From f04a3d638b05958957db4e5823d7fb8a511992fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rui=20Tom=C3=A9?=
<108268980+r-tome@users.noreply.github.com>
Date: Wed, 26 Mar 2025 09:40:13 +0000
Subject: [PATCH 1/4] [PM-18235] Add PersonalOwnershipPolicyRequirement (#5439)
* Add PersonalOwnershipPolicyRequirement for managing personal ownership policy
* Add tests for PersonalOwnershipPolicyRequirement
* Register PersonalOwnershipPolicyRequirement in policy requirement factory
* Update ImportCiphersCommand to check PersonalOwnershipPolicyRequirement if the PolicyRequirements flag is enabled
Update unit tests
* Update CipherService to support PersonalOwnershipPolicyRequirement with feature flag
- Add support for checking personal ownership policy using PolicyRequirementQuery when feature flag is enabled
- Update CipherService constructor to inject new dependencies
- Add tests for personal vault restrictions with and without feature flag
* Clean up redundant "Arrange", "Act", and "Assert" comments in test methods
* Refactor PersonalOwnershipPolicyRequirementTests method names for clarity
- Improve test method names to better describe their purpose and behavior
- Rename methods to follow a more descriptive naming convention
- No functional changes to the test logic
* Remove commented code explaining policy check
* Refactor PersonalOwnership Policy Requirement implementation
- Add PersonalOwnershipPolicyRequirementFactory to replace static Create method
- Simplify policy requirement creation logic
- Update PolicyServiceCollectionExtensions to register new factory
- Update ImportCiphersCommand to use correct user ID parameter
- Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove unnecessary tests from PersonalOwnershipPolicyRequirementFactoryTests
---
.../PersonalOwnershipPolicyRequirement.cs | 26 +++++
.../PolicyServiceCollectionExtensions.cs | 1 +
.../ImportFeatures/ImportCiphersCommand.cs | 20 +++-
.../Services/Implementations/CipherService.cs | 18 +++-
...lOwnershipPolicyRequirementFactoryTests.cs | 31 ++++++
.../ImportCiphersAsyncCommandTests.cs | 58 ++++++++++-
.../Vault/Services/CipherServiceTests.cs | 96 +++++++++++++++++++
7 files changed, 240 insertions(+), 10 deletions(-)
create mode 100644 src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirement.cs
create mode 100644 test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirementFactoryTests.cs
diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirement.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirement.cs
new file mode 100644
index 0000000000..6f3f017bb9
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirement.cs
@@ -0,0 +1,26 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+///
+/// Policy requirements for the Disable Personal Ownership policy.
+///
+public class PersonalOwnershipPolicyRequirement : IPolicyRequirement
+{
+ ///
+ /// Indicates whether Personal Ownership is disabled for the user. If true, members are required to save items to an organization.
+ ///
+ public bool DisablePersonalOwnership { get; init; }
+}
+
+public class PersonalOwnershipPolicyRequirementFactory : BasePolicyRequirementFactory
+{
+ public override PolicyType PolicyType => PolicyType.PersonalOwnership;
+
+ public override PersonalOwnershipPolicyRequirement Create(IEnumerable policyDetails)
+ {
+ var result = new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = policyDetails.Any() };
+ return result;
+ }
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
index d386006ad2..d330c57291 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
@@ -34,5 +34,6 @@ public static class PolicyServiceCollectionExtensions
services.AddScoped, DisableSendPolicyRequirementFactory>();
services.AddScoped, SendOptionsPolicyRequirementFactory>();
services.AddScoped, ResetPasswordPolicyRequirementFactory>();
+ services.AddScoped, PersonalOwnershipPolicyRequirementFactory>();
}
}
diff --git a/src/Core/Tools/ImportFeatures/ImportCiphersCommand.cs b/src/Core/Tools/ImportFeatures/ImportCiphersCommand.cs
index 59d3e5be34..3c58dca183 100644
--- a/src/Core/Tools/ImportFeatures/ImportCiphersCommand.cs
+++ b/src/Core/Tools/ImportFeatures/ImportCiphersCommand.cs
@@ -1,10 +1,13 @@
using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Platform.Push;
using Bit.Core.Repositories;
+using Bit.Core.Services;
using Bit.Core.Tools.Enums;
using Bit.Core.Tools.ImportFeatures.Interfaces;
using Bit.Core.Tools.Models.Business;
@@ -26,7 +29,8 @@ public class ImportCiphersCommand : IImportCiphersCommand
private readonly ICollectionRepository _collectionRepository;
private readonly IReferenceEventService _referenceEventService;
private readonly ICurrentContext _currentContext;
-
+ private readonly IPolicyRequirementQuery _policyRequirementQuery;
+ private readonly IFeatureService _featureService;
public ImportCiphersCommand(
ICipherRepository cipherRepository,
@@ -37,7 +41,9 @@ public class ImportCiphersCommand : IImportCiphersCommand
IPushNotificationService pushService,
IPolicyService policyService,
IReferenceEventService referenceEventService,
- ICurrentContext currentContext)
+ ICurrentContext currentContext,
+ IPolicyRequirementQuery policyRequirementQuery,
+ IFeatureService featureService)
{
_cipherRepository = cipherRepository;
_folderRepository = folderRepository;
@@ -48,9 +54,10 @@ public class ImportCiphersCommand : IImportCiphersCommand
_policyService = policyService;
_referenceEventService = referenceEventService;
_currentContext = currentContext;
+ _policyRequirementQuery = policyRequirementQuery;
+ _featureService = featureService;
}
-
public async Task ImportIntoIndividualVaultAsync(
List folders,
List ciphers,
@@ -58,8 +65,11 @@ public class ImportCiphersCommand : IImportCiphersCommand
Guid importingUserId)
{
// Make sure the user can save new ciphers to their personal vault
- var anyPersonalOwnershipPolicies = await _policyService.AnyPoliciesApplicableToUserAsync(importingUserId, PolicyType.PersonalOwnership);
- if (anyPersonalOwnershipPolicies)
+ var isPersonalVaultRestricted = _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements)
+ ? (await _policyRequirementQuery.GetAsync(importingUserId)).DisablePersonalOwnership
+ : await _policyService.AnyPoliciesApplicableToUserAsync(importingUserId, PolicyType.PersonalOwnership);
+
+ if (isPersonalVaultRestricted)
{
throw new BadRequestException("You cannot import items into your personal vault because you are " +
"a member of an organization which forbids it.");
diff --git a/src/Core/Vault/Services/Implementations/CipherService.cs b/src/Core/Vault/Services/Implementations/CipherService.cs
index a315528e59..b9daafe599 100644
--- a/src/Core/Vault/Services/Implementations/CipherService.cs
+++ b/src/Core/Vault/Services/Implementations/CipherService.cs
@@ -1,5 +1,7 @@
using System.Text.Json;
using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Context;
using Bit.Core.Enums;
@@ -41,6 +43,8 @@ public class CipherService : ICipherService
private readonly IReferenceEventService _referenceEventService;
private readonly ICurrentContext _currentContext;
private readonly IGetCipherPermissionsForUserQuery _getCipherPermissionsForUserQuery;
+ private readonly IPolicyRequirementQuery _policyRequirementQuery;
+ private readonly IFeatureService _featureService;
public CipherService(
ICipherRepository cipherRepository,
@@ -58,7 +62,9 @@ public class CipherService : ICipherService
GlobalSettings globalSettings,
IReferenceEventService referenceEventService,
ICurrentContext currentContext,
- IGetCipherPermissionsForUserQuery getCipherPermissionsForUserQuery)
+ IGetCipherPermissionsForUserQuery getCipherPermissionsForUserQuery,
+ IPolicyRequirementQuery policyRequirementQuery,
+ IFeatureService featureService)
{
_cipherRepository = cipherRepository;
_folderRepository = folderRepository;
@@ -76,6 +82,8 @@ public class CipherService : ICipherService
_referenceEventService = referenceEventService;
_currentContext = currentContext;
_getCipherPermissionsForUserQuery = getCipherPermissionsForUserQuery;
+ _policyRequirementQuery = policyRequirementQuery;
+ _featureService = featureService;
}
public async Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
@@ -143,9 +151,11 @@ public class CipherService : ICipherService
}
else
{
- // Make sure the user can save new ciphers to their personal vault
- var anyPersonalOwnershipPolicies = await _policyService.AnyPoliciesApplicableToUserAsync(savingUserId, PolicyType.PersonalOwnership);
- if (anyPersonalOwnershipPolicies)
+ var isPersonalVaultRestricted = _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements)
+ ? (await _policyRequirementQuery.GetAsync(savingUserId)).DisablePersonalOwnership
+ : await _policyService.AnyPoliciesApplicableToUserAsync(savingUserId, PolicyType.PersonalOwnership);
+
+ if (isPersonalVaultRestricted)
{
throw new BadRequestException("Due to an Enterprise Policy, you are restricted from saving items to your personal vault.");
}
diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirementFactoryTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirementFactoryTests.cs
new file mode 100644
index 0000000000..2ce75ca61e
--- /dev/null
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PersonalOwnershipPolicyRequirementFactoryTests.cs
@@ -0,0 +1,31 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.Test.AdminConsole.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+[SutProviderCustomize]
+public class PersonalOwnershipPolicyRequirementFactoryTests
+{
+ [Theory, BitAutoData]
+ public void DisablePersonalOwnership_WithNoPolicies_ReturnsFalse(SutProvider sutProvider)
+ {
+ var actual = sutProvider.Sut.Create([]);
+
+ Assert.False(actual.DisablePersonalOwnership);
+ }
+
+ [Theory, BitAutoData]
+ public void DisablePersonalOwnership_WithPersonalOwnershipPolicies_ReturnsTrue(
+ [PolicyDetails(PolicyType.PersonalOwnership)] PolicyDetails[] policies,
+ SutProvider sutProvider)
+ {
+ var actual = sutProvider.Sut.Create(policies);
+
+ Assert.True(actual.DisablePersonalOwnership);
+ }
+}
diff --git a/test/Core.Test/Tools/ImportFeatures/ImportCiphersAsyncCommandTests.cs b/test/Core.Test/Tools/ImportFeatures/ImportCiphersAsyncCommandTests.cs
index 5e7a30d814..89e6d152cc 100644
--- a/test/Core.Test/Tools/ImportFeatures/ImportCiphersAsyncCommandTests.cs
+++ b/test/Core.Test/Tools/ImportFeatures/ImportCiphersAsyncCommandTests.cs
@@ -1,10 +1,13 @@
using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Platform.Push;
using Bit.Core.Repositories;
+using Bit.Core.Services;
using Bit.Core.Test.AutoFixture.CipherFixtures;
using Bit.Core.Tools.Enums;
using Bit.Core.Tools.ImportFeatures;
@@ -18,7 +21,6 @@ using Bit.Test.Common.AutoFixture.Attributes;
using NSubstitute;
using Xunit;
-
namespace Bit.Core.Test.Tools.ImportFeatures;
[UserCipherCustomize]
@@ -51,6 +53,34 @@ public class ImportCiphersAsyncCommandTests
await sutProvider.GetDependency().Received(1).PushSyncVaultAsync(importingUserId);
}
+ [Theory, BitAutoData]
+ public async Task ImportIntoIndividualVaultAsync_WithPolicyRequirementsEnabled_WithDisablePersonalOwnershipPolicyDisabled_Success(
+ Guid importingUserId,
+ List ciphers,
+ SutProvider sutProvider)
+ {
+ sutProvider.GetDependency()
+ .IsEnabled(FeatureFlagKeys.PolicyRequirements)
+ .Returns(true);
+
+ sutProvider.GetDependency()
+ .GetAsync(importingUserId)
+ .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = false });
+
+ sutProvider.GetDependency()
+ .GetManyByUserIdAsync(importingUserId)
+ .Returns(new List());
+
+ var folders = new List { new Folder { UserId = importingUserId } };
+
+ var folderRelationships = new List>();
+
+ await sutProvider.Sut.ImportIntoIndividualVaultAsync(folders, ciphers, folderRelationships, importingUserId);
+
+ await sutProvider.GetDependency().Received(1).CreateAsync(ciphers, Arg.Any>());
+ await sutProvider.GetDependency().Received(1).PushSyncVaultAsync(importingUserId);
+ }
+
[Theory, BitAutoData]
public async Task ImportIntoIndividualVaultAsync_ThrowsBadRequestException(
List folders,
@@ -73,6 +103,32 @@ public class ImportCiphersAsyncCommandTests
Assert.Equal("You cannot import items into your personal vault because you are a member of an organization which forbids it.", exception.Message);
}
+ [Theory, BitAutoData]
+ public async Task ImportIntoIndividualVaultAsync_WithPolicyRequirementsEnabled_WithDisablePersonalOwnershipPolicyEnabled_ThrowsBadRequestException(
+ List folders,
+ List ciphers,
+ SutProvider sutProvider)
+ {
+ var userId = Guid.NewGuid();
+ folders.ForEach(f => f.UserId = userId);
+ ciphers.ForEach(c => c.UserId = userId);
+
+ sutProvider.GetDependency()
+ .IsEnabled(FeatureFlagKeys.PolicyRequirements)
+ .Returns(true);
+
+ sutProvider.GetDependency()
+ .GetAsync(userId)
+ .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = true });
+
+ var folderRelationships = new List>();
+
+ var exception = await Assert.ThrowsAsync(() =>
+ sutProvider.Sut.ImportIntoIndividualVaultAsync(folders, ciphers, folderRelationships, userId));
+
+ Assert.Equal("You cannot import items into your personal vault because you are a member of an organization which forbids it.", exception.Message);
+ }
+
[Theory, BitAutoData]
public async Task ImportIntoOrganizationalVaultAsync_Success(
Organization organization,
diff --git a/test/Core.Test/Vault/Services/CipherServiceTests.cs b/test/Core.Test/Vault/Services/CipherServiceTests.cs
index 3ef29146c2..a7dcbddcea 100644
--- a/test/Core.Test/Vault/Services/CipherServiceTests.cs
+++ b/test/Core.Test/Vault/Services/CipherServiceTests.cs
@@ -1,5 +1,9 @@
using System.Text.Json;
using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Services;
using Bit.Core.Billing.Enums;
using Bit.Core.Entities;
using Bit.Core.Enums;
@@ -107,6 +111,98 @@ public class CipherServiceTests
await sutProvider.GetDependency().Received(1).ReplaceAsync(cipherDetails);
}
+ [Theory]
+ [BitAutoData]
+ public async Task SaveDetailsAsync_PersonalVault_WithDisablePersonalOwnershipPolicyEnabled_Throws(
+ SutProvider sutProvider,
+ CipherDetails cipher,
+ Guid savingUserId)
+ {
+ cipher.Id = default;
+ cipher.UserId = savingUserId;
+ cipher.OrganizationId = null;
+
+ sutProvider.GetDependency()
+ .AnyPoliciesApplicableToUserAsync(savingUserId, PolicyType.PersonalOwnership)
+ .Returns(true);
+
+ var exception = await Assert.ThrowsAsync(
+ () => sutProvider.Sut.SaveDetailsAsync(cipher, savingUserId, null));
+ Assert.Contains("restricted from saving items to your personal vault", exception.Message);
+ }
+
+ [Theory]
+ [BitAutoData]
+ public async Task SaveDetailsAsync_PersonalVault_WithDisablePersonalOwnershipPolicyDisabled_Succeeds(
+ SutProvider sutProvider,
+ CipherDetails cipher,
+ Guid savingUserId)
+ {
+ cipher.Id = default;
+ cipher.UserId = savingUserId;
+ cipher.OrganizationId = null;
+
+ sutProvider.GetDependency()
+ .AnyPoliciesApplicableToUserAsync(savingUserId, PolicyType.PersonalOwnership)
+ .Returns(false);
+
+ await sutProvider.Sut.SaveDetailsAsync(cipher, savingUserId, null);
+
+ await sutProvider.GetDependency()
+ .Received(1)
+ .CreateAsync(cipher);
+ }
+
+ [Theory]
+ [BitAutoData]
+ public async Task SaveDetailsAsync_PersonalVault_WithPolicyRequirementsEnabled_WithDisablePersonalOwnershipPolicyEnabled_Throws(
+ SutProvider sutProvider,
+ CipherDetails cipher,
+ Guid savingUserId)
+ {
+ cipher.Id = default;
+ cipher.UserId = savingUserId;
+ cipher.OrganizationId = null;
+
+ sutProvider.GetDependency()
+ .IsEnabled(FeatureFlagKeys.PolicyRequirements)
+ .Returns(true);
+
+ sutProvider.GetDependency()
+ .GetAsync(savingUserId)
+ .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = true });
+
+ var exception = await Assert.ThrowsAsync(
+ () => sutProvider.Sut.SaveDetailsAsync(cipher, savingUserId, null));
+ Assert.Contains("restricted from saving items to your personal vault", exception.Message);
+ }
+
+ [Theory]
+ [BitAutoData]
+ public async Task SaveDetailsAsync_PersonalVault_WithPolicyRequirementsEnabled_WithDisablePersonalOwnershipPolicyDisabled_Succeeds(
+ SutProvider sutProvider,
+ CipherDetails cipher,
+ Guid savingUserId)
+ {
+ cipher.Id = default;
+ cipher.UserId = savingUserId;
+ cipher.OrganizationId = null;
+
+ sutProvider.GetDependency()
+ .IsEnabled(FeatureFlagKeys.PolicyRequirements)
+ .Returns(true);
+
+ sutProvider.GetDependency()
+ .GetAsync(savingUserId)
+ .Returns(new PersonalOwnershipPolicyRequirement { DisablePersonalOwnership = false });
+
+ await sutProvider.Sut.SaveDetailsAsync(cipher, savingUserId, null);
+
+ await sutProvider.GetDependency()
+ .Received(1)
+ .CreateAsync(cipher);
+ }
+
[Theory]
[BitAutoData("")]
[BitAutoData("Correct Time")]
From 6f227c31e2be364d0c147b454dd87c21e4179030 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann
Date: Wed, 26 Mar 2025 15:10:35 +0100
Subject: [PATCH 2/4] Sort km feature flags (#5557)
---
src/Core/Constants.cs | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index e41391b173..c629881458 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -129,19 +129,25 @@ public static class FeatureFlagKeys
/* Auth Team */
public const string PM9112DeviceApprovalPersistence = "pm-9112-device-approval-persistence";
+ /* Key Management Team */
+ public const string SSHKeyItemVaultItem = "ssh-key-vault-item";
+ public const string SSHAgent = "ssh-agent";
+ public const string SSHVersionCheckQAOverride = "ssh-version-check-qa-override";
+ public const string Argon2Default = "argon2-default";
+ public const string PM4154BulkEncryptionService = "PM-4154-bulk-encryption-service";
+ public const string PrivateKeyRegeneration = "pm-12241-private-key-regeneration";
+ public const string UserkeyRotationV2 = "userkey-rotation-v2";
+
+ /* Unsorted */
public const string ReturnErrorOnExistingKeypair = "return-error-on-existing-keypair";
public const string UseTreeWalkerApiForPageDetailsCollection = "use-tree-walker-api-for-page-details-collection";
public const string DuoRedirect = "duo-redirect";
public const string AC2101UpdateTrialInitiationEmail = "AC-2101-update-trial-initiation-email";
public const string EmailVerification = "email-verification";
public const string EmailVerificationDisableTimingDelays = "email-verification-disable-timing-delays";
- public const string PM4154BulkEncryptionService = "PM-4154-bulk-encryption-service";
public const string InlineMenuFieldQualification = "inline-menu-field-qualification";
public const string InlineMenuPositioningImprovements = "inline-menu-positioning-improvements";
public const string DeviceTrustLogging = "pm-8285-device-trust-logging";
- public const string SSHKeyItemVaultItem = "ssh-key-vault-item";
- public const string SSHAgent = "ssh-agent";
- public const string SSHVersionCheckQAOverride = "ssh-version-check-qa-override";
public const string AuthenticatorTwoFactorToken = "authenticator-2fa-token";
public const string IdpAutoSubmitLogin = "idp-auto-submit-login";
public const string UnauthenticatedExtensionUIRefresh = "unauth-ui-refresh";
@@ -162,13 +168,10 @@ public static class FeatureFlagKeys
public const string NewDeviceVerification = "new-device-verification";
public const string MacOsNativeCredentialSync = "macos-native-credential-sync";
public const string InlineMenuTotp = "inline-menu-totp";
- public const string PrivateKeyRegeneration = "pm-12241-private-key-regeneration";
public const string AppReviewPrompt = "app-review-prompt";
public const string ResellerManagedOrgAlert = "PM-15814-alert-owners-of-reseller-managed-orgs";
- public const string Argon2Default = "argon2-default";
public const string UsePricingService = "use-pricing-service";
public const string RecordInstallationLastActivityDate = "installation-last-activity-date";
- public const string UserkeyRotationV2 = "userkey-rotation-v2";
public const string EnablePasswordManagerSyncAndroid = "enable-password-manager-sync-android";
public const string EnablePasswordManagerSynciOS = "enable-password-manager-sync-ios";
public const string AccountDeprovisioningBanner = "pm-17120-account-deprovisioning-admin-console-banner";
From d4b00583728f1e85de3ba8e0b62ee16767842855 Mon Sep 17 00:00:00 2001
From: Matt Bishop
Date: Wed, 26 Mar 2025 11:44:05 -0400
Subject: [PATCH 3/4] Organization integrations and configuration database
schemas (#5553)
* Organization integrations and configuration database schemas
* Format EF files
---
.../Entities/OrganizationIntegration.cs | 18 +
.../OrganizationIntegrationConfiguration.cs | 19 +
.../AdminConsole/Enums/IntegrationType.cs | 7 +
...ionConfigurationEntityTypeConfiguration.cs | 17 +
...ationIntegrationEntityTypeConfiguration.cs | 26 +
.../Models/OrganizationIntegration.cs | 16 +
.../OrganizationIntegrationConfiguration.cs | 16 +
...EventTypeOrganizationIdIntegrationType.sql | 22 +
.../dbo/Tables/OrganizationIntegration.sql | 20 +
.../OrganizationIntegrationConfiguration.sql | 13 +
...ganizationIntegrationConfigurationView.sql | 6 +
.../dbo/Views/OrganizationIntegrationView.sql | 6 +
...2025-03-24_00_OrganizationIntegrations.sql | 101 +
...31708_OrganizationIntegrations.Designer.cs | 3101 ++++++++++++++++
...20250325231708_OrganizationIntegrations.cs | 89 +
.../DatabaseContextModelSnapshot.cs | 92 +-
...31701_OrganizationIntegrations.Designer.cs | 3107 +++++++++++++++++
...20250325231701_OrganizationIntegrations.cs | 84 +
.../DatabaseContextModelSnapshot.cs | 92 +-
...31714_OrganizationIntegrations.Designer.cs | 3090 ++++++++++++++++
...20250325231714_OrganizationIntegrations.cs | 84 +
.../DatabaseContextModelSnapshot.cs | 92 +-
22 files changed, 10106 insertions(+), 12 deletions(-)
create mode 100644 src/Core/AdminConsole/Entities/OrganizationIntegration.cs
create mode 100644 src/Core/AdminConsole/Entities/OrganizationIntegrationConfiguration.cs
create mode 100644 src/Core/AdminConsole/Enums/IntegrationType.cs
create mode 100644 src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationConfigurationEntityTypeConfiguration.cs
create mode 100644 src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationEntityTypeConfiguration.cs
create mode 100644 src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegration.cs
create mode 100644 src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegrationConfiguration.cs
create mode 100644 src/Sql/dbo/Stored Procedures/OrganizationIntegrationConfiguration_ReadManyByEventTypeOrganizationIdIntegrationType.sql
create mode 100644 src/Sql/dbo/Tables/OrganizationIntegration.sql
create mode 100644 src/Sql/dbo/Tables/OrganizationIntegrationConfiguration.sql
create mode 100644 src/Sql/dbo/Views/OrganizationIntegrationConfigurationView.sql
create mode 100644 src/Sql/dbo/Views/OrganizationIntegrationView.sql
create mode 100644 util/Migrator/DbScripts/2025-03-24_00_OrganizationIntegrations.sql
create mode 100644 util/MySqlMigrations/Migrations/20250325231708_OrganizationIntegrations.Designer.cs
create mode 100644 util/MySqlMigrations/Migrations/20250325231708_OrganizationIntegrations.cs
create mode 100644 util/PostgresMigrations/Migrations/20250325231701_OrganizationIntegrations.Designer.cs
create mode 100644 util/PostgresMigrations/Migrations/20250325231701_OrganizationIntegrations.cs
create mode 100644 util/SqliteMigrations/Migrations/20250325231714_OrganizationIntegrations.Designer.cs
create mode 100644 util/SqliteMigrations/Migrations/20250325231714_OrganizationIntegrations.cs
diff --git a/src/Core/AdminConsole/Entities/OrganizationIntegration.cs b/src/Core/AdminConsole/Entities/OrganizationIntegration.cs
new file mode 100644
index 0000000000..18f8be8667
--- /dev/null
+++ b/src/Core/AdminConsole/Entities/OrganizationIntegration.cs
@@ -0,0 +1,18 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+
+#nullable enable
+
+namespace Bit.Core.AdminConsole.Entities;
+
+public class OrganizationIntegration : ITableObject
+{
+ public Guid Id { get; set; }
+ public Guid OrganizationId { get; set; }
+ public IntegrationType Type { get; set; }
+ public string? Configuration { get; set; }
+ public DateTime CreationDate { get; set; } = DateTime.UtcNow;
+ public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
+ public void SetNewId() => Id = CoreHelpers.GenerateComb();
+}
diff --git a/src/Core/AdminConsole/Entities/OrganizationIntegrationConfiguration.cs b/src/Core/AdminConsole/Entities/OrganizationIntegrationConfiguration.cs
new file mode 100644
index 0000000000..7592d0c763
--- /dev/null
+++ b/src/Core/AdminConsole/Entities/OrganizationIntegrationConfiguration.cs
@@ -0,0 +1,19 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+
+#nullable enable
+
+namespace Bit.Core.AdminConsole.Entities;
+
+public class OrganizationIntegrationConfiguration : ITableObject
+{
+ public Guid Id { get; set; }
+ public Guid OrganizationIntegrationId { get; set; }
+ public EventType EventType { get; set; }
+ public string? Configuration { get; set; }
+ public string? Template { get; set; }
+ public DateTime CreationDate { get; set; } = DateTime.UtcNow;
+ public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
+ public void SetNewId() => Id = CoreHelpers.GenerateComb();
+}
diff --git a/src/Core/AdminConsole/Enums/IntegrationType.cs b/src/Core/AdminConsole/Enums/IntegrationType.cs
new file mode 100644
index 0000000000..16c7818dee
--- /dev/null
+++ b/src/Core/AdminConsole/Enums/IntegrationType.cs
@@ -0,0 +1,7 @@
+namespace Bit.Core.Enums;
+
+public enum IntegrationType : int
+{
+ Slack = 1,
+ Webhook = 2,
+}
diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationConfigurationEntityTypeConfiguration.cs b/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationConfigurationEntityTypeConfiguration.cs
new file mode 100644
index 0000000000..29712f5e38
--- /dev/null
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationConfigurationEntityTypeConfiguration.cs
@@ -0,0 +1,17 @@
+using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+
+namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
+
+public class OrganizationIntegrationConfigurationEntityTypeConfiguration : IEntityTypeConfiguration
+{
+ public void Configure(EntityTypeBuilder builder)
+ {
+ builder
+ .Property(p => p.Id)
+ .ValueGeneratedNever();
+
+ builder.ToTable(nameof(OrganizationIntegrationConfiguration));
+ }
+}
diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationEntityTypeConfiguration.cs b/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationEntityTypeConfiguration.cs
new file mode 100644
index 0000000000..c2134c1b7d
--- /dev/null
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationIntegrationEntityTypeConfiguration.cs
@@ -0,0 +1,26 @@
+using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+
+namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
+
+public class OrganizationIntegrationEntityTypeConfiguration : IEntityTypeConfiguration
+{
+ public void Configure(EntityTypeBuilder builder)
+ {
+ builder
+ .Property(p => p.Id)
+ .ValueGeneratedNever();
+
+ builder
+ .HasIndex(p => p.OrganizationId)
+ .IsClustered(false);
+
+ builder
+ .HasIndex(p => new { p.OrganizationId, p.Type })
+ .IsUnique()
+ .IsClustered(false);
+
+ builder.ToTable(nameof(OrganizationIntegration));
+ }
+}
diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegration.cs b/src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegration.cs
new file mode 100644
index 0000000000..db81b81166
--- /dev/null
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegration.cs
@@ -0,0 +1,16 @@
+using AutoMapper;
+
+namespace Bit.Infrastructure.EntityFramework.AdminConsole.Models;
+
+public class OrganizationIntegration : Core.AdminConsole.Entities.OrganizationIntegration
+{
+ public virtual Organization Organization { get; set; }
+}
+
+public class OrganizationIntegrationMapperProfile : Profile
+{
+ public OrganizationIntegrationMapperProfile()
+ {
+ CreateMap().ReverseMap();
+ }
+}
diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegrationConfiguration.cs b/src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegrationConfiguration.cs
new file mode 100644
index 0000000000..465a49dc02
--- /dev/null
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Models/OrganizationIntegrationConfiguration.cs
@@ -0,0 +1,16 @@
+using AutoMapper;
+
+namespace Bit.Infrastructure.EntityFramework.AdminConsole.Models;
+
+public class OrganizationIntegrationConfiguration : Core.AdminConsole.Entities.OrganizationIntegrationConfiguration
+{
+ public virtual OrganizationIntegration OrganizationIntegration { get; set; }
+}
+
+public class OrganizationIntegrationConfigurationMapperProfile : Profile
+{
+ public OrganizationIntegrationConfigurationMapperProfile()
+ {
+ CreateMap().ReverseMap();
+ }
+}
diff --git a/src/Sql/dbo/Stored Procedures/OrganizationIntegrationConfiguration_ReadManyByEventTypeOrganizationIdIntegrationType.sql b/src/Sql/dbo/Stored Procedures/OrganizationIntegrationConfiguration_ReadManyByEventTypeOrganizationIdIntegrationType.sql
new file mode 100644
index 0000000000..113aa2e529
--- /dev/null
+++ b/src/Sql/dbo/Stored Procedures/OrganizationIntegrationConfiguration_ReadManyByEventTypeOrganizationIdIntegrationType.sql
@@ -0,0 +1,22 @@
+CREATE PROCEDURE [dbo].[OrganizationIntegrationConfiguration_ReadManyByEventTypeOrganizationIdIntegrationType]
+ @EventType SMALLINT,
+ @OrganizationId UNIQUEIDENTIFIER,
+ @IntegrationType SMALLINT
+AS
+BEGIN
+ SET NOCOUNT ON
+
+ SELECT
+ oic.*
+ FROM
+ [dbo].[OrganizationIntegrationConfigurationView] oic
+ INNER JOIN
+ [dbo].[OrganizationIntegration] oi ON oi.[Id] = oic.[OrganizationIntegrationId]
+ WHERE
+ oic.[EventType] = @EventType
+ AND
+ oi.[OrganizationId] = @OrganizationId
+ AND
+ oi.[Type] = @IntegrationType
+END
+GO
diff --git a/src/Sql/dbo/Tables/OrganizationIntegration.sql b/src/Sql/dbo/Tables/OrganizationIntegration.sql
new file mode 100644
index 0000000000..8ac289c303
--- /dev/null
+++ b/src/Sql/dbo/Tables/OrganizationIntegration.sql
@@ -0,0 +1,20 @@
+CREATE TABLE [dbo].[OrganizationIntegration]
+(
+ [Id] UNIQUEIDENTIFIER NOT NULL,
+ [OrganizationId] UNIQUEIDENTIFIER NOT NULL,
+ [Type] SMALLINT NOT NULL,
+ [Configuration] VARCHAR (MAX) NULL,
+ [CreationDate] DATETIME2 (7) NOT NULL,
+ [RevisionDate] DATETIME2 (7) NOT NULL,
+ CONSTRAINT [PK_OrganizationIntegration] PRIMARY KEY CLUSTERED ([Id] ASC),
+ CONSTRAINT [FK_OrganizationIntegration_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
+);
+GO
+
+CREATE NONCLUSTERED INDEX [IX_OrganizationIntegration_OrganizationId]
+ ON [dbo].[OrganizationIntegration]([OrganizationId] ASC);
+GO
+
+CREATE UNIQUE INDEX [IX_OrganizationIntegration_Organization_Type]
+ ON [dbo].[OrganizationIntegration]([OrganizationId], [Type]);
+GO
diff --git a/src/Sql/dbo/Tables/OrganizationIntegrationConfiguration.sql b/src/Sql/dbo/Tables/OrganizationIntegrationConfiguration.sql
new file mode 100644
index 0000000000..9dbb2341a7
--- /dev/null
+++ b/src/Sql/dbo/Tables/OrganizationIntegrationConfiguration.sql
@@ -0,0 +1,13 @@
+CREATE TABLE [dbo].[OrganizationIntegrationConfiguration]
+(
+ [Id] UNIQUEIDENTIFIER NOT NULL,
+ [OrganizationIntegrationId] UNIQUEIDENTIFIER NOT NULL,
+ [EventType] SMALLINT NOT NULL,
+ [Configuration] VARCHAR (MAX) NULL,
+ [Template] VARCHAR (MAX) NULL,
+ [CreationDate] DATETIME2 (7) NOT NULL,
+ [RevisionDate] DATETIME2 (7) NOT NULL,
+ CONSTRAINT [PK_OrganizationIntegrationConfiguration] PRIMARY KEY CLUSTERED ([Id] ASC),
+ CONSTRAINT [FK_OrganizationIntegrationConfiguration_OrganizationIntegration] FOREIGN KEY ([OrganizationIntegrationId]) REFERENCES [dbo].[OrganizationIntegration] ([Id])
+);
+GO
diff --git a/src/Sql/dbo/Views/OrganizationIntegrationConfigurationView.sql b/src/Sql/dbo/Views/OrganizationIntegrationConfigurationView.sql
new file mode 100644
index 0000000000..4f39fbc8f3
--- /dev/null
+++ b/src/Sql/dbo/Views/OrganizationIntegrationConfigurationView.sql
@@ -0,0 +1,6 @@
+CREATE VIEW [dbo].[OrganizationIntegrationConfigurationView]
+AS
+ SELECT
+ *
+ FROM
+ [dbo].[OrganizationIntegrationConfiguration]
diff --git a/src/Sql/dbo/Views/OrganizationIntegrationView.sql b/src/Sql/dbo/Views/OrganizationIntegrationView.sql
new file mode 100644
index 0000000000..31e005d5d2
--- /dev/null
+++ b/src/Sql/dbo/Views/OrganizationIntegrationView.sql
@@ -0,0 +1,6 @@
+CREATE VIEW [dbo].[OrganizationIntegrationView]
+AS
+ SELECT
+ *
+ FROM
+ [dbo].[OrganizationIntegration]
diff --git a/util/Migrator/DbScripts/2025-03-24_00_OrganizationIntegrations.sql b/util/Migrator/DbScripts/2025-03-24_00_OrganizationIntegrations.sql
new file mode 100644
index 0000000000..56d4d465d2
--- /dev/null
+++ b/util/Migrator/DbScripts/2025-03-24_00_OrganizationIntegrations.sql
@@ -0,0 +1,101 @@
+-- OrganizationIntegration
+
+-- Table
+IF OBJECT_ID('[dbo].[OrganizationIntegration]') IS NULL
+BEGIN
+ CREATE TABLE [dbo].[OrganizationIntegration]
+ (
+ [Id] UNIQUEIDENTIFIER NOT NULL,
+ [OrganizationId] UNIQUEIDENTIFIER NOT NULL,
+ [Type] SMALLINT NOT NULL,
+ [Configuration] VARCHAR (MAX) NULL,
+ [CreationDate] DATETIME2 (7) NOT NULL,
+ [RevisionDate] DATETIME2 (7) NOT NULL,
+ CONSTRAINT [PK_OrganizationIntegration] PRIMARY KEY CLUSTERED ([Id] ASC),
+ CONSTRAINT [FK_OrganizationIntegration_Organization] FOREIGN KEY ([OrganizationId]) REFERENCES [dbo].[Organization] ([Id])
+ );
+
+ CREATE NONCLUSTERED INDEX [IX_OrganizationIntegration_OrganizationId]
+ ON [dbo].[OrganizationIntegration]([OrganizationId] ASC);
+
+ CREATE UNIQUE INDEX [IX_OrganizationIntegration_Organization_Type]
+ ON [dbo].[OrganizationIntegration]([OrganizationId], [Type]);
+END
+GO
+
+-- View
+IF EXISTS(SELECT *
+FROM sys.views
+WHERE [Name] = 'OrganizationIntegrationView')
+BEGIN
+ DROP VIEW [dbo].[OrganizationIntegrationView];
+END
+GO
+
+CREATE VIEW [dbo].[OrganizationIntegrationView]
+AS
+ SELECT
+ *
+ FROM
+ [dbo].[OrganizationIntegration]
+GO
+
+-- OrganizationIntegrationConfiguration
+
+-- Table
+IF OBJECT_ID('[dbo].[OrganizationIntegrationConfiguration]') IS NULL
+BEGIN
+ CREATE TABLE [dbo].[OrganizationIntegrationConfiguration]
+ (
+ [Id] UNIQUEIDENTIFIER NOT NULL,
+ [OrganizationIntegrationId] UNIQUEIDENTIFIER NOT NULL,
+ [EventType] SMALLINT NOT NULL,
+ [Configuration] VARCHAR (MAX) NULL,
+ [Template] VARCHAR (MAX) NULL,
+ [CreationDate] DATETIME2 (7) NOT NULL,
+ [RevisionDate] DATETIME2 (7) NOT NULL,
+ CONSTRAINT [PK_OrganizationIntegrationConfiguration] PRIMARY KEY CLUSTERED ([Id] ASC),
+ CONSTRAINT [FK_OrganizationIntegrationConfiguration_OrganizationIntegration] FOREIGN KEY ([OrganizationIntegrationId]) REFERENCES [dbo].[OrganizationIntegration] ([Id])
+ );
+END
+GO
+
+-- View
+IF EXISTS(SELECT *
+FROM sys.views
+WHERE [Name] = 'OrganizationIntegrationConfigurationView')
+BEGIN
+ DROP VIEW [dbo].[OrganizationIntegrationConfigurationView];
+END
+GO
+
+CREATE VIEW [dbo].[OrganizationIntegrationConfigurationView]
+AS
+ SELECT
+ *
+ FROM
+ [dbo].[OrganizationIntegrationConfiguration]
+GO
+
+CREATE OR ALTER PROCEDURE [dbo].[OrganizationIntegrationConfiguration_ReadManyByEventTypeOrganizationIdIntegrationType]
+ @EventType SMALLINT,
+ @OrganizationId UNIQUEIDENTIFIER,
+ @IntegrationType SMALLINT
+AS
+BEGIN
+ SET NOCOUNT ON
+
+ SELECT
+ oic.*
+ FROM
+ [dbo].[OrganizationIntegrationConfigurationView] oic
+ INNER JOIN
+ [dbo].[OrganizationIntegration] oi ON oi.[Id] = oic.[OrganizationIntegrationId]
+ WHERE
+ oic.[EventType] = @EventType
+ AND
+ oi.[OrganizationId] = @OrganizationId
+ AND
+ oi.[Type] = @IntegrationType
+END
+GO
diff --git a/util/MySqlMigrations/Migrations/20250325231708_OrganizationIntegrations.Designer.cs b/util/MySqlMigrations/Migrations/20250325231708_OrganizationIntegrations.Designer.cs
new file mode 100644
index 0000000000..0968a87104
--- /dev/null
+++ b/util/MySqlMigrations/Migrations/20250325231708_OrganizationIntegrations.Designer.cs
@@ -0,0 +1,3101 @@
+//
+using System;
+using Bit.Infrastructure.EntityFramework.Repositories;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+#nullable disable
+
+namespace Bit.MySqlMigrations.Migrations
+{
+ [DbContext(typeof(DatabaseContext))]
+ [Migration("20250325231708_OrganizationIntegrations")]
+ partial class OrganizationIntegrations
+ {
+ ///
+ protected override void BuildTargetModel(ModelBuilder modelBuilder)
+ {
+#pragma warning disable 612, 618
+ modelBuilder
+ .HasAnnotation("ProductVersion", "8.0.8")
+ .HasAnnotation("Relational:MaxIdentifierLength", 64);
+
+ MySqlModelBuilderExtensions.AutoIncrementColumns(modelBuilder);
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.Organization", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("AllowAdminAccessToAllCollectionItems")
+ .HasColumnType("tinyint(1)")
+ .HasDefaultValue(true);
+
+ b.Property("BillingEmail")
+ .IsRequired()
+ .HasMaxLength(256)
+ .HasColumnType("varchar(256)");
+
+ b.Property("BusinessAddress1")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("BusinessAddress2")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("BusinessAddress3")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("BusinessCountry")
+ .HasMaxLength(2)
+ .HasColumnType("varchar(2)");
+
+ b.Property("BusinessName")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("BusinessTaxNumber")
+ .HasMaxLength(30)
+ .HasColumnType("varchar(30)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Enabled")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("ExpirationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Gateway")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("GatewayCustomerId")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("GatewaySubscriptionId")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("Identifier")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("LicenseKey")
+ .HasMaxLength(100)
+ .HasColumnType("varchar(100)");
+
+ b.Property("LimitCollectionCreation")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("LimitCollectionDeletion")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("LimitItemDeletion")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("MaxAutoscaleSeats")
+ .HasColumnType("int");
+
+ b.Property("MaxAutoscaleSmSeats")
+ .HasColumnType("int");
+
+ b.Property("MaxAutoscaleSmServiceAccounts")
+ .HasColumnType("int");
+
+ b.Property("MaxCollections")
+ .HasColumnType("smallint");
+
+ b.Property("MaxStorageGb")
+ .HasColumnType("smallint");
+
+ b.Property("Name")
+ .IsRequired()
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("OwnersNotifiedOfAutoscaling")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Plan")
+ .IsRequired()
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("PlanType")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("PrivateKey")
+ .HasColumnType("longtext");
+
+ b.Property("PublicKey")
+ .HasColumnType("longtext");
+
+ b.Property("ReferenceData")
+ .HasColumnType("longtext");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Seats")
+ .HasColumnType("int");
+
+ b.Property("SelfHost")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("SmSeats")
+ .HasColumnType("int");
+
+ b.Property("SmServiceAccounts")
+ .HasColumnType("int");
+
+ b.Property("Status")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("Storage")
+ .HasColumnType("bigint");
+
+ b.Property("TwoFactorProviders")
+ .HasColumnType("longtext");
+
+ b.Property("Use2fa")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseApi")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseCustomPermissions")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseDirectory")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseEvents")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseGroups")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseKeyConnector")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UsePasswordManager")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UsePolicies")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseResetPassword")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseRiskInsights")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseScim")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseSecretsManager")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseSso")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UseTotp")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("UsersGetPremium")
+ .HasColumnType("tinyint(1)");
+
+ b.HasKey("Id");
+
+ b.HasIndex("Id", "Enabled")
+ .HasAnnotation("Npgsql:IndexInclude", new[] { "UseTotp" });
+
+ b.ToTable("Organization", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.OrganizationIntegration", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("Configuration")
+ .HasColumnType("longtext");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Type")
+ .HasColumnType("int");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationId")
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.HasIndex("OrganizationId", "Type")
+ .IsUnique()
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.ToTable("OrganizationIntegration", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.OrganizationIntegrationConfiguration", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("Configuration")
+ .HasColumnType("longtext");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("EventType")
+ .HasColumnType("int");
+
+ b.Property("OrganizationIntegrationId")
+ .HasColumnType("char(36)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Template")
+ .HasColumnType("longtext");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationIntegrationId");
+
+ b.ToTable("OrganizationIntegrationConfiguration", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.Policy", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Data")
+ .HasColumnType("longtext");
+
+ b.Property("Enabled")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Type")
+ .HasColumnType("tinyint unsigned");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationId")
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.HasIndex("OrganizationId", "Type")
+ .IsUnique()
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.ToTable("Policy", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.Provider.Provider", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("BillingEmail")
+ .HasColumnType("longtext");
+
+ b.Property("BillingPhone")
+ .HasColumnType("longtext");
+
+ b.Property("BusinessAddress1")
+ .HasColumnType("longtext");
+
+ b.Property("BusinessAddress2")
+ .HasColumnType("longtext");
+
+ b.Property("BusinessAddress3")
+ .HasColumnType("longtext");
+
+ b.Property("BusinessCountry")
+ .HasColumnType("longtext");
+
+ b.Property("BusinessName")
+ .HasColumnType("longtext");
+
+ b.Property("BusinessTaxNumber")
+ .HasColumnType("longtext");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("DiscountId")
+ .HasColumnType("longtext");
+
+ b.Property("Enabled")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("Gateway")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("GatewayCustomerId")
+ .HasColumnType("longtext");
+
+ b.Property("GatewaySubscriptionId")
+ .HasColumnType("longtext");
+
+ b.Property("Name")
+ .HasColumnType("longtext");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Status")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("Type")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("UseEvents")
+ .HasColumnType("tinyint(1)");
+
+ b.HasKey("Id");
+
+ b.ToTable("Provider", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.Provider.ProviderOrganization", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Key")
+ .HasColumnType("longtext");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("ProviderId")
+ .HasColumnType("char(36)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Settings")
+ .HasColumnType("longtext");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationId");
+
+ b.HasIndex("ProviderId");
+
+ b.ToTable("ProviderOrganization", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.AdminConsole.Models.Provider.ProviderUser", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Email")
+ .HasColumnType("longtext");
+
+ b.Property("Key")
+ .HasColumnType("longtext");
+
+ b.Property("Permissions")
+ .HasColumnType("longtext");
+
+ b.Property("ProviderId")
+ .HasColumnType("char(36)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Status")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("Type")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("UserId")
+ .HasColumnType("char(36)");
+
+ b.HasKey("Id");
+
+ b.HasIndex("ProviderId");
+
+ b.HasIndex("UserId");
+
+ b.ToTable("ProviderUser", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.AuthRequest", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("AccessCode")
+ .HasMaxLength(25)
+ .HasColumnType("varchar(25)");
+
+ b.Property("Approved")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("AuthenticationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Key")
+ .HasColumnType("longtext");
+
+ b.Property("MasterPasswordHash")
+ .HasColumnType("longtext");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("PublicKey")
+ .HasColumnType("longtext");
+
+ b.Property("RequestCountryName")
+ .HasMaxLength(200)
+ .HasColumnType("varchar(200)");
+
+ b.Property("RequestDeviceIdentifier")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("RequestDeviceType")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("RequestIpAddress")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("ResponseDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("ResponseDeviceId")
+ .HasColumnType("char(36)");
+
+ b.Property("Type")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("UserId")
+ .HasColumnType("char(36)");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationId");
+
+ b.HasIndex("ResponseDeviceId");
+
+ b.HasIndex("UserId");
+
+ b.ToTable("AuthRequest", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.EmergencyAccess", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Email")
+ .HasMaxLength(256)
+ .HasColumnType("varchar(256)");
+
+ b.Property("GranteeId")
+ .HasColumnType("char(36)");
+
+ b.Property("GrantorId")
+ .HasColumnType("char(36)");
+
+ b.Property("KeyEncrypted")
+ .HasColumnType("longtext");
+
+ b.Property("LastNotificationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("RecoveryInitiatedDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Status")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("Type")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("WaitTimeDays")
+ .HasColumnType("int");
+
+ b.HasKey("Id");
+
+ b.HasIndex("GranteeId");
+
+ b.HasIndex("GrantorId");
+
+ b.ToTable("EmergencyAccess", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.Grant", b =>
+ {
+ b.Property("Id")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("int");
+
+ MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id"));
+
+ b.Property("ClientId")
+ .IsRequired()
+ .HasMaxLength(200)
+ .HasColumnType("varchar(200)");
+
+ b.Property("ConsumedDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Data")
+ .IsRequired()
+ .HasColumnType("longtext");
+
+ b.Property("Description")
+ .HasMaxLength(200)
+ .HasColumnType("varchar(200)");
+
+ b.Property("ExpirationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Key")
+ .IsRequired()
+ .HasMaxLength(200)
+ .HasColumnType("varchar(200)");
+
+ b.Property("SessionId")
+ .HasMaxLength(100)
+ .HasColumnType("varchar(100)");
+
+ b.Property("SubjectId")
+ .HasMaxLength(200)
+ .HasColumnType("varchar(200)");
+
+ b.Property("Type")
+ .IsRequired()
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.HasKey("Id")
+ .HasName("PK_Grant")
+ .HasAnnotation("SqlServer:Clustered", true);
+
+ b.HasIndex("ExpirationDate")
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.HasIndex("Key")
+ .IsUnique();
+
+ b.ToTable("Grant", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.SsoConfig", b =>
+ {
+ b.Property("Id")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("bigint");
+
+ MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id"));
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("Data")
+ .HasColumnType("longtext");
+
+ b.Property("Enabled")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationId");
+
+ b.ToTable("SsoConfig", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.SsoUser", b =>
+ {
+ b.Property("Id")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("bigint");
+
+ MySqlPropertyBuilderExtensions.UseMySqlIdentityColumn(b.Property("Id"));
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("ExternalId")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("UserId")
+ .HasColumnType("char(36)");
+
+ b.HasKey("Id");
+
+ b.HasIndex("OrganizationId")
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.HasIndex("UserId");
+
+ b.HasIndex("OrganizationId", "ExternalId")
+ .IsUnique()
+ .HasAnnotation("Npgsql:IndexInclude", new[] { "UserId" })
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.HasIndex("OrganizationId", "UserId")
+ .IsUnique()
+ .HasAnnotation("SqlServer:Clustered", false);
+
+ b.ToTable("SsoUser", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Auth.Models.WebAuthnCredential", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("AaGuid")
+ .HasColumnType("char(36)");
+
+ b.Property("Counter")
+ .HasColumnType("int");
+
+ b.Property("CreationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("CredentialId")
+ .HasMaxLength(256)
+ .HasColumnType("varchar(256)");
+
+ b.Property("EncryptedPrivateKey")
+ .HasMaxLength(2000)
+ .HasColumnType("varchar(2000)");
+
+ b.Property("EncryptedPublicKey")
+ .HasMaxLength(2000)
+ .HasColumnType("varchar(2000)");
+
+ b.Property("EncryptedUserKey")
+ .HasMaxLength(2000)
+ .HasColumnType("varchar(2000)");
+
+ b.Property("Name")
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("PublicKey")
+ .HasMaxLength(256)
+ .HasColumnType("varchar(256)");
+
+ b.Property("RevisionDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("SupportsPrf")
+ .HasColumnType("tinyint(1)");
+
+ b.Property("Type")
+ .HasMaxLength(20)
+ .HasColumnType("varchar(20)");
+
+ b.Property("UserId")
+ .HasColumnType("char(36)");
+
+ b.HasKey("Id");
+
+ b.HasIndex("UserId");
+
+ b.ToTable("WebAuthnCredential", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Billing.Models.ClientOrganizationMigrationRecord", b =>
+ {
+ b.Property("Id")
+ .HasColumnType("char(36)");
+
+ b.Property("ExpirationDate")
+ .HasColumnType("datetime(6)");
+
+ b.Property("GatewayCustomerId")
+ .IsRequired()
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("GatewaySubscriptionId")
+ .IsRequired()
+ .HasMaxLength(50)
+ .HasColumnType("varchar(50)");
+
+ b.Property("MaxAutoscaleSeats")
+ .HasColumnType("int");
+
+ b.Property("MaxStorageGb")
+ .HasColumnType("smallint");
+
+ b.Property("OrganizationId")
+ .HasColumnType("char(36)");
+
+ b.Property("PlanType")
+ .HasColumnType("tinyint unsigned");
+
+ b.Property("ProviderId")
+ .HasColumnType("char(36)");
+
+ b.Property("Seats")
+ .HasColumnType("int");
+
+ b.Property("Status")
+ .HasColumnType("tinyint unsigned");
+
+ b.HasKey("Id");
+
+ b.HasIndex("ProviderId", "OrganizationId")
+ .IsUnique();
+
+ b.ToTable("ClientOrganizationMigrationRecord", (string)null);
+ });
+
+ modelBuilder.Entity("Bit.Infrastructure.EntityFramework.Billing.Models.OrganizationInstallation", b =>
+ {
+ b.Property