nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-05 18:12:48 -05:00
Code Activity

Merge branch 'main' into ac/ac-1682/data-migrations-for-deprecated-permissions

Browse Source
This commit is contained in:
Rui Tome
2024-01-11 12:15:40 +00:00
parent ee43767c84 b829812a3f
commit 71978fe954
72 changed files with 23037 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/CODEOWNERS vendored
View File

@ -14,7 +14,12 @@
# Database Operations for database changes
src/Sql/** @bitwarden/dept-dbops
util/EfShared/** @bitwarden/dept-dbops
util/Migrator/** @bitwarden/dept-dbops
util/MySqlMigrations/** @bitwarden/dept-dbops
util/PostgresMigrations/** @bitwarden/dept-dbops
util/SqlServerEFScaffold/** @bitwarden/dept-dbops
util/SqliteMigrations/** @bitwarden/dept-dbops
# Auth team
**/Auth @bitwarden/team-auth-dev

2
dev/.gitignore vendored
View File

@ -1,6 +1,6 @@
.data
secrets.json
db
*.db
# Docker container configurations
.env

19
perf/MicroBenchmarks/Identity/IdentityServer/RedisPersistedGrantStoreTests.cs
View File

@ -13,8 +13,11 @@ public class RedisPersistedGrantStoreTests
{
const string SQL = nameof(SQL);
const string Redis = nameof(Redis);
const string Cosmos = nameof(Cosmos);
private readonly IPersistedGrantStore _redisGrantStore;
private readonly IPersistedGrantStore _sqlGrantStore;
private readonly IPersistedGrantStore _cosmosGrantStore;
private readonly PersistedGrant _updateGrant;
private IPersistedGrantStore _grantStore = null!;
@ -45,12 +48,18 @@ public class RedisPersistedGrantStoreTests
);
var sqlConnectionString = "YOUR CONNECTION STRING HERE";
_sqlGrantStore = new PersistedGrantStore(
new GrantRepository(
sqlConnectionString,
sqlConnectionString
)
),
g => new Bit.Core.Auth.Entities.Grant(g)
);
var cosmosConnectionString = "YOUR CONNECTION STRING HERE";
_cosmosGrantStore = new PersistedGrantStore(
new Bit.Core.Auth.Repositories.Cosmos.GrantRepository(cosmosConnectionString),
g => new Bit.Core.Auth.Models.Data.GrantItem(g)
);
var creationTime = new DateTime(638350407400000000, DateTimeKind.Utc);
@ -69,7 +78,7 @@ public class RedisPersistedGrantStoreTests
};
}
[Params(Redis, SQL)]
[Params(Redis, SQL, Cosmos)]
public string StoreType { get; set; } = null!;
[GlobalSetup]
@ -83,6 +92,10 @@ public class RedisPersistedGrantStoreTests
{
_grantStore = _sqlGrantStore;
}
else if (StoreType == Cosmos)
{
_grantStore = _cosmosGrantStore;
}
else
{
throw new InvalidProgramException();

3
src/Api/AdminConsole/Controllers/OrganizationAuthRequestsController.cs
View File

@ -1,14 +1,12 @@
using Bit.Api.AdminConsole.Models.Request;
using Bit.Api.AdminConsole.Models.Response;
using Bit.Api.Models.Response;
using Bit.Core;
using Bit.Core.AdminConsole.OrganizationAuth.Interfaces;
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
using Bit.Core.Auth.Services;
using Bit.Core.Context;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@ -16,7 +14,6 @@ namespace Bit.Api.AdminConsole.Controllers;
[Route("organizations/{orgId}/auth-requests")]
[Authorize("Application")]
[RequireFeature(FeatureFlagKeys.TrustedDeviceEncryption)]
public class OrganizationAuthRequestsController : Controller
{
private readonly IAuthRequestRepository _authRequestRepository;

6
src/Api/AdminConsole/Controllers/OrganizationsController.cs
View File

@ -764,12 +764,6 @@ public class OrganizationsController : Controller
throw new NotFoundException();
}
if (model.Data.MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption &&
!_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext))
{
throw new BadRequestException(nameof(model.Data.MemberDecryptionType), "Invalid member decryption type.");
}
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(id);
ssoConfig = ssoConfig == null ? model.ToSsoConfig(id) : model.ToSsoConfig(ssoConfig);
organization.Identifier = model.Identifier;

2
src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs
View File

@ -56,6 +56,7 @@ public class OrganizationResponseModel : ResponseModel
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
FlexibleCollections = organization.FlexibleCollections;
}
public Guid Id { get; set; }
@ -97,6 +98,7 @@ public class OrganizationResponseModel : ResponseModel
public int? MaxAutoscaleSmServiceAccounts { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}
public class OrganizationSubscriptionResponseModel : OrganizationResponseModel

2
src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
View File

@ -61,6 +61,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
AccessSecretsManager = organization.AccessSecretsManager;
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
FlexibleCollections = organization.FlexibleCollections;
if (organization.SsoConfig != null)
{
@ -116,4 +117,5 @@ public class ProfileOrganizationResponseModel : ResponseModel
public bool AccessSecretsManager { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}

4
src/Api/AdminConsole/Public/Controllers/GroupsController.cs
View File

@ -110,7 +110,7 @@ public class GroupsController : Controller
public async Task<IActionResult> Post([FromBody] GroupCreateUpdateRequestModel model)
{
var group = model.ToGroup(_currentContext.OrganizationId.Value);
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
await _createGroupCommand.CreateGroupAsync(group, organization, associations);
var response = new GroupResponseModel(group, associations);
@ -139,7 +139,7 @@ public class GroupsController : Controller
}
var updatedGroup = model.ToGroup(existingGroup);
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
await _updateGroupCommand.UpdateGroupAsync(updatedGroup, organization, associations);
var response = new GroupResponseModel(updatedGroup, associations);

4
src/Api/AdminConsole/Public/Controllers/MembersController.cs
View File

@ -119,7 +119,7 @@ public class MembersController : Controller
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
public async Task<IActionResult> Post([FromBody] MemberCreateRequestModel model)
{
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
var invite = new OrganizationUserInvite
{
Emails = new List<string> { model.Email },
@ -154,7 +154,7 @@ public class MembersController : Controller
return new NotFoundResult();
}
var updatedUser = model.ToOrganizationUser(existingUser);
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups);
MemberResponseModel response = null;
if (existingUser.UserId.HasValue)

5
src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
View File

@ -15,4 +15,9 @@ public abstract class AssociationWithPermissionsBaseModel
/// </summary>
[Required]
public bool? ReadOnly { get; set; }
/// <summary>
/// When true, the hide passwords permission will not allow the user or group to view passwords.
/// This prevents easy copy-and-paste of hidden items, however it may not completely prevent user access.
/// </summary>
public bool? HidePasswords { get; set; }
}

5
src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
View File

@ -4,12 +4,13 @@ namespace Bit.Api.AdminConsole.Public.Models.Request;
public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel
{
public CollectionAccessSelection ToSelectionReadOnly()
public CollectionAccessSelection ToCollectionAccessSelection()
{
return new CollectionAccessSelection
{
Id = Id.Value,
ReadOnly = ReadOnly.Value
ReadOnly = ReadOnly.Value,
HidePasswords = HidePasswords.GetValueOrDefault()
};
}
}

1
src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
View File

@ -12,5 +12,6 @@ public class AssociationWithPermissionsResponseModel : AssociationWithPermission
}
Id = selection.Id;
ReadOnly = selection.ReadOnly;
HidePasswords = selection.HidePasswords;
}
}

2
src/Api/Public/Controllers/CollectionsController.cs
View File

@ -89,7 +89,7 @@ public class CollectionsController : Controller
return new NotFoundResult();
}
var updatedCollection = model.ToCollection(existingCollection);
var associations = model.Groups?.Select(c => c.ToSelectionReadOnly());
var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection());
await _collectionService.SaveAsync(updatedCollection, associations);
var response = new CollectionResponseModel(updatedCollection, associations);
return new JsonResult(response);

5
src/Core/AdminConsole/Entities/Organization.cs
View File

@ -91,6 +91,11 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
/// </remarks>
/// </summary>
public bool AllowAdminAccessToAllCollectionItems { get; set; }
/// <summary>
/// True if the organization is using the Flexible Collections permission changes, false otherwise.
/// For existing organizations, this must only be set to true once data migrations have been run for this organization.
/// </summary>
public bool FlexibleCollections { get; set; }
public void SetNewId()
{

2
src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs
View File

@ -23,6 +23,7 @@ public class OrganizationAbility
UsePolicies = organization.UsePolicies;
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
FlexibleCollections = organization.FlexibleCollections;
}
public Guid Id { get; set; }
@ -39,4 +40,5 @@ public class OrganizationAbility
public bool UsePolicies { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}

1
src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
View File

@ -50,4 +50,5 @@ public class OrganizationUserOrganizationDetails
public int? SmServiceAccounts { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}

20
src/Core/Auth/Entities/Grant.cs
View File

@ -1,10 +1,28 @@
#nullable enable
using System.ComponentModel.DataAnnotations;
using Bit.Core.Auth.Models.Data;
using Duende.IdentityServer.Models;
namespace Bit.Core.Auth.Entities;
public class Grant
public class Grant : IGrant
{
public Grant() { }
public Grant(PersistedGrant pGrant)
{
Key = pGrant.Key;
Type = pGrant.Type;
SubjectId = pGrant.SubjectId;
SessionId = pGrant.SessionId;
ClientId = pGrant.ClientId;
Description = pGrant.Description;
CreationDate = pGrant.CreationTime;
ExpirationDate = pGrant.Expiration;
ConsumedDate = pGrant.ConsumedTime;
Data = pGrant.Data;
}
public int Id { get; set; }
[MaxLength(200)]
public string Key { get; set; } = null!;

77
src/Core/Auth/Models/Data/GrantItem.cs Normal file
View File

@ -0,0 +1,77 @@
using System.Text.Json.Serialization;
using Bit.Core.Auth.Repositories.Cosmos;
using Duende.IdentityServer.Models;
namespace Bit.Core.Auth.Models.Data;
public class GrantItem : IGrant
{
public GrantItem() { }
public GrantItem(PersistedGrant pGrant)
{
Key = pGrant.Key;
Type = pGrant.Type;
SubjectId = pGrant.SubjectId;
SessionId = pGrant.SessionId;
ClientId = pGrant.ClientId;
Description = pGrant.Description;
CreationDate = pGrant.CreationTime;
ExpirationDate = pGrant.Expiration;
ConsumedDate = pGrant.ConsumedTime;
Data = pGrant.Data;
SetTtl();
}
public GrantItem(IGrant g)
{
Key = g.Key;
Type = g.Type;
SubjectId = g.SubjectId;
SessionId = g.SessionId;
ClientId = g.ClientId;
Description = g.Description;
CreationDate = g.CreationDate;
ExpirationDate = g.ExpirationDate;
ConsumedDate = g.ConsumedDate;
Data = g.Data;
SetTtl();
}
[JsonPropertyName("id")]
[JsonConverter(typeof(Base64IdStringConverter))]
public string Key { get; set; }
[JsonPropertyName("typ")]
public string Type { get; set; }
[JsonPropertyName("sub")]
public string SubjectId { get; set; }
[JsonPropertyName("sid")]
public string SessionId { get; set; }
[JsonPropertyName("cid")]
public string ClientId { get; set; }
[JsonPropertyName("des")]
public string Description { get; set; }
[JsonPropertyName("cre")]
public DateTime CreationDate { get; set; } = DateTime.UtcNow;
[JsonPropertyName("exp")]
public DateTime? ExpirationDate { get; set; }
[JsonPropertyName("con")]
public DateTime? ConsumedDate { get; set; }
[JsonPropertyName("data")]
public string Data { get; set; }
// https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-time-to-live?tabs=dotnet-sdk-v3#set-time-to-live-on-an-item-using-an-sdk
[JsonPropertyName("ttl")]
public int Ttl { get; set; } = -1;
public void SetTtl()
{
if (ExpirationDate != null)
{
var sec = (ExpirationDate.Value - DateTime.UtcNow).TotalSeconds;
if (sec > 0)
{
Ttl = (int)sec;
}
}
}
}

15
src/Core/Auth/Models/Data/IGrant.cs Normal file
View File

@ -0,0 +1,15 @@
namespace Bit.Core.Auth.Models.Data;
public interface IGrant
{
string Key { get; set; }
string Type { get; set; }
string SubjectId { get; set; }
string SessionId { get; set; }
string ClientId { get; set; }
string Description { get; set; }
DateTime CreationDate { get; set; }
DateTime? ExpirationDate { get; set; }
DateTime? ConsumedDate { get; set; }
string Data { get; set; }
}

32
src/Core/Auth/Repositories/Cosmos/Base64IdStringConverter.cs Normal file
View File

@ -0,0 +1,32 @@
using System.Text.Json;
using System.Text.Json.Serialization;
using Bit.Core.Utilities;
namespace Bit.Core.Auth.Repositories.Cosmos;
public class Base64IdStringConverter : JsonConverter<string>
{
public override string Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options) =>
ToKey(reader.GetString());
public override void Write(Utf8JsonWriter writer, string value, JsonSerializerOptions options) =>
writer.WriteStringValue(ToId(value));
public static string ToId(string key)
{
if (key == null)
{
return null;
}
return CoreHelpers.TransformToBase64Url(key);
}
public static string ToKey(string id)
{
if (id == null)
{
return null;
}
return CoreHelpers.TransformFromBase64Url(id);
}
}

81
src/Core/Auth/Repositories/Cosmos/GrantRepository.cs Normal file
View File

@ -0,0 +1,81 @@
using System.Net;
using System.Text.Json;
using System.Text.Json.Serialization;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Microsoft.Azure.Cosmos;
namespace Bit.Core.Auth.Repositories.Cosmos;
public class GrantRepository : IGrantRepository
{
private readonly CosmosClient _client;
private readonly Database _database;
private readonly Container _container;
public GrantRepository(GlobalSettings globalSettings)
: this(globalSettings.IdentityServer.CosmosConnectionString)
{ }
public GrantRepository(string cosmosConnectionString)
{
var options = new CosmosClientOptions
{
Serializer = new SystemTextJsonCosmosSerializer(new JsonSerializerOptions
{
DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
WriteIndented = false
})
};
// TODO: Perhaps we want to evaluate moving this to DI as a keyed service singleton in .NET 8
_client = new CosmosClient(cosmosConnectionString, options);
_database = _client.GetDatabase("identity");
_container = _database.GetContainer("grant");
}
public async Task<IGrant> GetByKeyAsync(string key)
{
var id = Base64IdStringConverter.ToId(key);
try
{
var response = await _container.ReadItemAsync<GrantItem>(id, new PartitionKey(id));
return response.Resource;
}
catch (CosmosException e)
{
if (e.StatusCode == HttpStatusCode.NotFound)
{
return null;
}
throw;
}
}
public Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type)
=> throw new NotImplementedException();
public async Task SaveAsync(IGrant obj)
{
if (obj is not GrantItem item)
{
item = new GrantItem(obj);
}
item.SetTtl();
var id = Base64IdStringConverter.ToId(item.Key);
await _container.UpsertItemAsync(item, new PartitionKey(id), new ItemRequestOptions
{
// ref: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/best-practice-dotnet#best-practices-for-write-heavy-workloads
EnableContentResponseOnWrite = false
});
}
public async Task DeleteByKeyAsync(string key)
{
var id = Base64IdStringConverter.ToId(key);
await _container.DeleteItemAsync<IGrant>(id, new PartitionKey(id));
}
public Task DeleteManyAsync(string subjectId, string sessionId, string clientId, string type)
=> throw new NotImplementedException();
}

8
src/Core/Auth/Repositories/IGrantRepository.cs
View File

@ -1,12 +1,12 @@
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Data;
namespace Bit.Core.Auth.Repositories;
public interface IGrantRepository
{
Task<Grant> GetByKeyAsync(string key);
Task<ICollection<Grant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type);
Task SaveAsync(Grant obj);
Task<IGrant> GetByKeyAsync(string key);
Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type);
Task SaveAsync(IGrant obj);
Task DeleteByKeyAsync(string key);
Task DeleteManyAsync(string subjectId, string sessionId, string clientId, string type);
}

2
src/Core/Core.csproj
View File

@ -37,7 +37,7 @@
<PackageReference Include="Microsoft.Azure.NotificationHubs" Version="4.1.0" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.0.1" />
<!-- Azure.Identity is a explicit dependency to Microsoft.Data.SqlClient -->
<PackageReference Include="Azure.Identity" Version="1.10.2"/>
<PackageReference Include="Azure.Identity" Version="1.10.2" />
<PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="6.0.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="6.0.1" />
<PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="6.0.25" />

1
src/Core/Settings/GlobalSettings.cs
View File

@ -327,6 +327,7 @@ public class GlobalSettings : IGlobalSettings
public string CertificateThumbprint { get; set; }
public string CertificatePassword { get; set; }
public string RedisConnectionString { get; set; }
public string CosmosConnectionString { get; set; }
public string LicenseKey { get; set; } = "eyJhbGciOiJQUzI1NiIsImtpZCI6IklkZW50aXR5U2VydmVyTGljZW5zZWtleS83Y2VhZGJiNzgxMzA0NjllODgwNjg5MTAyNTQxNGYxNiIsInR5cCI6ImxpY2Vuc2Urand0In0.eyJpc3MiOiJodHRwczovL2R1ZW5kZXNvZnR3YXJlLmNvbSIsImF1ZCI6IklkZW50aXR5U2VydmVyIiwiaWF0IjoxNzAxODIwODAwLCJleHAiOjE3MzM0NDMyMDAsImNvbXBhbnlfbmFtZSI6IkJpdHdhcmRlbiBJbmMuIiwiY29udGFjdF9pbmZvIjoiY29udGFjdEBkdWVuZGVzb2Z0d2FyZS5jb20iLCJlZGl0aW9uIjoiU3RhcnRlciIsImlkIjoiNDMxOSIsImZlYXR1cmUiOlsiaXN2IiwidW5saW1pdGVkX2NsaWVudHMiXSwicHJvZHVjdCI6IkJpdHdhcmRlbiJ9.iLA771PffgIh0ClRS8OWHbg2cAgjhgOkUjRRkLNr9dpQXhYZkVKdpUn-Gw9T7grsGcAx0f4p-TQmtcCpbN9EJCF5jlF0-NfsRTp_gmCgQ5eXyiE4DzJp2OCrz_3STf07N1dILwhD3nk9rzcA6SRQ4_kja8wAMHKnD5LisW98r5DfRDBecRs16KS5HUhg99DRMR5fd9ntfydVMTC_E23eEOHVLsR4YhiSXaEINPjFDG1czyOBClJItDW8g9X8qlClZegr630UjnKKg06A4usoL25VFHHn8Ew3v-_-XdlWoWsIpMMVvacwZT8rwkxjIesFNsXG6yzuROIhaxAvB1297A";
}

40
src/Core/Utilities/CoreHelpers.cs
View File

@ -338,16 +338,50 @@ public static class CoreHelpers
return Encoding.UTF8.GetString(Base64UrlDecode(input));
}
/// <summary>
/// Encodes a Base64 URL formatted string.
/// </summary>
/// <param name="input">Byte data</param>
/// <returns>Base64 URL formatted string</returns>
public static string Base64UrlEncode(byte[] input)
{
var output = Convert.ToBase64String(input)
// Standard base64 encoder
var standardB64 = Convert.ToBase64String(input);
return TransformToBase64Url(standardB64);
}
/// <summary>
/// Transforms a Base64 standard formatted string to a Base64 URL formatted string.
/// </summary>
/// <param name="input">Base64 standard formatted string</param>
/// <returns>Base64 URL formatted string</returns>
public static string TransformToBase64Url(string input)
{
var output = input
.Replace('+', '-')
.Replace('/', '_')
.Replace("=", string.Empty);
return output;
}
/// <summary>
/// Decodes a Base64 URL formatted string.
/// </summary>
/// <param name="input">Base64 URL formatted string</param>
/// <returns>Data as bytes</returns>
public static byte[] Base64UrlDecode(string input)
{
var standardB64 = TransformFromBase64Url(input);
// Standard base64 decoder
return Convert.FromBase64String(standardB64);
}
/// <summary>
/// Transforms a Base64 URL formatted string to a Base64 standard formatted string.
/// </summary>
/// <param name="input">Base64 URL formatted string</param>
/// <returns>Base64 standard formatted string</returns>
public static string TransformFromBase64Url(string input)
{
var output = input;
// 62nd char of encoding
@ -370,8 +404,8 @@ public static class CoreHelpers
throw new InvalidOperationException("Illegal base64url string!");
}
// Standard base64 decoder
return Convert.FromBase64String(output);
// Standard base64 string output
return output;
}
public static string PunyEncode(string text)

40
src/Core/Utilities/SystemTextJsonCosmosSerializer.cs Normal file
View File

@ -0,0 +1,40 @@
using System.Text.Json;
using Azure.Core.Serialization;
using Microsoft.Azure.Cosmos;
namespace Bit.Core.Utilities;
// ref: https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos.Samples/Usage/SystemTextJson/CosmosSystemTextJsonSerializer.cs
public class SystemTextJsonCosmosSerializer : CosmosSerializer
{
private readonly JsonObjectSerializer _systemTextJsonSerializer;
public SystemTextJsonCosmosSerializer(JsonSerializerOptions jsonSerializerOptions)
{
_systemTextJsonSerializer = new JsonObjectSerializer(jsonSerializerOptions);
}
public override T FromStream<T>(Stream stream)
{
using (stream)
{
if (stream.CanSeek && stream.Length == 0)
{
return default;
}
if (typeof(Stream).IsAssignableFrom(typeof(T)))
{
return (T)(object)stream;
}
return (T)_systemTextJsonSerializer.Deserialize(stream, typeof(T), default);
}
}
public override Stream ToStream<T>(T input)
{
var streamPayload = new MemoryStream();
_systemTextJsonSerializer.Serialize(streamPayload, input, input.GetType(), default);
streamPayload.Position = 0;
return streamPayload;
}
}

38
src/Identity/IdentityServer/PersistedGrantStore.cs
View File

@ -1,18 +1,24 @@
using Bit.Core.Auth.Repositories;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Stores;
using Grant = Bit.Core.Auth.Entities.Grant;
namespace Bit.Identity.IdentityServer;
public class PersistedGrantStore : IPersistedGrantStore
{
private readonly IGrantRepository _grantRepository;
private readonly Func<PersistedGrant, IGrant> _toGrant;
private readonly IPersistedGrantStore _fallbackGrantStore;
public PersistedGrantStore(
IGrantRepository grantRepository)
IGrantRepository grantRepository,
Func<PersistedGrant, IGrant> toGrant,
IPersistedGrantStore fallbackGrantStore = null)
{
_grantRepository = grantRepository;
_toGrant = toGrant;
_fallbackGrantStore = fallbackGrantStore;
}
public async Task<PersistedGrant> GetAsync(string key)
@ -20,6 +26,11 @@ public class PersistedGrantStore : IPersistedGrantStore
var grant = await _grantRepository.GetByKeyAsync(key);
if (grant == null)
{
if (_fallbackGrantStore != null)
{
// It wasn't found, there is a chance is was instead stored in the fallback store
return await _fallbackGrantStore.GetAsync(key);
}
return null;
}
@ -47,28 +58,11 @@ public class PersistedGrantStore : IPersistedGrantStore
public async Task StoreAsync(PersistedGrant pGrant)
{
var grant = ToGrant(pGrant);
var grant = _toGrant(pGrant);
await _grantRepository.SaveAsync(grant);
}
private Grant ToGrant(PersistedGrant pGrant)
{
return new Grant
{
Key = pGrant.Key,
Type = pGrant.Type,
SubjectId = pGrant.SubjectId,
SessionId = pGrant.SessionId,
ClientId = pGrant.ClientId,
Description = pGrant.Description,
CreationDate = pGrant.CreationTime,
ExpirationDate = pGrant.Expiration,
ConsumedDate = pGrant.ConsumedTime,
Data = pGrant.Data
};
}
private PersistedGrant ToPersistedGrant(Grant grant)
private PersistedGrant ToPersistedGrant(IGrant grant)
{
return new PersistedGrant
{

9
src/Identity/IdentityServer/UserDecryptionOptionsBuilder.cs
View File

@ -1,12 +1,10 @@
using Bit.Core;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Api.Response;
using Bit.Core.Auth.Utilities;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Identity.Utilities;
namespace Bit.Identity.IdentityServer;
@ -20,7 +18,6 @@ namespace Bit.Identity.IdentityServer;
public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
{
private readonly ICurrentContext _currentContext;
private readonly IFeatureService _featureService;
private readonly IDeviceRepository _deviceRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
@ -31,13 +28,11 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
public UserDecryptionOptionsBuilder(
ICurrentContext currentContext,
IFeatureService featureService,
IDeviceRepository deviceRepository,
IOrganizationUserRepository organizationUserRepository
)
{
_currentContext = currentContext;
_featureService = featureService;
_deviceRepository = deviceRepository;
_organizationUserRepository = organizationUserRepository;
}
@ -95,7 +90,7 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
private async Task BuildTrustedDeviceOptions()
{
// TrustedDeviceEncryption only exists for SSO, if that changes then these guards should change
if (_ssoConfig == null || !_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext))
if (_ssoConfig == null)
{
return;
}

64
src/Identity/Utilities/ServiceCollectionExtensions.cs
View File

@ -1,4 +1,5 @@
using Bit.Core.IdentityServer;
using Bit.Core.Auth.Repositories;
using Bit.Core.IdentityServer;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Bit.Identity.IdentityServer;
@ -51,31 +52,58 @@ public static class ServiceCollectionExtensions
.AddIdentityServerCertificate(env, globalSettings)
.AddExtensionGrantValidator<WebAuthnGrantValidator>();
if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
{
// If we have redis, prefer it
// Add the original persisted grant store via it's implementation type
// so we can inject it right after.
services.AddSingleton<PersistedGrantStore>();
services.AddSingleton<IPersistedGrantStore>(sp =>
services.AddSingleton<IPersistedGrantStore>(sp => BuildCosmosGrantStore(sp, globalSettings));
}
else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
{
return new RedisPersistedGrantStore(
// TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
sp.GetRequiredService<PersistedGrantStore>() // Fallback grant store
);
});
services.AddSingleton<IPersistedGrantStore>(sp => BuildRedisGrantStore(sp, globalSettings));
}
else
{
// Use the original grant store
identityServerBuilder.AddPersistedGrantStore<PersistedGrantStore>();
services.AddTransient<IPersistedGrantStore>(sp => BuildSqlGrantStore(sp));
}
services.AddTransient<ICorsPolicyService, CustomCorsPolicyService>();
return identityServerBuilder;
}
private static PersistedGrantStore BuildCosmosGrantStore(IServiceProvider sp, GlobalSettings globalSettings)
{
if (!CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
{
throw new ArgumentException("No cosmos config string available.");
}
return new PersistedGrantStore(
// TODO: Perhaps we want to evaluate moving this repo to DI as a keyed service singleton in .NET 8
new Core.Auth.Repositories.Cosmos.GrantRepository(globalSettings),
g => new Core.Auth.Models.Data.GrantItem(g),
fallbackGrantStore: BuildRedisGrantStore(sp, globalSettings, true));
}
private static RedisPersistedGrantStore BuildRedisGrantStore(IServiceProvider sp,
GlobalSettings globalSettings, bool allowNull = false)
{
if (!CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
{
if (allowNull)
{
return null;
}
throw new ArgumentException("No redis config string available.");
}
return new RedisPersistedGrantStore(
// TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
fallbackGrantStore: BuildSqlGrantStore(sp));
}
private static PersistedGrantStore BuildSqlGrantStore(IServiceProvider sp)
{
return new PersistedGrantStore(sp.GetRequiredService<IGrantRepository>(),
g => new Core.Auth.Entities.Grant(g));
}
}

14
src/Infrastructure.Dapper/Auth/Repositories/GrantRepository.cs
View File

@ -1,5 +1,6 @@
using System.Data;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Core.Settings;
using Bit.Infrastructure.Dapper.Repositories;
@ -18,7 +19,7 @@ public class GrantRepository : BaseRepository, IGrantRepository
: base(connectionString, readOnlyConnectionString)
{ }
public async Task<Grant> GetByKeyAsync(string key)
public async Task<IGrant> GetByKeyAsync(string key)
{
using (var connection = new SqlConnection(ConnectionString))
{
@ -31,7 +32,7 @@ public class GrantRepository : BaseRepository, IGrantRepository
}
}
public async Task<ICollection<Grant>> GetManyAsync(string subjectId, string sessionId,
public async Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId,
string clientId, string type)
{
using (var connection = new SqlConnection(ConnectionString))
@ -41,12 +42,17 @@ public class GrantRepository : BaseRepository, IGrantRepository
new { SubjectId = subjectId, SessionId = sessionId, ClientId = clientId, Type = type },
commandType: CommandType.StoredProcedure);
return results.ToList();
return results.ToList<IGrant>();
}
}
public async Task SaveAsync(Grant obj)
public async Task SaveAsync(IGrant obj)
{
if (obj is not Grant gObj)
{
throw new ArgumentException(null, nameof(obj));
}
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection.ExecuteAsync(

29
src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,29 @@
using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
public class OrganizationEntityTypeConfiguration : IEntityTypeConfiguration<Organization>
{
public void Configure(EntityTypeBuilder<Organization> builder)
{
builder
.Property(o => o.Id)
.ValueGeneratedNever();
builder.Property(c => c.LimitCollectionCreationDeletion)
.ValueGeneratedNever()
.HasDefaultValue(true);
builder.Property(c => c.AllowAdminAccessToAllCollectionItems)
.ValueGeneratedNever()
.HasDefaultValue(true);
NpgsqlIndexBuilderExtensions.IncludeProperties(
builder.HasIndex(o => new { o.Id, o.Enabled }),
o => o.UseTotp);
builder.ToTable(nameof(Organization));
}
}

26
src/Infrastructure.EntityFramework/AdminConsole/Configurations/PolicyEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,26 @@
using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
public class PolicyEntityTypeConfiguration : IEntityTypeConfiguration<Policy>
{
public void Configure(EntityTypeBuilder<Policy> builder)
{
builder
.Property(p => p.Id)
.ValueGeneratedNever();
builder
.HasIndex(p => p.OrganizationId)
.IsClustered(false);
builder
.HasIndex(p => new { p.OrganizationId, p.Type })
.IsUnique()
.IsClustered(false);
builder.ToTable(nameof(Policy));
}
}

3
src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
View File

@ -90,7 +90,8 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
UseCustomPermissions = e.UseCustomPermissions,
UsePolicies = e.UsePolicies,
LimitCollectionCreationDeletion = e.LimitCollectionCreationDeletion,
AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems
AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems,
FlexibleCollections = e.FlexibleCollections
}).ToListAsync();
}
}

22
src/Infrastructure.EntityFramework/Auth/Repositories/GrantRepository.cs
View File

@ -1,4 +1,5 @@
using AutoMapper;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Infrastructure.EntityFramework.Auth.Models;
using Bit.Infrastructure.EntityFramework.Repositories;
@ -42,7 +43,7 @@ public class GrantRepository : BaseEntityFrameworkRepository, IGrantRepository
}
}
public async Task<Core.Auth.Entities.Grant> GetByKeyAsync(string key)
public async Task<IGrant> GetByKeyAsync(string key)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
@ -55,7 +56,7 @@ public class GrantRepository : BaseEntityFrameworkRepository, IGrantRepository
}
}
public async Task<ICollection<Core.Auth.Entities.Grant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type)
public async Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
@ -67,26 +68,31 @@ public class GrantRepository : BaseEntityFrameworkRepository, IGrantRepository
g.Type == type
select g;
var grants = await query.ToListAsync();
return (ICollection<Core.Auth.Entities.Grant>)grants;
return (ICollection<IGrant>)grants;
}
}
public async Task SaveAsync(Core.Auth.Entities.Grant obj)
public async Task SaveAsync(IGrant obj)
{
if (obj is not Core.Auth.Entities.Grant gObj)
{
throw new ArgumentException(null, nameof(obj));
}
using (var scope = ServiceScopeFactory.CreateScope())
{
var dbContext = GetDatabaseContext(scope);
var existingGrant = await (from g in dbContext.Grants
where g.Key == obj.Key
where g.Key == gObj.Key
select g).FirstOrDefaultAsync();
if (existingGrant != null)
{
obj.Id = existingGrant.Id;
dbContext.Entry(existingGrant).CurrentValues.SetValues(obj);
gObj.Id = existingGrant.Id;
dbContext.Entry(existingGrant).CurrentValues.SetValues(gObj);
}
else
{
var entity = Mapper.Map<Grant>(obj);
var entity = Mapper.Map<Grant>(gObj);
await dbContext.AddAsync(entity);
await dbContext.SaveChangesAsync();
}

26
src/Infrastructure.EntityFramework/Configurations/DeviceEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,26 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class DeviceEntityTypeConfiguration : IEntityTypeConfiguration<Device>
{
public void Configure(EntityTypeBuilder<Device> builder)
{
builder
.HasIndex(d => d.UserId)
.IsClustered(false);
builder
.HasIndex(d => new { d.UserId, d.Identifier })
.IsUnique()
.IsClustered(false);
builder
.HasIndex(d => d.Identifier)
.IsClustered(false);
builder.ToTable(nameof(Device));
}
}

21
src/Infrastructure.EntityFramework/Configurations/EventEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,21 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class EventEntityTypeConfiguration : IEntityTypeConfiguration<Event>
{
public void Configure(EntityTypeBuilder<Event> builder)
{
builder
.Property(e => e.Id)
.ValueGeneratedNever();
builder
.HasIndex(e => new { e.Date, e.OrganizationId, e.ActingUserId, e.CipherId })
.IsClustered(false);
builder.ToTable(nameof(Event));
}
}

21
src/Infrastructure.EntityFramework/Configurations/OrganizationSponsorshipEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,21 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class OrganizationSponsorshipEntityTypeConfiguration : IEntityTypeConfiguration<OrganizationSponsorship>
{
public void Configure(EntityTypeBuilder<OrganizationSponsorship> builder)
{
builder
.Property(o => o.Id)
.ValueGeneratedNever();
builder
.HasIndex(o => o.SponsoringOrganizationUserId)
.IsClustered(false);
builder.ToTable(nameof(OrganizationSponsorship));
}
}

29
src/Infrastructure.EntityFramework/Configurations/OrganizationUserEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,29 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class OrganizationUserEntityTypeConfiguration : IEntityTypeConfiguration<OrganizationUser>
{
public void Configure(EntityTypeBuilder<OrganizationUser> builder)
{
builder
.Property(ou => ou.Id)
.ValueGeneratedNever();
NpgsqlIndexBuilderExtensions.IncludeProperties(
builder.HasIndex(ou => new { ou.UserId, ou.OrganizationId, ou.Status }).IsClustered(false),
ou => ou.AccessAll);
builder
.HasIndex(ou => ou.OrganizationId)
.IsClustered(false);
builder
.HasIndex(ou => ou.UserId)
.IsClustered(false);
builder.ToTable(nameof(OrganizationUser));
}
}

25
src/Infrastructure.EntityFramework/Configurations/TransactionEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,25 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class TransactionEntityTypeConfiguration : IEntityTypeConfiguration<Transaction>
{
public void Configure(EntityTypeBuilder<Transaction> builder)
{
builder
.Property(t => t.Id)
.ValueGeneratedNever();
builder
.HasIndex(t => t.UserId)
.IsClustered(false);
builder
.HasIndex(t => new { t.UserId, t.OrganizationId, t.CreationDate })
.IsClustered(false);
builder.ToTable(nameof(Transaction));
}
}

26
src/Infrastructure.EntityFramework/Configurations/UserEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,26 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class UserEntityTypeConfiguration : IEntityTypeConfiguration<User>
{
public void Configure(EntityTypeBuilder<User> builder)
{
builder
.Property(u => u.Id)
.ValueGeneratedNever();
builder
.HasIndex(u => u.Email)
.IsUnique()
.IsClustered(false);
builder
.HasIndex(u => new { u.Premium, u.PremiumExpirationDate, u.RenewalReminderDate })
.IsClustered(false);
builder.ToTable(nameof(User));
}
}

33
src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs
View File

@ -77,25 +77,17 @@ public class DatabaseContext : DbContext
var eCollectionCipher = builder.Entity<CollectionCipher>();
var eCollectionUser = builder.Entity<CollectionUser>();
var eCollectionGroup = builder.Entity<CollectionGroup>();
var eDevice = builder.Entity<Device>();
var eEmergencyAccess = builder.Entity<EmergencyAccess>();
var eEvent = builder.Entity<Event>();
var eFolder = builder.Entity<Folder>();
var eGroup = builder.Entity<Group>();
var eGroupUser = builder.Entity<GroupUser>();
var eInstallation = builder.Entity<Installation>();
var eOrganization = builder.Entity<Organization>();
var eOrganizationSponsorship = builder.Entity<OrganizationSponsorship>();
var eOrganizationUser = builder.Entity<OrganizationUser>();
var ePolicy = builder.Entity<Policy>();
var eProvider = builder.Entity<Provider>();
var eProviderUser = builder.Entity<ProviderUser>();
var eProviderOrganization = builder.Entity<ProviderOrganization>();
var eSend = builder.Entity<Send>();
var eSsoConfig = builder.Entity<SsoConfig>();
var eSsoUser = builder.Entity<SsoUser>();
var eTaxRate = builder.Entity<TaxRate>();
var eTransaction = builder.Entity<Transaction>();
var eUser = builder.Entity<User>();
var eOrganizationApiKey = builder.Entity<OrganizationApiKey>();
var eOrganizationConnection = builder.Entity<OrganizationConnection>();
@ -105,26 +97,12 @@ public class DatabaseContext : DbContext
eCipher.Property(c => c.Id).ValueGeneratedNever();
eCollection.Property(c => c.Id).ValueGeneratedNever();
eEmergencyAccess.Property(c => c.Id).ValueGeneratedNever();
eEvent.Property(c => c.Id).ValueGeneratedNever();
eFolder.Property(c => c.Id).ValueGeneratedNever();
eGroup.Property(c => c.Id).ValueGeneratedNever();
eInstallation.Property(c => c.Id).ValueGeneratedNever();
eOrganization.Property(c => c.Id).ValueGeneratedNever();
eOrganization.Property(c => c.LimitCollectionCreationDeletion)
.ValueGeneratedNever()
.HasDefaultValue(true);
eOrganization.Property(c => c.AllowAdminAccessToAllCollectionItems)
.ValueGeneratedNever()
.HasDefaultValue(true);
eOrganizationSponsorship.Property(c => c.Id).ValueGeneratedNever();
eOrganizationUser.Property(c => c.Id).ValueGeneratedNever();
ePolicy.Property(c => c.Id).ValueGeneratedNever();
eProvider.Property(c => c.Id).ValueGeneratedNever();
eProviderUser.Property(c => c.Id).ValueGeneratedNever();
eProviderOrganization.Property(c => c.Id).ValueGeneratedNever();
eSend.Property(c => c.Id).ValueGeneratedNever();
eTransaction.Property(c => c.Id).ValueGeneratedNever();
eUser.Property(c => c.Id).ValueGeneratedNever();
eOrganizationApiKey.Property(c => c.Id).ValueGeneratedNever();
eOrganizationConnection.Property(c => c.Id).ValueGeneratedNever();
eOrganizationDomain.Property(ar => ar.Id).ValueGeneratedNever();
@ -148,33 +126,24 @@ public class DatabaseContext : DbContext
builder.HasCollation(postgresIndetermanisticCollation, locale: "en-u-ks-primary", provider: "icu", deterministic: false);
eUser.Property(e => e.Email).UseCollation(postgresIndetermanisticCollation);
eSsoUser.Property(e => e.ExternalId).UseCollation(postgresIndetermanisticCollation);
eOrganization.Property(e => e.Identifier).UseCollation(postgresIndetermanisticCollation);
builder.Entity<Organization>().Property(e => e.Identifier).UseCollation(postgresIndetermanisticCollation);
//
}
eCipher.ToTable(nameof(Cipher));
eCollection.ToTable(nameof(Collection));
eCollectionCipher.ToTable(nameof(CollectionCipher));
eDevice.ToTable(nameof(Device));
eEmergencyAccess.ToTable(nameof(EmergencyAccess));
eEvent.ToTable(nameof(Event));
eFolder.ToTable(nameof(Folder));
eGroup.ToTable(nameof(Group));
eGroupUser.ToTable(nameof(GroupUser));
eInstallation.ToTable(nameof(Installation));
eOrganization.ToTable(nameof(Organization));
eOrganizationSponsorship.ToTable(nameof(OrganizationSponsorship));
eOrganizationUser.ToTable(nameof(OrganizationUser));
ePolicy.ToTable(nameof(Policy));
eProvider.ToTable(nameof(Provider));
eProviderUser.ToTable(nameof(ProviderUser));
eProviderOrganization.ToTable(nameof(ProviderOrganization));
eSend.ToTable(nameof(Send));
eSsoConfig.ToTable(nameof(SsoConfig));
eSsoUser.ToTable(nameof(SsoUser));
eTaxRate.ToTable(nameof(TaxRate));
eTransaction.ToTable(nameof(Transaction));
eUser.ToTable(nameof(User));
eOrganizationApiKey.ToTable(nameof(OrganizationApiKey));
eOrganizationConnection.ToTable(nameof(OrganizationConnection));
eOrganizationDomain.ToTable(nameof(OrganizationDomain));

29
src/Infrastructure.EntityFramework/Tools/Configurations/SendEntityTypeConfiguration.cs Normal file
View File

@ -0,0 +1,29 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Tools.Configurations;
public class SendEntityTypeConfiguration : IEntityTypeConfiguration<Send>
{
public void Configure(EntityTypeBuilder<Send> builder)
{
builder
.Property(s => s.Id)
.ValueGeneratedNever();
builder
.HasIndex(s => s.UserId)
.IsClustered(false);
builder
.HasIndex(s => new { s.UserId, s.OrganizationId })
.IsClustered(false);
builder
.HasIndex(s => s.DeletionDate)
.IsClustered(false);
builder.ToTable(nameof(Send));
}
}

9
src/Sql/dbo/Stored Procedures/Organization_Create.sql
View File

@ -52,7 +52,8 @@
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0,
@LimitCollectionCreationDeletion BIT = 1,
@AllowAdminAccessToAllCollectionItems BIT = 1
@AllowAdminAccessToAllCollectionItems BIT = 1,
@FlexibleCollections BIT = 0
AS
BEGIN
SET NOCOUNT ON
@ -112,7 +113,8 @@ BEGIN
[MaxAutoscaleSmServiceAccounts],
[SecretsManagerBeta],
[LimitCollectionCreationDeletion],
[AllowAdminAccessToAllCollectionItems]
[AllowAdminAccessToAllCollectionItems],
[FlexibleCollections]
)
VALUES
(
@ -169,6 +171,7 @@ BEGIN
@MaxAutoscaleSmServiceAccounts,
@SecretsManagerBeta,
@LimitCollectionCreationDeletion,
@AllowAdminAccessToAllCollectionItems
@AllowAdminAccessToAllCollectionItems,
@FlexibleCollections
)
END

3
src/Sql/dbo/Stored Procedures/Organization_ReadAbilities.sql
View File

@ -22,7 +22,8 @@ BEGIN
[UsePolicies],
[Enabled],
[LimitCollectionCreationDeletion],
[AllowAdminAccessToAllCollectionItems]
[AllowAdminAccessToAllCollectionItems],
[FlexibleCollections]
FROM
[dbo].[Organization]
END

6
src/Sql/dbo/Stored Procedures/Organization_Update.sql
View File

@ -52,7 +52,8 @@
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0,
@LimitCollectionCreationDeletion BIT = 1,
@AllowAdminAccessToAllCollectionItems BIT = 1
@AllowAdminAccessToAllCollectionItems BIT = 1,
@FlexibleCollections BIT = 0
AS
BEGIN
SET NOCOUNT ON
@ -112,7 +113,8 @@ BEGIN
[MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
[SecretsManagerBeta] = @SecretsManagerBeta,
[LimitCollectionCreationDeletion] = @LimitCollectionCreationDeletion,
[AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems
[AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
[FlexibleCollections] = @FlexibleCollections
WHERE
[Id] = @Id
END

1
src/Sql/dbo/Tables/Organization.sql
View File

@ -53,6 +53,7 @@
[SecretsManagerBeta] BIT NOT NULL CONSTRAINT [DF_Organization_SecretsManagerBeta] DEFAULT (0),
[LimitCollectionCreationDeletion] BIT NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCreationDeletion] DEFAULT (1),
[AllowAdminAccessToAllCollectionItems] BIT NOT NULL CONSTRAINT [DF_Organization_AllowAdminAccessToAllCollectionItems] DEFAULT (1),
[FlexibleCollections] BIT NOT NULL CONSTRAINT [DF_Organization_FlexibleCollections] DEFAULT (0)
CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
);

3
src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
View File

@ -46,7 +46,8 @@ SELECT
O.[SmSeats],
O.[SmServiceAccounts],
O.[LimitCollectionCreationDeletion],
O.[AllowAdminAccessToAllCollectionItems]
O.[AllowAdminAccessToAllCollectionItems],
O.[FlexibleCollections]
FROM
[dbo].[OrganizationUser] OU
LEFT JOIN

39
test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
View File

@ -1,18 +1,15 @@
using System.Security.Claims;
using System.Text.Json;
using Bit.Core;
using Bit.Core.AdminConsole.Entities;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Api.Request.Accounts;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Bit.IntegrationTestCommon.Factories;
using Bit.Test.Common.Helpers;
@ -383,36 +380,6 @@ public class IdentityServerSsoTests
}
[Fact]
public async Task SsoLogin_TrustedDeviceEncryption_FlagTurnedOff_DoesNotReturnOption()
{
// This creates SsoConfig that HAS enabled trusted device encryption which should have only been
// done with the feature flag turned on but we are testing that even if they have done that, this will turn off
// if returning as an option if the flag has later been turned off. We should be very careful turning the flag
// back off.
using var responseBody = await RunSuccessTestAsync(async factory =>
{
await UpdateUserAsync(factory, user => user.MasterPassword = null);
}, MemberDecryptionType.TrustedDeviceEncryption, trustedDeviceEnabled: false);
// Assert
// If the organization has selected TrustedDeviceEncryption but the user still has their master password
// they can decrypt with either option
var root = responseBody.RootElement;
AssertHelper.AssertJsonProperty(root, "access_token", JsonValueKind.String);
var userDecryptionOptions = AssertHelper.AssertJsonProperty(root, "UserDecryptionOptions", JsonValueKind.Object);
// Expected to look like:
// "UserDecryptionOptions": {
// "Object": "userDecryptionOptions"
// "HasMasterPassword": false
// }
// Should only have 2 properties
Assert.Equal(2, userDecryptionOptions.EnumerateObject().Count());
}
[Fact]
public async Task SsoLogin_KeyConnector_ReturnsOptions()
{
@ -511,12 +478,6 @@ public class IdentityServerSsoTests
.Returns(authorizationCode);
});
factory.SubstitueService<IFeatureService>(service =>
{
service.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, Arg.Any<ICurrentContext>())
.Returns(trustedDeviceEnabled);
});
// This starts the server and finalizes services
var registerResponse = await factory.RegisterAsync(new RegisterRequestModel
{

26
test/Identity.Test/IdentityServer/UserDecryptionOptionsBuilderTests.cs
View File

@ -1,11 +1,9 @@
using Bit.Core;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Identity.IdentityServer;
using Bit.Identity.Utilities;
using Bit.Test.Common.AutoFixture.Attributes;
@ -17,7 +15,6 @@ namespace Bit.Identity.Test.IdentityServer;
public class UserDecryptionOptionsBuilderTests
{
private readonly ICurrentContext _currentContext;
private readonly IFeatureService _featureService;
private readonly IDeviceRepository _deviceRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly UserDecryptionOptionsBuilder _builder;
@ -25,10 +22,9 @@ public class UserDecryptionOptionsBuilderTests
public UserDecryptionOptionsBuilderTests()
{
_currentContext = Substitute.For<ICurrentContext>();
_featureService = Substitute.For<IFeatureService>();
_deviceRepository = Substitute.For<IDeviceRepository>();
_organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
_builder = new UserDecryptionOptionsBuilder(_currentContext, _featureService, _deviceRepository, _organizationUserRepository);
_builder = new UserDecryptionOptionsBuilder(_currentContext, _deviceRepository, _organizationUserRepository);
}
[Theory]
@ -79,7 +75,6 @@ public class UserDecryptionOptionsBuilderTests
[Theory, BitAutoData]
public async Task Build_WhenTrustedDeviceIsEnabled_ShouldReturnTrustedDeviceOptions(SsoConfig ssoConfig, SsoConfigurationData configurationData, Device device)
{
_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext).Returns(true);
configurationData.MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption;
ssoConfig.Data = configurationData.Serialize();
@ -91,23 +86,9 @@ public class UserDecryptionOptionsBuilderTests
Assert.False(result.TrustedDeviceOption!.HasManageResetPasswordPermission);
}
// TODO: Remove when FeatureFlagKeys.TrustedDeviceEncryption is removed
[Theory, BitAutoData]
public async Task Build_WhenTrustedDeviceIsEnabledButFeatureFlagIsDisabled_ShouldNotReturnTrustedDeviceOptions(SsoConfig ssoConfig, SsoConfigurationData configurationData, Device device)
{
_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext).Returns(false);
configurationData.MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption;
ssoConfig.Data = configurationData.Serialize();
var result = await _builder.WithSso(ssoConfig).WithDevice(device).BuildAsync();
Assert.Null(result.TrustedDeviceOption);
}
[Theory, BitAutoData]
public async Task Build_WhenDeviceIsTrusted_ShouldReturnKeys(SsoConfig ssoConfig, SsoConfigurationData configurationData, Device device)
{
_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext).Returns(true);
configurationData.MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption;
ssoConfig.Data = configurationData.Serialize();
device.EncryptedPrivateKey = "encryptedPrivateKey";
@ -123,7 +104,6 @@ public class UserDecryptionOptionsBuilderTests
[Theory, BitAutoData]
public async Task Build_WhenHasLoginApprovingDevice_ShouldApprovingDeviceTrue(SsoConfig ssoConfig, SsoConfigurationData configurationData, User user, Device device, Device approvingDevice)
{
_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext).Returns(true);
configurationData.MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption;
ssoConfig.Data = configurationData.Serialize();
approvingDevice.Type = LoginApprovingDeviceTypes.Types.First();
@ -140,7 +120,6 @@ public class UserDecryptionOptionsBuilderTests
SsoConfigurationData configurationData,
CurrentContextOrganization organization)
{
_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext).Returns(true);
configurationData.MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption;
ssoConfig.Data = configurationData.Serialize();
ssoConfig.OrganizationId = organization.Id;
@ -159,7 +138,6 @@ public class UserDecryptionOptionsBuilderTests
OrganizationUser organizationUser,
User user)
{
_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext).Returns(true);
configurationData.MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption;
ssoConfig.Data = configurationData.Serialize();
organizationUser.ResetPasswordKey = "resetPasswordKey";

413
util/Migrator/DbScripts/2024-01-11_00_OrganizationFlexibleCollectionsColumn.sql Normal file
View File

@ -0,0 +1,413 @@
--Add column 'FlexibleCollections' to 'Organization' table
IF COL_LENGTH('[dbo].[Organization]', 'FlexibleCollections') IS NULL
BEGIN
ALTER TABLE
[dbo].[Organization]
ADD
[FlexibleCollections] BIT NOT NULL CONSTRAINT [DF_Organization_FlexibleCollections] DEFAULT (0)
END
GO
/**
ORGANIZATION STORED PROCEDURES
*/
--Alter `Organization_Create` sproc to include new column and default value
CREATE OR ALTER PROCEDURE [dbo].[Organization_Create]
@Id UNIQUEIDENTIFIER OUTPUT,
@Identifier NVARCHAR(50),
@Name NVARCHAR(50),
@BusinessName NVARCHAR(50),
@BusinessAddress1 NVARCHAR(50),
@BusinessAddress2 NVARCHAR(50),
@BusinessAddress3 NVARCHAR(50),
@BusinessCountry VARCHAR(2),
@BusinessTaxNumber NVARCHAR(30),
@BillingEmail NVARCHAR(256),
@Plan NVARCHAR(50),
@PlanType TINYINT,
@Seats INT,
@MaxCollections SMALLINT,
@UsePolicies BIT,
@UseSso BIT,
@UseGroups BIT,
@UseDirectory BIT,
@UseEvents BIT,
@UseTotp BIT,
@Use2fa BIT,
@UseApi BIT,
@UseResetPassword BIT,
@SelfHost BIT,
@UsersGetPremium BIT,
@Storage BIGINT,
@MaxStorageGb SMALLINT,
@Gateway TINYINT,
@GatewayCustomerId VARCHAR(50),
@GatewaySubscriptionId VARCHAR(50),
@ReferenceData VARCHAR(MAX),
@Enabled BIT,
@LicenseKey VARCHAR(100),
@PublicKey VARCHAR(MAX),
@PrivateKey VARCHAR(MAX),
@TwoFactorProviders NVARCHAR(MAX),
@ExpirationDate DATETIME2(7),
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@OwnersNotifiedOfAutoscaling DATETIME2(7),
@MaxAutoscaleSeats INT,
@UseKeyConnector BIT = 0,
@UseScim BIT = 0,
@UseCustomPermissions BIT = 0,
@UseSecretsManager BIT = 0,
@Status TINYINT = 0,
@UsePasswordManager BIT = 1,
@SmSeats INT = null,
@SmServiceAccounts INT = null,
@MaxAutoscaleSmSeats INT= null,
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0,
@LimitCollectionCreationDeletion BIT = 1,
@AllowAdminAccessToAllCollectionItems BIT = 1,
@FlexibleCollections BIT = 0
AS
BEGIN
SET NOCOUNT ON
INSERT INTO [dbo].[Organization]
(
[Id],
[Identifier],
[Name],
[BusinessName],
[BusinessAddress1],
[BusinessAddress2],
[BusinessAddress3],
[BusinessCountry],
[BusinessTaxNumber],
[BillingEmail],
[Plan],
[PlanType],
[Seats],
[MaxCollections],
[UsePolicies],
[UseSso],
[UseGroups],
[UseDirectory],
[UseEvents],
[UseTotp],
[Use2fa],
[UseApi],
[UseResetPassword],
[SelfHost],
[UsersGetPremium],
[Storage],
[MaxStorageGb],
[Gateway],
[GatewayCustomerId],
[GatewaySubscriptionId],
[ReferenceData],
[Enabled],
[LicenseKey],
[PublicKey],
[PrivateKey],
[TwoFactorProviders],
[ExpirationDate],
[CreationDate],
[RevisionDate],
[OwnersNotifiedOfAutoscaling],
[MaxAutoscaleSeats],
[UseKeyConnector],
[UseScim],
[UseCustomPermissions],
[UseSecretsManager],
[Status],
[UsePasswordManager],
[SmSeats],
[SmServiceAccounts],
[MaxAutoscaleSmSeats],
[MaxAutoscaleSmServiceAccounts],
[SecretsManagerBeta],
[LimitCollectionCreationDeletion],
[AllowAdminAccessToAllCollectionItems],
[FlexibleCollections]
)
VALUES
(
@Id,
@Identifier,
@Name,
@BusinessName,
@BusinessAddress1,
@BusinessAddress2,
@BusinessAddress3,
@BusinessCountry,
@BusinessTaxNumber,
@BillingEmail,
@Plan,
@PlanType,
@Seats,
@MaxCollections,
@UsePolicies,
@UseSso,
@UseGroups,
@UseDirectory,
@UseEvents,
@UseTotp,
@Use2fa,
@UseApi,
@UseResetPassword,
@SelfHost,
@UsersGetPremium,
@Storage,
@MaxStorageGb,
@Gateway,
@GatewayCustomerId,
@GatewaySubscriptionId,
@ReferenceData,
@Enabled,
@LicenseKey,
@PublicKey,
@PrivateKey,
@TwoFactorProviders,
@ExpirationDate,
@CreationDate,
@RevisionDate,
@OwnersNotifiedOfAutoscaling,
@MaxAutoscaleSeats,
@UseKeyConnector,
@UseScim,
@UseCustomPermissions,
@UseSecretsManager,
@Status,
@UsePasswordManager,
@SmSeats,
@SmServiceAccounts,
@MaxAutoscaleSmSeats,
@MaxAutoscaleSmServiceAccounts,
@SecretsManagerBeta,
@LimitCollectionCreationDeletion,
@AllowAdminAccessToAllCollectionItems,
@FlexibleCollections
)
END
GO
--Alter `Organization_Update` sproc to include new column and default value
CREATE OR ALTER PROCEDURE [dbo].[Organization_Update]
@Id UNIQUEIDENTIFIER,
@Identifier NVARCHAR(50),
@Name NVARCHAR(50),
@BusinessName NVARCHAR(50),
@BusinessAddress1 NVARCHAR(50),
@BusinessAddress2 NVARCHAR(50),
@BusinessAddress3 NVARCHAR(50),
@BusinessCountry VARCHAR(2),
@BusinessTaxNumber NVARCHAR(30),
@BillingEmail NVARCHAR(256),
@Plan NVARCHAR(50),
@PlanType TINYINT,
@Seats INT,
@MaxCollections SMALLINT,
@UsePolicies BIT,
@UseSso BIT,
@UseGroups BIT,
@UseDirectory BIT,
@UseEvents BIT,
@UseTotp BIT,
@Use2fa BIT,
@UseApi BIT,
@UseResetPassword BIT,
@SelfHost BIT,
@UsersGetPremium BIT,
@Storage BIGINT,
@MaxStorageGb SMALLINT,
@Gateway TINYINT,
@GatewayCustomerId VARCHAR(50),
@GatewaySubscriptionId VARCHAR(50),
@ReferenceData VARCHAR(MAX),
@Enabled BIT,
@LicenseKey VARCHAR(100),
@PublicKey VARCHAR(MAX),
@PrivateKey VARCHAR(MAX),
@TwoFactorProviders NVARCHAR(MAX),
@ExpirationDate DATETIME2(7),
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7),
@OwnersNotifiedOfAutoscaling DATETIME2(7),
@MaxAutoscaleSeats INT,
@UseKeyConnector BIT = 0,
@UseScim BIT = 0,
@UseCustomPermissions BIT = 0,
@UseSecretsManager BIT = 0,
@Status TINYINT = 0,
@UsePasswordManager BIT = 1,
@SmSeats INT = null,
@SmServiceAccounts INT = null,
@MaxAutoscaleSmSeats INT = null,
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0,
@LimitCollectionCreationDeletion BIT = 1,
@AllowAdminAccessToAllCollectionItems BIT = 1,
@FlexibleCollections BIT = 0
AS
BEGIN
SET NOCOUNT ON
UPDATE
[dbo].[Organization]
SET
[Identifier] = @Identifier,
[Name] = @Name,
[BusinessName] = @BusinessName,
[BusinessAddress1] = @BusinessAddress1,
[BusinessAddress2] = @BusinessAddress2,
[BusinessAddress3] = @BusinessAddress3,
[BusinessCountry] = @BusinessCountry,
[BusinessTaxNumber] = @BusinessTaxNumber,
[BillingEmail] = @BillingEmail,
[Plan] = @Plan,
[PlanType] = @PlanType,
[Seats] = @Seats,
[MaxCollections] = @MaxCollections,
[UsePolicies] = @UsePolicies,
[UseSso] = @UseSso,
[UseGroups] = @UseGroups,
[UseDirectory] = @UseDirectory,
[UseEvents] = @UseEvents,
[UseTotp] = @UseTotp,
[Use2fa] = @Use2fa,
[UseApi] = @UseApi,
[UseResetPassword] = @UseResetPassword,
[SelfHost] = @SelfHost,
[UsersGetPremium] = @UsersGetPremium,
[Storage] = @Storage,
[MaxStorageGb] = @MaxStorageGb,
[Gateway] = @Gateway,
[GatewayCustomerId] = @GatewayCustomerId,
[GatewaySubscriptionId] = @GatewaySubscriptionId,
[ReferenceData] = @ReferenceData,
[Enabled] = @Enabled,
[LicenseKey] = @LicenseKey,
[PublicKey] = @PublicKey,
[PrivateKey] = @PrivateKey,
[TwoFactorProviders] = @TwoFactorProviders,
[ExpirationDate] = @ExpirationDate,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate,
[OwnersNotifiedOfAutoscaling] = @OwnersNotifiedOfAutoscaling,
[MaxAutoscaleSeats] = @MaxAutoscaleSeats,
[UseKeyConnector] = @UseKeyConnector,
[UseScim] = @UseScim,
[UseCustomPermissions] = @UseCustomPermissions,
[UseSecretsManager] = @UseSecretsManager,
[Status] = @Status,
[UsePasswordManager] = @UsePasswordManager,
[SmSeats] = @SmSeats,
[SmServiceAccounts] = @SmServiceAccounts,
[MaxAutoscaleSmSeats] = @MaxAutoscaleSmSeats,
[MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
[SecretsManagerBeta] = @SecretsManagerBeta,
[LimitCollectionCreationDeletion] = @LimitCollectionCreationDeletion,
[AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
[FlexibleCollections] = @FlexibleCollections
WHERE
[Id] = @Id
END
GO
/**
ORGANIZATION VIEWS
*/
-- Update OrganizationUserOrganizationDetailsView to include new column and default value
CREATE OR ALTER VIEW [dbo].[OrganizationUserOrganizationDetailsView]
AS
SELECT
OU.[UserId],
OU.[OrganizationId],
O.[Name],
O.[Enabled],
O.[PlanType],
O.[UsePolicies],
O.[UseSso],
O.[UseKeyConnector],
O.[UseScim],
O.[UseGroups],
O.[UseDirectory],
O.[UseEvents],
O.[UseTotp],
O.[Use2fa],
O.[UseApi],
O.[UseResetPassword],
O.[SelfHost],
O.[UsersGetPremium],
O.[UseCustomPermissions],
O.[UseSecretsManager],
O.[Seats],
O.[MaxCollections],
O.[MaxStorageGb],
O.[Identifier],
OU.[Key],
OU.[ResetPasswordKey],
O.[PublicKey],
O.[PrivateKey],
OU.[Status],
OU.[Type],
SU.[ExternalId] SsoExternalId,
OU.[Permissions],
PO.[ProviderId],
P.[Name] ProviderName,
P.[Type] ProviderType,
SS.[Data] SsoConfig,
OS.[FriendlyName] FamilySponsorshipFriendlyName,
OS.[LastSyncDate] FamilySponsorshipLastSyncDate,
OS.[ToDelete] FamilySponsorshipToDelete,
OS.[ValidUntil] FamilySponsorshipValidUntil,
OU.[AccessSecretsManager],
O.[UsePasswordManager],
O.[SmSeats],
O.[SmServiceAccounts],
O.[LimitCollectionCreationDeletion],
O.[AllowAdminAccessToAllCollectionItems],
O.[FlexibleCollections]
FROM
[dbo].[OrganizationUser] OU
LEFT JOIN
[dbo].[Organization] O ON O.[Id] = OU.[OrganizationId]
LEFT JOIN
[dbo].[SsoUser] SU ON SU.[UserId] = OU.[UserId] AND SU.[OrganizationId] = OU.[OrganizationId]
LEFT JOIN
[dbo].[ProviderOrganization] PO ON PO.[OrganizationId] = O.[Id]
LEFT JOIN
[dbo].[Provider] P ON P.[Id] = PO.[ProviderId]
LEFT JOIN
[dbo].[SsoConfig] SS ON SS.[OrganizationId] = OU.[OrganizationId]
LEFT JOIN
[dbo].[OrganizationSponsorship] OS ON OS.[SponsoringOrganizationUserID] = OU.[Id]
GO
--Manually refresh OrganizationView
IF OBJECT_ID('[dbo].[OrganizationView]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[OrganizationView]';
END
GO
/**
PROVIDER VIEWS - not directly modified, but access Organization table
*/
--Manually refresh ProviderOrganizationOrganizationDetailsView
IF OBJECT_ID('[dbo].[ProviderOrganizationOrganizationDetailsView]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[ProviderOrganizationOrganizationDetailsView]';
END
GO
--Manually refresh ProviderUserProviderOrganizationDetailsView
IF OBJECT_ID('[dbo].[ProviderUserProviderOrganizationDetailsView]') IS NOT NULL
BEGIN
EXECUTE sp_refreshsqlmodule N'[dbo].[ProviderUserProviderOrganizationDetailsView]';
END
GO

31
util/Migrator/DbScripts/2024-01-11_01_OrganizationAbilitiesAddFlexibleCollectionsColumn.sql Normal file
View File

@ -0,0 +1,31 @@
--Update stored procedure to include LimitCollectionCreationDeletion property
CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadAbilities]
AS
BEGIN
SET NOCOUNT ON
SELECT
[Id],
[UseEvents],
[Use2fa],
CASE
WHEN [Use2fa] = 1 AND [TwoFactorProviders] IS NOT NULL AND [TwoFactorProviders] != '{}' THEN
1
ELSE
0
END AS [Using2fa],
[UsersGetPremium],
[UseCustomPermissions],
[UseSso],
[UseKeyConnector],
[UseScim],
[UseResetPassword],
[UsePolicies],
[Enabled],
[LimitCollectionCreationDeletion],
[AllowAdminAccessToAllCollectionItems],
[FlexibleCollections]
FROM
[dbo].[Organization]
END
GO

2341
util/MySqlMigrations/Migrations/20231229202309_AddToolsTableIndexes.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

35
util/MySqlMigrations/Migrations/20231229202309_AddToolsTableIndexes.cs Normal file
View File

@ -0,0 +1,35 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class AddToolsTableIndexes : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateIndex(
name: "IX_Send_DeletionDate",
table: "Send",
column: "DeletionDate");
migrationBuilder.CreateIndex(
name: "IX_Send_UserId_OrganizationId",
table: "Send",
columns: new[] { "UserId", "OrganizationId" });
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropIndex(
name: "IX_Send_DeletionDate",
table: "Send");
migrationBuilder.DropIndex(
name: "IX_Send_UserId_OrganizationId",
table: "Send");
}
}

2380
util/MySqlMigrations/Migrations/20240109215348_AddTableIndexes.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

110
util/MySqlMigrations/Migrations/20240109215348_AddTableIndexes.cs Normal file
View File

@ -0,0 +1,110 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class AddTableIndexes : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateIndex(
name: "IX_User_Email",
table: "User",
column: "Email",
unique: true);
migrationBuilder.CreateIndex(
name: "IX_User_Premium_PremiumExpirationDate_RenewalReminderDate",
table: "User",
columns: new[] { "Premium", "PremiumExpirationDate", "RenewalReminderDate" });
migrationBuilder.CreateIndex(
name: "IX_Transaction_UserId_OrganizationId_CreationDate",
table: "Transaction",
columns: new[] { "UserId", "OrganizationId", "CreationDate" });
migrationBuilder.CreateIndex(
name: "IX_Policy_OrganizationId_Type",
table: "Policy",
columns: new[] { "OrganizationId", "Type" },
unique: true);
migrationBuilder.CreateIndex(
name: "IX_OrganizationUser_UserId_OrganizationId_Status",
table: "OrganizationUser",
columns: new[] { "UserId", "OrganizationId", "Status" });
migrationBuilder.CreateIndex(
name: "IX_OrganizationSponsorship_SponsoringOrganizationUserId",
table: "OrganizationSponsorship",
column: "SponsoringOrganizationUserId");
migrationBuilder.CreateIndex(
name: "IX_Organization_Id_Enabled",
table: "Organization",
columns: new[] { "Id", "Enabled" });
migrationBuilder.CreateIndex(
name: "IX_Event_Date_OrganizationId_ActingUserId_CipherId",
table: "Event",
columns: new[] { "Date", "OrganizationId", "ActingUserId", "CipherId" });
migrationBuilder.CreateIndex(
name: "IX_Device_Identifier",
table: "Device",
column: "Identifier");
migrationBuilder.CreateIndex(
name: "IX_Device_UserId_Identifier",
table: "Device",
columns: new[] { "UserId", "Identifier" },
unique: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropIndex(
name: "IX_User_Email",
table: "User");
migrationBuilder.DropIndex(
name: "IX_User_Premium_PremiumExpirationDate_RenewalReminderDate",
table: "User");
migrationBuilder.DropIndex(
name: "IX_Transaction_UserId_OrganizationId_CreationDate",
table: "Transaction");
migrationBuilder.DropIndex(
name: "IX_Policy_OrganizationId_Type",
table: "Policy");
migrationBuilder.DropIndex(
name: "IX_OrganizationUser_UserId_OrganizationId_Status",
table: "OrganizationUser");
migrationBuilder.DropIndex(
name: "IX_OrganizationSponsorship_SponsoringOrganizationUserId",
table: "OrganizationSponsorship");
migrationBuilder.DropIndex(
name: "IX_Organization_Id_Enabled",
table: "Organization");
migrationBuilder.DropIndex(
name: "IX_Event_Date_OrganizationId_ActingUserId_CipherId",
table: "Event");
migrationBuilder.DropIndex(
name: "IX_Device_Identifier",
table: "Device");
migrationBuilder.DropIndex(
name: "IX_Device_UserId_Identifier",
table: "Device");
}
}

2337
util/MySqlMigrations/Migrations/20240111034851_OrganizationFlexibleCollectionsColumn.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

28
util/MySqlMigrations/Migrations/20240111034851_OrganizationFlexibleCollectionsColumn.cs Normal file
View File

@ -0,0 +1,28 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class OrganizationFlexibleCollectionsColumn : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<bool>(
name: "FlexibleCollections",
table: "Organization",
type: "tinyint(1)",
nullable: false,
defaultValue: false);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "FlexibleCollections",
table: "Organization");
}
}

61
util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -65,6 +65,9 @@ namespace Bit.MySqlMigrations.Migrations
b.Property<DateTime?>("ExpirationDate")
.HasColumnType("datetime(6)");
b.Property<bool>("FlexibleCollections")
.HasColumnType("tinyint(1)");
b.Property<byte?>("Gateway")
.HasColumnType("tinyint unsigned");
@ -200,6 +203,9 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Id", "Enabled")
.HasAnnotation("Npgsql:IndexInclude", new[] { "UseTotp" });
b.ToTable("Organization", (string)null);
});
@ -228,7 +234,12 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("OrganizationId", "Type")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Policy", (string)null);
});
@ -774,7 +785,15 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("UserId");
b.HasIndex("Identifier")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "Identifier")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Device", (string)null);
});
@ -847,6 +866,9 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Date", "OrganizationId", "ActingUserId", "CipherId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Event", (string)null);
});
@ -1047,6 +1069,9 @@ namespace Bit.MySqlMigrations.Migrations
b.HasIndex("SponsoringOrganizationId");
b.HasIndex("SponsoringOrganizationUserId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("OrganizationSponsorship", (string)null);
});
@ -1098,9 +1123,15 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId", "Status")
.HasAnnotation("Npgsql:IndexInclude", new[] { "AccessAll" })
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("OrganizationUser", (string)null);
});
@ -1155,9 +1186,16 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("DeletionDate")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("OrganizationId");
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Send", (string)null);
});
@ -1235,7 +1273,11 @@ namespace Bit.MySqlMigrations.Migrations
b.HasIndex("OrganizationId");
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId", "CreationDate")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Transaction", (string)null);
});
@ -1385,6 +1427,13 @@ namespace Bit.MySqlMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Email")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("Premium", "PremiumExpirationDate", "RenewalReminderDate")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("User", (string)null);
});

2354
util/PostgresMigrations/Migrations/20231229202259_AddToolsTableIndexes.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

35
util/PostgresMigrations/Migrations/20231229202259_AddToolsTableIndexes.cs Normal file
View File

@ -0,0 +1,35 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class AddToolsTableIndexes : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateIndex(
name: "IX_Send_DeletionDate",
table: "Send",
column: "DeletionDate");
migrationBuilder.CreateIndex(
name: "IX_Send_UserId_OrganizationId",
table: "Send",
columns: new[] { "UserId", "OrganizationId" });
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropIndex(
name: "IX_Send_DeletionDate",
table: "Send");
migrationBuilder.DropIndex(
name: "IX_Send_UserId_OrganizationId",
table: "Send");
}
}

2395
util/PostgresMigrations/Migrations/20240109215338_AddTableIndexes.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

112
util/PostgresMigrations/Migrations/20240109215338_AddTableIndexes.cs Normal file
View File

@ -0,0 +1,112 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class AddTableIndexes : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateIndex(
name: "IX_User_Email",
table: "User",
column: "Email",
unique: true);
migrationBuilder.CreateIndex(
name: "IX_User_Premium_PremiumExpirationDate_RenewalReminderDate",
table: "User",
columns: new[] { "Premium", "PremiumExpirationDate", "RenewalReminderDate" });
migrationBuilder.CreateIndex(
name: "IX_Transaction_UserId_OrganizationId_CreationDate",
table: "Transaction",
columns: new[] { "UserId", "OrganizationId", "CreationDate" });
migrationBuilder.CreateIndex(
name: "IX_Policy_OrganizationId_Type",
table: "Policy",
columns: new[] { "OrganizationId", "Type" },
unique: true);
migrationBuilder.CreateIndex(
name: "IX_OrganizationUser_UserId_OrganizationId_Status",
table: "OrganizationUser",
columns: new[] { "UserId", "OrganizationId", "Status" })
.Annotation("Npgsql:IndexInclude", new[] { "AccessAll" });
migrationBuilder.CreateIndex(
name: "IX_OrganizationSponsorship_SponsoringOrganizationUserId",
table: "OrganizationSponsorship",
column: "SponsoringOrganizationUserId");
migrationBuilder.CreateIndex(
name: "IX_Organization_Id_Enabled",
table: "Organization",
columns: new[] { "Id", "Enabled" })
.Annotation("Npgsql:IndexInclude", new[] { "UseTotp" });
migrationBuilder.CreateIndex(
name: "IX_Event_Date_OrganizationId_ActingUserId_CipherId",
table: "Event",
columns: new[] { "Date", "OrganizationId", "ActingUserId", "CipherId" });
migrationBuilder.CreateIndex(
name: "IX_Device_Identifier",
table: "Device",
column: "Identifier");
migrationBuilder.CreateIndex(
name: "IX_Device_UserId_Identifier",
table: "Device",
columns: new[] { "UserId", "Identifier" },
unique: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropIndex(
name: "IX_User_Email",
table: "User");
migrationBuilder.DropIndex(
name: "IX_User_Premium_PremiumExpirationDate_RenewalReminderDate",
table: "User");
migrationBuilder.DropIndex(
name: "IX_Transaction_UserId_OrganizationId_CreationDate",
table: "Transaction");
migrationBuilder.DropIndex(
name: "IX_Policy_OrganizationId_Type",
table: "Policy");
migrationBuilder.DropIndex(
name: "IX_OrganizationUser_UserId_OrganizationId_Status",
table: "OrganizationUser");
migrationBuilder.DropIndex(
name: "IX_OrganizationSponsorship_SponsoringOrganizationUserId",
table: "OrganizationSponsorship");
migrationBuilder.DropIndex(
name: "IX_Organization_Id_Enabled",
table: "Organization");
migrationBuilder.DropIndex(
name: "IX_Event_Date_OrganizationId_ActingUserId_CipherId",
table: "Event");
migrationBuilder.DropIndex(
name: "IX_Device_Identifier",
table: "Device");
migrationBuilder.DropIndex(
name: "IX_Device_UserId_Identifier",
table: "Device");
}
}

2350
util/PostgresMigrations/Migrations/20240111034857_OrganizationFlexibleCollectionsColumn.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

28
util/PostgresMigrations/Migrations/20240111034857_OrganizationFlexibleCollectionsColumn.cs Normal file
View File

@ -0,0 +1,28 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class OrganizationFlexibleCollectionsColumn : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<bool>(
name: "FlexibleCollections",
table: "Organization",
type: "boolean",
nullable: false,
defaultValue: false);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "FlexibleCollections",
table: "Organization");
}
}

63
util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -69,6 +69,9 @@ namespace Bit.PostgresMigrations.Migrations
b.Property<DateTime?>("ExpirationDate")
.HasColumnType("timestamp with time zone");
b.Property<bool>("FlexibleCollections")
.HasColumnType("boolean");
b.Property<byte?>("Gateway")
.HasColumnType("smallint");
@ -205,6 +208,10 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Id", "Enabled");
NpgsqlIndexBuilderExtensions.IncludeProperties(b.HasIndex("Id", "Enabled"), new[] { "UseTotp" });
b.ToTable("Organization", (string)null);
});
@ -233,7 +240,12 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("OrganizationId", "Type")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Policy", (string)null);
});
@ -786,7 +798,15 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("UserId");
b.HasIndex("Identifier")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "Identifier")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Device", (string)null);
});
@ -859,6 +879,9 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Date", "OrganizationId", "ActingUserId", "CipherId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Event", (string)null);
});
@ -1059,6 +1082,9 @@ namespace Bit.PostgresMigrations.Migrations
b.HasIndex("SponsoringOrganizationId");
b.HasIndex("SponsoringOrganizationUserId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("OrganizationSponsorship", (string)null);
});
@ -1110,9 +1136,16 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId", "Status")
.HasAnnotation("SqlServer:Clustered", false);
NpgsqlIndexBuilderExtensions.IncludeProperties(b.HasIndex("UserId", "OrganizationId", "Status"), new[] { "AccessAll" });
b.ToTable("OrganizationUser", (string)null);
});
@ -1167,9 +1200,16 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("DeletionDate")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("OrganizationId");
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Send", (string)null);
});
@ -1247,7 +1287,11 @@ namespace Bit.PostgresMigrations.Migrations
b.HasIndex("OrganizationId");
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId", "CreationDate")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Transaction", (string)null);
});
@ -1398,6 +1442,13 @@ namespace Bit.PostgresMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Email")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("Premium", "PremiumExpirationDate", "RenewalReminderDate")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("User", (string)null);
});

2339
util/SqliteMigrations/Migrations/20231229202304_AddToolsTableIndexes.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

35
util/SqliteMigrations/Migrations/20231229202304_AddToolsTableIndexes.cs Normal file
View File

@ -0,0 +1,35 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class AddToolsTableIndexes : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateIndex(
name: "IX_Send_DeletionDate",
table: "Send",
column: "DeletionDate");
migrationBuilder.CreateIndex(
name: "IX_Send_UserId_OrganizationId",
table: "Send",
columns: new[] { "UserId", "OrganizationId" });
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropIndex(
name: "IX_Send_DeletionDate",
table: "Send");
migrationBuilder.DropIndex(
name: "IX_Send_UserId_OrganizationId",
table: "Send");
}
}

2378
util/SqliteMigrations/Migrations/20240109215333_AddTableIndexes.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

110
util/SqliteMigrations/Migrations/20240109215333_AddTableIndexes.cs Normal file
View File

@ -0,0 +1,110 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class AddTableIndexes : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateIndex(
name: "IX_User_Email",
table: "User",
column: "Email",
unique: true);
migrationBuilder.CreateIndex(
name: "IX_User_Premium_PremiumExpirationDate_RenewalReminderDate",
table: "User",
columns: new[] { "Premium", "PremiumExpirationDate", "RenewalReminderDate" });
migrationBuilder.CreateIndex(
name: "IX_Transaction_UserId_OrganizationId_CreationDate",
table: "Transaction",
columns: new[] { "UserId", "OrganizationId", "CreationDate" });
migrationBuilder.CreateIndex(
name: "IX_Policy_OrganizationId_Type",
table: "Policy",
columns: new[] { "OrganizationId", "Type" },
unique: true);
migrationBuilder.CreateIndex(
name: "IX_OrganizationUser_UserId_OrganizationId_Status",
table: "OrganizationUser",
columns: new[] { "UserId", "OrganizationId", "Status" });
migrationBuilder.CreateIndex(
name: "IX_OrganizationSponsorship_SponsoringOrganizationUserId",
table: "OrganizationSponsorship",
column: "SponsoringOrganizationUserId");
migrationBuilder.CreateIndex(
name: "IX_Organization_Id_Enabled",
table: "Organization",
columns: new[] { "Id", "Enabled" });
migrationBuilder.CreateIndex(
name: "IX_Event_Date_OrganizationId_ActingUserId_CipherId",
table: "Event",
columns: new[] { "Date", "OrganizationId", "ActingUserId", "CipherId" });
migrationBuilder.CreateIndex(
name: "IX_Device_Identifier",
table: "Device",
column: "Identifier");
migrationBuilder.CreateIndex(
name: "IX_Device_UserId_Identifier",
table: "Device",
columns: new[] { "UserId", "Identifier" },
unique: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropIndex(
name: "IX_User_Email",
table: "User");
migrationBuilder.DropIndex(
name: "IX_User_Premium_PremiumExpirationDate_RenewalReminderDate",
table: "User");
migrationBuilder.DropIndex(
name: "IX_Transaction_UserId_OrganizationId_CreationDate",
table: "Transaction");
migrationBuilder.DropIndex(
name: "IX_Policy_OrganizationId_Type",
table: "Policy");
migrationBuilder.DropIndex(
name: "IX_OrganizationUser_UserId_OrganizationId_Status",
table: "OrganizationUser");
migrationBuilder.DropIndex(
name: "IX_OrganizationSponsorship_SponsoringOrganizationUserId",
table: "OrganizationSponsorship");
migrationBuilder.DropIndex(
name: "IX_Organization_Id_Enabled",
table: "Organization");
migrationBuilder.DropIndex(
name: "IX_Event_Date_OrganizationId_ActingUserId_CipherId",
table: "Event");
migrationBuilder.DropIndex(
name: "IX_Device_Identifier",
table: "Device");
migrationBuilder.DropIndex(
name: "IX_Device_UserId_Identifier",
table: "Device");
}
}

2335
util/SqliteMigrations/Migrations/20240111034245_OrganizationFlexibleCollectionsColumn.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

28
util/SqliteMigrations/Migrations/20240111034245_OrganizationFlexibleCollectionsColumn.cs Normal file
View File

@ -0,0 +1,28 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class OrganizationFlexibleCollectionsColumn : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<bool>(
name: "FlexibleCollections",
table: "Organization",
type: "INTEGER",
nullable: false,
defaultValue: false);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropColumn(
name: "FlexibleCollections",
table: "Organization");
}
}

61
util/SqliteMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -63,6 +63,9 @@ namespace Bit.SqliteMigrations.Migrations
b.Property<DateTime?>("ExpirationDate")
.HasColumnType("TEXT");
b.Property<bool>("FlexibleCollections")
.HasColumnType("INTEGER");
b.Property<byte?>("Gateway")
.HasColumnType("INTEGER");
@ -198,6 +201,9 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Id", "Enabled")
.HasAnnotation("Npgsql:IndexInclude", new[] { "UseTotp" });
b.ToTable("Organization", (string)null);
});
@ -226,7 +232,12 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("OrganizationId", "Type")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Policy", (string)null);
});
@ -772,7 +783,15 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("UserId");
b.HasIndex("Identifier")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "Identifier")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Device", (string)null);
});
@ -845,6 +864,9 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Date", "OrganizationId", "ActingUserId", "CipherId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Event", (string)null);
});
@ -1045,6 +1067,9 @@ namespace Bit.SqliteMigrations.Migrations
b.HasIndex("SponsoringOrganizationId");
b.HasIndex("SponsoringOrganizationUserId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("OrganizationSponsorship", (string)null);
});
@ -1096,9 +1121,15 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("OrganizationId");
b.HasIndex("OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId", "Status")
.HasAnnotation("Npgsql:IndexInclude", new[] { "AccessAll" })
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("OrganizationUser", (string)null);
});
@ -1153,9 +1184,16 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("DeletionDate")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("OrganizationId");
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Send", (string)null);
});
@ -1233,7 +1271,11 @@ namespace Bit.SqliteMigrations.Migrations
b.HasIndex("OrganizationId");
b.HasIndex("UserId");
b.HasIndex("UserId")
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("UserId", "OrganizationId", "CreationDate")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("Transaction", (string)null);
});
@ -1383,6 +1425,13 @@ namespace Bit.SqliteMigrations.Migrations
b.HasKey("Id");
b.HasIndex("Email")
.IsUnique()
.HasAnnotation("SqlServer:Clustered", false);
b.HasIndex("Premium", "PremiumExpirationDate", "RenewalReminderDate")
.HasAnnotation("SqlServer:Clustered", false);
b.ToTable("User", (string)null);
});