* [AC-1344] Added method PutRestoreManyAdmin to CiphersController and refactored PutRestoreMany
* [AC-1344] Fixed unit test
* [AC-1344] Removed comment
* [AC-1344] Fixed sql.csproj
* [AC-1344] Added check for empty or null array; added more unit tests
* SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update
* SM-802: Run EF Migrations for SecretsManagerBeta
* SM-802: Update the two Org procs and View, and move data migration to a separate file
* SM-802: Add missing comma to Organization_Create
* SM-802: Remove extra GO statement from data migration script
* SM-802: Add SecretsManagerBeta to OrganizationResponseModel
* SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.
* SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes
* SM-802: Remove SecretsManagerBetaColumn migration
* SM-802: Add SecretsManagerBetaColumn migration
* SM-802: Remove OrganizationUserOrganizationDetailsView update
* SM-802: Remove migration
* SM-802: Rename SecretsManagerBetaColumn migration files to have the correct date (now that this has passed QA)
* SM-802: Add SecretsManagerBeta migration
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037)
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem
* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId
* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct
* Add SecretsManagerBilling feature flag to Constants
* [AC 1409] Secrets Manager Subscription Stripe Integration (#3019)
* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055)
* [AC 1460] Update Stripe Configuration (#3070)
* [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036)
* Create UpgradeSecretsManagerSubscription command
* [AC-1495] Extract UpgradePlanAsync into a command (#3081)
* This is a pure lift & shift with no refactors
* [AC-1503] Fix Stripe integration on organization upgrade (#3084)
* Fix SM parameters not being passed to Stripe
* [AC-1504] Allow SM max autoscale limits to be disabled (#3085)
* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086)
* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089)
* Revert changes to ReferenceEvent code (#3091)
This will be done in AC-1481
* Add UsePasswordManager to sync data (#3114)
* [AC-1522] Fix service account check on upgrading (#3111)
* [AC-1521] Address checkmarx security feedback (#3124)
* Reinstate target attribute but add noopener noreferrer
* Update date on migration script
---------
Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* Added region to customer metadata
* Updated webhook to filter out events for other DCs
* Flipped ternary to be positive, fixed indentation
* Updated to allow for unit testing andupdated tests
---------
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* SM-503: Add EmptySecretsManagerJob
* SM-503: Fix date logic and refactor a few lines
* SM-503: Add logging
* SM-503: Move EmptySecretsManagerTrashJob to src/Api/SecretsManager/Jobs
* SM-503: Update trigger time for EmptySecretsManagerTrashJob
* SM-503: Switch to scope on one line
* SM-768: Update EFCore and related packages to >= 7.0
* SM-768: Update more packages for the EF 7 upgrade
* SM-768: Update the PostgreSQL package
* SM-768: Run dotnet restore --force-evaluate
* SM-768: Revert package upgrades for 3 projects
* SM-768: Update the dotnet-ef tool
* SM-503: Switch to using ExecuteDeleteAsync and fix param name
* SM-503: Rename trigger to smTrashCleanupTrigger
* SM-503: Fix OSS job issue
* SM-503: Only add trigger if not OSS for SM Trash Job
* [AC-1435] Automatically enable Single Org policy when selecting TDE
* [AC-1435] Add test for automatic policy enablement
* [AC-1435] Prevent disabling single org when account recovery is enabled
* [AC-1435] Require Single Org policy when enabling Account recovery
* [AC-1435] Add unit test to check for account recovery policy when attempting to disable single org
* [AC-1435] Add test to verify single org policy is enabled for account recovery policy
* [AC-1435] Fix failing test
* Swagger fixes
Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com>
* Make Response Models return Guids instead of strings
* Change strings into guids in ScimApplicationFactory
---------
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Extract authorization from project delete command
* Support service account write access
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* feat: add new command for updating request and emailing user, refs AC-1191
* feat: inject service with organization service collection extensions, refs AC-1191
* feat: add function to send admin approval email to mail services (interface/noop/handlebars), refs AC-1191
* feat: add html/text mail templates and add view model for email data, refs AC-1191
* feat: update org auth request controller to use new command during auth request update, refs AC-1191
* fix: dotnet format, refs AC-1191
* refactor: update user not found error, FirstOrDefault for enum type display name, refs AC-1191
* refactor: update user not found to log error instead of throws, refs AC-1191
* fix: remove whitespace lint errors, refs AC-1191
* refactor: update hardcoded UTC timezone string, refs AC-1191
* refactor: add unit test for new command, refs AC-1191
* refactor: improve enum name fallback and identifier string creation, refs AC-1191
* refactor: add addtional unit tests, refs AC-1191
* refactor: update success test to use more generated params, refs AC-1191
* fix: dotnet format...again, refs AC-1191
* refactor: make UTC display a constant for handlebars mail service, refs AC-1191
* refactor: update displayTypeIdentifer to displayTypeAndIdentifier for clarity, refs AC-1191
* [PM-2594] Added new property "CloudVault" to GlobalSettings and ConfigResponseModel to be able to override this value for selfhost instances
* [PM-2594] Renamed EnvironmentConfigResponseModel.CloudVault to CloudWebVault
* [PM-2594] Added default value for globalSettings__baseServiceUri__cloudWebVault on EnvironmentFileBuilder
* [PM-2594] Erased CloudWebVault environment variable and added CloudVaultRegion
* [PM-2594] Changed var name on EnvironmentFileBuilder
* [PM-2594] Renamed the env. variable and also the output property to CloudRegion
* Add PasswordlessAuth Settings
* Update Repository Method to Take TimeSpan
* Update AuthRequest_DeleteIfExpired
- Take Configurable Expiration
- Add Special Cases for AdminApproval AuthRequests
* Add AuthRequestRepositoryTests
* Run Formatting
* Remove Comment
* Fix Bug in EF Repo
* Add Test Covering Expired Rejected AuthRequest
* Use Longer Param Names
* Use Longer Names in Test Helpers
* adding ability for service account to have write access
* Suggested changes
* fixing tests
* dotnet format changes
* Adding RunAsServiceAccountWIthPermission logic to ProjectAuthorizationhandlerTests
* Removing logic that prevents deleting and updating a secret. Adding Service Account logic to tests inside of secretAuthorizationhandlerTests.
* Removing Service Account from CanUpdateSecret_NotSupportedClientTypes_DoesNotSuceed because it is a supported client type now :)
* thomas sugested changes
* using Arg.Any<AccessClientType>() instead of default in tests
* merge conflict changes and code updates to remove service account tests that are outdated
* fixing tests
* removing extra spaces that lint hates
* Init ClientSecret migration
* Fix unit tests
* Move to src/Sql/dbo_future
* Formatting changes
* Update migration date for next release
* Swap to just executing sp_refreshview
* Fix formatting
* Add EF Migrations
* Rename to ClientSecretHash
* Fix unit test
* EF column rename
* Batch the migration
* Fix formatting
* Add deprecation notice to property
* Move data migration
* Swap to CREATE OR ALTER
* Include Member Decryption Type
* Make ICurrentContext protected from base class
* Return MemberDecryptionType
* Extend WebApplicationFactoryBase
- Allow for service subsitution
* Create SSO Tests
- Mock IAuthorizationCodeStore so the SSO process can be limited to Identity
* Add MemberDecryptionOptions
* Remove Unused Property Assertion
* Make MemberDecryptionOptions an Array
* Address PR Feedback
* Make HasAdminApproval Policy Aware
* Format
* Use Object Instead
* Add UserDecryptionOptions File
* [AC-1144] Modified OrganizationUserUserDetails queries to include value for 'HasMasterPassword' property
* [AC-1144] Added 'HasMasterPassword' property to ProviderUserUserDetailsView
* [AC-1144] Added IProviderUserRepository.GetDetailsByIdAsync to get the details for a given ProviderUser.Id
* [AC-1144] Changed ProviderUsersController.Get to use ProviderUserRepository.GetDetailsByIdAsync
* [AC-1144] Modified OrganizationUsersController.Get to user OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to output HasMasterPassword value
* [AC-1144] Reverted changes for ProviderUser
* [AC-1144] Removed line break
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Name the sm service account planId properly
* Update the secrets manager plan
* correcting the wrong amount for the seats
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* [AC-1192] Create new OrganizationAuthRequestsController.cs
* [AC-1192] Introduce OrganizationAdminAuthRequest model
* [AC-1192] Add GetManyPendingByOrganizationId method to AuthRequest repository
* [AC-1192] Add new list pending organization auth requests endpoint
* [AC-1192] Add new GetManyAdminApprovalsByManyIdsAsync method to the AuthRequestRepository
* [AC-1192] Make the response device identifier optional for admin approval requests
* [AC-1192] Add endpoint for bulk denying admin device auth requests
* [AC-1192] Add OrganizationUserId to PendingOrganizationAuthRequestResponseModel
* [AC-1192] Add UpdateAuthRequest endpoint and logic to OrganizationAuthRequestsController
* [AC-1192] Secure new endpoints behind TDE feature flag
* [AC-1192] Formatting
* [AC-1192] Add sql migration script
* [AC-1192] Add optional OrganizationId column to AuthRequest entity
- Rename migration script to match existing formatting
- Add new column
- Add migration scripts
- Update new sprocs to filter/join on OrganizationId
- Update old sprocs to include OrganizationId
* [AC-1192] Format migration scripts
* [AC-1192] Fix failing AuthRequest EF unit test
* [AC-1192] Make OrganizationId optional in updated AuthRequest sprocs for backwards compatability
* [AC-1192] Fix missing comma in migration file
* [AC-1192] Rename Key to EncryptedUserKey to be more descriptive
* [AC-1192] Move request validation into helper method to reduce repetition
* [AC-1192] Return UnauthorizedAccessException instead of NotFound when user is missing permission
* [AC-1192] Introduce FeatureUnavailableException
* [AC-1192] Introduce RequireFeatureAttribute
* [AC-1192] Utilize the new RequireFeatureAttribute in the OrganizationAuthRequestsController
* [AC-1192] Attempt to fix out of sync database migration by moving new OrganizationId column
* [AC-1192] More attempts to sync database migrations
* [AC-1192] Formatting
* [AC-1192] Remove unused reference to FeatureService
* [AC-1192] Change Id types from String to Guid
* [AC-1192] Add EncryptedString attribute
* [AC-1192] Remove redundant OrganizationId property
* [AC-1192] Switch to projection for OrganizationAdminAuthRequest mapping
- Add new OrganizationUser relationship to EF entity
- Replace AuthRequest DBContext config with new IEntityTypeConfiguration
- Add navigation property to AuthRequest entity configuration for OrganizationUser
- Update EF AuthRequestRepository to use new mapping and navigation properties
* [AC-1192] Remove OrganizationUser navigation property
* Add new properties to organization
* Add new properties to organization
* Create migration
* Add the columns to the view
* Fix the syntax error
* Change the namespaces
* Remove the comma on the stripe file
* Remove the nulls
* Resolving the PR comments
* Add a refresh for OrganizationView
* Remove the True default values
* Resolve the comments
* [PM-1270] Updated PolicyService to throw an exception in case TDE is enabled and the user is trying to turn off the master password reset policy or tries to remove auto-enrollment
* [PM-1270] Added unit tests around the checks for turning off the master password reset policy or removing auto-enrollment
* [PM-1270] Fixed existing unit test SaveAsync_NewPolicy_Created
* [PM-1270] Removed unused method mock on unit test
* Move to access query for project commands
* Swap to hasAccess method per action
* Swap to authorization handler pattern
* Move ProjectOperationRequirement to Core
* Add default throw + tests
* Extract authorization out of commands
* Unit tests for authorization handler
* Formatting
* Swap to reflection for testing switch
* Swap to check read & reflections in test
* fix wording on exception
* Refactor GetAccessClient into its own query
* Use accessClientQuery in project handler
* [AC-1265] Allow users with custom import/export permission to get organization ciphers
* [AC-1104] Fix to allow custom users with import/export permission to access all collections/ciphers in their organization
* [AC-1104] Remove redundant OrganizationAdmin checks
* Making changes for the help link
* Making changes for the PR comment
* default value in the view model itself
* Adjusting the image position
* Add more information to the plain text
* [AC-621] Added possibility of adding users through SCIM to an Organization without a confirmed Owner
* [AC-621] Passing EventSystemUser argument for HasConfirmedOwnersExceptAsync in user delete actions by SCIM
* [AC-624] Removed EventSystemUser parameter from IOrganizationService.HasConfirmedOwnersExceptAsync
* [AC-621] Added IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync
* [AC-621] Updated OrganizationService.HasConfirmedOwnersExceptAsync to use IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync to check for any confirmed provider users
* [AC-621] Removed unused EventSystemUser parameters
* [AC-621] Refactored ProviderUserRepository.GetManyByOrganizationAsync to return ProviderUser objects
* [AC-621] Removed default parameter value for Status
* [PM-1879] Replaced JsonSerializer.Serialize with CoreHelpers.ClassToJsonData
* [PM-1879] Changed OrganizationService.SaveUserAsync to check Custom permissions
* [PM-1879] Added unit tests for saving Custom permissions using a Custom user
* [PM-1879] Added method OrganizationUser.GetPermissions to deserialize the Permissions property
* [PM-1879] Refactored ValidateCustomPermissionsGrant to return bool
* [PM-1879] Added unit test SaveUser_WithCustomPermission_WhenUpgradingToAdmin_Throws
* Extend ReferenceEvents
Add ClientId and ClientVersion
Modify all callsites to pass in currentContext if available to fill ClientId and ClientVersion
* Extend ReferenceEvent to save if Send has notes
* [AC-358] Add constant for grace period length
* [AC-358] Add SubscriptionExpiration to OrganizationLicense.cs and increment Current_License_File_Version
* [AC-358] Update org subscription response model
- Add new SelfHostSubscriptionExpiration field that does not include a grace period
- Add optional License argument to constructor for self host responses
- Use the License, if available, to populate the expiration/subscription expiration fields
- Maintain backwards compatability by falling back to organization expiration date
* [AC-358] Read organization license file for self hosted subscription response
* [AC-358] Decrement current license file version and add comment documenting why
* [AC-358] Clarify name for new expiration without grace period field
* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails
* [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync
* [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user
* [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data
* [EC-787] Returning PolicyData on stored procedures
* [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection
* [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync
* [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync
* [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync
* [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync
* [EC-787] Changed integration test to check for single result
* [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete
* [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails
* [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser
* [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync
* [EC-787] Removed 'OrganizationUserType' parameter from queries
* [EC-787] Formatted OrganizationUserPolicyDetailsCompare
* [EC-787] Renamed SQL migration files
* [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json
* [EC-787] Refactored excluded user types for each Policy
* [EC-787] Updated dates on dbo_future files
* [EC-787] Remove dbo_future files from sql proj
* [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync
* [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType
* Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-1145] Add TDE feature flag
* [AC-1145] Update .gitignore to ignore flags.json in the Api project
* [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData
* [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model
* [AC-1145] Automatically enable password reset policy on TDE selection
* [AC-1145] Remove references to obsolete KeyConnectorEnabled field
* [AC-1145] Formatting
* [AC-1145] Update XML doc reference to MemberDecryptionType
* Refactor AuthRequest Logic into Service
* Add Tests & Run Formatting
* Register Service
* Add Tests From PR Feedback
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
