nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

Merge branch 'main' into auth/pm-20348/extension-auth-approvals-add-auth-request-endpoint

Browse Source
This commit is contained in:
Ike
2025-06-12 18:00:06 -04:00
committed by GitHub
parent 1eb6a0481f db77201ca4
commit 03a5e22d41
594 changed files with 38113 additions and 5486 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
util/Attachments/Dockerfile
View File

@ -1,16 +1,62 @@
FROM ghcr.io/bitwarden/server
###############################################
# Build stage #
###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
# Docker buildx supplies the value for this arg
ARG TARGETPLATFORM
# Determine proper runtime value for .NET
# We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \
fi \
&& echo "RID=$RID" > /tmp/rid.txt
# Copy required project files
WORKDIR /source
COPY . ./
# Restore project dependencies and tools
WORKDIR /source/util/Server
RUN . /tmp/rid.txt && dotnet restore -r $RID
# Build project
WORKDIR /source/util/Server
RUN . /tmp/rid.txt && dotnet publish \
-c release \
--no-restore \
--self-contained \
/p:PublishSingleFile=true \
-r $RID \
-o out
###############################################
# App stage #
###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0
ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
EXPOSE 5000
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
gosu \
curl \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000
EXPOSE 5000
COPY entrypoint.sh /
# Copy app from the build stage
WORKDIR /bitwarden_server
COPY --from=build /source/util/Server/out /bitwarden_server
COPY util/Attachments/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1

34
util/Attachments/entrypoint.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Setup
@ -19,19 +19,27 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /bitwarden_server
mkdir -p /etc/bitwarden/core/attachments
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /bitwarden_server
mkdir -p /etc/bitwarden/core/attachments
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
/contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true
exec $gosu_cmd /bitwarden_server/Server \
/contentRoot=/etc/bitwarden/core/attachments \
/webRoot=. \
/serveUnknown=true

2
util/Migrator/DbScripts/2025-04-16_00_AttachmentJsonValidation.sql
View File

@ -129,7 +129,7 @@ BEGIN
END
-- Check if the attachment exists before trying to remove it
IF JSON_PATH_EXISTS(@CurrentAttachments, @AttachmentIdPath) = 0
IF JSON_QUERY(@CurrentAttachments, @AttachmentIdPath) IS NULL
BEGIN
-- Attachment doesn't exist, nothing to do
RETURN;

139
util/Migrator/DbScripts/2025-05-20_00_AddSendEmails.sql Normal file
View File

@ -0,0 +1,139 @@
-- Add `Emails` field that stores a comma-separated list of email addresses for
-- email/OTP authentication to table and write methods. The read methods
-- don't need to be updated because they all use `*`.
IF NOT EXISTS(
SELECT *
FROM [sys].[columns]
WHERE [object_id] = OBJECT_ID(N'[dbo].[Send]')
AND [name] = 'Emails')
BEGIN
ALTER TABLE [dbo].[Send] ADD [Emails] NVARCHAR(1024) NULL;
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Send_Update]
@Id UNIQUEIDENTIFIER,
@UserId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@Type TINYINT,
@Data VARCHAR(MAX),
@Key VARCHAR(MAX),
@Password NVARCHAR(300),
@MaxAccessCount INT,
@AccessCount INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@ExpirationDate DATETIME2(7),
@DeletionDate DATETIME2(7),
@Disabled BIT,
@HideEmail BIT,
@CipherId UNIQUEIDENTIFIER = NULL,
@Emails NVARCHAR(1024) = NULL
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[Send]
SET
[UserId] = @UserId,
[OrganizationId] = @OrganizationId,
[Type] = @Type,
[Data] = @Data,
[Key] = @Key,
[Password] = @Password,
[MaxAccessCount] = @MaxAccessCount,
[AccessCount] = @AccessCount,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate,
[ExpirationDate] = @ExpirationDate,
[DeletionDate] = @DeletionDate,
[Disabled] = @Disabled,
[HideEmail] = @HideEmail,
[CipherId] = @CipherId,
[Emails] = @Emails
WHERE
[Id] = @Id
IF @UserId IS NOT NULL
BEGIN
EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
END
-- TODO: OrganizationId bump?
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Send_Create]
@Id UNIQUEIDENTIFIER OUTPUT,
@UserId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@Type TINYINT,
@Data VARCHAR(MAX),
@Key VARCHAR(MAX),
@Password NVARCHAR(300),
@MaxAccessCount INT,
@AccessCount INT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@ExpirationDate DATETIME2(7),
@DeletionDate DATETIME2(7),
@Disabled BIT,
@HideEmail BIT,
@CipherId UNIQUEIDENTIFIER = NULL,
@Emails NVARCHAR(1024) = NULL
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[Send]
(
[Id],
[UserId],
[OrganizationId],
[Type],
[Data],
[Key],
[Password],
[MaxAccessCount],
[AccessCount],
[CreationDate],
[RevisionDate],
[ExpirationDate],
[DeletionDate],
[Disabled],
[HideEmail],
[CipherId],
[Emails]
)
VALUES
(
@Id,
@UserId,
@OrganizationId,
@Type,
@Data,
@Key,
@Password,
@MaxAccessCount,
@AccessCount,
@CreationDate,
@RevisionDate,
@ExpirationDate,
@DeletionDate,
@Disabled,
@HideEmail,
@CipherId,
@Emails
)
IF @UserId IS NOT NULL
BEGIN
IF @Type = 1 --File
BEGIN
EXEC [dbo].[User_UpdateStorage] @UserId
END
EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
END
-- TODO: OrganizationId bump?
END
GO

38
util/Migrator/DbScripts/2025-05-20_00_UpdateOrgReadOccupiedSeatCountForSponsorships.sql Normal file
View File

@ -0,0 +1,38 @@
CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadOccupiedSeatCountByOrganizationId]
@OrganizationId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
(
-- Count organization users
SELECT COUNT(1)
FROM [dbo].[OrganizationUserView]
WHERE OrganizationId = @OrganizationId
AND Status >= 0 --Invited
) as Users,
(
-- Count admin-initiated sponsorships towards the seat count
-- Introduced in https://bitwarden.atlassian.net/browse/PM-17772
SELECT COUNT(1)
FROM [dbo].[OrganizationSponsorship]
WHERE SponsoringOrganizationId = @OrganizationId
AND IsAdminInitiated = 1
AND (
-- Not marked for deletion - always count
(ToDelete = 0)
OR
-- Marked for deletion but has a valid until date in the future (RevokeWhenExpired status)
(ToDelete = 1 AND ValidUntil IS NOT NULL AND ValidUntil > GETUTCDATE())
)
AND (
-- SENT status: When SponsoredOrganizationId is null
SponsoredOrganizationId IS NULL
OR
-- ACCEPTED status: When SponsoredOrganizationId is not null and ValidUntil is null or in the future
(SponsoredOrganizationId IS NOT NULL AND (ValidUntil IS NULL OR ValidUntil > GETUTCDATE()))
)
) as Sponsored
END
GO

67
util/Migrator/DbScripts/2025-05-27_00_SsoExternalId.sql Normal file
View File

@ -0,0 +1,67 @@
IF EXISTS (
SELECT 1
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = 'dbo'
AND TABLE_NAME = 'SsoUser'
AND COLUMN_NAME = 'ExternalId'
AND DATA_TYPE = 'nvarchar'
AND CHARACTER_MAXIMUM_LENGTH < 300
)
BEGIN
-- Update table ExternalId column size
ALTER TABLE [dbo].[SsoUser]
ALTER COLUMN [ExternalId] NVARCHAR(300) NOT NULL
END
GO
-- Update stored procedures to handle the new ExternalId column size
CREATE OR ALTER PROCEDURE [dbo].[SsoUser_Create]
@Id BIGINT OUTPUT,
@UserId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@ExternalId NVARCHAR(300),
@CreationDate DATETIME2(7)
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[SsoUser]
(
[UserId],
[OrganizationId],
[ExternalId],
[CreationDate]
)
VALUES
(
@UserId,
@OrganizationId,
@ExternalId,
@CreationDate
)
SET @Id = SCOPE_IDENTITY();
END
GO
CREATE OR ALTER PROCEDURE [dbo].[SsoUser_Update]
@Id BIGINT OUTPUT,
@UserId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@ExternalId NVARCHAR(300),
@CreationDate DATETIME2(7)
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[SsoUser]
SET
[UserId] = @UserId,
[OrganizationId] = @OrganizationId,
[ExternalId] = @ExternalId,
[CreationDate] = @CreationDate
WHERE
[Id] = @Id
END
GO

78
util/Migrator/DbScripts/2025-05-28_00_RemoveUnsupportedJsonFunction.sql Normal file
View File

@ -0,0 +1,78 @@
CREATE OR ALTER PROCEDURE [dbo].[Cipher_DeleteAttachment]
@Id UNIQUEIDENTIFIER,
@AttachmentId VARCHAR(50)
AS
BEGIN
SET NOCOUNT ON
DECLARE @AttachmentIdKey VARCHAR(50) = CONCAT('"', @AttachmentId, '"')
DECLARE @AttachmentIdPath VARCHAR(50) = CONCAT('$.', @AttachmentIdKey)
DECLARE @UserId UNIQUEIDENTIFIER
DECLARE @OrganizationId UNIQUEIDENTIFIER
DECLARE @CurrentAttachments NVARCHAR(MAX)
DECLARE @NewAttachments NVARCHAR(MAX)
-- Get current cipher data
SELECT
@UserId = [UserId],
@OrganizationId = [OrganizationId],
@CurrentAttachments = [Attachments]
FROM
[dbo].[Cipher]
WHERE [Id] = @Id
-- If there are no attachments, nothing to do
IF @CurrentAttachments IS NULL
BEGIN
RETURN;
END
-- Validate the initial JSON
IF ISJSON(@CurrentAttachments) = 0
BEGIN
THROW 50000, 'Current initial attachments data is not valid JSON', 1;
RETURN;
END
-- Check if the attachment exists before trying to remove it
IF JSON_QUERY(@CurrentAttachments, @AttachmentIdPath) IS NULL
BEGIN
-- Attachment doesn't exist, nothing to do
RETURN;
END
-- Create the new attachments JSON with the specified attachment removed
SET @NewAttachments = JSON_MODIFY(@CurrentAttachments, @AttachmentIdPath, NULL)
-- Validate the resulting JSON
IF ISJSON(@NewAttachments) = 0
BEGIN
THROW 50000, 'Failed to create valid JSON when removing attachment', 1;
RETURN;
END
-- Check if we've removed all attachments and have an empty object
IF @NewAttachments = '{}'
BEGIN
-- If we have an empty JSON object, set to NULL instead
SET @NewAttachments = NULL;
END
-- Update with validated JSON
UPDATE [dbo].[Cipher]
SET [Attachments] = @NewAttachments
WHERE [Id] = @Id
IF @OrganizationId IS NOT NULL
BEGIN
EXEC [dbo].[Organization_UpdateStorage] @OrganizationId
EXEC [dbo].[User_BumpAccountRevisionDateByCipherId] @Id, @OrganizationId
END
ELSE IF @UserId IS NOT NULL
BEGIN
EXEC [dbo].[User_UpdateStorage] @UserId
EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
END
END
GO

55
util/Migrator/DbScripts/2025-06-02_00_AddOrgUserDefaultCollection.sql Normal file
View File

@ -0,0 +1,55 @@
IF NOT EXISTS (
SELECT *
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = 'dbo'
AND TABLE_NAME = 'Collection'
AND COLUMN_NAME = 'DefaultUserCollectionEmail'
)
BEGIN
ALTER TABLE [dbo].[Collection]
ADD [DefaultUserCollectionEmail] NVARCHAR(256) NULL
END
GO
IF NOT EXISTS (
SELECT *
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = 'dbo'
AND TABLE_NAME = 'Collection'
AND COLUMN_NAME = 'Type'
)
BEGIN
ALTER TABLE [dbo].[Collection]
ADD [Type] TINYINT NOT NULL DEFAULT (0)
END
GO
IF OBJECT_ID('[dbo].[CollectionView]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[CollectionView]';
END
GO
IF OBJECT_ID('[dbo].[Collection_ReadById]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[Collection_ReadById]';
END
GO
IF OBJECT_ID('[dbo].[Collection_ReadByIds]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[Collection_ReadByIds]';
END
GO
IF OBJECT_ID('[dbo].[Collection_ReadByOrganizationId]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[Collection_ReadByOrganizationId]';
END
GO
IF OBJECT_ID('[dbo].[UserCollectionDetails]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[UserCollectionDetails]';
END
GO

456
util/Migrator/DbScripts/2025-06-02_01_AddOrgUserDefaultCollection.sql Normal file
View File

@ -0,0 +1,456 @@
CREATE OR ALTER PROCEDURE [dbo].[Collection_Create]
@Id UNIQUEIDENTIFIER OUTPUT,
@OrganizationId UNIQUEIDENTIFIER,
@Name VARCHAR(MAX),
@ExternalId NVARCHAR(300),
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@DefaultUserCollectionEmail NVARCHAR(256) = NULL,
@Type TINYINT = 0
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[Collection]
(
[Id],
[OrganizationId],
[Name],
[ExternalId],
[CreationDate],
[RevisionDate],
[DefaultUserCollectionEmail],
[Type]
)
VALUES
(
@Id,
@OrganizationId,
@Name,
@ExternalId,
@CreationDate,
@RevisionDate,
@DefaultUserCollectionEmail,
@Type
)
EXEC [dbo].[User_BumpAccountRevisionDateByCollectionId] @Id, @OrganizationId
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByUserId]
@UserId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
[Id],
[OrganizationId],
[Name],
[CreationDate],
[RevisionDate],
[ExternalId],
MIN([ReadOnly]) AS [ReadOnly],
MIN([HidePasswords]) AS [HidePasswords],
MAX([Manage]) AS [Manage],
[DefaultUserCollectionEmail],
[Type]
FROM
[dbo].[UserCollectionDetails](@UserId)
GROUP BY
[Id],
[OrganizationId],
[Name],
[CreationDate],
[RevisionDate],
[ExternalId],
[DefaultUserCollectionEmail],
[Type]
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Collection_Update]
@Id UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@Name VARCHAR(MAX),
@ExternalId NVARCHAR(300),
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@DefaultUserCollectionEmail NVARCHAR(256) = NULL,
@Type TINYINT = 0
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[Collection]
SET
[OrganizationId] = @OrganizationId,
[Name] = @Name,
[ExternalId] = @ExternalId,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate,
[DefaultUserCollectionEmail] = @DefaultUserCollectionEmail,
[Type] = @Type
WHERE
[Id] = @Id
EXEC [dbo].[User_BumpAccountRevisionDateByCollectionId] @Id, @OrganizationId
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Collection_UpdateWithGroupsAndUsers]
@Id UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@Name VARCHAR(MAX),
@ExternalId NVARCHAR(300),
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@Groups AS [dbo].[CollectionAccessSelectionType] READONLY,
@Users AS [dbo].[CollectionAccessSelectionType] READONLY,
@DefaultUserCollectionEmail NVARCHAR(256) = NULL,
@Type TINYINT = 0
AS
BEGIN
SET NOCOUNT ON
EXEC [dbo].[Collection_Update] @Id, @OrganizationId, @Name, @ExternalId, @CreationDate, @RevisionDate, @DefaultUserCollectionEmail, @Type
-- Groups
-- Delete groups that are no longer in source
DELETE cg
FROM [dbo].[CollectionGroup] cg
LEFT JOIN @Groups g ON cg.GroupId = g.Id
WHERE cg.CollectionId = @Id
AND g.Id IS NULL;
-- Update existing groups
UPDATE cg
SET cg.ReadOnly = g.ReadOnly,
cg.HidePasswords = g.HidePasswords,
cg.Manage = g.Manage
FROM [dbo].[CollectionGroup] cg
INNER JOIN @Groups g ON cg.GroupId = g.Id
WHERE cg.CollectionId = @Id
AND (cg.ReadOnly != g.ReadOnly
OR cg.HidePasswords != g.HidePasswords
OR cg.Manage != g.Manage);
-- Insert new groups
INSERT INTO [dbo].[CollectionGroup]
(
[CollectionId],
[GroupId],
[ReadOnly],
[HidePasswords],
[Manage]
)
SELECT
@Id,
g.Id,
g.ReadOnly,
g.HidePasswords,
g.Manage
FROM @Groups g
INNER JOIN [dbo].[Group] grp ON grp.Id = g.Id
LEFT JOIN [dbo].[CollectionGroup] cg
ON cg.CollectionId = @Id AND cg.GroupId = g.Id
WHERE grp.OrganizationId = @OrganizationId
AND cg.CollectionId IS NULL;
-- Users
-- Delete users that are no longer in source
DELETE cu
FROM [dbo].[CollectionUser] cu
LEFT JOIN @Users u ON cu.OrganizationUserId = u.Id
WHERE cu.CollectionId = @Id
AND u.Id IS NULL;
-- Update existing users
UPDATE cu
SET cu.ReadOnly = u.ReadOnly,
cu.HidePasswords = u.HidePasswords,
cu.Manage = u.Manage
FROM [dbo].[CollectionUser] cu
INNER JOIN @Users u ON cu.OrganizationUserId = u.Id
WHERE cu.CollectionId = @Id
AND (cu.ReadOnly != u.ReadOnly
OR cu.HidePasswords != u.HidePasswords
OR cu.Manage != u.Manage);
-- Insert new users
INSERT INTO [dbo].[CollectionUser]
(
[CollectionId],
[OrganizationUserId],
[ReadOnly],
[HidePasswords],
[Manage]
)
SELECT
@Id,
u.Id,
u.ReadOnly,
u.HidePasswords,
u.Manage
FROM @Users u
INNER JOIN [dbo].[OrganizationUser] ou ON ou.Id = u.Id
LEFT JOIN [dbo].[CollectionUser] cu
ON cu.CollectionId = @Id AND cu.OrganizationUserId = u.Id
WHERE ou.OrganizationId = @OrganizationId
AND cu.CollectionId IS NULL;
EXEC [dbo].[User_BumpAccountRevisionDateByCollectionId] @Id, @OrganizationId
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByOrganizationIdWithPermissions]
@OrganizationId UNIQUEIDENTIFIER,
@UserId UNIQUEIDENTIFIER,
@IncludeAccessRelationships BIT
AS
BEGIN
SET NOCOUNT ON
SELECT
C.*,
MIN(CASE
WHEN
COALESCE(CU.[ReadOnly], CG.[ReadOnly], 0) = 0
THEN 0
ELSE 1
END) AS [ReadOnly],
MIN(CASE
WHEN
COALESCE(CU.[HidePasswords], CG.[HidePasswords], 0) = 0
THEN 0
ELSE 1
END) AS [HidePasswords],
MAX(CASE
WHEN
COALESCE(CU.[Manage], CG.[Manage], 0) = 0
THEN 0
ELSE 1
END) AS [Manage],
MAX(CASE
WHEN
CU.[CollectionId] IS NULL AND CG.[CollectionId] IS NULL
THEN 0
ELSE 1
END) AS [Assigned],
CASE
WHEN
-- No user or group has manage rights
NOT EXISTS(
SELECT 1
FROM [dbo].[CollectionUser] CU2
JOIN [dbo].[OrganizationUser] OU2 ON CU2.[OrganizationUserId] = OU2.[Id]
WHERE
CU2.[CollectionId] = C.[Id] AND
CU2.[Manage] = 1
)
AND NOT EXISTS (
SELECT 1
FROM [dbo].[CollectionGroup] CG2
WHERE
CG2.[CollectionId] = C.[Id] AND
CG2.[Manage] = 1
)
THEN 1
ELSE 0
END AS [Unmanaged]
FROM
[dbo].[CollectionView] C
LEFT JOIN
[dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId] AND OU.[UserId] = @UserId
LEFT JOIN
[dbo].[CollectionUser] CU ON CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
LEFT JOIN
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND GU.[OrganizationUserId] = OU.[Id]
LEFT JOIN
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
LEFT JOIN
[dbo].[CollectionGroup] CG ON CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
WHERE
C.[OrganizationId] = @OrganizationId
GROUP BY
C.[Id],
C.[OrganizationId],
C.[Name],
C.[CreationDate],
C.[RevisionDate],
C.[ExternalId],
C.[DefaultUserCollectionEmail],
C.[Type]
IF (@IncludeAccessRelationships = 1)
BEGIN
EXEC [dbo].[CollectionGroup_ReadByOrganizationId] @OrganizationId
EXEC [dbo].[CollectionUser_ReadByOrganizationId] @OrganizationId
END
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Collection_CreateWithGroupsAndUsers]
@Id UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@Name VARCHAR(MAX),
@ExternalId NVARCHAR(300),
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@Groups AS [dbo].[CollectionAccessSelectionType] READONLY,
@Users AS [dbo].[CollectionAccessSelectionType] READONLY,
@DefaultUserCollectionEmail NVARCHAR(256) = NULL,
@Type TINYINT = 0
AS
BEGIN
SET NOCOUNT ON
EXEC [dbo].[Collection_Create] @Id, @OrganizationId, @Name, @ExternalId, @CreationDate, @RevisionDate, @DefaultUserCollectionEmail, @Type
-- Groups
;WITH [AvailableGroupsCTE] AS(
SELECT
[Id]
FROM
[dbo].[Group]
WHERE
[OrganizationId] = @OrganizationId
)
INSERT INTO [dbo].[CollectionGroup]
(
[CollectionId],
[GroupId],
[ReadOnly],
[HidePasswords],
[Manage]
)
SELECT
@Id,
[Id],
[ReadOnly],
[HidePasswords],
[Manage]
FROM
@Groups
WHERE
[Id] IN (SELECT [Id] FROM [AvailableGroupsCTE])
-- Users
;WITH [AvailableUsersCTE] AS(
SELECT
[Id]
FROM
[dbo].[OrganizationUser]
WHERE
[OrganizationId] = @OrganizationId
)
INSERT INTO [dbo].[CollectionUser]
(
[CollectionId],
[OrganizationUserId],
[ReadOnly],
[HidePasswords],
[Manage]
)
SELECT
@Id,
[Id],
[ReadOnly],
[HidePasswords],
[Manage]
FROM
@Users
WHERE
[Id] IN (SELECT [Id] FROM [AvailableUsersCTE])
EXEC [dbo].[User_BumpAccountRevisionDateByOrganizationId] @OrganizationId
END
GO
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByIdWithPermissions]
@CollectionId UNIQUEIDENTIFIER,
@UserId UNIQUEIDENTIFIER,
@IncludeAccessRelationships BIT
AS
BEGIN
SET NOCOUNT ON
SELECT
C.*,
MIN(CASE
WHEN
COALESCE(CU.[ReadOnly], CG.[ReadOnly], 0) = 0
THEN 0
ELSE 1
END) AS [ReadOnly],
MIN (CASE
WHEN
COALESCE(CU.[HidePasswords], CG.[HidePasswords], 0) = 0
THEN 0
ELSE 1
END) AS [HidePasswords],
MAX(CASE
WHEN
COALESCE(CU.[Manage], CG.[Manage], 0) = 0
THEN 0
ELSE 1
END) AS [Manage],
MAX(CASE
WHEN
CU.[CollectionId] IS NULL AND CG.[CollectionId] IS NULL
THEN 0
ELSE 1
END) AS [Assigned],
CASE
WHEN
-- No user or group has manage rights
NOT EXISTS(
SELECT 1
FROM [dbo].[CollectionUser] CU2
JOIN [dbo].[OrganizationUser] OU2 ON CU2.[OrganizationUserId] = OU2.[Id]
WHERE
CU2.[CollectionId] = C.[Id] AND
CU2.[Manage] = 1
)
AND NOT EXISTS (
SELECT 1
FROM [dbo].[CollectionGroup] CG2
WHERE
CG2.[CollectionId] = C.[Id] AND
CG2.[Manage] = 1
)
THEN 1
ELSE 0
END AS [Unmanaged]
FROM
[dbo].[CollectionView] C
LEFT JOIN
[dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId] AND OU.[UserId] = @UserId
LEFT JOIN
[dbo].[CollectionUser] CU ON CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
LEFT JOIN
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND GU.[OrganizationUserId] = OU.[Id]
LEFT JOIN
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
LEFT JOIN
[dbo].[CollectionGroup] CG ON CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
WHERE
C.[Id] = @CollectionId
GROUP BY
C.[Id],
C.[OrganizationId],
C.[Name],
C.[CreationDate],
C.[RevisionDate],
C.[ExternalId],
C.[DefaultUserCollectionEmail],
C.[Type]
IF (@IncludeAccessRelationships = 1)
BEGIN
EXEC [dbo].[CollectionGroup_ReadByCollectionId] @CollectionId
EXEC [dbo].[CollectionUser_ReadByCollectionId] @CollectionId
END
END

6
util/MsSql/Dockerfile
View File

@ -10,9 +10,9 @@ RUN apt-get update \
tzdata \
&& rm -rf /var/lib/apt/lists/*
COPY backup-db.sql /
COPY backup-db.sh /
COPY entrypoint.sh /
COPY util/MsSql/backup-db.sql /
COPY util/MsSql/backup-db.sh /
COPY util/MsSql/entrypoint.sh /
RUN chmod +x /entrypoint.sh \
&& chmod +x /backup-db.sh

50
util/MsSqlMigratorUtility/Dockerfile
View File

@ -1,8 +1,52 @@
###############################################
# Build stage #
###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
# Docker buildx supplies the value for this arg
ARG TARGETPLATFORM
# Determine proper runtime value for .NET
# We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \
fi \
&& echo "RID=$RID" > /tmp/rid.txt
# Copy required project files
WORKDIR /source
COPY . ./
# Restore project dependencies and tools
WORKDIR /source/util/MsSqlMigratorUtility
RUN . /tmp/rid.txt && dotnet restore -r $RID
# Build project
WORKDIR /source/util/MsSqlMigratorUtility
RUN . /tmp/rid.txt && dotnet publish \
-c release \
--no-restore \
--self-contained \
/p:PublishSingleFile=true \
-r $RID \
-o out
###############################################
# App stage #
###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0
ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden"
WORKDIR /app
COPY obj/build-output/publish .
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENTRYPOINT ["sh", "-c", "dotnet /app/MsSqlMigratorUtility.dll \"${MSSQL_CONN_STRING}\" ${@}", "--" ]
# Copy app from the build stage
WORKDIR /app
COPY --from=build /source/util/MsSqlMigratorUtility/out /app
ENTRYPOINT ["sh", "-c", "/app/MsSqlMigratorUtility \"${MSSQL_CONN_STRING}\" ${@}", "--" ]

3112
util/MySqlMigrations/Migrations/20250429113731_SsoExternalId.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

43
util/MySqlMigrations/Migrations/20250429113731_SsoExternalId.cs Normal file
View File

@ -0,0 +1,43 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class SsoExternalId : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AlterColumn<string>(
name: "ExternalId",
table: "SsoUser",
type: "varchar(300)",
maxLength: 300,
nullable: true,
oldClrType: typeof(string),
oldType: "varchar(50)",
oldMaxLength: 50,
oldNullable: true)
.Annotation("MySql:CharSet", "utf8mb4")
.OldAnnotation("MySql:CharSet", "utf8mb4");
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.AlterColumn<string>(
name: "ExternalId",
table: "SsoUser",
type: "varchar(50)",
maxLength: 50,
nullable: true,
oldClrType: typeof(string),
oldType: "varchar(300)",
oldMaxLength: 300,
oldNullable: true)
.Annotation("MySql:CharSet", "utf8mb4")
.OldAnnotation("MySql:CharSet", "utf8mb4");
}
}

3119
util/MySqlMigrations/Migrations/20250522205018_2025-05-20_00_AddSendEmails.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

29
util/MySqlMigrations/Migrations/20250522205018_2025-05-20_00_AddSendEmails.cs Normal file
View File

@ -0,0 +1,29 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class _20250520_00_AddSendEmails : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "Emails",
table: "Send",
type: "varchar(1024)",
maxLength: 1024,
nullable: true)
.Annotation("MySql:CharSet", "utf8mb4");
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "Emails",
table: "Send");
}
}

3125
util/MySqlMigrations/Migrations/20250603133713_AddOrgUserDefaultCollection.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

39
util/MySqlMigrations/Migrations/20250603133713_AddOrgUserDefaultCollection.cs Normal file
View File

@ -0,0 +1,39 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class AddOrgUserDefaultCollection : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "DefaultUserCollectionEmail",
table: "Collection",
type: "longtext",
nullable: true)
.Annotation("MySql:CharSet", "utf8mb4");
migrationBuilder.AddColumn<int>(
name: "Type",
table: "Collection",
type: "int",
nullable: false,
defaultValue: 0);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "DefaultUserCollectionEmail",
table: "Collection");
migrationBuilder.DropColumn(
name: "Type",
table: "Collection");
}
}

14
util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -679,8 +679,8 @@ namespace Bit.MySqlMigrations.Migrations
.HasColumnType("datetime(6)");
b.Property<string>("ExternalId")
.HasMaxLength(50)
.HasColumnType("varchar(50)");
.HasMaxLength(300)
.HasColumnType("varchar(300)");
b.Property<Guid?>("OrganizationId")
.HasColumnType("char(36)");
@ -956,6 +956,9 @@ namespace Bit.MySqlMigrations.Migrations
b.Property<DateTime>("CreationDate")
.HasColumnType("datetime(6)");
b.Property<string>("DefaultUserCollectionEmail")
.HasColumnType("longtext");
b.Property<string>("ExternalId")
.HasMaxLength(300)
.HasColumnType("varchar(300)");
@ -970,6 +973,9 @@ namespace Bit.MySqlMigrations.Migrations
b.Property<DateTime>("RevisionDate")
.HasColumnType("datetime(6)");
b.Property<int>("Type")
.HasColumnType("int");
b.HasKey("Id");
b.HasIndex("OrganizationId");
@ -1437,6 +1443,10 @@ namespace Bit.MySqlMigrations.Migrations
b.Property<bool>("Disabled")
.HasColumnType("tinyint(1)");
b.Property<string>("Emails")
.HasMaxLength(1024)
.HasColumnType("varchar(1024)");
b.Property<DateTime?>("ExpirationDate")
.HasColumnType("datetime(6)");

23
util/Nginx/Dockerfile
View File

@ -1,20 +1,23 @@
FROM nginx:stable
FROM --platform=$BUILDPLATFORM nginx:stable
ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden"
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
gosu \
curl \
&& rm -rf /var/lib/apt/lists/*
COPY nginx.conf /etc/nginx
COPY proxy.conf /etc/nginx
COPY mime.types /etc/nginx
COPY security-headers.conf /etc/nginx
COPY security-headers-ssl.conf /etc/nginx
COPY logrotate.sh /
COPY entrypoint.sh /
COPY util/Nginx/nginx.conf /etc/nginx
COPY util/Nginx/proxy.conf /etc/nginx
COPY util/Nginx/mime.types /etc/nginx
COPY util/Nginx/security-headers.conf /etc/nginx
COPY util/Nginx/security-headers-ssl.conf /etc/nginx
COPY util/Nginx/logrotate.sh /
COPY util/Nginx/entrypoint.sh /
EXPOSE 8080
EXPOSE 8443

3118
util/PostgresMigrations/Migrations/20250429113739_SsoExternalId.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

43
util/PostgresMigrations/Migrations/20250429113739_SsoExternalId.cs Normal file
View File

@ -0,0 +1,43 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class SsoExternalId : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AlterColumn<string>(
name: "ExternalId",
table: "SsoUser",
type: "character varying(300)",
maxLength: 300,
nullable: true,
collation: "postgresIndetermanisticCollation",
oldClrType: typeof(string),
oldType: "character varying(50)",
oldMaxLength: 50,
oldNullable: true,
oldCollation: "postgresIndetermanisticCollation");
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.AlterColumn<string>(
name: "ExternalId",
table: "SsoUser",
type: "character varying(50)",
maxLength: 50,
nullable: true,
collation: "postgresIndetermanisticCollation",
oldClrType: typeof(string),
oldType: "character varying(300)",
oldMaxLength: 300,
oldNullable: true,
oldCollation: "postgresIndetermanisticCollation");
}
}

3125
util/PostgresMigrations/Migrations/20250520201209_2025-05-20_00_AddSendEmails.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

28
util/PostgresMigrations/Migrations/20250520201209_2025-05-20_00_AddSendEmails.cs Normal file
View File

@ -0,0 +1,28 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class _20250520_00_AddSendEmails : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "Emails",
table: "Send",
type: "character varying(1024)",
maxLength: 1024,
nullable: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "Emails",
table: "Send");
}
}

3131
util/PostgresMigrations/Migrations/20250603133704_AddOrgUserDefaultCollection.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

38
util/PostgresMigrations/Migrations/20250603133704_AddOrgUserDefaultCollection.cs Normal file
View File

@ -0,0 +1,38 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class AddOrgUserDefaultCollection : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "DefaultUserCollectionEmail",
table: "Collection",
type: "text",
nullable: true);
migrationBuilder.AddColumn<int>(
name: "Type",
table: "Collection",
type: "integer",
nullable: false,
defaultValue: 0);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "DefaultUserCollectionEmail",
table: "Collection");
migrationBuilder.DropColumn(
name: "Type",
table: "Collection");
}
}

14
util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -682,8 +682,8 @@ namespace Bit.PostgresMigrations.Migrations
.HasColumnType("timestamp with time zone");
b.Property<string>("ExternalId")
.HasMaxLength(50)
.HasColumnType("character varying(50)")
.HasMaxLength(300)
.HasColumnType("character varying(300)")
.UseCollation("postgresIndetermanisticCollation");
b.Property<Guid?>("OrganizationId")
@ -961,6 +961,9 @@ namespace Bit.PostgresMigrations.Migrations
b.Property<DateTime>("CreationDate")
.HasColumnType("timestamp with time zone");
b.Property<string>("DefaultUserCollectionEmail")
.HasColumnType("text");
b.Property<string>("ExternalId")
.HasMaxLength(300)
.HasColumnType("character varying(300)");
@ -975,6 +978,9 @@ namespace Bit.PostgresMigrations.Migrations
b.Property<DateTime>("RevisionDate")
.HasColumnType("timestamp with time zone");
b.Property<int>("Type")
.HasColumnType("integer");
b.HasKey("Id");
b.HasIndex("OrganizationId");
@ -1442,6 +1448,10 @@ namespace Bit.PostgresMigrations.Migrations
b.Property<bool>("Disabled")
.HasColumnType("boolean");
b.Property<string>("Emails")
.HasMaxLength(1024)
.HasColumnType("character varying(1024)");
b.Property<DateTime?>("ExpirationDate")
.HasColumnType("timestamp with time zone");

5
util/Server/Dockerfile
View File

@ -1,5 +0,0 @@
FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden"
COPY obj/build-output/publish /bitwarden_server

19
util/Server/Startup.cs
View File

@ -26,7 +26,8 @@ public class Startup
public void Configure(
IApplicationBuilder app,
IConfiguration configuration)
IConfiguration configuration,
ILogger<Startup> logger)
{
if (configuration.GetValue<bool?>("serveUnknown") ?? false)
{
@ -44,6 +45,22 @@ public class Startup
}
else if (configuration.GetValue<bool?>("webVault") ?? false)
{
var appIdLocation = configuration.GetValue<string>("appIdLocation");
if (!string.IsNullOrEmpty(appIdLocation))
{
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/app-id.json", async context =>
{
var appId = await File.ReadAllTextAsync(appIdLocation);
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(appId);
});
});
}
// TODO: This should be removed when asp.net natively support avif
var provider = new FileExtensionContentTypeProvider { Mappings = { [".avif"] = "image/avif" } };

48
util/Setup/Dockerfile
View File

@ -1,16 +1,60 @@
###############################################
# Build stage #
###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
# Docker buildx supplies the value for this arg
ARG TARGETPLATFORM
# Determine proper runtime value for .NET
# We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \
fi \
&& echo "RID=$RID" > /tmp/rid.txt
# Copy required project files
WORKDIR /source
COPY . ./
# Restore project dependencies and tools
WORKDIR /source/util/Setup
RUN . /tmp/rid.txt && dotnet restore -r $RID
# Build project
WORKDIR /source/util/Setup
RUN . /tmp/rid.txt && dotnet publish \
-c release \
--no-restore \
--self-contained \
/p:PublishSingleFile=true \
-r $RID \
-o out
###############################################
# App stage #
###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0
ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" com.bitwarden.project="setup"
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
openssl \
gosu \
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage
WORKDIR /app
COPY obj/build-output/publish .
COPY entrypoint.sh /
COPY --from=build /source/util/Setup/out .
COPY util/Setup/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

37
util/Setup/Program.cs
View File

@ -20,30 +20,29 @@ public class Program
ParseParameters();
if (_context.Parameters.ContainsKey("q"))
if (_context.Parameters.TryGetValue("q", out var q))
{
_context.Quiet = _context.Parameters["q"] == "true" || _context.Parameters["q"] == "1";
_context.Quiet = q == "true" || q == "1";
}
if (_context.Parameters.ContainsKey("os"))
if (_context.Parameters.TryGetValue("os", out var os))
{
_context.HostOS = _context.Parameters["os"];
_context.HostOS = os;
}
if (_context.Parameters.ContainsKey("corev"))
if (_context.Parameters.TryGetValue("corev", out var coreVersion))
{
_context.CoreVersion = _context.Parameters["corev"];
_context.CoreVersion = coreVersion;
}
if (_context.Parameters.ContainsKey("webv"))
if (_context.Parameters.TryGetValue("webv", out var webVersion))
{
_context.WebVersion = _context.Parameters["webv"];
_context.WebVersion = webVersion;
}
if (_context.Parameters.ContainsKey("keyconnectorv"))
if (_context.Parameters.TryGetValue("keyconnectorv", out var keyConnectorVersion))
{
_context.KeyConnectorVersion = _context.Parameters["keyconnectorv"];
_context.KeyConnectorVersion = keyConnectorVersion;
}
if (_context.Parameters.ContainsKey("stub"))
if (_context.Parameters.TryGetValue("stub", out var stub))
{
_context.Stub = _context.Parameters["stub"] == "true" ||
_context.Parameters["stub"] == "1";
_context.Stub = stub == "true" || stub == "1";
}
Helpers.WriteLine(_context);
@ -68,18 +67,18 @@ public class Program
private static void Install()
{
if (_context.Parameters.ContainsKey("letsencrypt"))
if (_context.Parameters.TryGetValue("letsencrypt", out var sslManagedLetsEncrypt))
{
_context.Config.SslManagedLetsEncrypt =
_context.Parameters["letsencrypt"].ToLowerInvariant() == "y";
sslManagedLetsEncrypt.ToLowerInvariant() == "y";
}
if (_context.Parameters.ContainsKey("domain"))
if (_context.Parameters.TryGetValue("domain", out var domain))
{
_context.Install.Domain = _context.Parameters["domain"].ToLowerInvariant();
_context.Install.Domain = domain.ToLowerInvariant();
}
if (_context.Parameters.ContainsKey("dbname"))
if (_context.Parameters.TryGetValue("dbname", out var database))
{
_context.Install.Database = _context.Parameters["dbname"];
_context.Install.Database = database;
}
if (_context.Stub)

44
util/Setup/entrypoint.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Setup
@ -19,27 +19,31 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /bitwarden/env
mkdir -p /bitwarden/docker
mkdir -p /bitwarden/ssl
mkdir -p /bitwarden/letsencrypt
mkdir -p /bitwarden/identity
mkdir -p /bitwarden/nginx
mkdir -p /bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /bitwarden/env
mkdir -p /bitwarden/docker
mkdir -p /bitwarden/ssl
mkdir -p /bitwarden/letsencrypt
mkdir -p /bitwarden/identity
mkdir -p /bitwarden/nginx
mkdir -p /bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /bitwarden
cp /bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME "$@"
exec $gosu_cmd "$@"

3101
util/SqliteMigrations/Migrations/20250429113747_SsoExternalId.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

21
util/SqliteMigrations/Migrations/20250429113747_SsoExternalId.cs Normal file
View File

@ -0,0 +1,21 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class SsoExternalId : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
}
}

3108
util/SqliteMigrations/Migrations/20250520201216_2025-05-20_00_AddSendEmails.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

28
util/SqliteMigrations/Migrations/20250520201216_2025-05-20_00_AddSendEmails.cs Normal file
View File

@ -0,0 +1,28 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class _20250520_00_AddSendEmails : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "Emails",
table: "Send",
type: "TEXT",
maxLength: 1024,
nullable: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "Emails",
table: "Send");
}
}

3114
util/SqliteMigrations/Migrations/20250603133708_AddOrgUserDefaultCollection.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

38
util/SqliteMigrations/Migrations/20250603133708_AddOrgUserDefaultCollection.cs Normal file
View File

@ -0,0 +1,38 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class AddOrgUserDefaultCollection : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<string>(
name: "DefaultUserCollectionEmail",
table: "Collection",
type: "TEXT",
nullable: true);
migrationBuilder.AddColumn<int>(
name: "Type",
table: "Collection",
type: "INTEGER",
nullable: false,
defaultValue: 0);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "DefaultUserCollectionEmail",
table: "Collection");
migrationBuilder.DropColumn(
name: "Type",
table: "Collection");
}
}

12
util/SqliteMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -668,7 +668,7 @@ namespace Bit.SqliteMigrations.Migrations
.HasColumnType("TEXT");
b.Property<string>("ExternalId")
.HasMaxLength(50)
.HasMaxLength(300)
.HasColumnType("TEXT");
b.Property<Guid?>("OrganizationId")
@ -945,6 +945,9 @@ namespace Bit.SqliteMigrations.Migrations
b.Property<DateTime>("CreationDate")
.HasColumnType("TEXT");
b.Property<string>("DefaultUserCollectionEmail")
.HasColumnType("TEXT");
b.Property<string>("ExternalId")
.HasMaxLength(300)
.HasColumnType("TEXT");
@ -959,6 +962,9 @@ namespace Bit.SqliteMigrations.Migrations
b.Property<DateTime>("RevisionDate")
.HasColumnType("TEXT");
b.Property<int>("Type")
.HasColumnType("INTEGER");
b.HasKey("Id");
b.HasIndex("OrganizationId");
@ -1426,6 +1432,10 @@ namespace Bit.SqliteMigrations.Migrations
b.Property<bool>("Disabled")
.HasColumnType("INTEGER");
b.Property<string>("Emails")
.HasMaxLength(1024)
.HasColumnType("TEXT");
b.Property<DateTime?>("ExpirationDate")
.HasColumnType("TEXT");