1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-30 13:33:24 +01:00
Commit Graph

5057 Commits

Author SHA1 Message Date
Jake Fink
576b78d739
Change error message (#4175) 2024-06-11 16:20:06 -04:00
Conner Turnbull
fc1c488a78
[AC-2567] Billing Performance Improvements (#4143)
* Moved AccountsBilling controller to be owned by Billing

* Added org billing history endpoint

* Updated GetBillingInvoicesAsync to only retrieve paid, open, and uncollectible invoices, and added option to limit results

* Removed invoices and transactions from GetBillingAsync

* Limiting the number of invoices and transactions returned

* Moved Billing models to Billing namespace

* Split billing info and billing history objects

* Removed billing method GetBillingBalanceAndSourceAsync

* Removed unused using

* Cleaned up BillingInfo a bit

* Update migration scripts to use `CREATE OR ALTER` instead of checking for the `OBJECT_ID`

* Applying limit to aggregated invoices after they return from Stripe
2024-06-11 13:55:23 -04:00
cyprain-okeke
f615858724
[AC-1779] Add comment to clarify ExpirationWithoutGracePeriod in OrganizationLicense (#3403)
* add the validation for version 12 and above

* We needed comments only
2024-06-11 15:26:53 +01:00
Thomas Rittson
a60f70dde5
[AC-2300] Remove mssql utility migration record migrator (#4171)
* Remove mssql utility migration record migrator

* Remove old/unused files
2024-06-11 06:25:52 +10:00
renovate[bot]
c57091c4b1
[deps] DbOps: Update Microsoft.Data.SqlClient to v5.2.1 (#4170)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-10 12:47:22 -06:00
Ike
fa4dc4aaf2
Fix Duo Universal to work with transitional metadata (#4164) 2024-06-07 12:49:53 -07:00
Rui Tomé
308bd555a4
[AC-2286] Include the OrganizationUserId for each Organization in the user sync data (#4142)
* [AC-2286] Include the OrganizationUserId for each Organization in the user sync data

* Make OrganizationUserId property non-nullable
2024-06-07 13:32:09 -05:00
Thomas Avery
36705790ad
[SM-1293] Add endpoint to fetch secret's access policies (#4146)
* Add authz handling for secret access policy reads

* Add the ability to fetch secret access polices from the repository

* refactor response models

* Add new endpoint
2024-06-07 12:08:38 -05:00
renovate[bot]
a1d609b208
[deps] DbOps: Update EntityFrameworkCore (#3981)
* [deps] DbOps: Update EntityFrameworkCore

* Update linq2db Package

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2024-06-07 09:55:59 -04:00
Alex Morask
725fc2eed3
[AC-1943] Add ProviderInvoiceItem table (#4163)
* Add ProviderInvoiceItem table

* Run dotnet format
2024-06-06 13:25:13 -04:00
cyprain-okeke
fef34d845f
Add additional return properties ti providerSubscriptionResponse (#4159)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-06-06 15:54:08 +01:00
Ike
97b3f3e7ee
[PM-5216] User and Organization Duo Request and Response Model refactor (#4126)
* inital changes

* add provider GatewayType migrations

* db provider migrations

* removed duo migrations added v2 metadata to duo response

* removed helper scripts

* remove signature from org duo

* added backward compatibility for Duo v2

* added tests for duo request + response models

* refactors to TwoFactorController

* updated test methods to be compartmentalized by usage

* fix organization add duo

* Assert.Empty() fix for validator
2024-06-05 11:42:02 -07:00
Alex Morask
a0a7654077
[AC-1942] Add endpoint to get provider invoices (#4158)
* Added endpoint to get provider invoices

* Added missing properties of invoice

* Run dotnet format'
2024-06-05 13:33:28 -04:00
Conner Turnbull
4a6113dc86
[AC-2386][AC-2750] Updated BitPay controller to add transactions and account credit for providers (#4153) 2024-06-04 14:58:21 -04:00
Thomas Rittson
cae417e2a2
[AC-2317] Public API - remove old permissions code (#4125)
* Remove FlexibleCollections checks from Public API controllers

* Remove AccessAll from Public API

* Update tests
2024-06-04 08:58:44 +10:00
Thomas Rittson
2c40dc0602
[AC-2654] Remove old permissions code from OrganizationUsersController (#4149) 2024-06-04 08:47:12 +10:00
Thomas Rittson
80793d1ffa
[AC-2653] Remove old permissions code from GroupsController (#4148) 2024-06-04 08:46:48 +10:00
Thomas Rittson
fe76de63a0
Fix optional properties being required in public api (#4150) 2024-06-04 08:17:01 +10:00
Bitwarden DevOps
c5a7a209ab
Bumped version to 2024.6.0 (#4152) 2024-06-03 18:09:39 +00:00
Conner Turnbull
395d6e845c
[AC-2678] Enterprise to Families Sponsorship Bugs (#4118)
* Removed prorationDate as it wasn't used, and wasn't needed

* Fixed logic to detect if a subscription was sponsored

* Moved OrganizationSponsorshipsController.cs to Billing folder
2024-06-03 13:18:46 -04:00
Alex Morask
9eec986c1c
Added gateway links to Provider edit in Admin (#4145) 2024-06-03 11:51:41 -04:00
Alex Morask
2b43cde99b
[AC-1938] Update provider payment method (#4140)
* Refactored GET provider subscription

Refactoring this endpoint and its associated tests in preparation for the addition of more endpoints that share similar patterns

* Replaced StripePaymentService call in AccountsController, OrganizationsController

This was made in error during a previous PR. Since this is not related to Consolidated Billing, we want to try not to include it in these changes.

* Removing GetPaymentInformation call from ProviderBillingService

This method is a good call for the SubscriberService as we'll want to extend the functionality to all subscriber types

* Refactored GetTaxInformation to use Billing owned DTO

* Add UpdateTaxInformation to SubscriberService

* Added GetTaxInformation and UpdateTaxInformation endpoints to ProviderBillingController

* Added controller to manage creation of Stripe SetupIntents

With the deprecation of the Sources API, we need to move the bank account creation process to using SetupIntents. This controller brings both the creation of "card" and "us_bank_account" SetupIntents
under billing management.

* Added UpdatePaymentMethod method to SubscriberService

This method utilizes the SetupIntents created by the StripeController from the previous commit when a customer adds a card or us_bank_account payment method (Stripe). We need to cache the most recent SetupIntent for the subscriber so that we know which PaymentMethod is their most recent even when it hasn't been confirmed yet.

* Refactored GetPaymentMethod to use billing owned DTO and check setup intents

* Added GetPaymentMethod and UpdatePaymentMethod endpoints to ProviderBillingController

* Re-added GetPaymentInformation endpoint to consolidate API calls on the payment method page

* Added VerifyBankAccount endpoint to ProviderBillingController in order to finalize bank account payment methods

* Updated BitPayInvoiceRequestModel to support providers

* run dotnet format

* Conner's feedback

* Run dotnet format'
2024-06-03 11:00:52 -04:00
Conner Turnbull
b42ebe6f1b
Fix Broken Icon Unit Test (#4151)
* Updated test domain from ameritrade.com to tdameritrade.com to fix failing test

* Added a skip attribute
2024-06-03 09:58:53 -04:00
Jake Fink
b072fc56b1
[PM-6794] block legacy users from authN (#4088)
* block legacy users from authN

* undo change to GetDeviceFromRequest

* lint

* add feature flag

* format

* add web vault url to error message

* fix test

* format
2024-06-03 09:19:56 -04:00
cyprain-okeke
21a02054af
Resolve the unhandled error unlink org (#4141)
* Resolve the unhandled error unlink org

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve a failing unit test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-31 18:47:26 +01:00
Thomas Rittson
357ac4f40a
[AC-292] Public Api - allow configuration of custom permissions (#4022)
* Also refactor OrganizationService user invite methods
2024-05-31 09:23:31 +10:00
Bernd Schoolmann
0189952e1f
[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)
* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests
2024-05-30 11:08:26 +02:00
cyprain-okeke
f73b7c7fa8
[AC-2706] [Defect] ProviderId does not populate when payment for provider subscription is created/updated (#4138)
* Resolve the issue of not updating the db

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the failing test

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-29 18:49:19 +01:00
renovate[bot]
9da75fc78f
[deps] Tools: Update aws-sdk-net monorepo (#4131)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-28 16:24:04 +02:00
Alex Urbina
999245a28f
BRE-87 Add enable feature for upcoming release version Slack notifications (#4122)
* BRE-87 ADD: enable_slack_notification input to version-bump workflow

* BRE-87 TEST: Update version-bump workflow to use bitwarden/gh-actions/report-upcoming-release-version@task/BRE-87

* BRE-87 TEST: disable merge

* BRE-87 DEBUG: enable_slack_notification input to version-bump workflow

* BRE-87 TEST: Disable version PR creation and approval

* BRE-87 FIX: conditional statement in version-bump workflow

* Revert "BRE-87 TEST: Disable version PR creation and approval"

This reverts commit 59025ab5f6.

* Revert "BRE-87 TEST: disable merge"

This reverts commit 040bdb17bf.

* Revert "BRE-87 TEST: Update version-bump workflow to use bitwarden/gh-actions/report-upcoming-release-version@task/BRE-87"

This reverts commit 9e61d114c8.
2024-05-27 15:33:02 -06:00
Addison Beck
98a191a5e8
Allow for bulk processing new login device requests (#4064)
* Define a model for updating many auth requests

In order to facilitate a command method that can update many auth
requests at one time a new model must be defined that accepts valid
input for the command's needs. To achieve this a new file has been
created at
`Core/AdminConsole/OrganizationAuth/Models/OrganizationAuthRequestUpdateCommandModel.cs`
that contains a class of the same name. It's properties match those that
need to come from any calling API request models to fulfill the request.

* Declare a new command interface method

Calling API functions of the `UpdateOrganizationAuthRequestCommand` need
a function that can accept many auth request response objects and
process them as approved or denied. To achieve this a new function has
been added to `IUpdateOrganizationAuthRequestCommand` called
`UpdateManyAsync()` that accepts an
`IEnumberable<OrganizationAuthRequest>` and returns a `Task`.
Implementations of this interface method will be used to bulk process
auth requests as approved or denied.

* Stub out method implementation for unit testing

To facilitate a bulk device login request approval workflow in the admin
console `UpdateOrganizationAuthRequestCommand` needs to be updated to
include an `UpdateMany()` method. It should accept a list of
`OrganizationAuthRequestUpdateCommandModel` objects, perform some simple
data validation checks, and then pass those along to
`AuthRequestRepository` for updating in the database.

This commit stubs out this method for the purpose of writing unit tests.
At this stage the method throws a `NotImplementedException()`. It will
be expand after writing assertions.

* Inject `IAuthRequestRepository` into `UpdateOrganizationAuthCommand`

The updates to `UpdateOrganizationAuthRequestCommand` require a new
direct dependency on `IAuthRequestRepository`. This commit simply
registers this dependency in the `UpdateOrganizationAuthRequest`
constructor for use in unit tests and the `UpdateManyAsync()`
implementation.

* Write tests

* Rename `UpdateManyAsync()` to `UpdateAsync`

* Drop the `CommandModel` suffix

* Invert business logic update filters

* Rework everything to be more model-centric

* Bulk send push notifications

* Write tests that validate the command as a whole

* Fix a test that I broke by mistake

* Swap to using await instead of chained methods for processing

* Seperate a function arguement into a variable declaration

* Ungeneric-ify the processor

* Adjust ternary formatting

* Adjust naming of methods regarding logging organization events

* Throw an exception if Process is called with no auth request loaded

* Rename `_updates` -> `_update`

* Rename email methods

* Stop returning `this`

* Allow callbacks to be null

* Make some assertions about the state of a processed auth request

* Be more terse about arguements in happy path test

* Remove unneeded null check

* Expose an endpoint for bulk processing of organization auth requests  (#4077)

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-05-27 11:56:52 +10:00
Thomas Rittson
0d2e953459
Remove obsolete permissions code from ImportCiphersController (#4124) 2024-05-27 10:58:04 +10:00
Thomas Rittson
62c90bc50a
Remove FlexibleCollections check from OrganizationsController (#4123) 2024-05-27 10:57:54 +10:00
aj-rosado
6a0eae417d
Added MemberAccessReport to feature flags (#4114) 2024-05-24 16:51:32 +01:00
Merissa Weinstein
a5ec675cc8
remove onboarding feature flag (#4085) 2024-05-24 10:15:00 -05:00
Cesar Gonzalez
517fa1edf7
[PM-5295] Implement feature flag that allows us to fallback to using the TreeWalker API in the extension when collecting page details for autofill (#4076) 2024-05-24 10:13:17 -05:00
Matt Bishop
acfe1559d7
Use latest PR template (#4128) 2024-05-24 10:47:06 -04:00
renovate[bot]
5d47adb0fa
[deps] DevOps: Update CommandDotNet to v7.0.4 (#4081)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-24 06:37:03 -06:00
Rui Tomé
5fabad35c7
[AC-2328] Add a Bulk OrganizationUsersController.GetResetPasswordDetails endpoint (#4079)
* Add new stored procedure for reading reset password details for multiple organization user IDs

* Add method IOrganizationUserRepository.GetManyResetPasswordDetailsByOrganizationUserAsync

* Add new API endpoint for getting reset password details for multiple organization users

* Add unit tests for bulk OrganizationUsersController.GetResetPasswordDetails

* Add alias to sql query result column

* Add constructor for automatic mapping

* Fix http method type for endpoint

* dotnet format

* Simplify the constructor in the OrganizationUserResetPasswordDetails

* Refactor stored procedure and repository method names for retrieving account recovery details

* Add integration tests for GetManyAccountRecoveryDetailsByOrganizationUserAsync

* Lock endpoint behind BulkDeviceApproval feature flag

* Update feature flag key value
2024-05-24 11:20:54 +01:00
Thomas Rittson
be41865b59
[AC-2522] Remove collection enhancements opt-in (#4110)
* Delete controller endpoint
* Delete command
* Drop sproc
2024-05-24 09:00:04 +10:00
cyprain-okeke
ba93c0008b
[AC-2381][AC-2382] As a billing system, I need to store a transaction when a charge has succeeded for a provider (#4115)
* Add the providerId to the transaction object

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Refactor to check if providerId hasValue before return

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-23 16:28:56 +01:00
cyprain-okeke
cb9ec27228
Include the ProviderId to transaction object (#4116)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-23 16:23:14 +01:00
Alex Morask
06910175e2
[AC-2576] Replace Billing commands and queries with services (#4070)
* Replace SubscriberQueries with SubscriberService

* Replace OrganizationBillingQueries with OrganizationBillingService

* Replace ProviderBillingQueries with ProviderBillingService, move to Commercial

* Replace AssignSeatsToClientOrganizationCommand with ProviderBillingService, move to commercial

* Replace ScaleSeatsCommand with ProviderBillingService and move to Commercial

* Replace CancelSubscriptionCommand with SubscriberService

* Replace CreateCustomerCommand with ProviderBillingService and move to Commercial

* Replace StartSubscriptionCommand with ProviderBillingService and moved to Commercial

* Replaced RemovePaymentMethodCommand with SubscriberService

* Formatting

* Used dotnet format this time

* Changing ProviderBillingService to scoped

* Found circular dependency'

* One more time with feeling

* Formatting

* Fix error in remove org from provider

* Missed test fix in conflit

* [AC-1937] Server: Implement endpoint to retrieve provider payment information (#4107)

* Move the gettax and paymentmethod from stripepayment class

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add the method to retrieve the tax and payment details

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add unit tests for the paymentInformation method

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add the endpoint to retrieve paymentinformation

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add unit tests to the SubscriberService

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Remove the getTaxInfoAsync update reference

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
2024-05-23 10:17:00 -04:00
cyprain-okeke
a9ab894893
Send upcoming invoice to provider billing email (#4112)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-05-23 11:40:51 +01:00
Thomas Rittson
b2693913bf
[AC-2521] Remove FlexibleCollectionsSignUp feature flag (#4109)
* Remove FlexibleCollectionsSignUp feature flag

* Always set Organization.FlexibleCollections to true

* Remove explicit assignment of LimitCollectionCreationDeletion so it defaults to false
2024-05-23 09:15:12 +10:00
Kyle Spearrin
4264fc0729
[PM-7004] Org Admin Initiate Delete (#3905)
* org delete

* move org id to URL path

* tweaks

* lint fixes

* Update src/Core/Services/Implementations/HandlebarsMailService.cs

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Update src/Core/Services/Implementations/HandlebarsMailService.cs

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* PR feedback

* fix id

* [PM-7004] Move OrgDeleteTokenable to AdminConsole ownership

* [PM-7004] Add consolidated billing logic into organization delete request acceptance endpoint

* [PM-7004] Delete unused IOrganizationService.DeleteAsync(Organization organization, string token) method

* [PM-7004] Fix unit tests

* [PM-7004] Update delete organization request email templates

* Add success message when initiating organization deletion

* Refactor OrganizationsController request delete initiation action to handle exceptions

---------

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
2024-05-22 17:59:19 +01:00
Addison Beck
56c523f76f
Allow for bulk updating AuthRequest database objects (#4053)
* Declare a new repository interface method

To facilitate a new bulk device login request approval workflow in the
admin console we need to update `IAuthRequestRepisitory` (owned by Auth
team) to include an`UpdateManyAsync()` method. It should accept a list
of `AuthRequest` table objects, and implementations will do a very
simple 1:1 update of the passed in data.

This commit adds an `UpdateManyAsync()` method to the
`AuthRequestRepository` interface.

* Stub out method implementations to enable unit testing

This commit stubs out implementations of
`IAuthRequestRepository.UpdateManyAsync()` so the method signature can
be called in unit tests. At this stage the methods are not implemented.

* Assert a happy path integration test

* Establish a user defined SQL type for Auth Requests

To facilitate a bulk update operation for auth requests a new user
defined type will need to be written that can be used as a table input
to the stored procedure. This will follow a similar pattern to how the
`OragnizationSponsorshipType` works and is used by the stored procedure
`OrganizationSponsorship_UpdateMany`.

* Establish a new stored procedure

To facilitate the bulk updating of auth request table objects this
commit adds a new stored procedure to  update a collection of entities
on `AuthRequest` table by their primary key. It updates all properties,
for convention, but the endpoint created later will only change the
`Approved`, `ResponseDate`, `Key`, `MasterPasswordHash`, and
`AuthenticationDate` properties.

* Apply a SQL server migration script

This commit simply applies a migration script containing the new user
defined type and stored procedure comitted previously.

* Enable converting an `IEnumerable<AuthRequest>` to a `DataTable`

The current pattern in place for bulk update stored procedures is to
pass a `DataTable` through Dapper as an input for the update stored
procedure being run. In order to facilitate the new bulk update
procedure for the`AuthRequest` type we need a function added that can
convert an `IEnumerable<AuthRequest>` to a `DataTable`. This is commit
follows the convention of having a static class with a conversion method
in a `Helpers` folder: `AuthRequestHelpers.ToDataTable()`.

* Implement `Dapper/../AuthRequestRepository.UpdateMany()`

This commit implements `AuthRequestRepository.UpdateMany()` for the
Dapper implementation of `AuthRequestRepository`. It connects the stored
procedure, `DataTable` converter, and Dapper-focused unit test commits
written previously into one exposed method that can be referenced by
service callers.

* Implement `EntityFramework/../AuthRequestRepository.UpdateMany()`

This commit implements the new
`IAuthRequestRepository.UpdateManyAsync()`method in the Entity Framework
skew of the repository layer. It checks to make sure the passed in list
has auth requests, converts them all to an Entity Framework entity, and
then uses `UpdateRange` to apply the whole thing over in the database
context.

* Assert that  `UpdateManyAsync` can not create any new auth requests

* Use a json object as stored procedure input

* Fix the build

* Continuing to troubleshoot the build

* Move `AuthRequest_UpdateMany` to the Auth folder

* Remove extra comment

* Delete type that never got used

* intentionally break a test

* Unbreak it
2024-05-22 11:55:31 -05:00
Bitwarden DevOps
e3f3392ec6
Bumped version to 2024.5.1 (#4113) 2024-05-22 14:41:37 +00:00
Thomas Rittson
b679f98c19
[AC-2626] Re-run collection enhancements migration (#4111)
* Re-run collection enhancements migration

* Bump date

* Disambiguate name
2024-05-22 10:15:44 +01:00
renovate[bot]
5ddb854f1a
[deps] Auth: Update azure azure-sdk-for-net monorepo (#3540)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-05-21 13:12:43 -07:00