1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Commit Graph

4913 Commits

Author SHA1 Message Date
Justin Baur
1292736f54
[PM-7682] Add Explicit Reference to Microsoft.AspNetCore.DataProtection (#4010)
* Add Explicit Reference to Microsoft.AspNetCore.DataProtection

* Use Version That Doesn't Cause Downgrade

* Update src/Core/Core.csproj

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-07-11 12:02:42 -04:00
Conner Turnbull
5ccb4072a3
[AC-2766] famlies sponsorship upcoming invoice email (#4181)
* Getting the fresh invoice if the subscription was updated when validation the families sponsorship

* Getting fresh invoice after validation families sponsorship fails

* Also updating invoice line items
2024-07-11 15:51:04 +00:00
renovate[bot]
b6940f3184
[deps] Tools: Update MailKit to v4.7.0 (#4499)
* [deps] Tools: Update MailKit to v4.7.0

* Add explicit reference to System.Formats.Asn1 to address Microsoft Security Advisory CVE-2024-38095

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-07-11 17:33:25 +02:00
Alex Morask
a51e4c0a7c
Used PO ID instead of Org ID on accident (#4500) 2024-07-11 11:22:15 -04:00
Justin Baur
cf8ec4ed41
Add Explicit Version Reference for Azure.Identity (#4501)
* Explicit Bump to Azure.Identity

* Remove Change That Was Just For Testing
2024-07-11 11:12:34 -04:00
renovate[bot]
b1816b7af1
[deps] Tools: Update SignalR to v8.0.7 (#4497)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-11 16:16:49 +02:00
Rui Tomé
3bbac5693f
[AC-2824] Change DuplicateAuthRequestException to Inherit from BadRequestException for Correct 400 Status Code (#4470) 2024-07-11 14:46:18 +01:00
Matt Bishop
3540c2bf87
Remove ineffective Sonar cache (#4496) 2024-07-11 09:41:00 -04:00
renovate[bot]
491add3363
[deps] Tools: Update aws-sdk-net monorepo (#4498)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-11 15:37:53 +02:00
renovate[bot]
085fe88d23
[deps] Platform: Update dotnet monorepo to v8 (major) (#3745)
* [deps] Platform: Update dotnet monorepo to v8

* Bump Microsoft.Extensions.DependencyInjection.Abstractions

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2024-07-11 09:05:40 -04:00
Thomas Rittson
ca50eb8fe3
[AC-2741] Turn on BulkDeviceApproval feature for self-host (#4453)
Also remove the feature flagging on server, but keep definition
for old clients
2024-07-11 08:38:06 +10:00
Thomas Rittson
8f70dd98ba
[AC-2732] Remove AccessAll - Bump account revision date sprocs (#4490)
* Remove AccessAll logic from bump account revision date sprocs
and corresponding EF methods
2024-07-11 08:01:39 +10:00
Thomas Rittson
4ab608a636
[AC-2733] Remove AccessAll - misc sprocs (#4477)
Remove AccessAll logic from miscellaneous sprocs
and corresponding EF queries
2024-07-11 08:00:28 +10:00
renovate[bot]
fa5da784e3
[deps] DevOps: Update launchdarkly/find-code-references-in-pull-request action to v2 (#4486)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-10 19:54:06 +00:00
renovate[bot]
2b38c49ff6
[deps] DevOps: Update gh minor (#3368)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-10 15:47:20 -04:00
Matt Bishop
53ca95d20e
Optimize Sonar scans (#4488)
* Optimize Sonar scans

* Cache
2024-07-10 13:08:28 -04:00
Alex Morask
de1b5371b4
[AC-2849] Update organization autoscaling error message when managed by CB MSP (#4489)
* Update autoscaling error message for CB MSP organizations

* Run dotnet format

* Update error message per Product requirements
2024-07-10 10:16:51 -04:00
Bernd Schoolmann
79a5ed42d5
[PM-4154] Add PM-4154-bulk-encryption-service feature flag (#4091)
* Add multi-worker encryption service feature flag

* Rename flag to BulkEncryptionService
2024-07-10 10:01:26 -04:00
Conner Turnbull
9e78236a72
Removed automatic tax feature flag (#4487) 2024-07-10 07:32:41 -04:00
Vincent Salucci
ff8a436cd4
chore: remove UnassignedItemBanners feature flag and API endpoint, refs AC-2520 (#4461) 2024-07-09 15:59:41 -05:00
renovate[bot]
41135c866d
[deps] DbOps: Update EntityFrameworkCore to v8.0.7 (#4484)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-09 12:11:35 -04:00
Addison Beck
15e5b44649
Add a feature flag (#4483) 2024-07-09 16:32:47 +01:00
Thomas Avery
acc4808509
[SM-1256] Add BulkSecretAuthorizationHandler (#4099)
* Add AccessToSecretsAsync to the repository

* Add BulkSecretAuthorizationHandler

* Update controller to use the new authz handler

* Add integration test coverage
2024-07-09 10:06:33 -05:00
renovate[bot]
313eef49f0
[deps] Tools: Update aws-sdk-net monorepo (#4474)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-09 15:24:46 +02:00
Vince Grassia
4f9c80e317
BRE-194 - Remove old App Services from workflows (#4482) 2024-07-09 15:24:25 +02:00
Alex Morask
25dcdb8c04
Add members page FF (#4457) 2024-07-09 09:09:19 -04:00
Jake Fink
d85fbf9f01
only use Secure cookies if on a https connection (#4472) 2024-07-09 08:51:56 -04:00
Thomas Rittson
1525c10bfb
[AC-2731] Remove AccessAll - Collection and Cipher functions (#4469)
* Remove AccessAll logic from UserCollectionDetails and UserCipherDetails
  and EF equivalents
2024-07-09 13:50:40 +10:00
renovate[bot]
5c1a471cb0
[deps]: Update MessagePack to v2.5.171 (#4475)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-08 16:44:45 -07:00
Thomas Rittson
202dce3459
[AC-2730] Remove AccessAll - CollectionCipher (#4468)
Final removal of AccessAll logic in CollectionCipher sprocs. We had v2 sprocs already
containing this updated logic that were never used; copy the v2 logic back to the 
original sprocs so that we start using it. v2 sprocs will be dropped later.
2024-07-09 09:39:24 +10:00
Vincent Salucci
3f443ac49b
[AC-2662] Remove FC MVP from CurrentContext (#4460)
* chore: remove EditAssignedCollections from current context, refs AC-2662

* chore: remove DeleteAssignedCollections from CurrentContext, refs AC-2662

* chore: remove ViewAssignedCollections from CurrentContext, refs AC-2662
2024-07-08 14:40:35 -05:00
Justin Baur
b61b1eadaf
Devcontainer Improvements (#4466)
* Optionally Run `docker-compose`

* Use Traversal Projects Over Solution Files

* Cleanup VSCode Tasks

* Bind DataProtection Keys to Host

- Makes it so the container can be rebuilt without corrupting data

* Update .vscode/tasks.json

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-07-08 10:48:02 -04:00
Todd Martin
25cf61190a
Add key change fields to view in Bitwarden Portal (#4465) 2024-07-05 16:57:12 -04:00
Alex Morask
9c8a9f41fb
[AC-2804] Add client ID to provider client invoice report (#4458)
* Add client ID to provider client invoice report

* Run dotnet format
2024-07-05 10:12:03 -04:00
Justin Baur
8b5f65fc00
PM-2944] Make Entities Nullable In Admin Console (#4386)
* Enable `nullable` in `ISubscriber`

* Enable `nullable` in `Group`

* Enable `nullable` in `GroupUser`

* Enable `nullable` in `Organization`

* Enable `nullable` in `OrganizationUser`

* Enable `nullable` in `Policy`

* Enable `nullable` in `Provider`

* Enable `nullable` in `ProviderOrganization`

* Enable `nullable` in `ProviderUser`

* Update Tests

* Formatting

* Update TwoFactor Tests

* Fix Scim Tests

* Format

* Add Migrations

* Format
2024-07-04 21:14:37 -04:00
Thomas Rittson
7da37ee231
Drop unused CollectionRepository sprocs (#4455) 2024-07-05 09:43:31 +10:00
Justin Baur
8d1f6a9f66
[PM-2944] Update Null DB Constraints (#4459)
* Update Database Models

* Format
2024-07-03 16:21:25 -04:00
Justin Baur
b2df2e82dd
[PM-2944] Enable nullable For Billing Entities (#4390)
* Enable `nullable` For Billing Entities

* Remove .gitignore Change
2024-07-03 15:17:18 -04:00
Justin Baur
1d09b88ade
[PM-2944] Enable Nullable For Secrets Manager (#4389)
* Enable `nullable` for `ApiKey`

* Switch to Using `required`

* Make Scope Be Valid JSON

* Update test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Move Nullable Directive

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2024-07-03 15:17:10 -04:00
Justin Baur
6eb2a6e75d
[PM-2944] Make Entities Nullable On Unowned Types (#4388)
* Enable `nullable` For Collection

* Enable `nullable` For `CollectionCipher`

* Enable `nullable` For `CollectionGroup`

* Enable `nullable` For `CollectionUser`

* Enable `nullable` For `Device`

* Enable `nullable` For `Event`

* Enable `nullable` For `Folder`

* Enable `nullable` For `Installation`

* Enable `nullable` For `IRevisable`

* Enable `nullable` For `IStorable`

* Enable `nullable` For `IStorableSubscriber`

* Enable `nullable` For `ITableObject`

* Enable `nullable` For `OrganizationApiKey`

* Enable `nullable` For `OrganizationConnection`

* Enable `nullable` For `OrganizationDomain`

* Enable `nullable` For `OrganizationSponsorship`

* Enable `nullable` For `Role`

* Enable `nullable` For `TaxRate`

* Enable `nullable` For `Transaction`

* Enable `nullable` For `User`
2024-07-03 15:17:02 -04:00
Kyle Spearrin
0d3a7b3dd5
[PM-5518] Sql-backed IDistributedCache (#3791)
* Sql-backed IDistributedCache

* sqlserver cache table

* remove unused using

* setup EF entity

* cache indexes

* add back cipher

* revert SetupEntityFramework change

* ef cache

* EntityFrameworkCache

* IServiceScopeFactory for db context

* implement EntityFrameworkCache

* move to _serviceScopeFactory

* move to config file

* ef migrations

* fixes

* datetime and error codes

* revert migrations

* migrations

* format

* static and namespace fix

* use time provider

* Move SQL migration and remove EF one for the moment

* Add clean migration of just the new table

* Formatting

* Test Custom `IDistributedCache` Implementation

* Add Back Logging

* Remove Double Logging

* Skip Test When Not EntityFrameworkCache

* Format

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2024-07-03 12:48:23 -04:00
cd-bitwarden
b8f71271eb
[Sm-1197] - dupe guids (#4202)
* Show a more detailed error message if duplicate GUIDS are passed ot get by Ids

* Update test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Making requested changes to tests

* lint fix

* fixing whitespace

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-07-03 11:50:11 -04:00
Thomas Rittson
76f6e68a36
[AC-2799] Finalize sprocs that added the Manage permission (2 of 3) (#4452)
Update repository code to use non-v2 sprocs
2024-07-03 11:43:15 -04:00
Alex Morask
07d37b1b41
[AC-2805] Add AssignedSeats to ProviderOrganizationOrganizationDetailsView (#4446)
* Add 'AssignedSeats' to ProviderOrganizationOrganizationDetailsView

* Add newline

* Thomas' feedback
2024-07-03 10:33:37 -04:00
Thomas Rittson
ef44def88b
[AC-2810] Remove unused FlexibleCollections feature flag from CollectionCipher Repository (#4284)
Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync

This feature flag was never turned on and we will update the sprocs
directly as required.
2024-07-03 12:06:36 +10:00
Thomas Rittson
4e0a981b43
[AC-2809] Remove unused FlexibleCollections feature flag from Cipher Repository (#4282)
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync

This feature flag was never turned on and we will update the sprocs
directly as required.
2024-07-03 11:45:44 +10:00
Jared Snider
8471326b1e
Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
2024-07-02 17:03:36 -04:00
Thomas Rittson
da4f436a71
Delete unused CollectionRepository methods (#4283)
* these are unused after collection management improvements
  and are being removed to avoid maintaining
2024-07-03 06:12:48 +10:00
Addison Beck
b5d42eb189
Handle TDE enrollment case in put account recovery enrollment endpoint (#4449)
* Handle TDE enrollment case in put account recovery enrollment endpoint

* Use `ssoConfig` to derive if an organization is using TDE
2024-07-02 14:18:29 -05:00
SmithThe4th
c390a6b589
[AC-2679] Adding a revoked, invited member with Can Manage access does not resolve unmanaged collections (#4397)
* Added check for revoked users

* removed check for users as any user status with can manage access should hide the add access badge

* updated comments
2024-07-02 11:19:59 -04:00