Merge branch 'ac/ac-1682/data-migrations-for-deprecated-permissions' into ac/ac-1682/ef-migrations

util/Migrator/DbScripts/2023-10-21_00_User_ReadByEmails.sql

@@ -0,0 +1,24 @@
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+
+CREATE OR ALTER PROCEDURE [dbo].[User_ReadByEmails]
+    @Emails AS [dbo].[EmailArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON;
+
+    IF (SELECT COUNT(1) FROM @Emails) < 1
+    BEGIN
+        RETURN(-1)
+    END
+
+    SELECT
+        *
+    FROM
+        [dbo].[UserView]
+    WHERE
+        [Email] IN (SELECT [Email] FROM @Emails)
+END
+GO

util/Migrator/DbScripts/2023-12-13_00_DeprecateAccessAll_UserCollectionDetails.sql

@@ -0,0 +1,168 @@
+-- Flexible Collections: create new UserCollectionDetails function that doesn't use AccessAll logic
+
+CREATE OR ALTER FUNCTION [dbo].[UserCollectionDetails_V2](@UserId UNIQUEIDENTIFIER)
+RETURNS TABLE
+AS RETURN
+SELECT
+    C.*,
+    CASE
+        WHEN
+            COALESCE(CU.[ReadOnly], CG.[ReadOnly], 0) = 0
+        THEN 0
+        ELSE 1
+    END [ReadOnly],
+    CASE
+        WHEN
+            COALESCE(CU.[HidePasswords], CG.[HidePasswords], 0) = 0
+        THEN 0
+        ELSE 1
+    END [HidePasswords],
+    CASE
+        WHEN
+            COALESCE(CU.[Manage], CG.[Manage], 0) = 0
+        THEN 0
+        ELSE 1
+    END [Manage]
+FROM
+    [dbo].[CollectionView] C
+INNER JOIN
+    [dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId]
+INNER JOIN
+    [dbo].[Organization] O ON O.[Id] = C.[OrganizationId]
+LEFT JOIN
+    [dbo].[CollectionUser] CU ON CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
+LEFT JOIN
+    [dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND GU.[OrganizationUserId] = OU.[Id]
+LEFT JOIN
+    [dbo].[Group] G ON G.[Id] = GU.[GroupId]
+LEFT JOIN
+    [dbo].[CollectionGroup] CG ON CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
+WHERE
+    OU.[UserId] = @UserId
+    AND OU.[Status] = 2 -- 2 = Confirmed
+    AND O.[Enabled] = 1
+    AND (
+        CU.[CollectionId] IS NOT NULL
+        OR CG.[CollectionId] IS NOT NULL
+    )
+GO
+
+-- Create v2 sprocs for all sprocs that call UserCollectionDetails
+
+-- Collection_ReadByIdUserId_V2
+CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByIdUserId_V2]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+    SELECT
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId,
+        MIN([ReadOnly]) AS [ReadOnly],
+        MIN([HidePasswords]) AS [HidePasswords],
+        MIN([Manage]) AS [Manage]
+    FROM
+        [dbo].[UserCollectionDetails_V2](@UserId)
+    WHERE
+        [Id] = @Id
+    GROUP BY
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId
+END
+GO
+
+-- Collection_ReadByUserId_V2
+CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByUserId_V2]
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId,
+        MIN([ReadOnly]) AS [ReadOnly],
+        MIN([HidePasswords]) AS [HidePasswords],
+        MIN([Manage]) AS [Manage]
+    FROM
+        [dbo].[UserCollectionDetails_V2](@UserId)
+    GROUP BY
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId
+END
+GO
+
+-- Collection_ReadWithGroupsAndUsersByIdUserId_V2
+CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadWithGroupsAndUsersByIdUserId_V2]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    EXEC [dbo].[Collection_ReadByIdUserId_V2] @Id, @UserId
+
+    EXEC [dbo].[CollectionGroup_ReadByCollectionId] @Id
+
+    EXEC [dbo].[CollectionUser_ReadByCollectionId] @Id
+END
+GO
+
+-- Collection_ReadWithGroupsAndUsersByUserId_V2
+CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadWithGroupsAndUsersByUserId_V2]
+	@UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    DECLARE @TempUserCollections TABLE(
+        Id UNIQUEIDENTIFIER,
+        OrganizationId UNIQUEIDENTIFIER,
+        Name VARCHAR(MAX),
+        CreationDate DATETIME2(7),
+        RevisionDate DATETIME2(7),
+        ExternalId NVARCHAR(300),
+        ReadOnly BIT,
+        HidePasswords BIT,
+        Manage BIT)
+
+    INSERT INTO @TempUserCollections EXEC [dbo].[Collection_ReadByUserId_V2] @UserId
+
+    SELECT
+        *
+    FROM
+        @TempUserCollections C
+
+    SELECT
+        CG.*
+    FROM
+        [dbo].[CollectionGroup] CG
+    INNER JOIN
+        @TempUserCollections C ON C.[Id] = CG.[CollectionId]
+
+    SELECT
+        CU.*
+    FROM
+        [dbo].[CollectionUser] CU
+    INNER JOIN
+        @TempUserCollections C ON C.[Id] = CU.[CollectionId]
+
+END
+GO

util/Migrator/DbScripts_transition/2023-12-06_02_ManagersEditAssignedCollectionUsers.sql

@@ -8,3 +8,18 @@ INNER JOIN [dbo].[OrganizationUser] ou
     ON cu.[OrganizationUserId] = ou.[Id]
 WHERE (ou.[Type] = 3 OR (ou.[Permissions] IS NOT NULL AND
     ISJSON(ou.[Permissions]) > 0 AND JSON_VALUE(ou.[Permissions], '$.editAssignedCollections') = 'true'))
+
+-- Insert rows to [dbo].[CollectionUser] for Managers and users with 'EditAssignedCollections' permission assigned to groups with collection access
+INSERT INTO [dbo].[CollectionUser] ([CollectionId], [OrganizationUserId], [ReadOnly], [HidePasswords], [Manage])
+SELECT cg.[CollectionId], ou.[Id], 0, 0, 1
+FROM [dbo].[CollectionGroup] cg
+INNER JOIN [dbo].[GroupUser] gu
+    ON cg.GroupId = gu.GroupId
+INNER JOIN [dbo].[OrganizationUser] ou
+    ON gu.OrganizationUserId = ou.[Id]
+WHERE (ou.[Type] = 3 OR
+    (ou.[Permissions] IS NOT NULL AND ISJSON(ou.[Permissions]) > 0 AND JSON_VALUE(ou.[Permissions], '$.editAssignedCollections') = 'true'))
+  AND NOT EXISTS (
+    SELECT 1 FROM [dbo].[CollectionUser] cu
+    WHERE cu.[CollectionId] = cg.[CollectionId] AND cu.[OrganizationUserId] = ou.[Id]
+  )

util/MySqlMigrations/Migrations/20231213032050_WebAuthnLoginCredentials.cs

@@ -0,0 +1,63 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.MySqlMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class WebAuthnLoginCredentials : Migration
+{
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.CreateTable(
+            name: "WebAuthnCredential",
+            columns: table => new
+            {
+                Id = table.Column<Guid>(type: "char(36)", nullable: false, collation: "ascii_general_ci"),
+                UserId = table.Column<Guid>(type: "char(36)", nullable: false, collation: "ascii_general_ci"),
+                Name = table.Column<string>(type: "varchar(50)", maxLength: 50, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                PublicKey = table.Column<string>(type: "varchar(256)", maxLength: 256, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                CredentialId = table.Column<string>(type: "varchar(256)", maxLength: 256, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                Counter = table.Column<int>(type: "int", nullable: false),
+                Type = table.Column<string>(type: "varchar(20)", maxLength: 20, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                AaGuid = table.Column<Guid>(type: "char(36)", nullable: false, collation: "ascii_general_ci"),
+                EncryptedUserKey = table.Column<string>(type: "varchar(2000)", maxLength: 2000, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                EncryptedPrivateKey = table.Column<string>(type: "varchar(2000)", maxLength: 2000, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                EncryptedPublicKey = table.Column<string>(type: "varchar(2000)", maxLength: 2000, nullable: true)
+                    .Annotation("MySql:CharSet", "utf8mb4"),
+                SupportsPrf = table.Column<bool>(type: "tinyint(1)", nullable: false),
+                CreationDate = table.Column<DateTime>(type: "datetime(6)", nullable: false),
+                RevisionDate = table.Column<DateTime>(type: "datetime(6)", nullable: false)
+            },
+            constraints: table =>
+            {
+                table.PrimaryKey("PK_WebAuthnCredential", x => x.Id);
+                table.ForeignKey(
+                    name: "FK_WebAuthnCredential_User_UserId",
+                    column: x => x.UserId,
+                    principalTable: "User",
+                    principalColumn: "Id",
+                    onDelete: ReferentialAction.Cascade);
+            })
+            .Annotation("MySql:CharSet", "utf8mb4");
+
+        migrationBuilder.CreateIndex(
+            name: "IX_WebAuthnCredential_UserId",
+            table: "WebAuthnCredential",
+            column: "UserId");
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropTable(
+            name: "WebAuthnCredential");
+    }
+}

util/PostgresMigrations/Migrations/20231213032041_WebAuthnLoginCredentials.cs

@@ -0,0 +1,55 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.PostgresMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class WebAuthnLoginCredentials : Migration
+{
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.CreateTable(
+            name: "WebAuthnCredential",
+            columns: table => new
+            {
+                Id = table.Column<Guid>(type: "uuid", nullable: false),
+                UserId = table.Column<Guid>(type: "uuid", nullable: false),
+                Name = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                PublicKey = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                CredentialId = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                Counter = table.Column<int>(type: "integer", nullable: false),
+                Type = table.Column<string>(type: "character varying(20)", maxLength: 20, nullable: true),
+                AaGuid = table.Column<Guid>(type: "uuid", nullable: false),
+                EncryptedUserKey = table.Column<string>(type: "character varying(2000)", maxLength: 2000, nullable: true),
+                EncryptedPrivateKey = table.Column<string>(type: "character varying(2000)", maxLength: 2000, nullable: true),
+                EncryptedPublicKey = table.Column<string>(type: "character varying(2000)", maxLength: 2000, nullable: true),
+                SupportsPrf = table.Column<bool>(type: "boolean", nullable: false),
+                CreationDate = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
+                RevisionDate = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
+            },
+            constraints: table =>
+            {
+                table.PrimaryKey("PK_WebAuthnCredential", x => x.Id);
+                table.ForeignKey(
+                    name: "FK_WebAuthnCredential_User_UserId",
+                    column: x => x.UserId,
+                    principalTable: "User",
+                    principalColumn: "Id",
+                    onDelete: ReferentialAction.Cascade);
+            });
+
+        migrationBuilder.CreateIndex(
+            name: "IX_WebAuthnCredential_UserId",
+            table: "WebAuthnCredential",
+            column: "UserId");
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropTable(
+            name: "WebAuthnCredential");
+    }
+}

util/Server/packages.lock.json

@@ -1,6 +0,0 @@
-{
-  "version": 1,
-  "dependencies": {
-    "net6.0": {}
-  }
-}

util/SqliteMigrations/Migrations/20231213032045_WebAuthnLoginCredentials.cs

@@ -0,0 +1,55 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.SqliteMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class WebAuthnLoginCredentials : Migration
+{
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.CreateTable(
+            name: "WebAuthnCredential",
+            columns: table => new
+            {
+                Id = table.Column<Guid>(type: "TEXT", nullable: false),
+                UserId = table.Column<Guid>(type: "TEXT", nullable: false),
+                Name = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
+                PublicKey = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
+                CredentialId = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
+                Counter = table.Column<int>(type: "INTEGER", nullable: false),
+                Type = table.Column<string>(type: "TEXT", maxLength: 20, nullable: true),
+                AaGuid = table.Column<Guid>(type: "TEXT", nullable: false),
+                EncryptedUserKey = table.Column<string>(type: "TEXT", maxLength: 2000, nullable: true),
+                EncryptedPrivateKey = table.Column<string>(type: "TEXT", maxLength: 2000, nullable: true),
+                EncryptedPublicKey = table.Column<string>(type: "TEXT", maxLength: 2000, nullable: true),
+                SupportsPrf = table.Column<bool>(type: "INTEGER", nullable: false),
+                CreationDate = table.Column<DateTime>(type: "TEXT", nullable: false),
+                RevisionDate = table.Column<DateTime>(type: "TEXT", nullable: false)
+            },
+            constraints: table =>
+            {
+                table.PrimaryKey("PK_WebAuthnCredential", x => x.Id);
+                table.ForeignKey(
+                    name: "FK_WebAuthnCredential_User_UserId",
+                    column: x => x.UserId,
+                    principalTable: "User",
+                    principalColumn: "Id",
+                    onDelete: ReferentialAction.Cascade);
+            });
+
+        migrationBuilder.CreateIndex(
+            name: "IX_WebAuthnCredential_UserId",
+            table: "WebAuthnCredential",
+            column: "UserId");
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropTable(
+            name: "WebAuthnCredential");
+    }
+}