1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00
Commit Graph

408 Commits

Author SHA1 Message Date
Ike
c028c68d9c
[PM-6666] Two factor Validator refactor (#4894)
* initial device removal

* Unit Testing

* Finalized tests

* initial commit refactoring two factor

* initial tests

* Unit Tests

* initial device removal

* Unit Testing

* Finalized tests

* initial commit refactoring two factor

* initial tests

* Unit Tests

* Fixing some tests

* renaming and reorganizing

* refactored two factor flows

* fixed a possible issue with object mapping.

* Update TwoFactorAuthenticationValidator.cs

removed unused code
2024-10-24 10:41:25 -07:00
Jared Snider
e6245bbece
Auth/PM-12613 - Registration with Email Verification - Provider Invite Flow (#4917)
* PM-12613 - Add RegisterUserViaProviderInviteToken flow (needs manual, unit, and integration tests)

* PM-12613 - RegisterUserCommandTests - test register via provider inv

* PM-12613 - AccountsControllerTests.cs - Add integration test for provider

* PM-12613 - Remove comment

* PM-12613 - Add temp logging to help debug integration test failure in pipeline

* PM-12613 - WebApplicationFactoryBase.cs - add ConfigureServices

* PM-12613 - AccountsControllerTests.cs - refactor test to sidestep encryption

* PM-12613 - Per PR feedback, refactor AccountsController.cs and move token type checking into request model.

* PM-12613 - Remove debug writelines

* PM-12613 - Add RegisterFinishRequestModelTests
2024-10-23 18:06:24 -04:00
Matt Bishop
1d3188d3f5
Remove unused MessagePack dependency (#4909) 2024-10-17 17:30:54 -04:00
Ike
22dd957543
[PM-10742] Pull Device verification into testable service (#4851)
* initial device removal

* Unit Testing

* Added unit tests fixed validator null checks

* Finalized tests

* formatting

* fixed test

* lint

* addressing review notes

* comments
2024-10-10 17:26:17 -07:00
Maciej Zieniuk
9a5c6fe527
PM-11123: Device Type mapping (#4768)
* PM-11123: Device Type mapping

* PM-11123: Moving ClientType out of NotificationCenter, naming clash with Identity ClientType

* PM-11123: Rename ClientType in ICurrentContext to match the type
2024-09-23 23:02:32 +02:00
keithhubner
ab8c3af685
[PM-6630][INT-188] krb5 to dockerfile and kinit entrypoint (#3841) 2024-09-20 12:15:47 -04:00
Jared Snider
fd07de736d
Auth/PM-11969 - Registration with Email Verification - Accept Emergency Access Invite Flow (#4773)
* PM-11969 - Add new logic for registering a user via an AcceptEmergencyAccessInviteToken

* PM-11969 - Unit test new RegisterUserViaAcceptEmergencyAccessInviteToken method.

* PM-11969 - Integration test new method
2024-09-12 19:39:10 -04:00
Jared Snider
7d8df767cd
Auth/PM-11945 - Registration with Email Verification - Fix Org Sponsored Free Family Plan not working (#4772)
* PM-11945 - Rename RegisterUserWithOptionalOrgInvite to RegisterUserViaOrgInvite as the org invite isn't optional in the function - just the overall process of registration.

* PM-11945 - Yet another rename

* PM-11945 - Wire up call to RegisterUserViaOrgSponsoredFreeFamilyPlanInviteToken and test.

* PM-11945 - RegisterUserCommandTests - test new method

* PM-11949 - Rename tests

* PM-11945 - AccountsControllerTests.cs - add integration test for RegistrationWithEmailVerification_WithOrgSponsoredFreeFamilyPlanInviteToken_Succeeds

* PM-11945 - Adjust naming per PR feedback to match docs.

* PM-11945 - More renaming
2024-09-12 15:24:47 -04:00
Ike
fc587847c3
[PM-6664] base request validator - Two Factor flows integration tests (#4643)
* initial commit added two factor tests

* initial commit

* updated two factor tests

* fixed formatting
2024-09-06 08:05:25 -07:00
Alex Morask
c0a4ba8de1
[AC-2965] Use OrganizationBillingService to purchase org when FF is on (#4737)
* Add PurchaseSubscription to OrganizationBillingService and call from OrganizationService.SignUpAsync when FF is on

* Run dotnet format

* Missed billing service DI for SCIM which uses the OrganizationService
2024-09-06 10:24:05 -04:00
Ike
fa5d6712c5
[PM-6664] Base Request Validator Unit Tests and Resource Owner integration Tests (#4582)
* intial commit

* Some UnitTests for the VerifyAsync flows

* WIP org two factor

* removed useless tests

* added ResourceOwnerValidation integration tests

* fixing formatting

* addressing comments

* removed comment
2024-09-05 11:17:15 -07:00
renovate[bot]
c1d22d19f9
[deps]: Update MessagePack to v2.5.172 (#4586)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-08-26 11:04:35 -07:00
Bernd Schoolmann
a5363c1513
Allow localhost callback on desktop (#4649) 2024-08-26 15:11:48 +02:00
Justin Baur
abb223aabb
Resolves Auth Warnings (#4642)
* Resolve Auth Warnings

* Move Assertion

* ClaimsPrincipal is actually nullable
2024-08-16 09:32:25 -04:00
Bernd Schoolmann
7d48102865
[PM-7742] Set hasManageResetPasswordPermission for owner and admin invitees (#4528)
* Set hasManageResetPasswordPermission for owner and admin invitees

* Make userdecryptionoptionsbuilder ignore orgusertype if orguser is null
2024-08-06 11:22:10 +02:00
Conner Turnbull
656e0c20f9
[PM-5093][PM-7325] Added trial initiation email verification endpoint (#4221)
* Added trial initiation user verification endpoint

* Added explanatory comment for why we add artificial delay

* Updated RegistrationStart to Registration reference event

* Ensure that productTier query param is an int

* Added email value to trial initiation email
2024-07-29 14:18:12 -04:00
Bernd Schoolmann
ce185eb3df
[PM-5963] Fix tde offboarding vault corruption (#4144)
* Attempt to fix tde to mp flow

* Move tde offboarding to dedicated flag

* Add tde offboarding password request

* Validate tde offboarding input

* Correctly check whether tde is active when building trusted device options

* Refactor Tde offboarding into a separate command

* Add unit tests for tde offboarding

* Update tde offboarding request model

* Fix tests

* Fix further tests

* Fix documentation

* Add validation for updatetdepasswordasync key/newmasterpassword

* Add comment explaining test

* Remove unrelated changes
2024-07-23 14:53:08 -04:00
Jared Snider
1b5f9e3f3e
Auth/PM-6198 - Registration with Email Verification - Add email clicked endpoint (#4520)
* PM-6198 - RegistrationEmailVerificationTokenable - add new static validate token method

* PM-6198 - Rename RegistrationStart to Registration as we now have to add another anonymous reference event.

* PM-6198 - rest of work

* PM-6198 - Unit test new account controller method.

* PM-6198 - Integration test new account controller endpoint
2024-07-22 17:24:42 -04:00
Thomas Rittson
7fe4fe16cb
[AC-1331] Remove Manager role - final (#4493)
* Remove OrganizationUserType.Manager

* Add EnumDataType validation to prevent invalid enum values
2024-07-12 06:13:10 +10:00
Kyle Spearrin
d2567dd42d
[PM-5518] Refactor Email Token Providers (#3784)
* new email token providers

* move email redaction to core helpers

* make token options configurable

* protected setters on options

* fix email token provider tests

* fix core tests

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-07-11 14:39:27 -04:00
Jake Fink
d85fbf9f01
only use Secure cookies if on a https connection (#4472) 2024-07-09 08:51:56 -04:00
renovate[bot]
5c1a471cb0
[deps]: Update MessagePack to v2.5.171 (#4475)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-08 16:44:45 -07:00
Jared Snider
8471326b1e
Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182)
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
2024-07-02 17:03:36 -04:00
Jared Snider
29b47f72ca
Auth/PM-3833 - Remove Deprecated Register and Prelogin endpoints from API (#4206)
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.

* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.

* PM-3833 - FIX LINT

* PM-3833 - Fix issues after merge conflict fixes.

* PM-3833 - Another test fix
2024-06-19 15:11:24 -04:00
Jared Snider
b2b1e3de87
Auth/PM-5092 - Registration with Email verification - Send Email Verification Endpoint (#4173)
* PM-5092 - Add new EnableEmailVerification global setting.

* PM-5092 - WIP - AccountsController.cs - create stub for new     PostRegisterSendEmailVerification

* PM-5092 - RegisterSendEmailVerificationRequestModel

* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).

* PM-5092 - EmailVerificationTokenable.cs finished + tests working.

* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.

* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.

* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.

* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.

* PM-5092 - Add new registration verify email method on mail service.

* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.

* PM-5092 - NoopMailService.cs needs to implement all interface methods.

* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.

* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP

* PM-5092 - SendVerificationEmailForRegistrationCommandTests

* PM-5092 - Add integration tests for new acct controller method

* PM-5092 - Cleanup unit tests

* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.

* PM-5092 - Rename to read better - send verification email > send email verification

* PM-5092 - Revert primary constructor approach so DI works.

* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.

* PM-5092 - Fix email text

* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests

* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.

* PM-5092 - Per PR feedback, cleanup used dict.

* PM-5092 - formatting pass (manual + dotnet format)

* PM-5092 - Per PR feedback, log reference event after core business logic executes

* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.

* PM-5092 - Per PR feedback, add constructor validation for required tokenable data

* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.

* PM-5092 - Add fromEmail flag + some docs

* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable

* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback

* PM-5092 - Per PR feedback, use default constructor and manually create reference event.

* PM-5092 - Per PR feedback, add more docs!
2024-06-19 13:54:20 -04:00
Ike
97b3f3e7ee
[PM-5216] User and Organization Duo Request and Response Model refactor (#4126)
* inital changes

* add provider GatewayType migrations

* db provider migrations

* removed duo migrations added v2 metadata to duo response

* removed helper scripts

* remove signature from org duo

* added backward compatibility for Duo v2

* added tests for duo request + response models

* refactors to TwoFactorController

* updated test methods to be compartmentalized by usage

* fix organization add duo

* Assert.Empty() fix for validator
2024-06-05 11:42:02 -07:00
Jake Fink
b072fc56b1
[PM-6794] block legacy users from authN (#4088)
* block legacy users from authN

* undo change to GetDeviceFromRequest

* lint

* add feature flag

* format

* add web vault url to error message

* fix test

* format
2024-06-03 09:19:56 -04:00
Jake Fink
3bb8cce2e6
add login redirect url to identity server (#4092) 2024-05-16 15:47:44 -04:00
Ike
479f8319c2
remove alias (#4058) 2024-05-09 08:43:43 -07:00
renovate[bot]
79a4cbaa09
[PM-7335] [deps] Auth: Update Duende.IdentityServer to v7 (#3709)
* [deps] Auth: Update Duende.IdentityServer to v7

* Fixes for upgrade incompatibility

* Update configuration file used in a test

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-04-30 09:50:36 -07:00
Matt Bishop
d46527899e
Remove DocumentDB settings placeholders (#3943) 2024-03-29 13:28:16 -04:00
Todd Martin
611a65e0a9
[PM-5437] Handle client_credentials clientId that is not a valid GUID (#3616)
* Return null if the clientId is not a valid Guid.

* Linting
2024-03-19 10:21:15 -04:00
Justin Baur
70fac808b0
Use FrozenDictionary in StaticClientStore (#3833)
* Add Benchmark

* Use FrozenDictionary

* Use TryGetValue

* Format
2024-02-21 10:29:59 -05:00
Todd Martin
1a3146f776
[PM-5800] Remove feature flag checks for PasswordlessLogin (#3713)
* Removed feature flag checks for PasswordlessLogin

* Removed unused reference.
2024-02-13 11:15:24 -05:00
Kyle Spearrin
17118bc74f
[PM-6208] Move TOTP cache validation logic to providers (#3779)
* move totp cache validation logic to providers

* remove unused usings

* reduce TTL
2024-02-09 12:44:31 -08:00
Kyle Spearrin
6174df0874
[PM-6196] Cleanup distributed cache for identity (#3704)
* cleanup distributed cache for identity

* removed unused using

* use persistent IDistributedCache
2024-02-09 07:43:28 -05:00
Oscar Hinton
0766806279
[PM-6165] Add x-enum-varnames to improve swagger generation (#3767)
Improves code generation of enums for the server bindings in the sdk. Bindings will now use the appropiate variable name from the server.

Works by adding a filter which appends x-enum-varnames to enums with the name from c#.
2024-02-09 09:47:03 +01:00
Kyle Spearrin
707347ce3e
[PM-3570] Adjust refresh token lifetimes (#3697)
* adjust refresh token lifetimes

* fix broken grant delete

* Update ApiClient.cs

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-02-08 21:36:15 +00:00
Kyle Spearrin
f0a8fd63ca
remove the redis grant store (#3757) 2024-02-07 14:50:23 -05:00
Matt Bishop
ae1fdb0992
[PM-5052] Upgrade to .NET 8 (#3461)
* Upgrade to .NET 8

* Linting

* Clean up old JSON deserialization code

* More .NET 8-oriented linting

* Light feedback

* Get rid of old test we don't know the root issue for

* Fix a new test

* Remove now-unnecessary Renovate constraint

* Use Any()

* Somehow a 6.0 tooling config we don't need snuck back in

* Space out properties that always change per release

* Bump a few core packages since the last update
2024-02-05 13:03:42 -05:00
Ike
0deb13791a
[PM-4614] Updating Duo to SDK v4 for Universal Prompt (#3664)
* added v4 updates

* Fixed packages.

* Null checks and OrganizationDuo

* enable backwards compatibility support

* updated validation

* Update DuoUniversalPromptService.cs

add JIRA ticket for cleanup

* Update BaseRequestValidator.cs

* updates to names and comments

* fixed tests

* fixed validation errros and authURL

* updated naming

* Filename change

* Update BaseRequestValidator.cs
2024-01-24 10:13:00 -08:00
Matt Bishop
974d23efdd
Establish IFeatureService as scoped (#3679)
* Establish IFeatureService as scoped

* Lint

* Feedback around injection
2024-01-18 09:47:34 -05:00
Todd Martin
956efbdb39
[PM-2260] Remove TDE feature flag (#3614)
* Remove TDE feature flag.

* Removed references to feature service from decryption options builder.

* Removed redundant references.

* Removed test that is no longer valid, as it was testing the feature flag.

* Removed remainder of TDE feature check.
2024-01-10 12:33:19 -05:00
Kyle Spearrin
a6db79f613
[PM-5645] Cosmos DB Grant Storage (#3634)
* table storage grants

* simple shard on storage accounts

* use is not

* cosmos grant repo

* remove single storage connection string

* some fixes to dapper grant repo

* pattern matching

* add fallback to base PersistedGrantStore

* service collection extension cleanup

* cleanup

* remove unused Id

* empty string rowkey

* fix sharding method logic

* ttl for cosmos

* make ttl an int

* fixes to cosmos implementation

* fix partition key values

* catch notfound exceptions

* indenting

* update grantitem with custom serialization

* use new transform helpers

* grantloader perf test tool

* ref

* remove grant loader project

* remove table storage implementation

* remove table storage stuff

* all redis fallback to build to null

* revert sln file change

* EOF new line

* remove trailing comma

* lint fixes

* add grant to names

* move cosmos serilaizer to utils

* add some .net 8 keyed service comments

* EnableContentResponseOnWrite

* Fix type in EF grant repository
2024-01-10 12:59:16 +00:00
Thomas Rittson
af7811ba9a
[AC-1971] Add SwaggerUI to CORS policy (#3583)
* Allow SwaggerUI authorize requests if in development
2023-12-19 11:51:46 +10:00
Justin Baur
1b705df958
[PM-5293] Redis for Grants (#3577)
* Add Initial Redis Implementation

* Format

* Add Key to PersistedGrant

* Reference Identity In Microbenchmark Project

* Allow Filterable Benchmarks

* Use Shorter Key And Cast to RedisKey Once

* Add RedisPersistedGrantStore Benchmarks

* Run restore

* Format

* Update ID4 References

* Make RedisGrantStore Singleton

* Use MessagePack

* Use Cached Options

* Turn off Compression

* Minor Feedback

* Add Docs to StorablePersistedGrant

* Use existing Identity Redis

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-12-15 10:53:00 -05:00
Andreas Coroiu
d63c917c95
[PM-4619] Rewrite UserService methods as commands (#3432)
* [PM-4619] feat: scaffold new create options command

* [PM-4169] feat: implement credential create options command

* [PM-4619] feat: create command for credential creation

* [PM-4619] feat: create assertion options command

* [PM-4619] chore: clean-up unused argument

* [PM-4619] feat: implement assertion command

* [PM-4619] feat: migrate to commands

* [PM-4619] fix: lint

* [PM-4169] fix: use constant

* [PM-4619] fix: lint

I have no idea what this commit acutally changes, but the file seems to have some character encoding issues. This fix was generated by `dotnet format`
2023-12-14 09:35:52 +01:00
Matt Bishop
52cb253c9a
Add IdentityServer license (#3552) 2023-12-12 13:08:49 -05:00
Matt Bishop
890a09804f
Stop using lockfiles (#3550) 2023-12-12 09:09:42 -05:00
Justin Baur
8d36dfa5d3
Make development easier (#3504)
* Remove Certificate Steps from Setup

* Add Helpers to VSCode Tasks

* Force Ephermal Key in Integration Tests

* Add Property to Interface
2023-12-08 15:14:49 -05:00