSso bool to org

* Update fields in migration script

* bump version & check enabled flag on ssoConfig
2020-07-22 09:38:39 -04:00
Chad Scharf
83e9468502
Transition reference id to data (#828)
* Transition reference id to data

* field length and request model updates
2020-07-20 15:19:46 -04:00
François Van Ingelgom
aab6095073
Add support building from path that contains space (#815) 2020-07-17 08:28:31 -04:00
Kyle Spearrin
0d0c6c7167
sso integrations (#822)
* stub out hybrid sso

* support for PKCE authorization_code clients

* sso service urls

* sso client key

* abstract request validator

* support for verifying password

* custom AuthorizationCodeStore that does not remove codes

* cleanup

* comment

* created master password

* ResetMasterPassword

* rename Sso client to OidcIdentity

* update env builder

* bitwarden sso project in docker-compose

* sso path in nginx config
2020-07-16 08:01:39 -04:00
Chad Scharf
d0d93a64ee
Reverse encouragement of self-signed cert (#813) 2020-07-07 20:58:45 -04:00
Mart124
61f46ecb11
Update CertBuilder.cs (#809) 2020-07-06 13:48:23 -04:00
Mart124
62b3c305c3
Add default log parameters (#807)
* Add default log parameters

* Case typo
2020-07-02 16:28:16 -04:00
Kyle Spearrin
cc9d18f6d2
add missing [ViewPassword] true (#799) 2020-06-27 15:09:04 -04:00
Matt Portune
0b1e49bc0a Remove Id from SsoConfig_Create sproc 2020-06-26 16:47:41 -04:00
Matt Portune
9f919bbea9 move Id assignment to after insert 2020-06-25 18:28:08 -04:00
Matt Portune
f46023f2f5 requested changes 2020-06-25 18:06:27 -04:00
Matt Portune
39a81af3e9 DAL & CRUD for SSO 2020-06-25 16:42:29 -04:00
Chad Scharf
fca7b162bf Reference id storage and signup 2020-06-25 12:28:22 -04:00
Kyle Spearrin
0f2ea43454 bump dbup minor version 2020-06-24 16:37:23 -04:00
Kyle Spearrin
8559e144c6 bump dependency minor/patch versions 2020-06-24 16:37:23 -04:00
Matt Portune
f471237ce4 Update migration 2020-06-24 16:14:59 -04:00
Matt Portune
81879f804b fixed field name during name check 2020-06-24 15:21:48 -04:00
Matt Portune
448032668e fixed syntax error in migration 2020-06-24 15:18:42 -04:00
Matt Portune
05891f2122 Requested updates 2020-06-24 12:24:36 -04:00
Matt Portune
09df3f64d3 Updates to SSO config DB setup 2020-06-23 23:54:27 -04:00
Matt Portune
aa19be2c0c formatting 2020-06-22 10:45:37 -04:00
Matt Portune
d0a98d6cf3 Added missing migration functionality 2020-06-22 09:49:16 -04:00
Matt Portune
519226f824 formatting 2020-06-21 23:42:27 -04:00
Matt Portune
8e7cb082ad DB support for SSO config 2020-06-21 23:35:42 -04:00
hinton
24a458416e Add missing go after create type. 2020-05-26 20:56:10 +02:00
hinton
bf7f541664 Add go after last statement. 2020-05-26 20:53:49 +02:00
hinton
4c1ba235d8 Delete procedures before droping type 2020-05-23 12:06:05 +02:00
hinton
14a8224a99 Be explicit about AccessAll for ViewPassword 2020-05-23 11:06:41 +02:00
hinton
1c0095b122 Be explicit with AccessAll and fix bug in create/update cipher 2020-05-23 10:36:35 +02:00
hinton
54f3ab5863 Add database migration script for hidden passwords 2020-05-22 22:52:08 +02:00
Kyle Spearrin
343ef92a20
Sproc tweaks (#730)
* do not follow local hosts or ip addresses

* remove cron from mssql

* migration script

* Use joins instead of temp tables

* update migration script with join changes
2020-05-21 11:35:00 -04:00
Kyle Spearrin
c205bf72e6 update some libs 2020-05-18 21:57:14 -04:00
Mart124
330ff7cd80
Fix sleep calculation (#719)
* Fix sleep calculation

* Fix sleep calculation
2020-05-04 07:48:16 -04:00
Chad Scharf
43501e643f [Soft Delete] - cleanup whitespace in Cipher_Restore 2020-04-10 10:51:27 -04:00
Chad Scharf
598e1ff92b [Soft Delete] - Add not null/is null filters to soft delete and restore sprocs 2020-04-09 15:25:17 -04:00
Chad Scharf
7f22088d5f Fix delcaration of @UtcNow variable 2020-04-02 14:08:19 -04:00
Chad Scharf
eb34cc49c6 Fixed date time precision assignment for DeletedDate and RevisionDate (performance + match/data quality) 2020-04-02 13:45:53 -04:00
Chad Scharf
d07f27f274 [Soft-Delete] Simplify the data-tier, removed extra sprocs and reuse update 2020-04-01 16:39:27 -04:00
Chad Scharf
d014a597dd [Soft Delete] - API updates for soft delete + retrieval 2020-04-01 13:00:25 -04:00
Chad Scharf
9800b752c0 Changed all C# control flow block statements to include space between keyword and open paren 2020-03-27 14:36:37 -04:00
Chad Scharf
55b937ff68 Updated PR comments, changed smart defaults for behavior, updated Cipher table index 2020-03-27 10:23:37 -04:00
Chad Scharf
bc46eccf70 Deleted date on Cipher table, related sprocs and repositories updated 2020-03-26 19:32:37 -04:00
Kyle Spearrin
cd0ec26b07 upgrade libs 2020-03-04 22:01:28 -05:00
Kyle Spearrin
81424a8526
Enforce 2fa policy (#654) 2020-02-19 14:56:16 -05:00
Kyle Spearrin
6b6c2d862d 8bit => bitwarden 2020-02-18 22:22:32 -05:00
Kyle Spearrin
725522128c sync org policies to client devices 2020-01-28 15:33:32 -05:00
Kyle Spearrin
1f22420e6c update mssql image 2020-01-22 17:14:12 -05:00
Kyle Spearrin
f3f1ac57d2 refactor policy apis 2020-01-20 08:53:15 -05:00
Mart124
d9181045c9 Stop mssql gently (#641) 2020-01-16 14:25:06 -08:00
Kyle Spearrin
ff8731c82f add usepolicies to org profile object 2020-01-15 15:17:32 -05:00
Kyle Spearrin
e8054df5b4 use policies property for orgs 2020-01-15 15:00:54 -05:00
Kyle Spearrin
58faf5266b policy events 2020-01-15 09:43:49 -05:00
Kyle Spearrin
57a491d58b aspnet image 2020-01-13 15:07:52 -05:00
Kyle Spearrin
6efb7fcbfd add routing for server 2020-01-13 11:14:50 -05:00
Kyle Spearrin
b1e8d16b9d update some libs 2020-01-13 09:33:12 -05:00
Kyle Spearrin
47b50e48ef update libs 2020-01-10 16:14:16 -05:00
Kyle Spearrin
29580684a3 upgrade to aspnet core 3.1 2020-01-10 08:33:13 -05:00
Kyle Spearrin
4e4644e17d stub out organization policy db schema 2020-01-06 14:26:48 -05:00
Mart124
9bb6476f53 Typo (#613)
* Update logrotate.sh

* Update backup-db.sh
2019-11-25 10:36:06 -05:00
Mart124
8b5e37d349 Update .dockerignore (#612) 2019-11-25 10:08:14 -05:00
Kyle Spearrin
2cf8b88fbb dont exec 2019-11-25 09:25:11 -05:00
Kyle Spearrin
980e19884d exec gosu 2019-11-25 09:22:42 -05:00
Mart124
35a5dd95bb DB backups without cron (#608)
* Update backup-db.sh

* Update entrypoint.sh

* Update Dockerfile

* Delete crontab

* Update backup-db.sh

* don't bother with log files

all is already in /var/opt/mssql/log/errorlog

* Use gosu
2019-11-25 08:35:52 -05:00
Mart124
47bda1e6d0 Rotate nginx logs (#601)
* Rotate nginx logs

* Create logrotate.sh

* Update Dockerfile

* Update entrypoint.sh

* Update Dockerfile

* Update logrotate.sh

* No reason to disable logrotate

* Update logrotate.sh

* Update entrypoint.sh

* typo

* Avoid useless output

* Use gosu
2019-11-25 08:34:47 -05:00
Mart124
6950dcae8b Install tzdata package (#606) 2019-11-22 09:52:17 -05:00
Kyle Spearrin
8f3df46075 remove black hole for telemetry 2019-11-20 09:47:46 -05:00
Kyle Spearrin
fe3378b483 try internal network by default 2019-11-20 08:09:53 -05:00
Kyle Spearrin
c27b72e019 private network for some containers 2019-11-20 07:35:42 -05:00
Kyle Spearrin
63c3d5342c undo admin host port header 2019-10-17 14:40:05 -04:00
Kyle Spearrin
0a7727dc27 port to host header for admin 2019-10-17 14:20:49 -04:00
Kyle Spearrin
dfeb2aad5c no server port test 2019-10-17 14:04:22 -04:00
Kyle Spearrin
b040229933 add server_port to host proxy header 2019-10-17 13:30:41 -04:00
Mart124
6f91b693d9 Increase self-signed certs duration (#570) 2019-10-02 10:26:07 -04:00
Kyle Spearrin
c0bc5a0361 bitwarden update script without .sh suffix 2019-08-22 15:19:06 -04:00
Kyle Spearrin
5f4c7eb122 add q9 secondary dns resolver 2019-08-05 07:36:31 -04:00
h-town
d081d0fc4d Revise hard-coded ssl resolver to Cloudflare & Quad9 (#543)
Google (terrible) and OpenDNS (questionable at best) are not ideal for privacy-minded users.  Both Cloudflare DNS and Quad9 at least claim to drop logs, each of them have widely-reported response times, and they're sufficiently established with over a year of service.
2019-08-05 07:34:29 -04:00
Kyle Spearrin
8dabba984d fix nginx healthcheck 2019-07-27 21:54:06 -04:00
Kyle Spearrin
0793cb6167 healthcheck for attachments server 2019-07-26 20:31:45 -04:00
Kyle Spearrin
310e0115d5 add port to health check 2019-07-26 14:24:39 -04:00
Kyle Spearrin
2ea244c723 healthcheck cmd 2019-07-26 14:04:45 -04:00
Kyle Spearrin
b7f3fa0087 try fixing curl install again 2019-07-26 13:21:46 -04:00
Kyle Spearrin
82a8249a69 fix curl error 2019-07-26 13:12:20 -04:00
Kyle Spearrin
d2bf308c10 fix sqlcmd path on healthcheck 2019-07-26 12:52:39 -04:00
Kyle Spearrin
bba0206bb7 alive check for nginx 2019-07-26 12:43:06 -04:00
Kyle Spearrin
29f0a2aa12 mssql healthcheck 2019-07-26 12:16:38 -04:00
Kyle Spearrin
a23e081397 update some libs 2019-07-23 16:58:40 -04:00
Kyle Spearrin
94188fa0b5 update to net core 2.2 2019-07-23 16:38:49 -04:00
Kyle Spearrin
3422df325b HIBP api key in env variables 2019-07-22 21:24:04 -04:00
Kyle Spearrin
242e509b9d set en-US as default current culture 2019-07-11 15:03:17 -04:00
Kyle Spearrin
f97539d558 build events container into docker deployment 2019-07-09 14:49:34 -04:00
Kyle Spearrin
35804e10cf collection cipher query improvements 2019-05-28 23:55:47 -04:00
Kyle Spearrin
d34cde7579 group name fix 2019-05-15 22:38:52 -04:00
Kyle Spearrin
e6fc0f9548 real_ips uses this in template 2019-05-15 22:11:22 -04:00
Kyle Spearrin
6381634a92 update libs 2019-05-11 20:56:49 -04:00
Kyle Spearrin
33845d372f bump dockerfile dep versions 2019-05-07 11:14:37 -04:00
Cédric Laubacher
afdf29da78 Update NGINX Dockerfile to latest stable version (#490) 2019-05-03 07:37:32 -04:00
Kyle Spearrin
b4148d3532 fix issues on cipher admin endpoints 2019-05-01 09:38:13 -04:00
Kyle Spearrin
044f21df29 indenting 2019-04-27 23:13:14 -04:00
Kyle Spearrin
b935b16cb8 more real_ip config values for nginx 2019-04-27 23:11:57 -04:00
Kyle Spearrin
d8204341a4 add semicolon 2019-04-26 12:44:44 -04:00
Kyle Spearrin
6dc2e1b328 real ips config 2019-04-26 12:26:54 -04:00
Kyle Spearrin
acfacf69a2 Revert "--with-http_realip_module"
This reverts commit f951304f11.
2019-04-26 12:10:22 -04:00
Kyle Spearrin
f951304f11 --with-http_realip_module 2019-04-26 11:09:12 -04:00
Kyle Spearrin
bc94c36cfc formatting 2019-04-14 22:46:11 -04:00
Robin van Boven
03bcce1e73 Support reading a file for the SA_PASSWORD for swarm security. (#477) 2019-04-14 22:41:59 -04:00
Kyle Spearrin
085c13f508 next step is just start 2019-03-25 16:24:16 -04:00
Kyle Spearrin
5da0edb412 include bit. namespace prefix 2019-03-25 15:59:12 -04:00
Kyle Spearrin
1bd4d39136 bypass log filter on migrator 2019-03-25 15:20:54 -04:00
Kyle Spearrin
b2045b92b4 update depends on 2019-03-25 14:48:06 -04:00
Kyle Spearrin
3a1e24976b move migrator project to util 2019-03-25 13:23:50 -04:00
Kyle Spearrin
28884c3330 move migrations to migrator project 2019-03-25 13:21:05 -04:00
Kyle Spearrin
f7c6dcb067 depends on 2019-03-25 09:23:50 -04:00
Kyle Spearrin
ce9016acfb log to console is not quiet 2019-03-25 09:03:30 -04:00
Kyle Spearrin
7724109caa placeholders for random values 2019-03-15 11:19:52 -04:00
Kyle Spearrin
1adc6d04ed db password for stub 2019-03-15 11:13:35 -04:00
Kyle Spearrin
ff163a2859 cleanup 2019-03-15 11:10:18 -04:00
Kyle Spearrin
0f7963f79c stub install 2019-03-15 09:28:39 -04:00
Kyle Spearrin
b6f54324a5 quiet output for setup scripts 2019-03-12 10:26:14 -04:00
Kyle Spearrin
bae1884630 filter nulls from transaction gateway index 2019-03-08 16:57:14 -05:00
Kyle Spearrin
4bde147fc7 re-create UserCollectionDetails function 2019-03-08 07:56:25 -05:00
Kyle Spearrin
52e1ceace8 Revert "ignore xml comment warnings"
This reverts commit bca4f850a5.
2019-03-07 22:57:24 -05:00
Kyle Spearrin
faf26ce84f Revert "ignore xml comment warnings"
This reverts commit ec60be2f5d.
2019-03-07 22:57:11 -05:00
Kyle Spearrin
ec60be2f5d ignore xml comment warnings 2019-03-07 17:10:29 -05:00
Kyle Spearrin
bca4f850a5 ignore xml comment warnings 2019-03-07 17:09:29 -05:00
Kyle Spearrin
75f01a5774 collection externalId 2019-03-07 15:18:27 -05:00
Kyle Spearrin
00f3c476ae apis for getting user details 2019-03-05 23:22:43 -05:00
Kyle Spearrin
c4ac86d4f4 db changes for org api 2019-03-01 23:44:45 -05:00
Kyle Spearrin
897d913e57 fix paths in motd 2019-02-21 14:12:35 -05:00
Kyle Spearrin
f180f080f9 fabric updates 2019-02-21 13:53:38 -05:00
Kyle Spearrin
49fab18d40 DO fabric fixes 2019-02-21 13:10:35 -05:00
Kyle Spearrin
fa60241c9c do marketplace fabric scripts 2019-02-21 12:39:02 -05:00
Kyle Spearrin
3b951ce5cc update some libs 2019-02-14 15:33:51 -05:00
Kyle Spearrin
f70ececa9d get rid of premium renewal jobs for braintree 2019-02-14 10:18:27 -05:00
Kyle Spearrin
bc30f47331 is null, not = 2019-02-09 21:38:33 -05:00
Kyle Spearrin
44630e9728 handle transactions on paypal webhook 2019-02-01 22:22:08 -05:00
Kyle Spearrin
25f3b76e6b added transactions table 2019-01-31 16:45:01 -05:00
Kyle Spearrin
a07f37e093 ssl override, deprecate defaultCreds and authType 2019-01-22 21:28:56 -05:00
Kyle Spearrin
411e8a67f9 core => server updates 2019-01-18 22:20:05 -05:00
Kyle Spearrin
1a932de925 no longer need hibp in connect csp 2019-01-18 22:04:10 -05:00
Kyle Spearrin
ca22a007f6 noindex,nofollow 2019-01-17 16:45:53 -05:00
Kyle Spearrin
bc3013b82b robots noindex self-hosted web vault 2019-01-17 16:27:40 -05:00
Kyle Spearrin
4a38713c4b return twofactor enabled property on org users api 2018-12-19 11:48:36 -05:00
Kyle Spearrin
9a48e6f29a add twofactorauth.org to CSP 2018-12-12 10:16:02 -05:00
gruzilla
e83325dd09 adds EXPOSE 8080 to Dockerfile to be coherent to nginx default config (#403)
* adds EXPOSE 8080 to Dockerfile to be coherent to nginx default config

* adds EXPOSE 8443 to Dockerfile to be coherent to nginx default SSL config
2018-11-16 08:56:12 -05:00
Kyle Spearrin
32f686cba6 allow blobs in object-src CSP 2018-11-06 22:26:41 -05:00
Kyle Spearrin
f60d6d92f8 trim quotes from env file value 2018-11-06 16:31:11 -05:00
Kyle Spearrin
bb1860d861 read connection string from env file for migration 2018-10-31 23:32:22 -04:00
Kyle Spearrin
5136b191f1 com.bitwarden.project label to setup dockerfile 2018-10-31 10:00:18 -04:00
SoulSeekkor
8bd6d830e6 Updated to SQL CU12 and to use new Microsoft servers for docker image. (#384) 2018-10-25 16:19:30 -04:00
Kyle Spearrin
826f439618 fix org id in sproc 2018-10-22 14:39:42 -04:00
Kyle Spearrin
0b166a080e limit collection scope option when creating cipher 2018-10-22 14:09:55 -04:00
Kyle Spearrin
c710226223 set cipher id to limit collection scope 2018-10-22 10:15:03 -04:00
Kyle Spearrin
4e8a313d3d dont set userid on cipher if orgid is set 2018-10-22 10:06:05 -04:00
Kyle Spearrin
22033d075d increase group name length to 100 2018-10-22 09:34:26 -04:00
Kyle Spearrin
96b492fa07 apis for creating ciphers with org & collections 2018-10-19 12:07:31 -04:00
SoulSeekkor
976869c968 Fixed various typos. (#378) 2018-10-18 11:41:49 -04:00
Kyle Spearrin
45a77c8903 manager group user apis 2018-10-18 08:38:22 -04:00
Kyle Spearrin
33bfd12b7d apis for managing collection users 2018-10-17 22:18:03 -04:00
Kyle Spearrin
7db36e0005 api adjustments for manager role and collections 2018-10-17 14:58:45 -04:00
Kyle Spearrin
01d2306a07 update packages 2018-10-14 22:21:59 -04:00
Kyle Spearrin
5812915677 database maintenance jobs setup in admin 2018-10-09 10:12:27 -04:00
Kyle Spearrin
59279b4990 bump docker image version refs 2018-10-08 16:14:22 -04:00
Kyle Spearrin
7176e0ea22 update packages 2018-10-05 14:05:52 -04:00
Kyle Spearrin
c16825f8be check if has port, resolves #365 2018-09-26 16:53:37 -04:00
Kyle Spearrin
7164f378fc purge org vault 2018-09-25 09:12:50 -04:00
Kyle Spearrin
fd8f5be117 new line 2018-09-17 15:18:49 -04:00
Kyle Spearrin
5d9804bded added more info to warning 2018-09-17 15:00:29 -04:00
Kyle Spearrin
ce309c27d4 update to aspnet 2.1.4 2018-09-11 13:29:34 -04:00
Kyle Spearrin
fceef7133e touch more cron files to fix hardlinks 2018-09-05 11:47:57 -04:00
Kyle Spearrin
6a75a60a36 learn more about docker volumes 2018-09-04 08:21:49 -04:00
Kyle Spearrin
34a7bcdc1b move config class out to its own file 2018-09-03 21:12:24 -04:00
Kyle Spearrin
6b8fdc1a98 add X-Frame-Options specifically 2018-08-31 22:37:49 -04:00
Kyle Spearrin
b2d63b2383 reassign security headers 2018-08-31 17:02:49 -04:00
Kyle Spearrin
9eae04a9c7 dont ignore new security header conf 2018-08-31 13:00:45 -04:00
Kyle Spearrin
aeca706302 include security headers 2018-08-31 12:55:54 -04:00
Kyle Spearrin
566471cae8 enabled X-Frame-Options header 2018-08-31 12:16:36 -04:00
Kyle Spearrin
d4c35a98b7 allow configurable ssl protocols and ciphersuites 2018-08-31 12:11:44 -04:00
Kyle Spearrin
7a6d09a28e refs and installation complete message 2018-08-31 09:16:01 -04:00
Ndr
f0ca4450d7 Move nginx.pid to directory with write permission (#350)
* Moving nginx.pid in /var/run/nginx

/var/run/nginx is owned by our application user, allowing it to delete nginx.pid

* Update nginx.pid filepath
2018-08-31 08:10:56 -04:00
Kyle Spearrin
477d665104 compose version config variable 2018-08-30 23:32:18 -04:00
Kyle Spearrin
edac914ebd update comments 2018-08-30 23:06:40 -04:00
Kyle Spearrin
053a89fdb0 cleanup comments 2018-08-30 22:46:51 -04:00
Kyle Spearrin
a3744facc7 remove install complete message 2018-08-30 22:36:45 -04:00
Kyle Spearrin
c87ce222eb contains checks for nginx conf config.yml build 2018-08-30 22:30:31 -04:00
Kyle Spearrin
5a44ce4f0e fix compose template indention 2018-08-30 16:40:06 -04:00
Kyle Spearrin
69605fab5b rebuild instructions 2018-08-30 16:09:18 -04:00
Kyle Spearrin
310e6bcf61 convert setup to use config.yml 2018-08-30 11:35:44 -04:00
Kyle Spearrin
c41a1e0936 CanAccessPremium checks instead of User.Premium 2018-08-28 16:23:58 -04:00
Kyle Spearrin
816bf1546e global.env for all aspnet containers 2018-08-24 16:28:49 -04:00
Kyle Spearrin
53caacb870 fix availablecollections queries for groups join 2018-08-23 23:46:18 -04:00
Kyle Spearrin
a275af6366 proxy_pass to /hub 2018-08-21 12:47:13 -04:00
Kyle Spearrin
43eaedeee4 proxy headers for websockets 2018-08-21 12:43:18 -04:00
Kyle Spearrin
7a5d3c3795 set connection header for signalr hub 2018-08-21 12:12:33 -04:00
Kyle Spearrin
fb92f67053 add websockets to CSP 2018-08-21 11:54:03 -04:00
Kyle Spearrin
ca3ecc0163 build and include notifications docker 2018-08-17 18:14:25 -04:00
Kyle Spearrin
1ffa712b75 more notification hub renames 2018-08-16 13:50:41 -04:00
Kyle Spearrin
28e6783a00 hub api notifications 2018-08-16 12:05:01 -04:00
Kyle Spearrin
ff01ce5ca7 internal identity authorization 2018-08-15 18:43:26 -04:00
Kyle Spearrin
580e9e51e5 remove mail and function projects 2018-08-14 22:09:41 -04:00
Kyle Spearrin
0932189ccb support for user defined kdf parameters 2018-08-14 15:30:04 -04:00
Kyle Spearrin
20f45ca2de update ssl ciphers to mozilla recommendations 2018-08-14 08:42:01 -04:00
Simon
f08ff966b0 Hardening nginx, allow TLSv1.2 with the most secure cipher suites only (#340)
* Hardening nginx, allow TLSv1.2 with the most secure cipher suites only

* Ciphers added to allow more browsers to connect
2018-08-14 08:37:24 -04:00
Kyle Spearrin
06d5b4af29 turn off database autoclose 2018-08-09 16:57:15 -04:00
Kyle Spearrin
5e0668077f special config for webVault 2018-08-07 15:04:11 -04:00
Kyle Spearrin
68bd755dc5 remove console log 2018-08-07 14:27:32 -04:00
Kyle Spearrin
de80139851 write path to console 2018-08-07 14:05:40 -04:00
Kyle Spearrin
36cf628a63 add static files caching 2018-08-07 12:49:00 -04:00
Kyle Spearrin
e6aaddaed1 switch kestrel back to libuv til bugs are fixed 2018-08-06 16:42:55 -04:00
Kyle Spearrin
fb2ee6aaea no longer need to provide netcoreapp flag 2018-08-06 09:11:27 -04:00
Kyle Spearrin
58d29cc4a8 consolidate some deps 2018-08-03 23:57:15 -04:00
Kyle Spearrin
3f0186f17a update mssql and nginx deps 2018-08-01 10:38:12 -04:00
Kyle Spearrin
1052951a96 restore on build. remove ps1 build scripts 2018-08-01 10:32:58 -04:00
Kyle Spearrin
61cda87574 update to .net / asp.net 2.1 2018-08-01 10:07:20 -04:00
Kyle Spearrin
0685023e1d update libs 2018-08-01 07:53:17 -04:00
Kyle Spearrin
6d22356caf allow gravatar in CSP 2018-07-30 23:56:09 -04:00
Kyle Spearrin
98fc54881b database tuning 2018-07-28 21:25:25 -04:00
Kyle Spearrin
545fb43dac improvements to collection user sproc 2018-07-23 10:31:45 -04:00
Kyle Spearrin
94c7fdebf5 device index and updated folder delete sproc 2018-07-23 09:52:22 -04:00
Kyle Spearrin
24aa0dc026 delete null creationdates too 2018-07-21 08:58:16 -04:00
Kyle Spearrin
941792bdd8 u2f db updates 2018-07-21 08:44:21 -04:00
Kyle Spearrin
4c399aaf0d new grant cleanup sproc 2018-07-20 23:08:10 -04:00
Mark Anthony Cianfrani
c227beb510 added basic constraints configuration for self signed certificates (#327) 2018-07-20 22:17:49 -04:00
Kyle Spearrin
05b1c1cf9b move all security headers to web vault location 2018-07-20 14:13:24 -04:00
Kyle Spearrin
0070d23dab csp is only for web vault 2018-07-20 14:11:20 -04:00
Kyle Spearrin
c4c0c81d14 null error output of cert copy 2018-07-19 17:33:53 -04:00
Kyle Spearrin
8c208d4d34 missing semicolon 2018-07-19 17:01:57 -04:00
Kyle Spearrin
dea76e8e01 wrap csp in quotes 2018-07-19 16:49:01 -04:00
Kyle Spearrin
511b1cbbb6 load ca certs on setup 2018-07-19 16:45:27 -04:00
Kyle Spearrin
b0aef93597 move script back and move userview update up 2018-07-19 16:22:30 -04:00
Kyle Spearrin
266fc579f2 cleanup installer. break apart update script 2018-07-19 16:01:54 -04:00
Kyle Spearrin
a66af41d2b csp header on nginx 2018-07-18 23:06:25 -04:00
Kyle Spearrin
61806cd8ac sql update script fixes 2018-07-17 21:41:16 -04:00
Kyle Spearrin
938b7f1230 premium renewal reminders job for braintree 2018-07-12 23:23:41 -04:00
Kyle Spearrin
476ee53931 add renewal reminder date prop to users 2018-07-12 17:35:01 -04:00
Kyle Spearrin
de552be25f apis for bulk sharing 2018-06-13 14:03:44 -04:00
Kyle Spearrin
ebb1f9e1a8 use temp tables for better execution plans 2018-06-12 13:24:13 -04:00
Kyle Spearrin
74874a1c38 return collection readonly details 2018-06-11 14:25:53 -04:00
Mart124
b3c48fd3fa Add a bitwarden label to docker images (#305)
* Add a bitwarden label to docker images

* Prefix label with reverse DNS
2018-06-09 08:17:16 -04:00
Kyle Spearrin
6f1f2305e3 sleep for 20 seconds between migrate re-tries 2018-05-31 22:11:08 -04:00
Mart124
92b08e6cf1 Rework service user (#299)
* Use user primary group if not root

* Do not run getent on MacOS

* Simplify UID/GID management

* Make uid.env backward compatible in run.sh

* Merge install.sh with run.sh to avoid duplicating code

Especially the UID/GID management one

* Generate correct OS name

* Be sure to keep old behavior for backward compatiblilty

* Get the colors back from install.sh
2018-05-31 12:05:26 -04:00
Kyle Spearrin
1ead0af77e update mssql to CU7 2018-05-29 08:19:34 -04:00
Mart124
8471f558e3 Improve mssql backups (#298)
* Improve mssql backups

* Launch DB backup at 23:59
2018-05-29 08:17:43 -04:00
Mart124
1b1ec7629b Workaround to disable mssql telemetry in DockerFile (#294) 2018-05-24 15:56:55 -04:00
Mart124
ffe5f37a64 Workaround to disable mssql telemetry (#293) 2018-05-24 15:36:46 -04:00
Kyle Spearrin
4dbea821a4 Revert "chown mssql.conf"
This reverts commit 3bd5a82afa.
2018-05-21 15:42:37 -04:00
Kyle Spearrin
8f13361705 set nsubjectAltName od self signed certs 2018-05-21 15:41:15 -04:00
Kyle Spearrin
3bd5a82afa chown mssql.conf 2018-05-21 14:09:04 -04:00
Kyle Spearrin
55afa2588a turn off telemetry.customerfeedback for mssql 2018-05-21 13:37:46 -04:00
Kyle Spearrin
6390a15835 Revert "explicitly disable app insights telemetry"
This reverts commit 819a4e031d.
2018-05-21 13:31:47 -04:00
Kyle Spearrin
819a4e031d explicitly disable app insights telemetry 2018-05-21 12:49:57 -04:00
Kyle Spearrin
619a00637d update location and state for generated certs 2018-05-17 10:41:22 -04:00
Kyle Spearrin
f5c9672370 get cipher by org id index 2018-05-11 08:31:29 -04:00
Kyle Spearrin
4e6e215d35 update more sprocs to use proper index 2018-04-25 13:55:47 -04:00
Kyle Spearrin
3a0622ca43 fix sproc 2018-04-24 21:56:58 -04:00
Kyle Spearrin
9067ac15de collection index 2018-04-24 21:27:51 -04:00
Kyle Spearrin
165ee97d2f refactor cipher queries by user. tuned indexing. 2018-04-24 12:48:43 -04:00
Kyle Spearrin
2c24e00bd7 update some libs 2018-04-17 22:36:30 -04:00
Kyle Spearrin
1fb3fbeacf Revert "update libs"
This reverts commit e7453bc036.
2018-04-17 08:11:08 -04:00
Kyle Spearrin
dead022e83 admin base uri setting, applied to login emails 2018-04-16 20:35:53 -04:00
Kyle Spearrin
ce92462041 fix uid comparisons 2018-04-16 16:26:08 -04:00
Kyle Spearrin
1dce0ccb83 fix if when no currentid 2018-04-16 16:09:08 -04:00
Kyle Spearrin
b7a2e47bd9 map host docker group id to containers 2018-04-16 15:30:07 -04:00
Kyle Spearrin
e7453bc036 update libs 2018-04-16 12:49:18 -04:00
Kyle Spearrin
0c7d969fcb always map mssql logs 2018-04-16 10:42:56 -04:00
Kyle Spearrin
389512d51e added org duo to 2fa flow 2018-04-03 14:31:33 -04:00
Kyle Spearrin
d1a47ba808 make user homedir with helper 2018-04-02 21:11:32 -04:00
Kyle Spearrin
a3b522a6b0 Revert "make bitwarden user home dir"
This reverts commit 40242a78e5.
2018-04-02 21:08:54 -04:00
Kyle Spearrin
40242a78e5 make bitwarden user home dir 2018-04-02 19:58:37 -04:00
Kyle Spearrin
367d3f65a6 use2fa org response 2018-04-02 17:20:06 -04:00
Kyle Spearrin
6bc9cbd761 regenerate OrganizationView 2018-04-02 14:55:17 -04:00
Kyle Spearrin
bcc224c02d stub out use2fa and twofactorproviders on orgs 2018-04-02 14:53:19 -04:00
Kyle Spearrin
efd6a89e34 Revert "lock windows at mssql cu2"
This reverts commit b703eeefdb.
2018-03-30 16:07:01 -04:00
Kyle Spearrin
998de639c0 Revert "1.18.0-CU2 for windows"
This reverts commit 2a1fcbaf9d.
2018-03-30 16:06:45 -04:00
Kyle Spearrin
2a1fcbaf9d 1.18.0-CU2 for windows 2018-03-30 14:41:02 -04:00
Kyle Spearrin
b703eeefdb lock windows at mssql cu2 2018-03-30 14:10:00 -04:00
Kyle Spearrin
7878362a51 note message var 2018-03-30 13:50:51 -04:00
Kyle Spearrin
818a668e3c move cert warnings to main 2018-03-30 13:48:26 -04:00
Kyle Spearrin
54aef8e8d3 self-signed ssl cert warning 2018-03-30 12:34:21 -04:00
Kyle Spearrin
a100d20cd7 add new apps to welcome email 2018-03-30 11:51:36 -04:00
Kyle Spearrin
617399c995 remove bottom !!!! 2018-03-30 10:29:24 -04:00
Kyle Spearrin
352b51dfb4 before running start 2018-03-30 10:27:31 -04:00
Kyle Spearrin
64cd0b8942 format long strings 2018-03-30 10:14:46 -04:00
Kyle Spearrin
5049f94d9b helpers and banner 2018-03-30 09:40:14 -04:00
Kyle Spearrin
b048dbcb6b trim question input 2018-03-30 09:25:54 -04:00
Kyle Spearrin
267aa020c6 input helpers 2018-03-30 09:23:33 -04:00
Kyle Spearrin
f2ecea0a17 update lib 2018-03-29 21:04:38 -04:00
Kyle Spearrin
6801da46e5 Comment capitalization 2018-03-29 15:41:27 -04:00
Kyle Spearrin
07fb676ded ssl mapped to 8443 2018-03-29 13:53:39 -04:00
Kyle Spearrin
05d00517ee move cert questions up 2018-03-29 13:43:52 -04:00
Kyle Spearrin
d2bdaa8baa load ca-certs for api and identity 2018-03-29 08:59:50 -04:00
Kyle Spearrin
4ce69dac2b internal api & vault urls. apply to version check 2018-03-29 08:45:04 -04:00
Kyle Spearrin
da970c2308 add ca-certificates 2018-03-28 23:47:43 -04:00
Kyle Spearrin
ec395ca0d2 only set https port if using ssl 2018-03-28 22:18:53 -04:00
Kyle Spearrin
c6f4996010 no ssl check on reverse proxy port 2018-03-28 22:07:51 -04:00
Kyle Spearrin
7de9b18aa6 update decision tree for non-ssl use cases 2018-03-28 21:18:10 -04:00
Kyle Spearrin
70aacb45e5 preserve MssqlDataDockerVolume 2018-03-28 16:34:16 -04:00
Kyle Spearrin
22bc85f651 drop json null checks from storage update procs 2018-03-28 13:43:33 -04:00
Kyle Spearrin
0e899d6317 new lines on warning 2018-03-28 12:25:14 -04:00