1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-14 15:46:49 +01:00
Commit Graph

47 Commits

Author SHA1 Message Date
Maciej Zieniuk
9a5c6fe527
PM-11123: Device Type mapping ()
* PM-11123: Device Type mapping

* PM-11123: Moving ClientType out of NotificationCenter, naming clash with Identity ClientType

* PM-11123: Rename ClientType in ICurrentContext to match the type
2024-09-23 23:02:32 +02:00
Maciej Zieniuk
77f8cc58e8
SM-1146: Secrets Manager total counts ()
* SM-1146: SM Organization Counts for Projects, Secrets, Machine Accounts

* SM-1146: Project total counts

* SM-1146: models object renames

* SM-1146: Service Account total counts

* SM-1146: Unit test coverage for counts controller

* SM-1146: Counts controller simplification, UT update

* SM-1146: Service Account total counts from Service Account auth user

* SM-1146: Integration Tests for total counts controller

* SM-1146: Explicitly denying access for Service Accounts

* SM-1146: Fix broken ProjectsController integration test

* SM-1146: Integration tests for counts controller

* SM-1146: Explicitly denying access for Service Accounts cleanup

* SM-1146: Test cleanup

* SM-1146: PR review comments fix

* SM-1146: People, Service Accounts positive count on write access

* Update bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-08-08 15:12:52 +02:00
cd-bitwarden
9560a32495
[SM-1211] Adding API endpoint to send out Access Request for SM to Admins, addi… ()
* Adding API endpoint to send out Access Request for SM to Admins, adding email template

* Fixing email template HTML, adding tests

* fixing tests

* fixing lint

* Moving files to proper locations

* fixing build error relating to not removing some old code

* Updating namespaces and removing unused using statements

* Dependency injection fix

* Fixing tests and moving them to proper files

* lint

* format fixes

* dotnet format fix

* small fixes

* removing using directive's that aren't needed

* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/PasswordManager/RequestSMAccessCommandTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Core/MailTemplates/Handlebars/SecretsManagerAccessRequest.text.hbs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update bitwarden_license/src/Commercial.Core/SecretsManager/Commands/PasswordManager/RequestSMAccessCommand.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Changes requested by Thomas

* Lint fixes

* Suggested changes from Maceij

* Current state of tests

* Fixing tests and getting the core.csproj file from main

* Reverting csproj file change

* Removing usings directory

* dotnet format

* Fixing test

* Update bitwarden_license/test/Commercial.Core.Test/SecretsManager/Commands/Requests/RequestSMAccessCommandTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update test/Api.Test/SecretsManager/Controllers/RequestSMAccessControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Thomas requested changes

* Fixing 500 error when user name is null

* Prettier error message if user sends over an whitespace string

* Fixing word wrapping issue in email contents

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-07-25 11:04:05 -04:00
Thomas Avery
acc4808509
[SM-1256] Add BulkSecretAuthorizationHandler ()
* Add AccessToSecretsAsync to the repository

* Add BulkSecretAuthorizationHandler

* Update controller to use the new authz handler

* Add integration test coverage
2024-07-09 10:06:33 -05:00
Thomas Avery
01d67dce48
[SM-654] Individual secret permissions ()
* Add new data and request models

* Update authz handlers

* Update secret commands to handle access policy updates

* Update secret repository to handle access policy updates

* Update secrets controller to handle access policy updates

* Add tests

* Add integration tests for secret create
2024-06-20 12:45:28 -05:00
Thomas Avery
36705790ad
[SM-1293] Add endpoint to fetch secret's access policies ()
* Add authz handling for secret access policy reads

* Add the ability to fetch secret access polices from the repository

* refactor response models

* Add new endpoint
2024-06-07 12:08:38 -05:00
Thomas Avery
cd3a45c8c6
[SM-1030] Cleanup old access policy management code ()
* Remove access selector code

* Cleanup integration tests
2024-05-06 14:56:58 -05:00
Thomas Avery
7f8cea58d0
[SM-923] Add project service accounts access policies management endpoints ()
* Add new models

* Update repositories

* Add new authz handler

* Add new query

* Add new command

* Add authz, command, and query to DI

* Add new endpoint to controller

* Add query unit tests

* Add api unit tests

* Add api integration tests
2024-05-02 11:06:20 -05:00
Thomas Avery
ebd88393c8
[SM-910] Add service account granted policies management endpoints ()
* Add the ability to get multi projects access

* Add access policy helper + tests

* Add new data/request models

* Add access policy operations to repo

* Add authz handler for new operations

* Add new controller endpoints

* add updating service account revision
2024-05-01 11:47:11 -05:00
Thomas Avery
a7b992d424
[SM-1150] Add secret sync endpoint ()
* Add SecretsSyncQuery

* Add SecretsSync to controller

* Add unit tests

* Add integration tests

* update repo layer
2024-04-25 10:34:08 -05:00
Justin Baur
e22da3a53e
Replace async void with async Task () 2024-02-22 11:59:08 -05:00
Thomas Avery
f9232bcbb0
[SM-909] Add service-account people access policy management endpoints ()
* refactoring replace logic

* model for policies + authz handler + unit tests

* update AP repository

* add new endpoints to controller

* update unit tests and integration tests

---------

Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>
2023-12-07 15:35:16 -06:00
Thomas Rittson
9021236d61
AC Team code ownership moves: Organization pt. 1 ()
* move Organization.cs files to AC Team code ownership
2023-11-28 17:18:08 -06:00
Thomas Avery
0ca65e3f9d
[SM-919] Add project people access policy management endpoints ()
* Expose access policy discriminators

* Add people policy model and auth handler

* Add unit tests for authz handler

* Add people policies support in repo

* Add new endpoints and request/response models

* Update tests
2023-11-08 11:42:40 -05:00
Thomas Avery
728cd1c0b5
[SM-949] Add endpoint to fetch events by service account ()
* Add ability to fetch events by service account

* Extract GetDateRange into ApiHelpers util

* Add dapper implementation

* Add EF repo implementation

* Add authz handler case

* unit + integration tests for controller

* swap to read check

* Adding comments

* Fix integration tests from merge

* Enabled SM events controller for self-hosting
2023-10-19 16:57:14 -05:00
Thomas Rittson
c1cf07d764
[AC-1750] AC Team code ownership moves - Groups () 2023-10-20 06:37:46 +10:00
cd-bitwarden
b772784af3
[SM-896] restricting access to disabled orgs ()
* restricting access to disabled orgs

* Unit Test Updates

* Update test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Covering all test cases

* making organization enabled NOT default

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2023-10-16 14:29:02 +00:00
Thomas Avery
4b482f0a34
[SM-918] Enforce project maximums on import ()
* Refactor MaxProjectsQuery for multiple adds

* Update unit tests

* Add max project enforcement to imports
2023-09-07 17:51:35 -05:00
Thomas Avery
a1d227c121
[SM-895] Enforce project maximums ()
* Add ProjectLimitQuery

* Add query to DI

* Add unit tests

* Add query to controller

* Add controller unit tests

* add integration tests

* rename query and variables

* More renaming
2023-08-28 12:34:37 -05:00
Thomas Avery
640cb68d51
[SM-863] Add endpoint for fetching multiple secrets by IDs ()
* Add support CanReadSecret authorization

* Extract base response model for secret

* Add support for SA bulk fetching event logging

* secret repository bug fix

* Add endpoint and request for bulk fetching secrets

* Swap to original reference event

* Add unit tests

* Add integration tests

* Add unit tests for authz handler

* update authz handler tests

---------
2023-08-28 10:16:50 -05:00
Thomas Rittson
4748b5b3fc
[AC-1568] Finish refactor of update subscription interface, minor fixes ()
* Remove UpdateSecretsManagerSubscriptionCommand.AdjustServiceAccounts interface

* Rewrite tests and use autofixture customizations

* Reduce method nesting in the command, simplify parameters

* Fix capitalization and wording of error messages

* Add checks for existing SM beta enrolment etc
2023-08-28 08:05:23 +10:00
Thomas Rittson
3573aee2ef
[AC-1512] Feature: Secrets Manager Billing - round 2 ()
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem ()

* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem

- Add a helper method to determine the appropriate addon type based on the subscription items StripeId

* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId

* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct

* Add SecretsManagerBilling feature flag to Constants

* [AC 1409] Secrets Manager Subscription Stripe Integration  ()

* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Changes for secret manager signup and upgradeplan

* Changes for secrets manager signup and upgrade

* refactoring the code

* Format whitespace

* remove unnecessary using directive

* Resolve the PR comment on Subscription creation

* Resolve PR comment

* Add password manager to the error message

* Add UseSecretsManager to the event log

* Resolve PR comment on plan validation

* Resolving pr comments for service account count

* Resolving pr comments for service account count

* Resolve the pr comments

* Remove the store procedure that is no-longer needed

* Rename a property properly

* Resolving the PR comment

* Resolve PR comments

* Resolving PR comments

* Resolving the Pr comments

* Resolving some PR comments

* Resolving the PR comments

* Resolving the build identity build

* Add additional Validation

* Resolve the Lint issues

* remove unnecessary using directive

* Remove the white spaces

* Adding unit test for the stripe payment

* Remove the incomplete test

* Fixing the failing test

* Fix the failing test

* Fix the fail test on organization service

* Fix the failing unit test

* Fix the whitespace format

* Fix the failing test

* Fix the whitespace format

* resolve pr comments

* Fix the lint message

* Resolve the PR comments

* resolve pr comments

* Resolve pr comments

* Resolve the pr comments

* remove unused code

* Added for sm validation test

* Fix the whitespace format issues

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update

* SM-802: Run EF Migrations for SecretsManagerBeta

* SM-802: Update the two Org procs and View, and move data migration to a separate file

* SM-802: Add missing comma to Organization_Create

* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel ()

* SM-802: Remove extra GO statement from data migration script

* [AC 1460] Update Stripe Configuration ()

* change the stripeseat id

* change service accountId to align with new product

* make all the Id name for consistent

* SM-802: Add SecretsManagerBeta to OrganizationResponseModel

* SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.

* SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes

* [AC 1410] Secrets Manager subscription adjustment back-end changes ()

* Create UpgradeSecretsManagerSubscription command

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* SM-802: Remove SecretsManagerBetaColumn migration

* SM-802: Add SecretsManagerBetaColumn migration

* SM-802: Remove OrganizationUserOrganizationDetailsView update

* [AC-1495] Extract UpgradePlanAsync into a command ()

* This is a pure lift & shift with no refactors

* Only register subscription commands in Api

---------

Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>

* [AC-1503] Fix Stripe integration on organization upgrade ()

* Fix SM parameters not being passed to Stripe

* Fix flaky test

* Fix error message

* [AC-1504] Allow SM max autoscale limits to be disabled ()

* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount ()

* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription ()

* Revert changes to ReferenceEvent code ()

* Revert changes to ReferenceEvent code

This will be done in AC-1481

* Revert ReferenceEventType change

* Move NoopServiceAccountRepository to SM and update namespace

* [AC-1462] Add secrets manager service accounts autoscaling commands ()

* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Changes for secret manager signup and upgradeplan

* Changes for secrets manager signup and upgrade

* refactoring the code

* Format whitespace

* remove unnecessary using directive

* Changes for subscription Update

* Update the seatAdjustment and update

* Resolve the PR comment on Subscription creation

* Resolve PR comment

* Add password manager to the error message

* Add UseSecretsManager to the event log

* Resolve PR comment on plan validation

* Resolving pr comments for service account count

* Resolving pr comments for service account count

* Resolve the pr comments

* Remove the store procedure that is no-longer needed

* Add a new class for update subscription

* Modify the Update subscription for sm

* Add the missing property

* Rename a property properly

* Resolving the PR comment

* Resolve PR comments

* Resolving PR comments

* Resolving the Pr comments

* Resolving some PR comments

* Resolving the PR comments

* Resolving the build identity build

* Add additional Validation

* Resolve the Lint issues

* remove unnecessary using directive

* Remove the white spaces

* Adding unit test for the stripe payment

* Remove the incomplete test

* Fixing the failing test

* Fix the failing test

* Fix the fail test on organization service

* Fix the failing unit test

* Fix the whitespace format

* Fix the failing test

* Fix the whitespace format

* resolve pr comments

* Fix the lint message

* refactor the code

* Fix the failing Test

* adding a new endpoint

* Remove the unwanted code

* Changes for Command and Queries

* changes for command and queries

* Fix the Lint issues

* Fix imports ordering

* Resolve the PR comments

* resolve pr comments

* Resolve pr comments

* Fix the failing test on adjustSeatscommandtests

* Fix the failing test

* Fix the whitespaces

* resolve failing test

* rename a property

* Resolve the pr comments

* refactoring the existing implementation

* Resolve the whitespaces format issue

* Resolve the pr comments

* [AC-1462] Created IAvailableServiceAccountsQuery along its implementation and with unit tests

* [AC-1462] Renamed ICountNewServiceAccountSlotsRequiredQuery

* [AC-1462] Added IAutoscaleServiceAccountsCommand and implementation

* Add more unit testing

* fix the whitespaces issues

* [AC-1462] Added unit tests for AutoscaleServiceAccountsCommand

* Add more unit test

* Remove unnecessary directive

* Resolve some pr comments

* Adding more unit test

* adding more test

* add more test

* Resolving some pr comments

* Resolving some pr comments

* Resolving some pr comments

* resolve some pr comments

* Resolving pr comments

* remove whitespaces

* remove white spaces

* Resolving pr comments

* resolving pr comments and fixing white spaces

* resolving the lint error

* Run dotnet format

* resolving the pr comments

* Add a missing properties to plan response model

* Add the email sender for sm seat and service acct

* Add the email sender for sm seat and service acct

* Fix the failing test after email sender changes

* Add staticstorewrapper to properly test the plans

* Add more test and validate the existing test

* Fix the white spaces issues

* Remove staticstorewrapper and fix the test

* fix a null issue on autoscaling

* Suggestion: do all seat calculations in update model

* Resolve some pr comments

* resolving some pr comments

* Return value is unnecessary

* Resolve the failing test

* resolve pr comments

* Resolve the pr comments

* Resolving admin api failure and adding more test

* Resolve the issue failing admin project

* Fixing the failed test

* Clarify naming and add comments

* Clarify naming conventions

* Dotnet format

* Fix the failing dependency

* remove similar test

* [AC-1462] Rewrote AutoscaleServiceAccountsCommand to use UpdateSecretsManagerSubscriptionCommand which has the same logic

* [AC-1462] Deleted IAutoscaleServiceAccountsCommand as the logic will be moved to UpdateSecretsManagerSubscriptionCommand

* [AC-1462] Created method AdjustSecretsManagerServiceAccountsAsync

* [AC-1462] Changed SecretsManagerSubscriptionUpdate to only be set by its constructor

* [AC-1462] Added check to CountNewServiceAccountSlotsRequiredQuery and revised unit tests

* [AC-1462] Revised logic for CountNewServiceAccountSlotsRequiredQuery and fixed unit tests

* [AC-1462] Changed SecretsManagerSubscriptionUpdate to receive Organization as a parameter and fixed the unit tests

* [AC-1462] Renamed IUpdateSecretsManagerSubscriptionCommand methods UpdateSubscriptionAsync and AdjustServiceAccountsAsync

* [AC-1462] Rewrote unit test UpdateSubscriptionAsync_ValidInput_Passes

* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection

* [AC-1462] Added parameter names to SecretsManagerSubscriptionUpdateRequestModel

* [AC-1462] Updated SecretsManagerSubscriptionUpdate logic to handle null parameters. Revised the unit tests to test null values

---------

Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* Add UsePasswordManager to sync data ()

* [AC-1522] Fix service account check on upgrading ()

* Resolved the checkmarx issues

* [AC-1521] Address checkmarx security feedback ()

* Reinstate target attribute but add noopener noreferrer

* Update date on migration script

* Remove unused constant

* Revert "Remove unused constant"

This reverts commit 4fcb9da4d6.

This is required to make feature flags work on the client

* [AC-1458] Add Endpoint And Service Logic for secrets manager to existing subscription ()

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* Remove duplicate migrations from incorrectly resolved merge

* [AC-1468] Modified CountNewServiceAccountSlotsRequiredQuery to return zero if organization has SecretsManagerBeta == true ()

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* [Ac 1563] Unable to load billing and subscription related pages for non-enterprise organizations ()

* Resolve the failing family plan

* resolve issues

* Resolve code related pr comments

* Resolve test related comments

* Resolving or comments

* [SM-809] Add service account slot limit check ()

* Add service account slot limit check

* Add query to DI

* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection

* remove duplicate DI entry

* Update unit tests

* Remove comment

* Code review updates

---------

Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>

* [AC-1461] Secrets manager seat autoscaling ()

* Add autoscaling code to invite user, save user, and bulk enable SM
  flows

* Add tests

* Delete command for BulkEnableSecretsManager

* circular dependency between OrganizationService and
  UpdateSecretsManagerSubscriptionCommand - fixed by temporarily
  duplicating ReplaceAndUpdateCache

* Unresolvable dependencies in other services - fixed by temporarily
  registering noop services and moving around some DI code

All should be resolved in PM-1880

* Refactor: improve the update object and use it to adjust values,
  remove excess interfaces on the command

* Handle autoscaling-specific errors

---------

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Move bitwarden_license include reference into conditional block

* [AC 1526]Show current SM seat and service account usage in Bitwarden Portal ()

* changes base on the tickets request

* Code refactoring

* Removed the unwanted method

* Add implementation to the new method

* Resolve some pr comments

* resolve lint issue

* resolve pr comments

* add the new noop files

* Add new noop file and resolve some pr comments

* resolve pr comments

* removed unused method

---------

Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2023-08-04 21:51:12 +00:00
Thomas Avery
73c6421bd3
[SM-722] Add optional access to secrets for service account lists ()
* Add access to secret count to service account list

* dotnet format

* refactor into query

* Remove duplicate

* Add new method to noop
2023-08-03 10:06:34 -05:00
Thomas Avery
1d9aeb37aa
[SM-707] Refactor authorization for Access Policy Commands ()
* Extract authorization from access policy commands

* Use auto mapper to ignore unwanted properties

---------
2023-07-13 11:46:01 -05:00
Thomas Avery
d6a45d4802
[SM-789] Extract authorization from service account delete command ()
* Extract authorization from SA delete command

* swap to IEnumerable

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-07-12 15:32:40 -05:00
Thomas Avery
b629c31de9
[SM-787] Extract authorization from project delete command ()
* Extract authorization from project delete command

* Support service account write access

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2023-07-11 15:15:18 -05:00
cd-bitwarden
3f3f52399b
[SM-716] Adding ability for service account to have write access ()
* adding ability for service account to have write access

* Suggested changes

* fixing tests

* dotnet format changes

* Adding RunAsServiceAccountWIthPermission logic to ProjectAuthorizationhandlerTests

* Removing logic that prevents deleting and updating a secret. Adding Service Account logic to tests inside of secretAuthorizationhandlerTests.

* Removing Service Account from CanUpdateSecret_NotSupportedClientTypes_DoesNotSuceed because it is a supported client type now :)

* thomas sugested changes

* using Arg.Any<AccessClientType>() instead of default in tests

* merge conflict changes and code updates to remove service account tests that are  outdated

* fixing tests

* removing extra  spaces that lint hates
2023-06-30 17:17:41 +00:00
Thomas Avery
d020c49c0e
[SM-788] Extract authorization from secret delete command ()
* Extract authorization from secret delete command
2023-06-27 13:12:34 -05:00
Thomas Avery
bb3a9daf98
[SM-678] ClientSecret migration ()
* Init ClientSecret migration

* Fix unit tests

* Move to src/Sql/dbo_future

* Formatting changes

* Update migration date for next release

* Swap to just executing sp_refreshview

* Fix formatting

* Add EF Migrations

* Rename to ClientSecretHash

* Fix unit test

* EF column rename

* Batch the migration

* Fix formatting

* Add deprecation notice to property

* Move data migration

* Swap to CREATE OR ALTER
2023-06-21 13:16:06 -05:00
Thomas Avery
3449d28c83
[SM-705] Extract Authorization from Access Token Commands ()
* refactor authorization for access token commands

* Unit tests for authorization handler
2023-06-13 15:30:44 -05:00
Thomas Avery
05f11a8ee1
[SM-706] Extract Authorization From Create/Update Secret Commands ()
* Extract authorization from commands

* Swap to request model validation.

* Swap to pattern detection
2023-06-08 16:40:35 -05:00
Thomas Avery
d1155ee376
[SM-704] Extract Authorization For ServiceAccounts ()
* Move to access query for project commands

* Swap to hasAccess method per action

* Swap to authorization handler pattern

* Move ProjectOperationRequirement to Core

* Add default throw + tests

* Extract authorization out of commands

* Unit tests for authorization handler

* Formatting

* Swap to reflection for testing switch

* Swap to check read & reflections in test

* fix wording on exception

* Refactor GetAccessClient into its own query

* Use accessClientQuery in project handler
2023-05-31 13:49:58 -05:00
Thomas Avery
5474d3da18
[SM-702] Extract access policy checks from create/update project commands ()
* Move to access query for project commands

* Swap to hasAccess method per action

* Swap to authorization handler pattern

* Move ProjectOperationRequirement to Core

* Add default throw + tests

* Swap to reflection for testing switch
2023-05-03 09:40:24 -05:00
Thomas Avery
20d3b4b4e8
[SM-670] Add permission context to project lists. ()
* Attach permission context to project lists.

* restrict service-account actions

* Fix project permission details

* Add getters and setters

* dotnet format

* Fix admin create unassigned secret ()
2023-04-26 13:09:25 -05:00
Colton Hurst
2529c5b36f
SM-695: Block Create & Update for Admins on Secrets Outside of the Org ()
* SM-695: Block create or update for admins on secrets outside of the org

* SM-695: Update test, org is required on project

* SM-695: Update tests to set matching org id in project

* SM-695: Ensure there is no more than 1 project connected to a secret, plus remove org admin check in the CreateSecretCommand.

* SM-695: Add integration tests for create and update secrets security fixes

* SM-695: Update Create and Update secret tests, a secret can only be in one project at a time
2023-04-14 09:48:11 -04:00
Oscar Hinton
60bdf77e8b
[SM-574] Wire up read/write for secret list and secret response ()
* Wire up read/write for secret list and secret response

* Fix trash

* Remove UserHasReadPermission

* Fix list by project

* Implement admin and service accounts for AccessToSecretAsync

* Resolve feedback

* Fix tests

* Rename function

* Change create to return true, true

* Remove duplicated access check
2023-03-30 16:51:46 +02:00
Oscar Hinton
6a6b15fada
[SM-567] Change how project permission is resolved ()
* Change how project permission is resolved

* Fix tests

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2023-03-09 11:23:50 -06:00
Thomas Avery
de559e80f4
[SM-581] Adding support for warning dialogs ()
* Adding support for warning dialogs

* Swap to repository layer implementation
2023-03-06 11:31:56 -06:00
Thomas Avery
05f5d79938
[SM-572] Modify project endpoint to return current user's permission ()
* Add endpoints to check current user's permission

* Swap to adding current user permission onto GET

* Cleanup DI

* Add ProjectPermissionDetails DTO and query

* code review updates

* Remove assert recent for longer running creates
2023-03-02 09:02:42 -06:00
cd-bitwarden
ec8476912d
[SM-381] New secrets access ()
* [SM-66] Create Secret Database Table ()

Objective
The purpose of this PR is to create a database table, entity, and repository for the new Secret database table.

The new Secret table will use entity framework for all database providers.

* [SM-67] Get all secrets by org ID ()

Add a controller to fetch secrets associated with an organization ID.

To note, the [SecretsManager] attribute makes this controller only available for local development.

* [SM-68] Add API endpoints for getting, creating, and editing secrets ()

The purpose of this PR is to add API endpoints for getting, creating, and editing secrets for the Secrets Manager project.

* Move interfaces to core ()

* [SM-63] Read UTC DateTimes from databases via EF and order by revision date ()

* Read UTC DateTimes from db and order by revision

* Move orderby to repo layer

* [SM-185] Add EE_Testing_env to server ()

* Sm 104 project Database ()

* Project DB addition and sprocs

* Adding spaces to the end of each file, fixing minor issues

* removing useless comments

* Adding soft delete proc to migration

* Project EF Scaffold

* Additional changes to use EF instead of procedures

* Adding dependency injection

* Fixing lint errors

* Bug fixes

* Adding migration scripts, removing sproc files, and setting up Entity framework code

* Adding back accidentally deleted sproc

* Removing files that shouldn't have been created

* Lint

* Small changes based on Oscar's rec ()

* Migrations for making CreateDate not null

* adding space to end of file

* Making Revision date not null

* dotnet format

* Adding nonclustered indexes to SQL

* SM-104: Update PR with changes Thomas proposed

Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>

* Removing org ID from create request body ()

* SM-114: Add create & update project endpoints ()

* SM-114: Initial commit with create project endpoint (for SM)

* SM-114: Add Update Project route (for SM)

* SM-114: Fix file encodings

* Fix DI issue for SM Project Create/Update commands

* Fix import ordering for linter

* SM-114: Remove unneeded lines setting DeletedDate, as it should already be null

* SM-114: Only have OrgId in route for CreateProject

* Remove unneeded using

* SM-114: Initial commit with create project endpoint (for SM)

* SM-114: Add Update Project route (for SM)

* SM-114: Fix file encodings

* Fix DI issue for SM Project Create/Update commands

* Fix import ordering for linter

* SM-114: Remove unneeded lines setting DeletedDate, as it should already be null

* SM-114: Only have OrgId in route for CreateProject

* Remove unneeded using

* Fully remove OrgId from ProjectCreateRequestModel

* [SM-64] Soft Delete Secrets ()

* Bulk delete secrets with command unit tests

* Controller unit tests

* Optimize conditionals

* SM-64 bulk delete integration test

* fix test

* SM-64 code review updated

* [SM-65] Fix return empty secrets list ()

* Secrets return empty list

* [SM-246] Use repository in integration test ()

* [SM-190] Add integration tests to Secrets ()

* Adding integration tests for the SecretsController

Co-authored-by: Hinton <hinton@users.noreply.github.com>

* Sm 95 - Adding GetProjects endpoint ()

* SM-114: Initial commit with create project endpoint (for SM)

* SM-114: Add Update Project route (for SM)

* SM-114: Fix file encodings

* Fix DI issue for SM Project Create/Update commands

* Adding GetProjectsByOrg

* fixing merge conflicts

* fix

* Updating to return empty list

* removing null check

Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>

* [SM-191] Create ServiceAccount Table ()

* SM-191 Create ServiceAccount Table

* [SM-207] API for listing service accounts by organization ()

* SM-207 list service accounts by org

* SM-96: Add ability to get project by id ()

* SM-96: Small change to allow getting project by id

* Fix whitespace issue

* Add first integration test and fix date bug

* Ensure tests are consistent

* Add more project controller integration tests

* Remove commented delete for now

* [SM-187] Create ServiceAccounts ()

* SM-187 Create & Update ServiceAccounts

* Remove extra new line src/Api/Controllers/ServiceAccountsController.cs

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* [SM-218] [SM-219] SM Auth flow ()

* SM-282 Delete Projects ()

* SM-282 delete & bulk delete projects

* Have delete commands return tuple with object

* Fix admin project not working after secrets manager changes ()

* [SM-150] proj and secrets mapping ()

* Beggining of changes for Project Secrets mapping

* Beggining of changes for project and secrets mapping

* Inital changes to add Mapping table for Project Secrets

* Resolve migration not working properly

* Indent sql

* Changes to try and return projects in the GetManyByOrganizaationIDAsync on SecretRepository.

* Changes made with Oscar

* Add reversemap

* running lint and removing comments

* Lint fixes

* fixing merge issues

* Trying to fix the DB issue

* DB fixes

* fixes

* removing unused space

* fixing lint issue

* final lint fix I hope

* removing manually added sql.sqlproj

* Lint changes and fixing the sql proj issues

* adding ServiceAccount to sql proj

* Removing ON DELETE CASCADE

* remove On delete cascade

* changes for deleting project and secret inside of the Organization_DeleteById procedure.

* changes for deleting project and secret inside of the Organization_DeleteById procedure.

* migration changes

* Updating constraints

* removing void

* remove spaces

* updating cipherRepo tests to be task instead of void

* fixing

* fixing

* test

* fix

* fix

* changes to remove circular dependency

* fixes

* sending guid and string name of the project over

* Update src/Sql/dbo/Tables/Secret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Update src/Sql/dbo/Tables/Project.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* removing unused code

* Potential refactor ()

* migrations

* Postgres migraiton

* Update src/Api/SecretManagerFeatures/Models/Response/SecretResponseModel.cs

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* rename file

* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Lint fixes

* removing extra semi colon

* removing circular references with projects and secrets

* adding back projects

* Add ProjectFixture

* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Update util/Migrator/DbScripts/2022-09-19_00_ProjectSecret.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>

* [SM-300] Access token endpoint ()

* [SM-324] Add Organization to JWT claim ()

* [SM-259] Add create access token endpoint for service accounts ()

* Add create access token for service accounts

* [SM-259] Fix create access token scope initialization ()

* Fix namespace for ServiceAccount command tests

* Remove "this" from SecretsManager requests

* Fix have scope be assigned a JSON list

* SM-99: Individual Project / Secrets Tab ()

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* [SM-361] Add Support for never expiring ApiKeys ()

* Update database to support never expiring ApiKey

* Update Api to support never expiring ApiKeys

* Fix unit test variable naming

* Remove required from model

* Fix spacing

* Add EF migrations

* Run dotnet format

* Update util/Migrator/DbScripts/2022-11-29_00_ApiKey_Never_Expire.sql

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* [SM-359] Fix project secrets migration ()

* [SM-299] Add UseSecretsManager flag ()

* [SM-193] Access Policy ()

* [SM-371] Fix and re-enable parallel integration tests ()

* Fix and re-enable parallel integration tests

* Fix package lock files

* Move fix to ApiApplicationFactory

* Run dotnet restore --force

* Run dotnet format

* Reset packages.lock.json files

* Add project access checks for listing

* SM-99: Add CreateSecretWithProject Integration Test ()

* Add GetSecretsByProjectAsync endpoint

* Add GetManyByProjectIdAsync endpoint

* Update response model for GetSecretsByProjectAsync

* Include projects when returning secrets by project id

* SM-99: Add ability to specify projectId when creating a secret

* SM-99: Update tests to accomodate for new create secret parameter

* Fix failing test

* SM-99: Handle optional projectId for new secret in ToSecret()

* SM-99: Filter out deleted secrets on GetManyByProjectIdAsync() and small refactorings

* SM-99: make CreateAsync for secret more clear

* Add CreateSecretWithProject integration test

* Fix CreateSecretWithProject integration test for SM-99

* Run dotnet format

* Undo added space

* Refactor test

* Refactor CreateSecretWithProject API Integration test again

* Change to boolean flag

* [SM-379] Add SDK device type ()

* Add support for service accounts

* Improve logic for project repository

* Add remaining client types

* Experiment with separate enum for access control

* Add access checks to update project

* Rework AccessClientType

* Add access checks to fetching project

* Add checks to delete project command (untested)

* Remove some service account stuff

* Add ServiceAccount to AccessClientType

* Change CS8509 to error and 8424 to ignore

* Remove unused utcNow

* Fix delete tests

* SM-73 changes ()

* testing

* test2

* testing

* trying to save the projects associated with the secret

* changes

* more changes

* Fix  EF error

* Second attempt

* Replace AddIfNotExists with Add.

* changes

* fixing await issue

* lint

* lint fixes

* suggested changes

* suggested changes

* updating tests

* fixing tests 2

* fixing tests

* fixing test

* fixing test

* fixing tests

* test

* testing

* fixing tests for the millionth time

* fixing tests

* allowing nulls for projectIds, fixing lint

* fixing tests

Co-authored-by: Hinton <hinton@users.noreply.github.com>

* fixing tests

* fixing tests

* [SM-222] [SM-357] Squash Secrets Manager migrations ()

* Fix tables not being cleaned up

* Fix migration

* Squash secrets manager migrations

* Reset EF to pre SM state

* Add EF migrations

* Fix unified docker

* Add missed copy

* Fix all unit tests

* draft changes to add access checks to secrets

* updating code

* more changes

* fixing issues

* updating logic for access checks

* updating secrets controller

* changes

* changes

* merging more

* changes

* updateS

* removing unused comment

* changes requested by Thomas

* more changes suggested by Thomas

* making thomas's suggested changes

* final changes

* Run dotnet format

* fixes

* run dotnet format

* Updating tests

* Suggested changes

* lint fixes

* Test updates

* Changes

* Fixes for tests, and dotnet format

* Fixes

* test fixes

* changes

* fix

* fix

* test fix

* removing duplicate

* Removing dupe

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
2023-02-16 11:42:07 -08:00
Thomas Avery
f288787a45
[SM-495] Access Policies - Individual Service Account - Project Tab ()
* New endpoints to support sa projects tab

* Refactor create; Add tests

* Add creation request limit
2023-02-16 09:47:34 -06:00
Thomas Avery
35b832dbc9
[SM-485] Add access policy on project creation ()
* Add bootstrap access policy on create

* Update project integration tests
2023-02-09 08:58:05 -06:00
Thomas Avery
1ee14d93e6
[SM-473] Access Policies - Service Accounts ()
* Add service account access policy endpoints

* Add unit & integration tests for new endpoints

* Fix formatting on response models

* Cleanup unit tests
2023-02-07 14:30:22 -06:00
Thomas Avery
cf669286ed
[SM-429] Add permission checks to access policy endpoints ()
* Add permission checks to access policy endpoints

* Fix unit tests

* Add service account grant permission checks

* Add service account grant tests

* Add new endpoint unit tests

* Cleanup unit tests add integration tests

* User permission enum in create tests

* Swap to NotFoundException for access checks

* Add filter for potential grantees

* Add in AccessSecretsManager check and test it

* Add code review updates

* Code review updates

* Refactor potential grantees endpoint

* Code review updates
2023-02-06 11:26:06 -06:00
Thomas Avery
0ce95ec147
[SM-465] Add access policy on service account creation ()
* Add access policy on service account creation
2023-02-02 12:25:14 -06:00
Oscar Hinton
cf25d55090
[SM-378] Enable SM on a user basis ()
* Add support for giving individual users access to secrets manager
2023-01-31 18:38:53 +01:00
Oscar Hinton
59f5285c88
[SM-460] Isolate SecretsManager files ()
Move SecretsManager files to directories called SecretsManager and add CodeOwners
2023-01-24 19:57:28 +01:00