nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code
5,603 Commits 375 Branches 196 Tags
Commit Graph

30 Commits

Author SHA1 Message Date
Jonas Hendrickx
15d91f54ab Merge branch 'main' into PM-18170-Remove-PM-15814-alert 
# Conflicts:
#	src/Billing/Services/Implementations/SubscriptionUpdatedHandler.cs
 2025-03-18 14:09:18 +01:00
renovate[bot]
4c5bf495f3
[deps] Auth: Update Duende.IdentityServer to 7.1.0 (#5293) 
* [deps] Auth: Update Duende.IdentityServer to 7.1.0

* fix(identity): fixing name space for Identity 7.1.0 update

* fix: formatting

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
 2025-02-27 09:54:28 -05:00
Jake Fink
b81f9ca749
[PM-3641] Remove Saml2BitHandler (#3288) 
* Revert "Pm 3504 saml (#3235)"

This reverts commit 9eed19950098ade70ddb76189269c90ca332ae3f.

* update sustainsys.saml2
 2024-02-09 11:43:44 -05:00
Kyle Spearrin
4b6299a055
[PM-5149] unique SP entity id for organization sso configs (#3520) 
* org specific sp entity id

* updates

* dont default true
 2024-01-18 16:54:01 -05:00
Matt Bishop
87fd4ad97d
[PM-3569] Upgrade to Duende.Identity (#3185) 
* Upgrade to Duende.Identity

* Linting

* Get rid of last IdentityServer4 package

* Fix identity test since Duende returns additional configuration

* Use Configure

PostConfigure is ran after ASP.NET's PostConfigure
so ConfigurationManager was already configured and our HttpHandler wasn't
being respected.

* Regenerate lockfiles

* Move to 6.0.4 for patches

* fixes with testing

* Add additional grant type supported in 6.0.4 and beautify

* Lockfile refresh

* Reapply lockfiles

* Apply change to new WebAuthn logic

* When automated merging fails me

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
 2023-11-20 16:32:23 -05:00
Jake Fink
9eed199500
Pm 3504 saml (#3235) 
* return early if scheme doesn't match

* Revert "return early if scheme doesn't match"

This reverts commit 5c07d66774971927589542b2abea7c483e20a5b5.

* extend saml2handler for extra validation

* add comment

* fix file encoding

* add comment
 2023-09-01 13:55:52 -04:00
Jake Fink
626f7977d1
Revert "[PM-3504] Return early for SAML auths (#3215)" (#3234) 
This reverts commit 27ba3069b22cae524dab55d4694710b052ac51bc.
 2023-08-28 14:54:01 -04:00
Jake Fink
27ba3069b2
[PM-3504] Return early for SAML auths (#3215) 
* return early if scheme doesn't match

* Revert "return early if scheme doesn't match"

This reverts commit 5c07d66774971927589542b2abea7c483e20a5b5.

* extend saml2handler for extra validation

* add comment

* fix file encoding

* add comment
 2023-08-28 14:51:23 -04:00
Jake Fink
88dd745070
[PM-1188] Server owner auth migration (#2825) 
* [PM-1188] add sso project to auth

* [PM-1188] move sso api models to auth

* [PM-1188] fix sso api model namespace & imports

* [PM-1188] move core files to auth

* [PM-1188] fix core sso namespace & models

* [PM-1188] move sso repository files to auth

* [PM-1188] fix sso repo files namespace & imports

* [PM-1188] move sso sql files to auth folder

* [PM-1188] move sso test files to auth folders

* [PM-1188] fix sso tests namespace & imports

* [PM-1188] move auth api files to auth folder

* [PM-1188] fix auth api files namespace & imports

* [PM-1188] move auth core files to auth folder

* [PM-1188] fix auth core files namespace & imports

* [PM-1188] move auth email templates to auth folder

* [PM-1188] move auth email folder back into shared directory

* [PM-1188] fix auth email names

* [PM-1188] move auth core models to auth folder

* [PM-1188] fix auth model namespace & imports

* [PM-1188] add entire Identity project to auth codeowners

* [PM-1188] fix auth orm files namespace & imports

* [PM-1188] move auth orm files to auth folder

* [PM-1188] move auth sql files to auth folder

* [PM-1188] move auth tests to auth folder

* [PM-1188] fix auth test files namespace & imports

* [PM-1188] move emergency access api files to auth folder

* [PM-1188] fix emergencyaccess api files namespace & imports

* [PM-1188] move emergency access core files to auth folder

* [PM-1188] fix emergency access core files namespace & imports

* [PM-1188] move emergency access orm files to auth folder

* [PM-1188] fix emergency access orm files namespace & imports

* [PM-1188] move emergency access sql files to auth folder

* [PM-1188] move emergencyaccess test files to auth folder

* [PM-1188] fix emergency access test files namespace & imports

* [PM-1188] move captcha files to auth folder

* [PM-1188] fix captcha files namespace & imports

* [PM-1188] move auth admin files into auth folder

* [PM-1188] fix admin auth files namespace & imports
- configure mvc to look in auth folders for views

* [PM-1188] remove extra imports and formatting

* [PM-1188] fix ef auth model imports

* [PM-1188] fix DatabaseContextModelSnapshot paths

* [PM-1188] fix grant import in ef

* [PM-1188] update sqlproj

* [PM-1188] move missed sqlproj files

* [PM-1188] move auth ef models out of auth folder

* [PM-1188] fix auth ef models namespace

* [PM-1188] remove auth ef models unused imports

* [PM-1188] fix imports for auth ef models

* [PM-1188] fix more ef model imports

* [PM-1188] fix file encodings
 2023-04-14 13:25:56 -04:00
Justin Baur
7f5f010e1e
Run formatting (#2230) 2022-08-29 16:06:55 -04:00
Justin Baur
bae03feffe
Revert filescoped (#2227) 
* Revert "Add git blame entry (#2226)"

This reverts commit 239286737d15cb84a893703ee5a8b33a2d67ad3d.

* Revert "Turn on file scoped namespaces (#2225)"

This reverts commit 34fb4cca2aa78deb84d4cbc359992a7c6bba7ea5.
 2022-08-29 15:53:48 -04:00
Justin Baur
34fb4cca2a
Turn on file scoped namespaces (#2225) 2022-08-29 14:53:16 -04:00
Justin Baur
231eb84e69
Turn On ImplicitUsings (#2079) 
* Turn on ImplicitUsings

* Fix formatting

* Run linter
 2022-06-29 19:46:41 -04:00
Thomas Rittson
3443fe952b
Don't send default SsoConfigurationData to clients (#1879) 2022-03-04 07:09:55 +10:00
Chad Scharf
a7a39fb54d
CSA-6 Fix/remove artifact binding (#1885) 
* Remove artifact binding, add validation

* Re-add JSON properties but eviscerate them
 2022-02-28 13:43:49 -05:00
Oscar Hinton
ac8ca46f0f
Remove the u2f lib (#1820) 2022-01-24 12:14:04 +01:00
Oscar Hinton
e4a10aae27
Split out repositories to Infrastructure.Dapper / EntityFramework (#1759) 2022-01-11 10:40:51 +01:00
Oscar Hinton
23b0a1f9df
Run dotnet format (#1764) 2021-12-16 15:35:09 +01:00
Oscar Hinton
c5d5601464
Add support for crypto agent (#1623) 2021-10-25 15:09:14 +02:00
Chad Scharf
17db94190e
Test 1: add acr_values return validation value (#1285) 
* Part 1: add acr_values return validation value

* Update acr return value validation from OIDC specs

* acr validation prompt clarification
 2021-04-27 15:17:03 -04:00
Matt Gibson
5537470703
Use sas token for attachment downloads (#1153) 
* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
 2021-02-22 15:35:16 -06:00
Chad Scharf
6cc317c4ba
SSO - Added custom scopes and claim types for OIDC (#1133) 
* SSO - Added custom scopes and claim types for OIDC

* Removed redundant field labels

* Added acr_values to OIDC config + request
 2021-02-10 12:00:12 -05:00
Chad Scharf
99b95b5330
Fix safari sso header size (#1065) 
* Safari SSO header size fix - in progress

* Cleanup of memoryCacheTicketStore

* Redis cache ticket store + registration

* Revert some unecessary changes

* temp - distributed cookie: idsrv.external

* Ticket data cached storage added

* OIDC working w/ substantially reduced cookie size

* Added distributed cache cookie manager

* Removed hybrid OIDC flow

* Enable self-hosted folks to use Redis  for SSO

* Also allow self-hosted to use Redis cont...
 2021-01-11 11:03:46 -05:00
Chad Scharf
246cac1a33
Allow SHA1 inbound sigs from Idp (#1047) 2020-12-18 11:26:52 -05:00
Chad Scharf
fd293dd183
Added OIDC scope management (#1049) 
* added OIDC scope management

* Remove errant code comment
 2020-12-18 11:07:31 -05:00
Chad Scharf
a74778de3a
Update ACS path to embed Organization ID (#955) 2020-10-01 15:05:09 -04:00
Chad Scharf
3b8cbe631f
Implemented new OIDC redirect behavior (#954) 2020-09-29 17:06:17 -04:00
Chad Scharf
692b3970af
SSO config revision date not updating fix (#934) 2020-09-14 21:22:24 -04:00
Chad Scharf
6574d083fe
SAML NameID Policy AllowCreate should be null (#918) 
* SAML NameID Policy AllowCreate should be null

* Determine if transient, then null, otherwise true
 2020-09-08 10:43:07 -04:00
Kyle Spearrin
84c85a90e8 Merge SSO and Portal projects 2020-09-04 13:56:08 -04:00