1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00
Commit Graph

2573 Commits

Author SHA1 Message Date
Jake Fink
11aafac915
remove re-throws of exceptions, which clear the stack trace (#1760)
* remove re-throws of exceptions, which clear the stack trace

* remove whitespace
2021-12-16 15:35:07 -05:00
Oscar Hinton
23b0a1f9df
Run dotnet format (#1764) 2021-12-16 15:35:09 +01:00
Matt Gibson
e999f66a28
Send invites for both all collection and limited collection users (#1765)
* Send invites for both all collection and limited collection users

* Test all access and limited access invites

* Remove comment
2021-12-14 10:29:31 -06:00
Oscar Hinton
63f6dd9a24
Move request/response models (#1754) 2021-12-14 16:05:07 +01:00
Thomas Rittson
3ae573bd8d
Make optional ssoConfig fields nullable (#1752) 2021-12-14 20:02:22 +10:00
Vince Grassia
2ec10cfd2a
Standardize '/version' endpoint on all services (#1755) 2021-12-09 15:45:45 -05:00
Oscar Hinton
d3673cdc85
Remove support for PascalCase (Use camelCase in prod) (#1753) 2021-12-09 14:38:18 +01:00
Oscar Hinton
71c4b53999
Fix recursive call in TwoFactorWebAuthnDeleteRequestModel (#1750)
* Fix recursive call in TwoFactorwebAuthnDeleteRequestModel

* Add new befoer IEnumerable

* Use virtual and override
2021-12-08 12:43:21 -05:00
Matt Gibson
d7e92dae5b
Determine self hosted from global settings (#1744) 2021-12-07 10:52:36 -06:00
Matt Gibson
9177ad1ca8
Parse enqueued mail message model to object (#1742)
* Parse enqueued mail message model to object

The model of an MailQueueMessage is of type object to enable enqueueing
of any message. However, this means the we are not able to parse a
serialized json object back into the original object.
Provide the model type to enable this deserialization

* Use ExpandoObject for deserialized queue message model
2021-12-03 12:12:46 -06:00
Oscar Hinton
71229c2366
Streamline error message for removed user account with CME (#1741) 2021-12-02 18:38:27 +00:00
Matt Gibson
a70564cea8
Families for enterprise/fix new org sponsorship after deleted sponsored org (#1740)
* Sponsorship exists only if sponsored org is not null

* Replace existing sponsorship if necessary

* Update src/Core/Services/Implementations/OrganizationSponsorshipService.cs

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>

* Fix tests

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
2021-12-02 10:27:41 -06:00
Matt Gibson
dc3d70cf3a
Pay 0 cost invoices that have not been paid (#1739) 2021-12-01 14:41:05 -06:00
Matt Gibson
757927e02a
Null org, org user ids, and friendly name to indicate invalid, unused sponsorship state (#1738)
* Null org, org user ids, and friendly name to indicate invalid, unused sponsorship state

* Match EF queries to MSSQL sprocs
2021-12-01 14:34:56 -06:00
Daniel James Smith
ad18adf471
Migrate deprecated Microsoft.Azure.EventGrid to Azure.Messaging.EventGrid (#1731)
* Migrate from deprecated Microsoft.Azure.EventGrid to Azure.Messaging.EventGrid

* Fixed retrieval/parsing of EventGridEvents

* Fixed an issue where the events where not handled by the registered event handlers
2021-11-30 19:47:56 +01:00
Thomas Rittson
90a2a55438
Fix Stripe object lock timeouts (#1735)
* Fix Stripe object lock timeouts

* Move stripe config into globalSetting.stripe
* add MaxNetworkRetries config option with smart defaults

* Rename stripeApiKey to apiKey
2021-11-29 10:01:51 +10:00
Matt Gibson
8dffb27667
Families for enterprise/add sponsorship prevalidate (#1734)
* Add sponsorship prevalidate endpoint

* Test pre validate endpoint

* Fix tests

* Rename variable
2021-11-24 14:18:52 -06:00
Matt Gibson
fa3f1ad0ce
Null out sponsorship values when foreign key deleted (#1733)
This allows us to maintain record of sponsorships up
until they are explicitly removed. Fixes issues where removing
sponsorships from organizations with invalid sponsorships would error
2021-11-24 08:26:11 -06:00
Thomas Rittson
29d3e1fd2b
Fix null error when leaving organization (#1730)
* Fix null error when leaving organization

* Update tests
2021-11-22 19:55:25 +10:00
Thomas Rittson
7e3e87ed39
Update error message for leaving org with CME (#1729) 2021-11-22 08:22:28 +10:00
Matt Gibson
33edc8eba0
Families for Enterprise (#1714)
* Create common test infrastructure project

* Add helpers to further type PlanTypes

* Enable testing of ASP.net MVC controllers

Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.

* Workaround for broken MemberAutoDataAttribute

https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.

This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.

* WIP: Organization sponsorship flow

* Add Attribute to use the Bit Autodata dependency chain

BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.

Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.

* WIP: scaffolding for families for enterprise sponsorship flow

* Fix broken tests

* Create sponsorship offer (#1688)

* Initial db work (#1687)

* Add organization sponsorship databases to all providers

* Generalize create and update for database, specialize in code

* Add PlanSponsorshipType to db model

* Write valid json for test entries

* Initial scaffolding of emails (#1686)

* Initial scaffolding of emails

* Work on adding models for FamilyForEnterprise emails

* Switch verbage

* Put preliminary copy in emails

* Skip test

* Families for enterprise/stripe integrations (#1699)

* Add PlanSponsorshipType to static store

* Add sponsorship type to token and creates sponsorship

* PascalCase properties

* Require sponsorship for remove

* Create subscription sponsorship helper class

* Handle Sponsored subscription changes

* Add sponsorship id to subscription metadata

* Make sponsoring references nullable

This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons

* WIP: Validate and remove subscriptions

* Update sponsorships on organization and org user delete

* Add friendly name to organization sponsorship

* Add sponsorship available boolean to orgDetails

* Add sponsorship service to DI

* Use userId to find org users

* Send f4e offer email

* Simplify names of f4e mail messages

* Fix Stripe org default tax rates

* Universal sponsorship redeem api

* Populate user in current context

* Add product type to organization details

* Use upgrade path to change sponsorship

Sponsorships need to be annual to match the GB add-on charge rate

* Use organization and auth to find organization sponsorship

* Add resend sponsorship offer api endpoint

* Fix double email send

* Fix sponsorship upgrade options

* Add is sponsored item to subscription response

* Add sponsorship validation to upcoming invoice webhook

* Add sponsorship validation to upcoming invoice webhook

* Fix organization delete sponsorship hooks

* Test org sponsorship service

* Fix sproc

* Create common test infrastructure project

* Add helpers to further type PlanTypes

* Enable testing of ASP.net MVC controllers

Controller properties have all kinds of validations in the background.
In general, we don't user properties on our Controllers, so the easiest
way to allow for Autofixture-based testing of our Controllers is to just
omit setting all properties on them.

* Workaround for broken MemberAutoDataAttribute

https://github.com/AutoFixture/AutoFixture/pull/1164 shows that only
the first test case is pulled for this attribute.

This is a workaround that populates the provided parameters, left to
right, using AutoFixture to populate any remaining.

* WIP: Organization sponsorship flow

* Add Attribute to use the Bit Autodata dependency chain

BitAutoDataAttribute is used to mark a Theory as autopopulating
parameters.

Extract common attribute methods to to a helper class. Cannot
inherit a common base, since both require inheriting from different
Xunit base classes to work.

* WIP: scaffolding for families for enterprise sponsorship flow

* Fix broken tests

* Create sponsorship offer (#1688)

* Initial db work (#1687)

* Add organization sponsorship databases to all providers

* Generalize create and update for database, specialize in code

* Add PlanSponsorshipType to db model

* Write valid json for test entries

* Initial scaffolding of emails (#1686)

* Initial scaffolding of emails

* Work on adding models for FamilyForEnterprise emails

* Switch verbage

* Put preliminary copy in emails

* Skip test

* Families for enterprise/stripe integrations (#1699)

* Add PlanSponsorshipType to static store

* Add sponsorship type to token and creates sponsorship

* PascalCase properties

* Require sponsorship for remove

* Create subscription sponsorship helper class

* Handle Sponsored subscription changes

* Add sponsorship id to subscription metadata

* Make sponsoring references nullable

This state indicates that a sponsorship has lapsed, but was not able to
be reverted for billing reasons

* WIP: Validate and remove subscriptions

* Update sponsorships on organization and org user delete

* Add friendly name to organization sponsorship

* Add sponsorship available boolean to orgDetails

* Add sponsorship service to DI

* Use userId to find org users

* Send f4e offer email

* Simplify names of f4e mail messages

* Fix Stripe org default tax rates

* Universal sponsorship redeem api

* Populate user in current context

* Add product type to organization details

* Use upgrade path to change sponsorship

Sponsorships need to be annual to match the GB add-on charge rate

* Use organization and auth to find organization sponsorship

* Add resend sponsorship offer api endpoint

* Fix double email send

* Fix sponsorship upgrade options

* Add is sponsored item to subscription response

* Add sponsorship validation to upcoming invoice webhook

* Add sponsorship validation to upcoming invoice webhook

* Fix organization delete sponsorship hooks

* Test org sponsorship service

* Fix sproc

* Fix build error

* Update emails

* Fix tests

* Skip local test

* Add newline

* Fix stripe subscription update

* Finish emails

* Skip test

* Fix unit tests

* Remove unused variable

* Fix unit tests

* Switch to handlebars ifs

* Remove ending email

* Remove reconfirmation template

* Switch naming convention

* Switch naming convention

* Fix migration

* Update copy and links

* Switch to using Guid in the method

* Remove unneeded css styles

* Add sql files to Sql.sqlproj

* Removed old comments

* Made name more verbose

* Fix SQL error

* Move unit tests to service

* Fix sp

* Revert "Move unit tests to service"

This reverts commit 1185bf3ec8.

* Do repository validation in service layer

* Fix tests

* Fix merge conflicts and remove TODO

* Remove unneeded models

* Fix spacing and formatting

* Switch Org -> Organization

* Remove single use variables

* Switch method name

* Fix Controller

* Switch to obfuscating email

* Fix unit tests

Co-authored-by: Justin Baur <admin@justinbaur.com>
2021-11-19 17:25:06 -05:00
Oscar Hinton
be164967b3
Add usesKeyConnector to organizationUserUserDetailsResponseModel (#1726) 2021-11-19 15:04:23 +01:00
Thomas Rittson
cfd6123974
[Key Connector] Add event logging for first SSO login (#1724)
* Add null checks to fix logging from SSO controller

* Add FirstSsoLogin event logging
2021-11-19 07:42:35 +10:00
Oscar Hinton
6008715abc
Add check to ensure admins or owners arn't enrolled in key connector (#1725) 2021-11-18 21:56:13 +01:00
Thomas Rittson
2dc29e51d1
Fix bug preventing user from leaving org (#1721) 2021-11-18 21:15:22 +10:00
Thomas Rittson
9f96e4ce90
Disable EA Takeover if grantor uses Key Connector (#1718) 2021-11-18 07:47:43 +10:00
Oscar Hinton
f866b25e43
Key Connector feature toggle (#1716) 2021-11-17 11:46:35 +01:00
Thomas Rittson
cdb622d4aa
Add ApiUseKeyConnector flag to token response (#1710) 2021-11-16 06:54:28 +10:00
Thomas Rittson
e3143271d7
[Key Connector] Prevent user from leaving org (#1715)
* Block user from leaving org using Key Connector

* Add tests
2021-11-15 19:46:13 +10:00
Thomas Rittson
c2975b003d
[Key Connector] Fix policy checks and other pre-reqs (#1711)
* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector
2021-11-15 19:25:10 +10:00
Oscar Hinton
f1c41257b3
Allow disabling key connector if no user is enrolled (#1712) 2021-11-12 14:38:31 +01:00
Kyle Spearrin
77f9f5fe72
remove dynamic names from admin confirm dialogs (#1703) 2021-11-09 12:13:23 -05:00
Kyle Spearrin
327e784336
Added middleware for general security headers (#1700) 2021-11-09 11:37:14 -05:00
Kyle Spearrin
f26a235964
set MaxResponseContentBufferSize to 5 MB (#1702) 2021-11-09 11:32:23 -05:00
Kyle Spearrin
2f0638ce8c
sanitize notification hub tag inputs (#1697) 2021-11-09 11:25:18 -05:00
Kyle Spearrin
fcc1a4e10c
add missing csrf token validation to admin (#1696) 2021-11-09 11:22:08 -05:00
Kyle Spearrin
9582e94232
add ::ffff: to internal ip check (#1701)
* add ::ffff: to internal ip check

* check StartsWith
2021-11-09 11:16:54 -05:00
Oscar Hinton
fd37cb5a12
Add support for Key Connector OTP and account migration (#1663)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 16:37:32 +01:00
Kyle Spearrin
7cc7b84eaf
use fixed-time comparison of secrets (#1698) 2021-11-08 15:55:42 -05:00
Kyle Spearrin
5aa492e886
validate service url schema (#1695) 2021-11-08 11:47:03 -05:00
Oscar Hinton
1aa25f2712
Add checks for vault timeout policy (#1694) 2021-11-08 14:37:40 +01:00
Kyle Spearrin
10c5a29c47
Prevent XSS possibility from SSO SAML Service URLs (#1691)
* validate sso service urls for HTML meta chars

* also check for double quotes
2021-11-05 14:49:45 -04:00
Joseph Flinn
68e20fe649
Updating the swashbuckle package in Api (#1685) 2021-11-04 09:29:19 -07:00
Thomas Rittson
0cb8da2fd8
Add Field.LinkedId (#1617) 2021-11-04 07:27:15 +10:00
Thomas Rittson
e57bef6af4
Fix policy enforcement against invited users (#1680) 2021-11-03 07:08:13 +10:00
Justin Baur
4c9d9b248c
Fix bug in TaxInfo (#1682)
* Fixed bug in TaxInfo

* Added a few more tests to TaxInfoTests

* Added tests for HasTaxId
2021-11-01 12:13:31 -04:00
Matt Gibson
cb815c2f14
Allow managers to create self-assigned collections (#1672) 2021-10-27 13:06:23 -05:00
Matt Gibson
8f0115e62f
Check canScale when scaling for sso (#1661)
* Check canScale when scaling for sso

* PR review

Use AutoAddSeats to add seats in a consistent way.
This requires moving user check out of that method.

* User logic moved out of method
2021-10-25 10:19:37 -05:00
Oscar Hinton
c5d5601464
Add support for crypto agent (#1623) 2021-10-25 15:09:14 +02:00
Daniel James Smith
dea694193f
Add teams trial button to Edit Org Page (#1662)
* Add teams trial button to Edit Org Page

* Fix formatting
2021-10-25 14:28:17 +02:00
Vince Grassia
7da15af92f
Add New Relic monitoring package to Notifications project (#1643) 2021-10-22 10:22:25 -04:00
Matt Gibson
5d163eb5bd
Only check assigned collections if lacking privs for all (#1657) 2021-10-20 16:17:40 -05:00
Kyle Spearrin
de3f1005fc
add various status counts to org information (#1647) 2021-10-20 17:10:51 -04:00
Matt Gibson
216395f541
Create collections allows view all access (#1653)
* Create collections allows view all access

* Add missing permission to read users
2021-10-20 10:31:17 -05:00
Joseph Flinn
c04c4e6e4a
Bumping the SqlClient version (#1646) 2021-10-19 11:56:05 -07:00
Matt Gibson
5b1d8c723a
Early return default on null user (#1645)
Clearly, no known device exists for an unknown user.
2021-10-19 09:48:23 -05:00
Matt Gibson
18006591fc
Add autoscale to SSO auto provision (#1642) 2021-10-19 07:00:44 -05:00
Oscar Hinton
4fee17fdde
Add logic to handle providers password reseting users (#1632) 2021-10-14 17:44:20 +02:00
Oscar Hinton
964e262d44
Simplify development environment setup (#1588) 2021-10-13 19:30:03 +02:00
Matt Gibson
44f30e7948
Remove erroneous not (#1629) 2021-10-11 09:53:19 -05:00
Vince Grassia
fd6cdd019e
Update code to log to Azure Cosmos DB (#1624)
* Update code to log to Azure Cosmos DB using latest SDK.
2021-10-11 10:16:19 -04:00
Matt Gibson
8a5a371a8f
Allow bypass of captcha token if the device is known (#1626) 2021-10-08 18:59:35 -05:00
Joseph Flinn
ee7b608a46
revamping the build scripts (#1620) 2021-10-08 09:53:56 -07:00
വചൻ
00312716c2
Update web vault link on mail template (#1606)
* Update OrganizationUserAccepted.html.hbs

* Update OrganizationUserAccepted.html.hbs

* oops remove extra web vault
2021-10-07 08:11:59 -05:00
Matt Gibson
5a2d988375
Correct seat counts (#1621) 2021-10-07 08:05:02 -05:00
Oscar Hinton
f63a0711dc
Add some missing defaults to SSO Api (#1619) 2021-10-06 19:36:03 +02:00
Oscar Hinton
79447b6671
Remove Business Portal (#1614) 2021-10-06 10:39:13 +02:00
Matt Gibson
bd297fb7a2
SqlServer split manage collection permission (#1594)
* SqlServer split manage collection permission

* Clarify names

* Test claims generation

* Test permission serialization

* Simplify claims building

* Use new collections permissions

* Throw on use of deprecated permissions

* Lower case all claims

* Remove todos

* Clean nonexistent project from test solution

* JsonIgnore for both system and newtonsoft json

* Make migrations more robust to multiple runs

* remove duplicate usings

* Remove obsolete permissions

* Test solutions separately to detect failures

* Handle dos line endings

* Fix collections create/update permissions

* Change restore cipher to edit permissions

* Improve formatting

* Simplify map

* Refactor test
2021-10-05 11:12:05 -05:00
Kyle Spearrin
f58b9fcab4
uncomment to require auth-email header (#1604) 2021-09-30 11:24:29 -04:00
Matt Gibson
9de9be8f20
Only test canScale is an org needs to scale for an invite (#1608) 2021-09-28 15:18:44 -05:00
Oscar Hinton
63c8070b01
Add Stripe Adapter and IBraintreeGateway to DI (#1596) 2021-09-27 23:01:13 +02:00
Thomas Rittson
66629b2f1c
Refactor policy checks (#1536)
* Move policy checking logic inside PolicyService

* Refactor to use currentContext.ManagePolicies

* Make orgUser status check more semantic

* Fix single org user checks

* Use CoreHelper implementation to deserialize json

* Refactor policy checks to use db query

* Use new db query for enforcing 2FA Policy

* Add Policy_ReadByTypeApplicableToUser

* Stub out EF implementations

* Refactor: use PolicyRepository only

* Refactor tests

* Copy SQL queries to proj and update sqlproj file

* Refactor importCiphersAsync to use new method

* Add EF implementations and tests

* Refactor SQL to remove unnecessary operations
2021-09-28 06:54:28 +10:00
Matt Gibson
3d74f514ad
Early return zero or negative amount invoices (#1595)
Stripe handles these by immediately finalizing as paid and crediting
their account the appropriate amount.
2021-09-27 09:20:47 -05:00
Addison Beck
bccd7eb0ba
add web fonts directly to styles for web apps (#1598) 2021-09-24 15:55:18 -04:00
Matt Gibson
d39f45c81c
Organization autoscaling (#1585)
* Add autoscale fields to Organization

* Add autoscale setting changes

* Autoscale organizations

updates InviteUsersAsync to support all invite sources.

sends an email to org owners when organization autoscaled

* All organizations autoscale

Disabling autoscaling can be done by setting max seats to current seats.

We only warn about autoscaling on the first autoscaling event.

* Fix tests

* Bug fixes

* Simplify subscription update logic

* Void invoices that fail to delete

Stripe no longer allows deletion of draft invoices that were created as part of subscription updates. It's necessary to void out these invoices without sending tem to the client.

* Notify org owners when their subscription runs out of seats

* Use datetime for notifications

Allows for later re-sending email if we want to periodically remind
owners

* Do not update subscription if it already matches new quatity

* Include all migrations

* Remove unnecessary inline styling

* SubscriptionUpdate handles update decisions

* Remove unnecessary html setter

* PR review

* Use minimum access for class methods
2021-09-23 05:36:08 -05:00
Matt Gibson
62a0ca881f
Process collections client-side (#1591)
CollectionDetails is not an entity and so cannot be processed server-side
2021-09-21 13:18:11 -05:00
Joseph Flinn
cd321f2267
updating the dotnet framework for the eventsprocessor docker conatiner for the QA environment (#1590) 2021-09-20 13:44:38 -07:00
Oscar Hinton
c22e48c1b4
Resolve error when deleting an account connected to a provider (#1580) 2021-09-15 20:34:06 +02:00
Vincent Salucci
00332e72e4
[SSO Auto Enroll] Add API for auto enroll status retrieval (#1583)
* [SSO Auto Enroll] Add API for auto enroll status retrieval

* Add another user check to API

* Updated vague boolean name
2021-09-15 12:23:47 -05:00
Matt Gibson
97b27220dd
Use invoice to pay if subscription set to invoice (#1571)
* Use invoice to pay if subscription set to invoice

* Apply suggestions from code review

Co-authored-by: Addison Beck <abeck@bitwarden.com>

* PR review

Move to subscriber model for subscription updates.

Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-09-14 08:18:06 -05:00
Oscar Hinton
e070a0a5c1
Add policy for DisablePersonalVaultExport (#1577) 2021-09-13 11:20:53 +02:00
Thomas Rittson
d8e9357e74
Add Linked type to custom field types (#1540) 2021-09-13 16:34:26 +10:00
Vincent Salucci
c0f53d7371
[Reset Password] ForcePasswordReset in AuthResult (#1576) 2021-09-10 16:51:46 -05:00
Oscar Hinton
57dd6c7294
Retry quartz initialization (#1570) 2021-09-09 18:13:48 +02:00
Joseph Flinn
d07a68e3cc
Add configuration support for QA cloud environment (#1572)
* Adding a QA environment specific configuration

* separating the bitwarden environment and stripe environment checks

* adding a logging statement for the PayPal webhook key check

* adding more logging

* switched logging type

* Changing the log level on the PayPal webhook. Removing the debugging log from the Stripe Controller
2021-09-08 13:09:54 -07:00
Thomas Rittson
01f0b6184f
Enforce Personal Ownership policy when importing (#1565) 2021-09-08 07:20:05 +10:00
Oscar Hinton
18adbc9c74
Add Maximum Vault Timeout Policy (#1559) 2021-09-07 20:18:34 +02:00
Oscar Hinton
02866623f2
Add OrganizationUser_ReadByMinimumRole to Sql.sqlproj (#1555) 2021-09-07 15:42:44 +02:00
Thomas Rittson
8f27f21ce0
Remove stale SsoUser objects from database (#1560)
* Add SsoUser_ReadByUserIdOrganizationId

* Automatically reset stale/duplicate Sso links

* Fix typo

* Check for stale Sso link in existing user flow

* Delete any stale user record before provisioning new user

* Check for existing db query before creating

* PR feedback updates

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-09-03 10:54:41 -04:00
Matt Gibson
db0ef226c4
Fix stripe invoice time on seat adjust (#1564)
* Finalize and void subscription updates

Stripe does not allow deletion of invoices created as subscription updates.
Instead, finalize it and void it out without sending to the customer.

* Store and Restore invoice days until due

Currently, we're overwriting customer invoice lead times whenever they
attempt to update their seat count. Changes are now updated to previous
behavior after our seat adjustment work

* PR Comments
2021-09-03 08:55:29 -05:00
Daniel James Smith
f803e7664e
Updated nuget packages to use newest .Net 5.0.9 (#1547) 2021-09-01 11:36:37 +02:00
Vincent Salucci
f2520ed7be
[Reset Password] Enable force password reset (#1557) 2021-08-31 14:23:06 -05:00
Thomas Rittson
e1908cd6b5
Add support for international domain names (IDN) in email addresses (#1512)
* Adjust email address checking to handle unicode

* ASCII only in local part
* allow unicode in second-level and top-level domain

* Add PunyEncoding/Decoding methods and tests

* Use PunyEncoding for outbound email recipients

* Use MailKit for punycode, handle edge cases

* Punyencode all email addresses in mailServices

* Remove punyencoding from HandlebarsMailService

* Add to punyencoding tests

* Use more inclusive e-mail error

* Fix comment wording

* Apply StrictEmail checking to emergency access invite

* Remove punyDecode helper
2021-08-31 13:49:11 +10:00
Oscar Hinton
b815813dba
Remove providerUserRepository from currentContext in NotificationsHub. (#1549) 2021-08-30 18:19:46 +02:00
Thomas Rittson
4bc683c38d
Increase sales tax precision from 2 to 3 decimal places (#1525)
* Allow for tax rates with 3 decimal places

* Update input validation

* Increase precision of create procedure
2021-08-24 06:52:59 +10:00
Oscar Hinton
bc003c4449
Add support for managing organizations through providers using the business portal (#1521) 2021-08-23 07:32:29 -05:00
Luc
74218d4639
Include admin reset on trial (#1530)
Objective
The "Enterprise Trial button" was missing the admin reset feature on press. Add the checkbox to selected features when pressed.

Code Changes
Add checked property for UseResetPassword
2021-08-20 15:57:50 -04:00
Thomas Rittson
a735bdd027
Fix sales tax error if using PayPal or credit (#1524)
Add sales tax information to previewInvoice, which is used to calculate
the amount of the PayPal or account credit charge. Without this, the
charged amount and Stripe subscription amounts are different and throws
an error.
2021-08-19 15:21:06 +10:00
Addison Beck
4400fdf57d
changed the value of the DirectorySynced event (#1520) 2021-08-17 16:19:15 -04:00
Oscar Hinton
34995ead1f
Refactor email template to resolve logo not being centred (#1516) 2021-08-17 20:54:06 +02:00
Addison Beck
4645914383
Reference Events Fixups (#1518)
* made salesAssistedTrialStarted nullable

* removed conditional logic surrounding directory sync events

* changed the value of the CipherCreated reference event enum
2021-08-17 13:12:55 -04:00
Matt Gibson
1779d33a66
Verify Send file does not exist before saving file (#1515)
* Verify Send file does not exist before saving file

* Fix flaky test
2021-08-17 08:37:00 -05:00
Matt Gibson
48aa54949b
Allow api key as captcha token (#1513)
This allows legitimate users to permanently bypass captcha once
they've successfully logged in. Will allow unmonitored scripts more
resilience to captcha requirements
2021-08-13 08:52:52 -05:00
Addison Beck
824645250e
toggled the force password reset flow off (#1510)
* toggled the force password reset flow off

* Update UserService.cs
2021-08-12 13:09:08 -04:00
Addison Beck
f55708d748
built out the organization edit event from the admin portal (#1508)
* built out the organization edit event from the admin portal

* removed unneeded override

* added some space

* fixed the space
2021-08-11 12:44:30 -04:00
Thomas Rittson
eb6aaad57a
Use RequestSizeLimit for all file upload endpoints (#1507)
* Enforce upload size limits via RequestSizeLimit instead of if statements
* 101mb limit for legacy uploads, 501mb limit for all other
* Only allow v2 local storage for self-hosted instances
2021-08-11 08:14:28 +10:00
Thomas Rittson
f92628fb80
Use UrlB64 encoding for auth-email header (#1503) 2021-08-11 06:21:46 +10:00
Vince Grassia
179543d790
Add 'alive' endpoint to Admin and Identity services (#1505)
* Add 'alive' endpoint to Admin and Identity services

* Move 'alive' endpoint for Admin to Home Controller
2021-08-10 15:29:13 -04:00
Addison Beck
7928b25796
Added Several New Reference Events (#1500)
* added enum values for new events

* hooked up directory sync event

* upgraded the OrganizationUpgrade ReferenceEvent

* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization

* Added metadata to the AdjustedSeats event

* Implemented vaultImported event

* Implemented FirstGroupAdded event

* Implemented FirstCollectionAdded event

* Implemented FirstSecretAdded event type

* Implemented SalesAssisted reference event

* changed events to match updated requirements

* renamed an event enum
2021-08-10 14:38:58 -04:00
Joseph Flinn
2e1df91232
Update qa env (#1504)
* deploying directly to the production slot of the App Service

* Update Azure Service Bus package

* adding a app service shutdown to qa

* reverting QA env deploy change

* Update qa-deploy workflow with debugging statement

* Disable start/stop in QA deploy workflow

* Fix UserKdf and UserApiKey migrations to only update null values (#1494)

* Add proper New Relic NuGet package for .NET 5

* Test NewRelic changes

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2021-08-10 11:15:16 -07:00
Matt Gibson
842a1c2e37
Tweak provider views (#1499)
* Add Organizations to provider views

Remove enabled/disabled toggle from provider. It's currently not used.

* Remove provider Delete

There are implications to deleting providers on the organizations they manage.
We want to think through this flow before allowing delete from the
admin portal.

* Use toastr to display production exception messages.

Update build actions to upgrade npm to v7.

Use a custom error handler in production which displays a toast of the
exception message and redirect to the offending page

* Clarify provider create error message
2021-08-10 11:28:00 -05:00
Matt Gibson
5dc6013e37
Provider qa feedback (#1501)
* Title case buttons

* Throw if provider tries to add a non-business organization

* Allow only one admin OR owner roll in a free org per user

Boolean operators were not properly assocated
and ownership of an org was precluding confirmation into any other
organization

* Limit email length

* Require email domain with top level domain

* Do not allow email domains to end in invalid characters

* Fix free org tests
2021-08-10 11:16:10 -05:00
Addison Beck
b726b08ea1
added a status check to the read by minimum role proc (#1498) 2021-08-10 06:59:54 -04:00
Vincent Salucci
53a93ffcea
[Reset Password v1] Updated force password reset models (#1492) 2021-08-05 13:00:24 -05:00
Addison Beck
152f1f7a9b
Allow Resending Provider Setup Emails From The Admin Portal (#1497)
* Added a button for resending provider setup emails

* Fixed a case typo in a stored procedure

* Turned a couple lines of code into a method call

* Added service level validation against inviting users for MSP invites

* Code review improvements for provider invites

created a factory for provider user invites

wrote tests for provider invite permissions"

* changed a few exception types
2021-08-05 10:39:05 -04:00
Matt Gibson
cfc7fa071b
Record when a provider user accesses a clients vault (#1496)
* Record when a provider user accesses a clients vault

* Do not allow removal from provider unless owner exists

* PR Review

* Null safe event processing
* append `Async` to async methods
2021-08-05 07:50:41 -05:00
Thomas Rittson
b1ed6d2c21
Fix upload limits for direct uploads (again) (#1479)
* Use constants to represent file size limits

* Allow uploads of up to 500mb for self-hosted

* Set nginx max body size to 505mb

* Add reminder about updating nginx/proxy.conf
2021-08-04 09:00:30 +10:00
Matt Gibson
f37c87c0e1
Change display name of provider view properties (#1491)
Note, ProviderAdmin info section is being updated in another PR
2021-08-02 13:19:26 -05:00
Matt Gibson
282d6a9007
Change set up to two words (#1490) 2021-08-02 11:20:04 -05:00
Thomas Rittson
8d2b36d187
Fix conflicting group permissions (#1473)
* Return collection with highest permission levels

* Revert "Return collection with highest permission levels"

This reverts commit 06e0f3b73e.

* Combine duplicate collectionDetails

* Update EF to combine duplicate CollectionDetails

* Delete unneeded using statements
2021-08-02 11:49:27 +10:00
Thomas Rittson
28df4fddb7
Support RSA 4096 keys in password history (#1407)
* Support RSA 4096 keys in password history

* Increase password length to 5000 for RSA4096 keys
2021-08-02 11:39:43 +10:00
Matt Gibson
2298c96e30
Invite Client owner at time of client org creation (#1488) 2021-07-30 08:10:58 -05:00
Matt Gibson
71daef2588
Always enable events for providers (#1487) 2021-07-27 15:44:54 -05:00
Oscar Hinton
eb846f7627
[Provider] Resolve email not being url encoded (#1483) 2021-07-23 10:22:59 +02:00
Oscar Hinton
792fb377dd
[Provider] Prevent including pending organizations in SyncResponse (#1482) 2021-07-22 22:18:34 +02:00
Thomas Rittson
757102fd96
Fixes for StrictEmailAddressAttribute (#1474)
* Use StrictEmail validation for changing email

* Add trailing symbols to illegal chars in emails

* Add semicolon as always illegal

* Replace regex with MimeKit parsing, add unit test

* Add more unit tests

* Fix linting
2021-07-23 05:59:10 +10:00
Matt Gibson
7a135ae7cd
Protect user registration with captcha (#1480)
* Protect user registration with captcha

* PR feedback
2021-07-22 12:29:06 -05:00
Vincent Salucci
46fa6f6673
[Reset Password v1] Update Temporary Password API (#1481)
* [Reset Password v1] Update Temporary Password API

* Fixed Noop interface
2021-07-22 09:20:14 -05:00
Matt Gibson
8e1e2fa2fe
Feature/sync Enable hcaptcha on login (#1469)
* Share globalSettings hcaptcha public key with clients

* Require captcha valid only prior to two factor

users with two factor will have already solved captcha is necessary.
Users without two factor will have`TwoFactorVerified` set to false

* Do not require CaptchaResponse on two-factor requests

* Add option to always require captcha for testing purposes

* Allow for self-hosted instances if they want to use it

* Move refresh suggestion to correct error

* Expect lifetime in helper method

* Add captcha bypass token to successful captcha validations

* Remove twofactorValidated

* PR Feedback
2021-07-21 13:42:06 -05:00
Oscar Hinton
259bf8d760
Add events for Creating, Adding and Removing ProviderOrganizations (#1475) 2021-07-21 19:40:38 +02:00
Vincent Salucci
4e486e5f5d
[Reset Password v1] Update DB for Forced Reset (#1467)
* [Reset Password v1] Force Temp Password Changes

* Updated EF migrations/scripts

* Updating user sprocs with default bit value
2021-07-21 11:47:11 -05:00
Addison Beck
8e97b924d4
addressed bugs and concerns around special characters in email templates (#1478)
* addressed bugs and concerns around special characters in email templates

* Modified email sanitization rules
2021-07-21 12:43:28 -04:00
Joseph Flinn
f1238d7b4a
Increasing production log level (#1477)
* increasing the log levels on all of the services to prevent logging successes

* resetting the default logging and adding in constraints in logging in Production
2021-07-21 09:15:59 -07:00
Oscar Hinton
19c2b025d1
[Provider] Include disabled providers in sync response (#1471) 2021-07-19 19:50:29 +02:00
Addison Beck
745068686b
Add Expiration Date To Organization Invite Emails (#1466)
* Added an expiration date to the organization user invite email

* Added a period

* moved property assignment around

* fixed date offset
2021-07-16 14:17:24 -04:00
Addison Beck
5ec37b96b4
Organization User Accepted Invite Email Notifications (#1465) 2021-07-16 13:49:27 -04:00
Thomas Rittson
7abb053914
Refactor email attributes (#1458)
* Add StrictEmailAddress attribute

* Remove duplicate checks, use attributes instead

* Rename EmailAddressListAttribute
2021-07-16 08:01:51 +10:00
Oscar Hinton
f6ebb20847
[Provider] Add support for events (#1447) 2021-07-15 16:37:27 +02:00
Oscar Hinton
8ac2dc50af
[Provider] Send email on removal (#1463) 2021-07-15 16:37:16 +02:00
Kyle Spearrin
9bb29e08a9 delete old postgres work that was never used 2021-07-12 09:58:36 -04:00
Addison Beck
4a828ad440
Migration Fix (#1448)
* created stubs for missing ef provider methods

* fixed the initial postgres migration
2021-07-08 19:46:13 +00:00
Addison Beck
b13dda2799
Postgres & MySql Support For Self-Hosted Installations (#1386)
* EF Database Support Init (#1221)

* scaffolding for ef support

* deleted old postgres repos

* added tables to oncreate

* updated all the things to .NET 5

* Addition to #1221: Migrated DockerFiles from dotnet/3.1 to  5.0 (#1223)

* Migrated DockerFiles from dotnet/3.1 to  5.0

* Migrated SSO/Dockerfile from dotnet 3.1 to 5.0

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* EFDatabaseSupport: Updated links and description in README.md and SETUP.md (#1232)

* Updated requirements in README.md

* Updated link to documentation of app-secrets

* upgraded dotnet version to 5.0

* Ef database support implementation examples (#1265)

* mostly finished testing the user repo

* finished testing user repo

* finished org, user, ssoconfig, and ssouser ef implementations

* removed unused prop

* fixed a sql file

* fixed a spacing issue

* fixed a spacing issue

* removed extra database creation

* refactoring

* MsSql => SqlServer

* refactoring

* code review fixes

* build fix

* code review

* continued attempts to fix the the build

* skipped another test

* finished all create test

* initial pass at several repos

* continued building out repos

* initial pass at several repos

* initial pass at device repo

* initial pass at collection repo

* initial run of all Entity Framework implementations

* signup, signin, create/edit ciphers works

* sync working

* all web vault pages seem to load with 100% 200s

* bulkcopy, folders, and favorites

* group and collection management

* sso, groups, emergency access, send

* get basic creates matching on all repos

* got everything building again post merge

* removed some IDE config files

* cleanup

* no more notimplemented methods in the cipher repo

* no more not implementeds everywhere

* cleaned up schema/navigation properties and fixed tests

* removed a sql comment that was written in c# style

* fixed build issues from merge

* removed unsupported db providers

* formatting

* code review refactors

* naming cleanup for queries

* added provider methods

* cipher repo cleanup

* implemented several missing procedures from the EF implementation surround account revision dates, keys, and storage

* fixed the build

* added a null check

* consolidated some cipher repo methods

* formatting fix

* cleaned up indentation of queries

* removed .idea file

* generated postgres migrations

* added mysql migrations

* formatting

* Bug Fixes & Formatting

* Formatting

* fixed a bug with bulk import when using MySql

* code review fixes

* fixed the build

* implemented new methods

* formatting

* fixed the build

* cleaned up select statements in ef queries

* formatting

* formatting

* formatting

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2021-07-08 16:35:48 +00:00
Vincent Salucci
be13eb153a
[Reset Password v1] - Make auto enrollment required when enabled (#1412)
* [Reset Password v1] - Make auto enrollment required when enabled

* Removed unnecessary imports
2021-07-08 10:48:43 -05:00
Oscar Hinton
feb3106f37
[Provider] Create and access child organizations (#1427) 2021-07-08 17:05:32 +02:00
Davis Templeton
a6128c781a
Fix minor typo in logging (#1444) 2021-07-08 12:40:47 +10:00
Oscar Hinton
8f0ef49d7f
Organization Service permission refactor fix (#1432) 2021-07-07 17:08:18 +02:00
Chad Scharf
898c7baf89
Fix queue message encoding for Azure (UTF-16 in XML) (#1439)
* Revert "Encode into b64 to avoid illegal xml encoding when sending to Azure (#1425)"

This reverts commit 2c9a5bb4ab.

* Azure queue to use base64 encoding universally

* Ensure byte size calc is using encoded byte count

* Remove message text extension from blockIP svc

* Remove unused using on blockIp hosted service
2021-07-07 10:49:59 -04:00
Thomas Rittson
908e1504af
Fix bulk fingerprints (#1442)
* Fix fingerprint phrases in bulk confirm modal

* Fix indentation
2021-07-07 20:21:52 +10:00
Matt Gibson
2c9a5bb4ab
Encode into b64 to avoid illegal xml encoding when sending to Azure (#1425)
* Encode into b64 to avoid illegal xml encoding when sending to Azure

* Revert "Encode into b64 to avoid illegal xml encoding when sending to Azure"

This reverts commit d50de941da.

* HtmlEncode strings if they use multi-byte characters

* Add serializer to event processor

* Rename to used class

* Formatting

* PR feedback
2021-07-02 16:11:33 -05:00
Thomas Rittson
86a12efa76
[send.key] Update send.key when account encryption key is rotated (#1417)
* Rotate send.key with account encryption key

* Update tests

* Improve and refactor style, fix typo

* Use null instead of empty lists

* Revert "Use null instead of empty lists"

This reverts commit 775a52ca56.

* Fix style (use AddRange instead of reassignment)
2021-07-02 06:27:03 +10:00
Matt Gibson
30ea8b728d
Split dev env settings to development settings file (#1424)
* Move dev urls to appsettings.Development.json

* Move bitwarden license dev urls
2021-07-01 11:11:02 -05:00
Matt Gibson
0cf0748086
Move localhost services settings to development settings file (#1423) 2021-07-01 09:04:30 -05:00
Oscar Hinton
a733257bc6
Refactor permission checks in OrganizationsService to use currentContext (#1420) 2021-07-01 14:31:05 +02:00
Oscar Hinton
43f7271147
[Provider] Setup provider (#1378) 2021-06-30 09:35:26 +02:00
Oscar Hinton
08f508f536
Extract single-org policy check to OrganizationService (#1410) 2021-06-30 09:21:41 +02:00
Matt Gibson
98415026b7
Avoid sql connection timeout (#1414)
* Creat TVP prior to opening sql connection

Data Table creation is slow. connection may be timing out while we create it.

* USe MARS-enabled connections to fix connection issue

https://github.com/dotnet/SqlClient/issues/54
2021-06-25 13:36:59 -05:00
Thomas Rittson
ee1223b8d3
Remove default request size limit for direct uploads (#1406)
* Remove default request size limit - direct upload

* Disable size limit for self-hosted attachments
2021-06-25 10:10:24 +10:00
Matt Gibson
61e41190b2
Creat TVP prior to opening sql connection (#1411)
Data Table creation is slow. connection may be timing out while we create it.
2021-06-24 18:40:46 -05:00
Matt Gibson
ee66d64c99
Avoid sql connection timeout (#1409)
* Read known emails to memory so we can close connection.

* Use ICollection as return

* Fix null reference if ip and date aren't set
2021-06-24 14:31:03 -05:00
Matt Gibson
601bf5416d Read known emails to memory so we can close connection. (#1408) 2021-06-24 09:38:33 -05:00
Vincent Salucci
15d863459e
[Reset Password] - BUG - Upgrade request model Keys null check (#1403) 2021-06-22 15:14:26 -05:00
Matt Gibson
b1d1607f50
Redefine cipher "share" to "move to organization" (#1401)
Do not imply users can share with organizations. Organizations share
with users. Users share _using_ organizations
2021-06-21 18:27:11 -05:00
Kyle Spearrin
d2e48a5c2c
hcaptcha validation on password login (#1398) 2021-06-16 12:47:41 -04:00
Oscar Hinton
1796b1dd8e
Disable launchBrowser launchSetting (#1400) 2021-06-16 18:36:23 +02:00
Justin Baur
58413e2ff0
Policy Service Tests (#1344)
* Added SsoConfigService tests

* Cleanup whitespace in SsoConfigServiceTests

* Work on PolicyServiceTests

* Refactor PolicyService to remove uneeded calls

* Implement Code Coverage

* Continued work on PolicyServiceTests

* Revert "Implement Code Coverage"

This reverts commit 4ada179ada.

* Fix PolicyServiceTests after rebasing

* Cleanup unused namespaces

* Added assertions that saving or logging of save aren't happening on exceptions
2021-06-11 10:33:32 -05:00
Vincent Salucci
b06462e90a
[Business Portal] BUG Fix localization (#1385) 2021-06-09 09:56:29 -05:00
Thomas Rittson
e2ff13aa14
Require valid Send-Id header for access requests (#1381)
* Require valid Send-Id header for access requests

* Require valid Send-Id header for Send file access

* Add ICurrentContext to Send controller test
2021-06-09 07:34:36 +10:00
Vincent Salucci
30611bd78b
[Reset Password] Fixed helper utility for org user updates (#1382) 2021-06-08 12:29:56 -05:00
Vincent Salucci
f6236bea6f
[Reset Password] Admin page updates (#1379) 2021-06-07 09:08:34 -05:00
Oscar Hinton
fe1ffb6a22
[Provider] Server entities and models (#1370)
* Mock out provider models and service

* Implement CreateAsync, CompleteSetupAsync, UpdateAsync, InviteUserAsync and ResendInvitesAsync

* Implement AcceptUserAsync and ConfirmUsersAsync

* Implement SaveUserAsync and DeleteUserAsync

* Add email templates

* Add admin operations for providers

* Fix mail template names

* Rename roles

* Verify provider has provideradmin

* Add self hosted check to admin controller

* Resolve review comments

* Update sql queries

* Change create provider to use email instead of userId
2021-06-03 18:58:29 +02:00
Jens Spanier
58954f161e
Fix attachments typo (#1374) 2021-06-02 12:12:17 -04:00
Matt Gibson
a7d700f1cb
Explicitly set quoted identifier on for problem objects (#1360) 2021-06-01 14:52:22 -05:00
Vince Grassia
99ed04552c
Fix directory issue in Api and Events Dockerfiles (#1371) 2021-06-01 13:46:39 -04:00
Kyle Spearrin
52dea4c2a4
commented code to validate auth-email header (#1361)
* commented code to validate auth-email header

* format comment more
2021-05-28 16:04:58 -04:00
Vince Grassia
21003c61ab
Update output directory for dotnet builds (#1358)
* Update output directory for dotnet builds

* Update Dotnet build output path
2021-05-27 12:16:12 -04:00
Vincent Salucci
c56dd04096
[Reset Password] Email template (#1353) 2021-05-26 16:54:25 -05:00
Vincent Salucci
d7f3507d44
[Reset Password] Added new event type for admin password reset (#1350) 2021-05-26 15:51:54 -05:00
Oscar Hinton
d4cf6d929a
Bulk Confirm (#1345)
* Add support for bulk confirm

* Add missing sproc to migration

* Change ConfirmUserAsync to internally use ConfirmUsersAsync

* Refactor to be a bit more readable

* Change BulkReinvite and BulkRemove to return a list of errors/success

* Refactor

* Fix removing owner preventing removing non owners

* Add another unit test

* Use fixtures for OrganizationUser and Policies

* Fix spelling
2021-05-25 19:23:47 +02:00
Thomas Rittson
93fd1c9c9a
Prevent sole owner from downgrading permissions (#1348) 2021-05-25 08:14:11 +10:00
Oscar Hinton
61307e11b0
Provider: Initial db structure (#1309)
* Initial db structure
2021-05-20 14:39:26 +02:00
Vincent Salucci
c7f88ae430
[Reset Password] Get/Post Org Keys and API updates (#1323)
* [Reset Password] Organization Keys APIs

* Updated details response to include private key and added more security checks for reset password methods

* Added org type and policy security checks to the enrollment api

* Updated based on PR feedback

* Added org user type permission checks

* Added TODO for email to user

* Removed unecessary policyRepository object
2021-05-19 09:40:32 -05:00
Thomas Rittson
982e26cbfd
"Auto-fill on page load" options (#986)
* add autofill on page load options to login models

* Remove autofillOnPageLoadOptions enum
2021-05-18 10:08:42 +10:00
Matt Gibson
6ace7daf53
Abbreviate long transaction names (#1339) 2021-05-17 14:30:56 -05:00
Oscar Hinton
2b6c5bcd31
Fix bulk api (#1335) 2021-05-17 20:07:41 +02:00
Matt Gibson
785e788cb6
Support large organization sync (#1311)
* Increase organization max seat size from 30k to 2b (#1274)

* Increase organization max seat size from 30k to 2b

* PR review. Do not modify unless state matches expected

* Organization sync simultaneous event reporting (#1275)

* Split up azure messages according to max size

* Allow simultaneous login of organization user events

* Early resolve small event lists

* Clarify logic

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Improve readability

This comes at the cost of multiple serializations, but the
 improvement in wire-time should more than make up for this
 on message where serialization time matters

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Queue emails (#1286)

* Extract common Azure queue methods

* Do not use internal entity framework namespace

* Prefer IEnumerable to IList unless needed

All of these implementations were just using `Count == 1`,
which is easily replicated. This will be used when abstracting Azure queues

* Add model for azure queue message

* Abstract Azure queue for reuse

* Creat service to enqueue mail messages for later processing

Azure queue mail service uses Azure queues.
Blocking just blocks until all the work is done -- This is
how emailing works today

* Provide mail queue service to DI

* Queue organization invite emails for later processing

All emails can later be added to this queue

* Create Admin hosted service to process enqueued mail messages

* Prefer constructors to static generators

* Mass delete organization users (#1287)

* Add delete many to Organization Users

* Correct formatting

* Remove erroneous migration

* Clarify parameter name

* Formatting fixes

* Simplify bump account revision sproc

* Formatting fixes

* Match file names to objects

* Indicate if large import is expected

* Early pull all existing users we were planning on inviting (#1290)

* Early pull all existing users we were planning on inviting

* Improve sproc name

* Batch upsert org users (#1289)

* Add UpsertMany sprocs to OrganizationUser

* Add method to create TVPs from any object.

Uses DbOrder attribute to generate.
Sproc will fail unless TVP column order matches that of the db type

* Combine migrations

* Correct formatting

* Include sql objects in sql project

* Keep consisten parameter names

* Batch deletes for performance

* Correct formatting

* consolidate migrations

* Use batch methods in OrganizationImport

* Declare @BatchSize

* Transaction names limited to 32 chars

Drop sproc before creating it if it exists

* Update import tests

* Allow for more users in org upgrades

* Fix formatting

* Improve class hierarchy structure

* Use name tuple types

* Fix formatting

* Front load all reflection

* Format constructor

* Simplify ToTvp as class-specific extension

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-05-17 09:43:02 -05:00
Oscar Hinton
7a7668b754
Add API for bulk removal of org users (#1320)
* Add API for bulk removal of org users

* Refactor OrganizationService, extract some common code.

* Add tests for DeleteUserAsync

* Add tests for DeleteUsers

* Formating

* Update test/Core.Test/Services/OrganizationServiceTests.cs

added a space

Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-05-17 10:10:44 +02:00
Oscar Hinton
4258076bae
Prevent error when using WebAuthn as non premium user (#1331) 2021-05-17 09:39:40 +02:00
Contribucious
785705342c
Add amazon.{pl,se} to Amazon equivalent domains (#1219) 2021-05-15 15:27:31 -04:00
chi
ebf12ecfca
Update EmergencyAccessConfirmed.html.hbs (#1329)
Corrected type in emergency access confirmation message body.
2021-05-14 18:19:46 -04:00
Justin Baur
0e1ab99e25
Cleanup Projects (#1324)
* Update bitwarden_license projects

* Added tests to verify resource names

* Remove unneeded assembly attributes

* Standardized namespace

* Remove .GetTypeInfo()
2021-05-13 17:14:56 -04:00
Kyle Spearrin
b150f5977e
add support for postal and multi service mail delivery (#1326)
* adds suppose for postal and multi service mail delivery

* adjust tags

* dont need settings checks in multi-service
2021-05-13 15:18:42 -04:00
Vincent Salucci
ae38c33e05
[Reset Password] Enterprise Policy (#1315)
* [Reset Password] Enterprise Policy

* Created UI for policy/edit policy // Updated TODOs for policy dependent checks

* Updated reset password data model field name to be more descriptive

* Update title to Master Password Reset

* Updated PoliciesModel, Policy Model spacing, and strings
2021-05-12 14:47:00 -05:00
Oscar Hinton
a47b86a995
Remove U2F APIs again (#1319)
* Revert "U2F (#1304)"

This reverts commit ce4f025a0c.

* Avoid removing WebAuthn fixes
2021-05-12 19:48:00 +02:00
Justin Baur
d21ca83a20
Add Directory.Build.props (#1314)
* Add Directory.Build.props

* Remove unneeded props
2021-05-12 13:03:21 -04:00
Oscar Hinton
cb9ed50248
Discourage user verification on WebAuthn enroll (#1322) 2021-05-12 18:46:35 +02:00
Oscar Hinton
e2f633dace
Bulk re-invite of org users (#1316)
* Add APIs for Bulk reinvinte

* Resolve review comments.
2021-05-12 11:18:25 +02:00
Matt Gibson
354ff6e2cb
Fix skip sso for apikey login (#1308)
* Improve mixing SSO login error

* Skip SSO requirement for API key logins

* Bypass MFA for apikey logins
2021-05-10 11:13:37 -05:00
Vincent Salucci
70ab5b25a1
[Reset Password] Organization Key Pair (#1292)
* [Reset Password] Organization Key Pair

* Fixed type in Organization_ReadAbilites sproc

* Fixed broken unit test by making sure premium addon was false

* Updated PublicKey decorator and removed unecessary validation
2021-05-06 14:53:12 -05:00
Oscar Hinton
cae204cb7c
Refactor WebAuthn IoC container (#1302)
* Refactor WebAuthn IoC container

* Move to AddDefaultServices
2021-05-06 10:17:12 +02:00
Chad Scharf
7cae9d5e47
Version bump, 1.41.2 (#1305) 2021-05-05 12:33:11 -04:00
Oscar Hinton
ce4f025a0c
U2F (#1304)
* Delete U2F tokens alongside WebAuthn

* Bring back u2f apis
2021-05-05 16:14:49 +02:00
Chad Scharf
fc146d27ce
Added fido2 registration to other services (#1299) 2021-05-04 23:43:16 -04:00
Oscar Hinton
6ada46f906
Fix password re-prompt not working in org view (#1296)
* Fix password reprompt not working in org view

* Also fix Cipher_UpdateWithCollections and CipherDetails_CreateWithCollections. Rename migration script
2021-05-04 20:36:35 +02:00
Oscar Hinton
2054e5a926
Password re-prompt (#1269)
* Add support for password re-prompt
2021-04-29 15:43:44 +02:00
Chad Scharf
17db94190e
Test 1: add acr_values return validation value (#1285)
* Part 1: add acr_values return validation value

* Update acr return value validation from OIDC specs

* acr validation prompt clarification
2021-04-27 15:17:03 -04:00
Matt Gibson
1bd515e8f0
Refuse upload renew if a file is validated (#1284)
Download should return regardless of file validation state
2021-04-26 14:36:06 -05:00
Vincent Salucci
477f679fc6
[Reset Password] Admin reset actions (#1272)
* [Reset Password] Admin reset actions

* Updated thrown except for permission collision

* Updated GET/PUT password reset to use orgUser.Id for db operations
2021-04-20 16:58:57 -05:00
Joseph Flinn
ba36afe69c
Adding the events processor container image (#1271) 2021-04-15 08:28:55 -07:00
Matt Gibson
b68c841e56
Move renew endpoint to fix overlapping endpoint issue (#1266) 2021-04-12 09:44:45 -05:00
Kyle Spearrin
83e68bce06
enable default appsettings for self hosted installs (#1263)
* enable default appsettings for self hosted installs

* change setters to use arrow functions

* fix tests

* fix global settings ref
2021-04-09 09:48:43 -04:00
Thomas Rittson
c1ceeace95
Require user to verify email to use file Send (#1262) 2021-04-08 06:42:12 +10:00
Matt Gibson
79f3dabaac
Throw if collection Id does not exist on the organization (#1259)
Otherwise, we're just saving strings for fun. This makes it clear the
user's specified collection won't do anything.
2021-04-05 15:20:13 -05:00
Vincent Salucci
7a35813dfd
[Reset Password] Manage Reset Password permission (#1252) 2021-04-05 09:45:17 -05:00
Thomas Rittson
4b98361684
Fix server 500 error when enabling 2FA policy from Portal (#1254)
* Fix illegal chars in senderTag

* add null check
2021-04-05 08:33:19 +10:00
Kyle Spearrin
597fa01344
job to delete trashed ciphers nightly (#1243)
* job to delete trashed items nightly

* remove script from migration project file

* admin setting for controlling trash deleting dates
2021-04-02 11:14:21 -04:00
Chad Scharf
1b8b9b7539
Email length in IdSv4 config needed to be 256 (#1255) 2021-04-01 10:56:55 -04:00
Oscar Hinton
10d9e6c687
Change UserVerificationRequirement to Discouraged (#1250) 2021-03-31 16:20:15 +02:00
Matt Gibson
022e404cc5
Attachment blob upload (#1229)
* Add Cipher attachment upload endpoints

* Add validation bool to attachment storage data

This bool is used to determine whether or not to renew upload links

* Add model to request a new attachment to be made for later upload

* Add model to respond with created attachment.

The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations

* Create Azure SAS-authorized upload links for both one-shot and block uploads

* Add service methods to handle delayed upload and file size validation

* Add emergency access method for downloading attachments direct from Azure

* Add new attachment storage methods to other services

* Update service interfaces

* Log event grid exceptions

* Limit Send and Attachment Size to 500MB

* capitalize Key property

* Add key validation to Azure Event Grid endpoint

* Delete blob for unexpected blob creation events

* Set Event Grid key at API startup

* Change renew attachment upload url request path to match Send

* Shore up attachment cleanup method.

As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
2021-03-30 18:41:14 -05:00
Anish Krishnaswamy
7b2273c46a
Adding logout message when logging out of business portal (#1249) 2021-03-30 16:55:29 -04:00
Daniel Brown
261916daf6
add stackapps.com in global equivalent domains (#1209)
stackapps.com belongs to Stack Exchange
see https://stackexchange.com/sites
2021-03-30 16:40:08 -04:00
Vincent Salucci
296e3d881d
[Reset Password] Enrollment API, Service, and Model updates (#1245)
* [Reset Password] Enrollment API, Service and Model updates

* Added conditional check for calling User's ID
2021-03-30 09:48:52 -05:00
Thomas Rittson
688cc00d48
Hide email address in Sends (#1234)
* Add send HideEmail to tables and models

* Respect HideEmail setting for Sends

* Recreate SendView to include new HideEmail column

* Enforce new Send policy

* Insert default value for new HideEmail column

* Delete c95d7598-71cc-4eab-8b08-aced0045198b.json

* Remove unrelated files

* Revert disableSendPolicy, add sendOptionsPolicy

* Minor style fixes

* Update SQL project with Send.HideEmail column

* unit test SendOptionsPolicy.DisableHideEmail

* Add SendOptionsPolicy to Portal

* Make HideEmail nullable, fix migrator script

* Remove NOT NULL constraint from HideEmail

* Fix style

* Make HideEmail nullable

* minor fixes to model and error message

* Move SendOptionsExemption banner

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-29 07:56:56 +10:00
Daniel James Smith
e6902179f8
Fixes: #1101 - Fixed ModelValidators and validation methods (#1242)
* Extend StringLength attributes for emails to 256 char

* Modified validations to check email lengths > 256
2021-03-25 14:21:23 -04:00
Matt Gibson
584d3e771c
Throw error if not enough seats available for a sync (#1241)
* BadRequest if a sync cannot be completed due to seat count

* Comment the reason for the suppressed exception
2021-03-25 08:42:04 -05:00
Chad Scharf
c09ae5f906
ReferenceEvent Rebilled missing data (#1240) 2021-03-24 15:27:16 -04:00
Matt Gibson
7e127cec13
Support encrypted RSA 4096 keys (#1236)
Testing showed 4096 keys with minimal comments resulted in 4680
characters. Round to 5000 for a buffer.
2021-03-23 16:40:28 -05:00
Vincent Salucci
0cfd50382d
[Reset Password] Update all existing tables/sprocs/migrator scripts (#1235) 2021-03-23 16:04:11 -05:00
Oscar Hinton
07f37d1f74
WebAuthn (#903) 2021-03-22 23:21:43 +01:00
Oscar Hinton
905b4b06da
Add identifiers to Triggers and Jobs (#1230) 2021-03-22 20:54:12 +01:00
curlew
455e4b25cf
Add protonmail/protonvpn global equivalent domains (#1224) 2021-03-22 11:08:34 -04:00
Matt Gibson
989d4df599
Direct upload to Azure/Local (#1188)
* Direct upload to azure

To validate file sizes in the event of a rogue client, Azure event webhooks
will be hooked up to AzureValidateFile.
Sends outside of a grace size will be deleted as non-compliant.

TODO: LocalSendFileStorageService direct upload method/endpoint.

* Quick respond to no-body event calls

These shouldn't happen, but might if some errant get requests occur

* Event Grid only POSTS to webhook

* Enable local storage direct file upload

* Increase file size difference leeway

* Upload through service

* Fix LocalFileSendStorage

It turns out that multipartHttpStreams do not have a length
until read. this causes all long files to be "invalid". We need to
write the entire stream, then validate length, just like Azure.

the difference is, We can return an exception to local storage
admonishing the client for lying

* Update src/Api/Utilities/ApiHelpers.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Do not delete directory if it has files

* Allow large uploads for self hosted instances

* Fix formatting

* Re-verfiy access and increment access count on download of Send File

* Update src/Core/Services/Implementations/SendService.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Add back in original Send upload

* Update size and mark as validated upon Send file validation

* Log azure file validation errors

* Lint fix

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2021-03-21 23:01:19 -05:00
Thomas Rittson
694347e8d3
Fix no licence expiration date on self-hosted (#1217)
* Use our expiration date if no next billing date

* Remove unnecessary null checks

* Remove null check
2021-03-19 08:05:57 +10:00
Daniel James Smith
aea85ea0eb
Fixes #1101: Extend email column length to 256 characters (MSSQL) (#1191)
* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - Installation

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - User

* Fixes bitwarden/server/#1101 - Extended length of BillingEmail column to 256 characters - Organization

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - OrganizationUser

* Fixes bitwarden/server/#1101 - Extended length of Email column to 256 characters - EmergencyAccess

* Fixes bitwarden/server/bitwarden#1101 - Fixed issues after PR review
2021-03-18 16:43:49 -04:00
Thomas Rittson
d0f7750650
Don't use dev licensing cert if self-hosted (#1216) 2021-03-18 07:21:00 +10:00
Daniel James Smith
0f7e8dc806
Fixes #1101: Extend email column length to 256 characters (Postgres) (#1192) 2021-03-12 14:28:30 -05:00
Thomas Rittson
df7a035d9b
Minor release version bump 1.40.0 (#1199) 2021-03-10 11:19:40 -05:00
Matt Gibson
a83cbf965e
MultiplartSectionBody streams have 0 length until read. (#1196) 2021-03-09 10:49:49 -06:00
Matt Gibson
7d5b835a79
Use Any from Linq, not internal Entity Framework Any (#1194) 2021-03-08 15:13:43 -06:00
Matt Gibson
edb13bbba8
Push syncs on Send Access (#1190)
* Push syncs on Send Access

* Revert "Push syncs on Send Access"

This reverts commit 6a3eb7af4f.

* Push update of Send directly since we can't use SaveSendAsync method
2021-03-05 18:36:20 -06:00
Thomas Rittson
a18e1b7dca
Exempt owners and admins from single org and 2FA policy (#1171)
* Fix single org policy when creating organization

Exclude owners and admins from policy when creating new org

* Fix single org and 2FA policy on accepting invite

Exclude owners and admins from policies

* Remove looped async calls

* Fix code style and formatting
2021-03-03 08:15:42 +10:00
Matt Gibson
c2d34d7271
Fix send file length always zero (#1175)
* HttpStream must be read prior to knowing it length

We also need to create the send prior to saving the stream so we
have well defined save location. Solve chicken-and-egg problem by saving
the Send twice. This also allows for validation that the stream received
is the same length as that promissed by the content-length header

* Get encrypted file length from request
2021-03-02 09:27:11 -06:00
Matt Gibson
8d5fc21b51
Prepare for send direct upload (#1174)
* Add sendId to path

Event Grid returns the blob path, which will be used to grab a Send and verify file size

* Re-validate access upon file download

Increment access count only when file is downloaded. File
name and size are leaked, but this is a good first step toward
solving the access-download race
2021-03-01 15:01:04 -06:00
vachan-maker
13f12aaf58
Update EmergencyAccessConfirmed.text.hbs (#1172) 2021-03-01 10:49:13 -05:00
Thomas Rittson
3850f0e400
Fix empty grantee or grantor names in emergency access emails (#1162)
* Fix empty grantee or grantor names in emails

* Add migrator dbscript for changes to ReadToNotify
2021-02-26 08:11:58 +10:00
Addison Beck
b21c9042ca
added expiration date and creator identifier to the Send access response model (#1166) 2021-02-25 17:04:53 -05:00
Chad Scharf
2f7c2a64e0
Reference events for Send (#1165) 2021-02-25 13:40:26 -05:00
Vincent Salucci
07427623b3
[Email] Updated welcome email button (#1164) 2021-02-25 11:24:05 -06:00
Matt Gibson
73346b01d1
Add factory to IGlobalSettings DI singleton (#1163)
It turns out Singleton DI of interfaces does not use the specified
instance's Singleton, but just creates its own. This fixes the bug
where classes expecting an IGlobalSettings were given an empty GlobaSettings
instance
2021-02-25 07:00:28 -06:00
Matt Gibson
e350daeeee
Use sas token for send downloads (#1157)
* Remove Url from SendFileModel

Url is now generated on the fly with limited lifetime.

New model houses the download url generated

* Create API endpoint for getting Send file download url

* Generate limited-life Azure download urls

* Lint fix
2021-02-24 13:03:16 -06:00
Addison Beck
f8940e4be5
Checked Emergency Access access type on access initiation (#1160)
* also updated the View method

* removed old code

* naming refactor

* used the right type

* also checked PasswordAsync()

* also checked GetPolicies()
2021-02-23 17:12:52 -05:00