Merge remote-tracking branch 'origin/master' into feature/flexible-collections

util/Migrator/DbScripts/2023-09-14_00_Remove_WebAuthn_For_Free_Users.sql

@@ -0,0 +1,68 @@
+-- Assumptions:
+-- When a 2FA method is disabled, it is removed from the TwoFactorProviders array
+
+-- Problem statement:
+-- We have users who currently do not have any available 2FA method, with the only one being
+-- WebAuthn, which is effectively disabled by a server-side permission check for Premium status.
+-- With WebAuthn being made free, we want to avoid these users suddenly being forced
+-- to provide 2FA using a key that they haven't used in a long time, by deleting that key from their TwoFactorProviders.
+
+DECLARE @UsersWithoutPremium TABLE
+(
+    Id UNIQUEIDENTIFIER,
+    TwoFactorProviders NVARCHAR(MAX)
+);
+
+DECLARE @TwoFactorMethodsForUsersWithoutPremium TABLE
+(
+    Id UNIQUEIDENTIFIER,
+    TwoFactorType NVARCHAR(50)
+)
+
+DECLARE @UsersToAdjust TABLE
+(
+    Id UNIQUEIDENTIFIER
+);
+
+-- Insert users who don't have Premium
+INSERT INTO @UsersWithoutPremium
+SELECT u.Id, u.TwoFactorProviders
+from [User] u
+WHERE u.Premium = 0;
+
+-- Filter out those users who get Premium from their org
+DELETE FROM @UsersWithoutPremium
+WHERE Id IN 
+    (SELECT UserId 
+    FROM [OrganizationUser] ou 
+    INNER JOIN [Organization] o on o.Id = ou.OrganizationId WHERE o.Enabled = 1 AND o.UsersGetPremium = 1)
+
+-- From users without Premium, get their enabled 2FA methods
+INSERT INTO @TwoFactorMethodsForUsersWithoutPremium
+SELECT  u.Id, 
+        tfp1.[key] as TwoFactorType
+FROM @UsersWithoutPremium u
+CROSS APPLY OPENJSON(u.TwoFactorProviders) tfp1
+CROSS APPLY OPENJSON(tfp1.[value]) WITH (
+   [Enabled] BIT '$.Enabled'
+) tfp2
+WHERE [Enabled] = 1 -- We only want enabled 2FA methods
+
+INSERT INTO @UsersToAdjust
+SELECT t1.Id
+FROM @TwoFactorMethodsForUsersWithoutPremium t1
+WHERE t1.TwoFactorType = '7'
+AND NOT EXISTS 
+    (SELECT * 
+    FROM @TwoFactorMethodsForUsersWithoutPremium t2 
+    WHERE t2.Id = t1.Id AND t2.TwoFactorType <> '7' AND t2.TwoFactorType <> '4')
+
+SELECT *
+FROM @UsersToAdjust
+
+DECLARE @revisionDate DATETIME2(7) = GETUTCDATE();
+
+UPDATE [User]
+SET TwoFactorProviders = NULL, RevisionDate = @revisionDate
+FROM @UsersToAdjust ua
+WHERE ua.Id = [User].Id

util/Migrator/packages.lock.json

@@ -2628,43 +2628,43 @@
       "core": {
         "type": "Project",
         "dependencies": {
-          "AWSSDK.SQS": "3.7.2.47",
-          "AWSSDK.SimpleEmail": "3.7.0.150",
-          "AspNetCoreRateLimit": "4.0.2",
-          "AspNetCoreRateLimit.Redis": "1.0.1",
-          "Azure.Extensions.AspNetCore.DataProtection.Blobs": "1.3.2",
-          "Azure.Messaging.ServiceBus": "7.15.0",
-          "Azure.Storage.Blobs": "12.14.1",
-          "Azure.Storage.Queues": "12.12.0",
-          "BitPay.Light": "1.0.1907",
-          "Braintree": "5.12.0",
-          "DnsClient": "1.7.0",
-          "Fido2.AspNet": "3.0.1",
-          "Handlebars.Net": "2.1.2",
-          "IdentityServer4": "4.1.2",
-          "IdentityServer4.AccessTokenValidation": "3.0.1",
-          "LaunchDarkly.ServerSdk": "7.0.0",
-          "MailKit": "3.2.0",
-          "Microsoft.AspNetCore.Authentication.JwtBearer": "6.0.4",
-          "Microsoft.Azure.Cosmos.Table": "1.0.8",
-          "Microsoft.Azure.NotificationHubs": "4.1.0",
-          "Microsoft.Data.SqlClient": "5.0.1",
-          "Microsoft.Extensions.Caching.StackExchangeRedis": "6.0.6",
-          "Microsoft.Extensions.Configuration.EnvironmentVariables": "6.0.1",
-          "Microsoft.Extensions.Configuration.UserSecrets": "6.0.1",
-          "Microsoft.Extensions.Identity.Stores": "6.0.4",
-          "Newtonsoft.Json": "13.0.1",
-          "Otp.NET": "1.2.2",
-          "Quartz": "3.4.0",
-          "SendGrid": "9.27.0",
-          "Sentry.Serilog": "3.16.0",
-          "Serilog.AspNetCore": "5.0.0",
-          "Serilog.Extensions.Logging": "3.1.0",
-          "Serilog.Extensions.Logging.File": "2.0.0",
-          "Serilog.Sinks.AzureCosmosDB": "2.0.0",
-          "Serilog.Sinks.SyslogMessages": "2.0.6",
-          "Stripe.net": "40.0.0",
-          "YubicoDotNetClient": "1.2.0"
+          "AWSSDK.SQS": "[3.7.2.47, )",
+          "AWSSDK.SimpleEmail": "[3.7.0.150, )",
+          "AspNetCoreRateLimit": "[4.0.2, )",
+          "AspNetCoreRateLimit.Redis": "[1.0.1, )",
+          "Azure.Extensions.AspNetCore.DataProtection.Blobs": "[1.3.2, )",
+          "Azure.Messaging.ServiceBus": "[7.15.0, )",
+          "Azure.Storage.Blobs": "[12.14.1, )",
+          "Azure.Storage.Queues": "[12.12.0, )",
+          "BitPay.Light": "[1.0.1907, )",
+          "Braintree": "[5.12.0, )",
+          "DnsClient": "[1.7.0, )",
+          "Fido2.AspNet": "[3.0.1, )",
+          "Handlebars.Net": "[2.1.2, )",
+          "IdentityServer4": "[4.1.2, )",
+          "IdentityServer4.AccessTokenValidation": "[3.0.1, )",
+          "LaunchDarkly.ServerSdk": "[7.0.0, )",
+          "MailKit": "[3.2.0, )",
+          "Microsoft.AspNetCore.Authentication.JwtBearer": "[6.0.4, )",
+          "Microsoft.Azure.Cosmos.Table": "[1.0.8, )",
+          "Microsoft.Azure.NotificationHubs": "[4.1.0, )",
+          "Microsoft.Data.SqlClient": "[5.0.1, )",
+          "Microsoft.Extensions.Caching.StackExchangeRedis": "[6.0.6, )",
+          "Microsoft.Extensions.Configuration.EnvironmentVariables": "[6.0.1, )",
+          "Microsoft.Extensions.Configuration.UserSecrets": "[6.0.1, )",
+          "Microsoft.Extensions.Identity.Stores": "[6.0.4, )",
+          "Newtonsoft.Json": "[13.0.1, )",
+          "Otp.NET": "[1.2.2, )",
+          "Quartz": "[3.4.0, )",
+          "SendGrid": "[9.27.0, )",
+          "Sentry.Serilog": "[3.16.0, )",
+          "Serilog.AspNetCore": "[5.0.0, )",
+          "Serilog.Extensions.Logging": "[3.1.0, )",
+          "Serilog.Extensions.Logging.File": "[2.0.0, )",
+          "Serilog.Sinks.AzureCosmosDB": "[2.0.0, )",
+          "Serilog.Sinks.SyslogMessages": "[2.0.6, )",
+          "Stripe.net": "[40.0.0, )",
+          "YubicoDotNetClient": "[1.2.0, )"
         }
       }
     }