nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-13 14:30:50 -05:00
Code

Removed remaining methods out of org and user licenses

Browse Source
This commit is contained in:
Conner Turnbull 2025-06-09 15:45:54 -04:00
parent 5ed8635f9c
commit 389dab8261
No known key found for this signature in database
7 changed files with 154 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
View File

@ -17,6 +17,7 @@ using Bit.Core.Auth.Repositories;
using Bit.Core.Billing.Constants; using Bit.Core.Billing.Constants;
using Bit.Core.Billing.Enums; using Bit.Core.Billing.Enums;
using Bit.Core.Billing.Extensions; using Bit.Core.Billing.Extensions;
using Bit.Core.Billing.Licenses.Extensions;
using Bit.Core.Billing.Pricing; using Bit.Core.Billing.Pricing;
using Bit.Core.Context; using Bit.Core.Context;
using Bit.Core.Entities; using Bit.Core.Entities;

148
src/Core/Billing/Licenses/Extensions/LicenseExtensions.cs
View File

@ -7,7 +7,9 @@ using Bit.Core.AdminConsole.Entities;
using Bit.Core.Billing.Enums; using Bit.Core.Billing.Enums;
using Bit.Core.Billing.Licenses.Attributes; using Bit.Core.Billing.Licenses.Attributes;
using Bit.Core.Entities; using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Business; using Bit.Core.Models.Business;
using Bit.Core.Settings;
using Bit.Core.Utilities; using Bit.Core.Utilities;
namespace Bit.Core.Billing.Licenses.Extensions; namespace Bit.Core.Billing.Licenses.Extensions;
@ -223,6 +225,116 @@ public static class OrganizationLicenseExtensions
subscriptionInfo?.Subscription == null subscriptionInfo?.Subscription == null
? org.PlanType != PlanType.Custom || !org.ExpirationDate.HasValue ? org.PlanType != PlanType.Custom || !org.ExpirationDate.HasValue
: subscriptionInfo.Subscription.TrialEndDate.HasValue && subscriptionInfo.Subscription.TrialEndDate.Value > DateTime.UtcNow; : subscriptionInfo.Subscription.TrialEndDate.HasValue && subscriptionInfo.Subscription.TrialEndDate.Value > DateTime.UtcNow;
public static bool CanUse(
this OrganizationLicense license,
IGlobalSettings globalSettings,
ClaimsPrincipal claimsPrincipal,
out string exception)
{
var errorMessages = new StringBuilder();
var enabled = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.Enabled));
if (!enabled)
{
errorMessages.AppendLine("Your cloud-hosted organization is currently disabled.");
}
var installationId = claimsPrincipal.GetValue<Guid>(nameof(OrganizationLicense.InstallationId));
if (installationId != globalSettings.Installation.Id)
{
errorMessages.AppendLine("The installation ID does not match the current installation.");
}
var selfHost = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.SelfHost));
if (!selfHost)
{
errorMessages.AppendLine("The license does not allow for on-premise hosting of organizations.");
}
var licenseType = claimsPrincipal.GetValue<LicenseType>(nameof(OrganizationLicense.LicenseType));
if (licenseType != LicenseType.Organization)
{
errorMessages.AppendLine("Premium licenses cannot be applied to an organization. " +
"Upload this license from your personal account settings page.");
}
if (errorMessages.Length > 0)
{
exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
return false;
}
exception = "";
return true;
}
public static bool VerifyData(
this OrganizationLicense license,
Organization organization,
ClaimsPrincipal claimsPrincipal,
IGlobalSettings globalSettings)
{
var issued = claimsPrincipal.GetValue<DateTime>(nameof(OrganizationLicense.Issued));
var expires = claimsPrincipal.GetValue<DateTime>(nameof(OrganizationLicense.Expires));
var installationId = claimsPrincipal.GetValue<Guid>(nameof(OrganizationLicense.InstallationId));
var licenseKey = claimsPrincipal.GetValue<string>(nameof(OrganizationLicense.LicenseKey));
var enabled = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.Enabled));
var planType = claimsPrincipal.GetValue<PlanType>(nameof(OrganizationLicense.PlanType));
var seats = claimsPrincipal.GetValue<int?>(nameof(OrganizationLicense.Seats));
var maxCollections = claimsPrincipal.GetValue<short?>(nameof(OrganizationLicense.MaxCollections));
var useGroups = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseGroups));
var useDirectory = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseDirectory));
var useTotp = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseTotp));
var selfHost = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.SelfHost));
var name = claimsPrincipal.GetValue<string>(nameof(OrganizationLicense.Name));
var usersGetPremium = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UsersGetPremium));
var useEvents = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseEvents));
var use2fa = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.Use2fa));
var useApi = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseApi));
var usePolicies = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UsePolicies));
var useSso = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseSso));
var useResetPassword = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseResetPassword));
var useKeyConnector = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseKeyConnector));
var useScim = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseScim));
var useCustomPermissions = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseCustomPermissions));
var useSecretsManager = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseSecretsManager));
var usePasswordManager = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UsePasswordManager));
var smSeats = claimsPrincipal.GetValue<int?>(nameof(OrganizationLicense.SmSeats));
var smServiceAccounts = claimsPrincipal.GetValue<int?>(nameof(OrganizationLicense.SmServiceAccounts));
var useAdminSponsoredFamilies = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseAdminSponsoredFamilies));
var useOrganizationDomains = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseOrganizationDomains));
return issued <= DateTime.UtcNow &&
expires >= DateTime.UtcNow &&
installationId == globalSettings.Installation.Id &&
licenseKey == organization.LicenseKey &&
enabled == organization.Enabled &&
planType == organization.PlanType &&
seats == organization.Seats &&
maxCollections == organization.MaxCollections &&
useGroups == organization.UseGroups &&
useDirectory == organization.UseDirectory &&
useTotp == organization.UseTotp &&
selfHost == organization.SelfHost &&
name == organization.Name &&
usersGetPremium == organization.UsersGetPremium &&
useEvents == organization.UseEvents &&
use2fa == organization.Use2fa &&
useApi == organization.UseApi &&
usePolicies == organization.UsePolicies &&
useSso == organization.UseSso &&
useResetPassword == organization.UseResetPassword &&
useKeyConnector == organization.UseKeyConnector &&
useScim == organization.UseScim &&
useCustomPermissions == organization.UseCustomPermissions &&
useSecretsManager == organization.UseSecretsManager &&
usePasswordManager == organization.UsePasswordManager &&
smSeats == organization.SmSeats &&
smServiceAccounts == organization.SmServiceAccounts &&
useAdminSponsoredFamilies == organization.UseAdminSponsoredFamilies &&
useOrganizationDomains == organization.UseOrganizationDomains;
}
} }
public static class UserLicenseExtensions public static class UserLicenseExtensions
@ -243,4 +355,40 @@ public static class UserLicenseExtensions
subscriptionInfo != null && subscriptionInfo != null &&
(subscriptionInfo?.Subscription?.TrialEndDate.HasValue ?? false) && (subscriptionInfo?.Subscription?.TrialEndDate.HasValue ?? false) &&
subscriptionInfo.Subscription.TrialEndDate.Value > DateTime.UtcNow; subscriptionInfo.Subscription.TrialEndDate.Value > DateTime.UtcNow;
public static bool CanUse(this UserLicense license, User user, ClaimsPrincipal claimsPrincipal, out string exception)
{
var errorMessages = new StringBuilder();
if (!user.EmailVerified)
{
errorMessages.AppendLine("The user's email is not verified.");
}
var email = claimsPrincipal.GetValue<string>(nameof(UserLicense.Email));
if (!email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
{
errorMessages.AppendLine("The user's email does not match the license email.");
}
if (errorMessages.Length > 0)
{
exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
return false;
}
exception = "";
return true;
}
public static bool VerifyData(this UserLicense license, User user, ClaimsPrincipal claimsPrincipal)
{
var licenseKey = claimsPrincipal.GetValue<string>(nameof(UserLicense.LicenseKey));
var premium = claimsPrincipal.GetValue<bool>(nameof(UserLicense.Premium));
var email = claimsPrincipal.GetValue<string>(nameof(UserLicense.Email));
return licenseKey == user.LicenseKey &&
premium == user.Premium &&
email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase);
}
} }

140
src/Core/Models/Business/OrganizationLicense.cs
View File

@ -1,13 +1,9 @@
using System.Security.Claims; using System.Text.Json.Serialization;
using System.Text;
using System.Text.Json.Serialization;
using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Entities;
using Bit.Core.Billing.Enums; using Bit.Core.Billing.Enums;
using Bit.Core.Billing.Licenses.Attributes; using Bit.Core.Billing.Licenses.Attributes;
using Bit.Core.Billing.Licenses.Extensions; using Bit.Core.Billing.Licenses.Extensions;
using Bit.Core.Enums;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Settings;
namespace Bit.Core.Models.Business; namespace Bit.Core.Models.Business;
@ -17,34 +13,6 @@ public class OrganizationLicense : BaseLicense
{ {
} }
/// <summary>
/// Initializes a new instance of the <see cref="OrganizationLicense"/> class.
/// </summary>
/// <remarks>
/// <para>
/// ⚠️ DEPRECATED: This constructor and the entire property-based licensing system is deprecated.
/// Do not add new properties to this constructor or extend its functionality.
/// </para>
/// <para>
/// This implementation has been replaced by a new claims-based licensing system that provides better security
/// and flexibility. The new system uses JWT claims to store and validate license information, making it more
/// secure and easier to extend without requiring changes to the license format.
/// </para>
/// <para>
/// For new license-related features or modifications:
/// 1. Use the claims-based system instead of adding properties here
/// 2. Add new claims to the license token
/// 3. Validate claims in the <see cref="CanUse"/> and <see cref="VerifyData"/> methods
/// </para>
/// <para>
/// This constructor is maintained only for backward compatibility with existing licenses.
/// </para>
/// </remarks>
/// <param name="org">The organization to create the license for.</param>
/// <param name="subscriptionInfo">Information about the organization's subscription.</param>
/// <param name="installationId">The ID of the current installation.</param>
/// <param name="licenseService">The service used to sign the license.</param>
/// <param name="version">Optional version number for the license format.</param>
public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo, Guid installationId, public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo, Guid installationId,
ILicensingService licenseService, int? version = null) ILicensingService licenseService, int? version = null)
{ {
@ -217,111 +185,5 @@ public class OrganizationLicense : BaseLicense
public bool CanUse(
IGlobalSettings globalSettings,
ClaimsPrincipal claimsPrincipal,
out string exception)
{
var errorMessages = new StringBuilder();
var enabled = claimsPrincipal.GetValue<bool>(nameof(Enabled));
if (!enabled)
{
errorMessages.AppendLine("Your cloud-hosted organization is currently disabled.");
}
var installationId = claimsPrincipal.GetValue<Guid>(nameof(InstallationId));
if (installationId != globalSettings.Installation.Id)
{
errorMessages.AppendLine("The installation ID does not match the current installation.");
}
var selfHost = claimsPrincipal.GetValue<bool>(nameof(SelfHost));
if (!selfHost)
{
errorMessages.AppendLine("The license does not allow for on-premise hosting of organizations.");
}
var licenseType = claimsPrincipal.GetValue<LicenseType>(nameof(LicenseType));
if (licenseType != LicenseType.Organization)
{
errorMessages.AppendLine("Premium licenses cannot be applied to an organization. " +
"Upload this license from your personal account settings page.");
}
if (errorMessages.Length > 0)
{
exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
return false;
}
exception = "";
return true;
}
public bool VerifyData(
Organization organization,
ClaimsPrincipal claimsPrincipal,
IGlobalSettings globalSettings)
{
var issued = claimsPrincipal.GetValue<DateTime>(nameof(Issued));
var expires = claimsPrincipal.GetValue<DateTime>(nameof(Expires));
var installationId = claimsPrincipal.GetValue<Guid>(nameof(InstallationId));
var licenseKey = claimsPrincipal.GetValue<string>(nameof(LicenseKey));
var enabled = claimsPrincipal.GetValue<bool>(nameof(Enabled));
var planType = claimsPrincipal.GetValue<PlanType>(nameof(PlanType));
var seats = claimsPrincipal.GetValue<int?>(nameof(Seats));
var maxCollections = claimsPrincipal.GetValue<short?>(nameof(MaxCollections));
var useGroups = claimsPrincipal.GetValue<bool>(nameof(UseGroups));
var useDirectory = claimsPrincipal.GetValue<bool>(nameof(UseDirectory));
var useTotp = claimsPrincipal.GetValue<bool>(nameof(UseTotp));
var selfHost = claimsPrincipal.GetValue<bool>(nameof(SelfHost));
var name = claimsPrincipal.GetValue<string>(nameof(Name));
var usersGetPremium = claimsPrincipal.GetValue<bool>(nameof(UsersGetPremium));
var useEvents = claimsPrincipal.GetValue<bool>(nameof(UseEvents));
var use2fa = claimsPrincipal.GetValue<bool>(nameof(Use2fa));
var useApi = claimsPrincipal.GetValue<bool>(nameof(UseApi));
var usePolicies = claimsPrincipal.GetValue<bool>(nameof(UsePolicies));
var useSso = claimsPrincipal.GetValue<bool>(nameof(UseSso));
var useResetPassword = claimsPrincipal.GetValue<bool>(nameof(UseResetPassword));
var useKeyConnector = claimsPrincipal.GetValue<bool>(nameof(UseKeyConnector));
var useScim = claimsPrincipal.GetValue<bool>(nameof(UseScim));
var useCustomPermissions = claimsPrincipal.GetValue<bool>(nameof(UseCustomPermissions));
var useSecretsManager = claimsPrincipal.GetValue<bool>(nameof(UseSecretsManager));
var usePasswordManager = claimsPrincipal.GetValue<bool>(nameof(UsePasswordManager));
var smSeats = claimsPrincipal.GetValue<int?>(nameof(SmSeats));
var smServiceAccounts = claimsPrincipal.GetValue<int?>(nameof(SmServiceAccounts));
var useAdminSponsoredFamilies = claimsPrincipal.GetValue<bool>(nameof(UseAdminSponsoredFamilies));
var useOrganizationDomains = claimsPrincipal.GetValue<bool>(nameof(UseOrganizationDomains));
return issued <= DateTime.UtcNow &&
expires >= DateTime.UtcNow &&
installationId == globalSettings.Installation.Id &&
licenseKey == organization.LicenseKey &&
enabled == organization.Enabled &&
planType == organization.PlanType &&
seats == organization.Seats &&
maxCollections == organization.MaxCollections &&
useGroups == organization.UseGroups &&
useDirectory == organization.UseDirectory &&
useTotp == organization.UseTotp &&
selfHost == organization.SelfHost &&
name == organization.Name &&
usersGetPremium == organization.UsersGetPremium &&
useEvents == organization.UseEvents &&
use2fa == organization.Use2fa &&
useApi == organization.UseApi &&
usePolicies == organization.UsePolicies &&
useSso == organization.UseSso &&
useResetPassword == organization.UseResetPassword &&
useKeyConnector == organization.UseKeyConnector &&
useScim == organization.UseScim &&
useCustomPermissions == organization.UseCustomPermissions &&
useSecretsManager == organization.UseSecretsManager &&
usePasswordManager == organization.UsePasswordManager &&
smSeats == organization.SmSeats &&
smServiceAccounts == organization.SmServiceAccounts &&
useAdminSponsoredFamilies == organization.UseAdminSponsoredFamilies &&
useOrganizationDomains == organization.UseOrganizationDomains;
}
} }

38
src/Core/Models/Business/UserLicense.cs
View File

@ -1,6 +1,4 @@
using System.Security.Claims; using System.Text.Json.Serialization;
using System.Text;
using System.Text.Json.Serialization;
using Bit.Core.Billing.Licenses.Attributes; using Bit.Core.Billing.Licenses.Attributes;
using Bit.Core.Billing.Licenses.Extensions; using Bit.Core.Billing.Licenses.Extensions;
using Bit.Core.Entities; using Bit.Core.Entities;
@ -68,39 +66,5 @@ public class UserLicense : BaseLicense
get => Version == 1; get => Version == 1;
} }
public bool CanUse(User user, ClaimsPrincipal claimsPrincipal, out string exception)
{
var errorMessages = new StringBuilder();
if (!user.EmailVerified)
{
errorMessages.AppendLine("The user's email is not verified.");
}
var email = claimsPrincipal.GetValue<string>(nameof(Email));
if (!email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
{
errorMessages.AppendLine("The user's email does not match the license email.");
}
if (errorMessages.Length > 0)
{
exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
return false;
}
exception = "";
return true;
}
public bool VerifyData(User user, ClaimsPrincipal claimsPrincipal)
{
var licenseKey = claimsPrincipal.GetValue<string>(nameof(LicenseKey));
var premium = claimsPrincipal.GetValue<bool>(nameof(Premium));
var email = claimsPrincipal.GetValue<string>(nameof(Email));
return licenseKey == user.LicenseKey &&
premium == user.Premium &&
email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase);
}
} }

1
src/Core/OrganizationFeatures/OrganizationLicenses/UpdateOrganizationLicenseCommand.cs
View File

@ -2,6 +2,7 @@
using System.Text.Json; using System.Text.Json;
using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Entities;
using Bit.Core.Billing.Licenses.Extensions;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Models.Business; using Bit.Core.Models.Business;
using Bit.Core.Models.Data.Organizations; using Bit.Core.Models.Data.Organizations;

1
src/Core/Services/Implementations/UserService.cs
View File

@ -15,6 +15,7 @@ using Bit.Core.Auth.Models;
using Bit.Core.Auth.Models.Business.Tokenables; using Bit.Core.Auth.Models.Business.Tokenables;
using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces; using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
using Bit.Core.Billing.Constants; using Bit.Core.Billing.Constants;
using Bit.Core.Billing.Licenses.Extensions;
using Bit.Core.Billing.Models; using Bit.Core.Billing.Models;
using Bit.Core.Billing.Models.Sales; using Bit.Core.Billing.Models.Sales;
using Bit.Core.Billing.Services; using Bit.Core.Billing.Services;

1
test/Core.Test/Models/Business/OrganizationLicenseTests.cs
View File

@ -1,4 +1,5 @@
using System.Security.Claims; using System.Security.Claims;
using Bit.Core.Billing.Licenses.Extensions;
using Bit.Core.Models.Business; using Bit.Core.Models.Business;
using Bit.Core.Settings; using Bit.Core.Settings;
using Bit.Test.Common.AutoFixture.Attributes; using Bit.Test.Common.AutoFixture.Attributes;