* [AC-1344] Added method PutRestoreManyAdmin to CiphersController and refactored PutRestoreMany
* [AC-1344] Fixed unit test
* [AC-1344] Removed comment
* [AC-1344] Fixed sql.csproj
* [AC-1344] Added check for empty or null array; added more unit tests
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037)
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem
* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId
* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct
* Add SecretsManagerBilling feature flag to Constants
* [AC 1409] Secrets Manager Subscription Stripe Integration (#3019)
* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055)
* [AC 1460] Update Stripe Configuration (#3070)
* [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036)
* Create UpgradeSecretsManagerSubscription command
* [AC-1495] Extract UpgradePlanAsync into a command (#3081)
* This is a pure lift & shift with no refactors
* [AC-1503] Fix Stripe integration on organization upgrade (#3084)
* Fix SM parameters not being passed to Stripe
* [AC-1504] Allow SM max autoscale limits to be disabled (#3085)
* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086)
* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089)
* Revert changes to ReferenceEvent code (#3091)
This will be done in AC-1481
* Add UsePasswordManager to sync data (#3114)
* [AC-1522] Fix service account check on upgrading (#3111)
* [AC-1521] Address checkmarx security feedback (#3124)
* Reinstate target attribute but add noopener noreferrer
* Update date on migration script
---------
Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* Added region to customer metadata
* Updated webhook to filter out events for other DCs
* Flipped ternary to be positive, fixed indentation
* Updated to allow for unit testing andupdated tests
---------
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* [AC-1435] Automatically enable Single Org policy when selecting TDE
* [AC-1435] Add test for automatic policy enablement
* [AC-1435] Prevent disabling single org when account recovery is enabled
* [AC-1435] Require Single Org policy when enabling Account recovery
* [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org
* [AC-1435] Add test to verify single org policy is enabled for account recovery policy
* [AC-1435] Fix failing test
* Swagger fixes
Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com>
* Make Response Models return Guids instead of strings
* Change strings into guids in ScimApplicationFactory
---------
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Extract authorization from project delete command
* Support service account write access
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* SM-768: Update EFCore and related packages to >= 7.0
* SM-768: Update more packages for the EF 7 upgrade
* SM-768: Update the PostgreSQL package
* SM-768: Run dotnet restore --force-evaluate
* SM-768: Revert package upgrades for 3 projects
* SM-768: Update the dotnet-ef tool
* feat: add new command for updating request and emailing user, refs AC-1191
* feat: inject service with organization service collection extensions, refs AC-1191
* feat: add function to send admin approval email to mail services (interface/noop/handlebars), refs AC-1191
* feat: add html/text mail templates and add view model for email data, refs AC-1191
* feat: update org auth request controller to use new command during auth request update, refs AC-1191
* fix: dotnet format, refs AC-1191
* refactor: update user not found error, FirstOrDefault for enum type display name, refs AC-1191
* refactor: update user not found to log error instead of throws, refs AC-1191
* fix: remove whitespace lint errors, refs AC-1191
* refactor: update hardcoded UTC timezone string, refs AC-1191
* refactor: add unit test for new command, refs AC-1191
* refactor: improve enum name fallback and identifier string creation, refs AC-1191
* refactor: add addtional unit tests, refs AC-1191
* refactor: update success test to use more generated params, refs AC-1191
* fix: dotnet format...again, refs AC-1191
* refactor: make UTC display a constant for handlebars mail service, refs AC-1191
* refactor: update displayTypeIdentifer to displayTypeAndIdentifier for clarity, refs AC-1191
* Fix Setting Organization Folders
* Fix Formatting
* Added ReplaceAsync Test
* Fix SQL Server Test
* Update Replace Call Also
* Be Case Insensitive With Guids
* Fix Assignment to Cipher
* Add PasswordlessAuth Settings
* Update Repository Method to Take TimeSpan
* Update AuthRequest_DeleteIfExpired
- Take Configurable Expiration
- Add Special Cases for AdminApproval AuthRequests
* Add AuthRequestRepositoryTests
* Run Formatting
* Remove Comment
* Fix Bug in EF Repo
* Add Test Covering Expired Rejected AuthRequest
* Use Longer Param Names
* Use Longer Names in Test Helpers
* adding ability for service account to have write access
* Suggested changes
* fixing tests
* dotnet format changes
* Adding RunAsServiceAccountWIthPermission logic to ProjectAuthorizationhandlerTests
* Removing logic that prevents deleting and updating a secret. Adding Service Account logic to tests inside of secretAuthorizationhandlerTests.
* Removing Service Account from CanUpdateSecret_NotSupportedClientTypes_DoesNotSuceed because it is a supported client type now :)
* thomas sugested changes
* using Arg.Any<AccessClientType>() instead of default in tests
* merge conflict changes and code updates to remove service account tests that are outdated
* fixing tests
* removing extra spaces that lint hates
* health check services added
* health check extension added
* added get connection string
* made changes to hrslth check method
* Added database health check
* added identity server health check
* added identity server health check
* Added logger publisher
* latest changes
* removed file
* Added mail server check for dev
* Added authorization to health check url path
* commented
* Added exception to switch
* Removed exclude code coverage
* Added health check for redis
* Added todos
* Added storage queue checks
* Added checks for mail
* Removed unused references and fixed linting issue
* Lint issues
* Moved healthchecks to sharedWeb project and exposed builder as a parameter to configure more health checks based on a project
* Added health check to API project
* dependencies updated
* Removed ef core health check dependencies
* Added checks to only add a health check when the connection string exists, moved health check from startup to extension class
* Merged with master and fixed conflicts
* Fixed lint issues
* Added check for amazon ses
* merged with master
* fixed lint
* Removed Amazon SES health check
* Init ClientSecret migration
* Fix unit tests
* Move to src/Sql/dbo_future
* Formatting changes
* Update migration date for next release
* Swap to just executing sp_refreshview
* Fix formatting
* Add EF Migrations
* Rename to ClientSecretHash
* Fix unit test
* EF column rename
* Batch the migration
* Fix formatting
* Add deprecation notice to property
* Move data migration
* Swap to CREATE OR ALTER
* Include Member Decryption Type
* Make ICurrentContext protected from base class
* Return MemberDecryptionType
* Extend WebApplicationFactoryBase
- Allow for service subsitution
* Create SSO Tests
- Mock IAuthorizationCodeStore so the SSO process can be limited to Identity
* Add MemberDecryptionOptions
* Remove Unused Property Assertion
* Make MemberDecryptionOptions an Array
* Address PR Feedback
* Make HasAdminApproval Policy Aware
* Format
* Use Object Instead
* Add UserDecryptionOptions File
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Name the sm service account planId properly
* Update the secrets manager plan
* correcting the wrong amount for the seats
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* [AC-1192] Create new OrganizationAuthRequestsController.cs
* [AC-1192] Introduce OrganizationAdminAuthRequest model
* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository
* [AC-1192] Add new list pending organization auth requests endpoint
* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository
* [AC-1192] Make the response device identifier optional for admin approval requests
* [AC-1192] Add endpoint for bulk denying admin device auth requests
* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel
* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController
* [AC-1192] Secure new endpoints behind TDE feature flag
* [AC-1192] Formatting
* [AC-1192] Add sql migration script
* [AC-1192] Add optional OrganizationId column to AuthRequest entity
- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId
* [AC-1192] Format migration scripts
* [AC-1192] Fix failing AuthRequest EF unit test
* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability
* [AC-1192] Fix missing comma in migration file
* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive
* [AC-1192] Move request validation into helper method to reduce repetition
* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission
* [AC-1192] Introduce FeatureUnavailableException
* [AC-1192] Introduce RequireFeatureAttribute
* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController
* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column
* [AC-1192] More attempts to sync database migrations
* [AC-1192] Formatting
* [AC-1192] Remove unused reference to FeatureService
* [AC-1192] Change Id types from String to Guid
* [AC-1192] Add EncryptedString attribute
* [AC-1192] Remove redundant OrganizationId property
* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping
- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties
* [AC-1192] Remove OrganizationUser navigation property
* [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment
* [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment
* [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created
* [PM-1270] Removed unused method mock on unit test
* Move to access query for project commands
* Swap to hasAccess method per action
* Swap to authorization handler pattern
* Move ProjectOperationRequirement to Core
* Add default throw + tests
* Extract authorization out of commands
* Unit tests for authorization handler
* Formatting
* Swap to reflection for testing switch
* Swap to check read & reflections in test
* fix wording on exception
* Refactor GetAccessClient into its own query
* Use accessClientQuery in project handler
* Move keys into FreshDeskSettings class
* Add configurable custom fields for user and org
In FreshDesk we currently use the custom fields `cf_user` and `cf_org`.
- For the US instance these will be set to those values.
- For the EU instance these will likely be configured to `cf_user_eu` and `cf_org_eu`
* Fix file encoding
* Add region to notes
* Use customizable org field value in condition check
* [AC-621] Added possibility of adding users through SCIM to an Organization without a confirmed Owner
* [AC-621] Passing EventSystemUser argument for HasConfirmedOwnersExceptAsync in user delete actions by SCIM
* [AC-624] Removed EventSystemUser parameter from IOrganizationService.HasConfirmedOwnersExceptAsync
* [AC-621] Added IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync
* [AC-621] Updated OrganizationService.HasConfirmedOwnersExceptAsync to use IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync to check for any confirmed provider users
* [AC-621] Removed unused EventSystemUser parameters
* [AC-621] Refactored ProviderUserRepository.GetManyByOrganizationAsync to return ProviderUser objects
* [AC-621] Removed default parameter value for Status
* [PM-1879] Replaced JsonSerializer.Serialize with CoreHelpers.ClassToJsonData
* [PM-1879] Changed OrganizationService.SaveUserAsync to check Custom permissions
* [PM-1879] Added unit tests for saving Custom permissions using a Custom user
* [PM-1879] Added method OrganizationUser.GetPermissions to deserialize the Permissions property
* [PM-1879] Refactored ValidateCustomPermissionsGrant to return bool
* [PM-1879] Added unit test SaveUser_WithCustomPermission_WhenUpgradingToAdmin_Throws
* [AC-358] Add constant for grace period length
* [AC-358] Add SubscriptionExpiration to OrganizationLicense.cs and increment Current_License_File_Version
* [AC-358] Update org subscription response model
- Add new SelfHostSubscriptionExpiration field that does not include a grace period
- Add optional License argument to constructor for self host responses
- Use the License, if available, to populate the expiration/subscription expiration fields
- Maintain backwards compatability by falling back to organization expiration date
* [AC-358] Read organization license file for self hosted subscription response
* [AC-358] Decrement current license file version and add comment documenting why
* [AC-358] Clarify name for new expiration without grace period field
* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails
* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync
* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user
* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data
* [EC-787] Returning PolicyData on stored procedures
* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection
* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync
* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync
* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync
* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync
* [EC-787] Changed integration test to check for single result
* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete
* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails
* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser
* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync
* [EC-787] Removed 'OrganizationUserType' parameter from queries
* [EC-787] Formatted OrganizationUserPolicyDetailsCompare
* [EC-787] Renamed SQL migration files
* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json
* [EC-787] Refactored excluded user types for each Policy
* [EC-787] Updated dates on dbo_future files
* [EC-787] Remove dbo_future files from sql proj
* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync
* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType
* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-1145] Add TDE feature flag
* [AC-1145] Update .gitignore to ignore flags.json in the Api project
* [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData
* [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model
* [AC-1145] Automatically enable password reset policy on TDE selection
* [AC-1145] Remove references to obsolete KeyConnectorEnabled field
* [AC-1145] Formatting
* [AC-1145] Update XML doc reference to MemberDecryptionType
* Refactor AuthRequest Logic into Service
* Add Tests & Run Formatting
* Register Service
* Add Tests From PR Feedback
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
* Move to access query for project commands
* Swap to hasAccess method per action
* Swap to authorization handler pattern
* Move ProjectOperationRequirement to Core
* Add default throw + tests
* Swap to reflection for testing switch
* [PM-1188] move ef auth files to auth folder
* [PM-1188] rename ef models namespace
* [PM-1188] fix auth ef model imports
* [PM-1188] fix ef model usings
* Extract Import-Api endpoints into separate controller
Moved ciphers/import and ciphers/import-organization into new ImportController
Paths have been kept intact for now (no changes on clients needed)
Moved request-models used for import into tools-subfolder
* Update CODEOWNERS for team-tools-dev
* Move HibpController (reports) to tools
* Moving files related to Send
* Moving files related to ReferenceEvent
* Removed unneeded newline
* [EC-1070] Add API endpoint to retrieve all policies for the current user
The additional API endpoint is required to avoid forcing a full sync call before every login for master password policy enforcement on login.
* [EC-1070] Add MasterPasswordPolicyData model
* [EC-1070] Move PolicyResponseModel to Core project
The response model is used by both the Identity and Api projects.
* [EC-1070] Supply master password polices as a custom identity token response
* [EC-1070] Include master password policies in 2FA token response
* [EC-1070] Add response model to verify-password endpoint that includes master password policies
* [AC-1070] Introduce MasterPasswordPolicyResponseModel
* [AC-1070] Add policy service method to retrieve a user's master password policy
* [AC-1070] User new policy service method
- Update BaseRequestValidator
- Update AccountsController for /verify-password endpoint
- Update VerifyMasterPasswordResponseModel to accept MasterPasswordPolicyData
* [AC-1070] Cleanup new policy service method
- Use User object instead of Guid
- Remove TODO message
- Use `PolicyRepository.GetManyByTypeApplicableToUserIdAsync` instead of filtering locally
* [AC-1070] Cleanup MasterPasswordPolicy models
- Remove default values from both models
- Add missing `RequireLower`
- Fix mismatched properties in `CombineWith` method
- Make properties nullable in response model
* [AC-1070] Remove now un-used GET /policies endpoint
* [AC-1070] Update policy service method to use GetManyByUserIdAsync
* [AC-1070] Ensure existing value is not null before comparison
* [AC-1070] Remove redundant VerifyMasterPasswordResponse model
* [AC-1070] Fix service typo in constructor
* SM-695: Block create or update for admins on secrets outside of the org
* SM-695: Update test, org is required on project
* SM-695: Update tests to set matching org id in project
* SM-695: Ensure there is no more than 1 project connected to a secret, plus remove org admin check in the CreateSecretCommand.
* SM-695: Add integration tests for create and update secrets security fixes
* SM-695: Update Create and Update secret tests, a secret can only be in one project at a time
