* Move policy checking logic inside PolicyService
* Refactor to use currentContext.ManagePolicies
* Make orgUser status check more semantic
* Fix single org user checks
* Use CoreHelper implementation to deserialize json
* Refactor policy checks to use db query
* Use new db query for enforcing 2FA Policy
* Add Policy_ReadByTypeApplicableToUser
* Stub out EF implementations
* Refactor: use PolicyRepository only
* Refactor tests
* Copy SQL queries to proj and update sqlproj file
* Refactor importCiphersAsync to use new method
* Add EF implementations and tests
* Refactor SQL to remove unnecessary operations
* Add autoscale fields to Organization
* Add autoscale setting changes
* Autoscale organizations
updates InviteUsersAsync to support all invite sources.
sends an email to org owners when organization autoscaled
* All organizations autoscale
Disabling autoscaling can be done by setting max seats to current seats.
We only warn about autoscaling on the first autoscaling event.
* Fix tests
* Bug fixes
* Simplify subscription update logic
* Void invoices that fail to delete
Stripe no longer allows deletion of draft invoices that were created as part of subscription updates. It's necessary to void out these invoices without sending tem to the client.
* Notify org owners when their subscription runs out of seats
* Use datetime for notifications
Allows for later re-sending email if we want to periodically remind
owners
* Do not update subscription if it already matches new quatity
* Include all migrations
* Remove unnecessary inline styling
* SubscriptionUpdate handles update decisions
* Remove unnecessary html setter
* PR review
* Use minimum access for class methods
* Use invoice to pay if subscription set to invoice
* Apply suggestions from code review
Co-authored-by: Addison Beck <abeck@bitwarden.com>
* PR review
Move to subscriber model for subscription updates.
Co-authored-by: Addison Beck <abeck@bitwarden.com>
* Finalize and void subscription updates
Stripe does not allow deletion of invoices created as subscription updates.
Instead, finalize it and void it out without sending to the customer.
* Store and Restore invoice days until due
Currently, we're overwriting customer invoice lead times whenever they
attempt to update their seat count. Changes are now updated to previous
behavior after our seat adjustment work
* PR Comments
* made salesAssistedTrialStarted nullable
* removed conditional logic surrounding directory sync events
* changed the value of the CipherCreated reference event enum
* added enum values for new events
* hooked up directory sync event
* upgraded the OrganizationUpgrade ReferenceEvent
* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization
* Added metadata to the AdjustedSeats event
* Implemented vaultImported event
* Implemented FirstGroupAdded event
* Implemented FirstCollectionAdded event
* Implemented FirstSecretAdded event type
* Implemented SalesAssisted reference event
* changed events to match updated requirements
* renamed an event enum
* Title case buttons
* Throw if provider tries to add a non-business organization
* Allow only one admin OR owner roll in a free org per user
Boolean operators were not properly assocated
and ownership of an org was precluding confirmation into any other
organization
* Limit email length
* Require email domain with top level domain
* Do not allow email domains to end in invalid characters
* Fix free org tests
* Record when a provider user accesses a clients vault
* Do not allow removal from provider unless owner exists
* PR Review
* Null safe event processing
* append `Async` to async methods
* Add support for bulk confirm
* Add missing sproc to migration
* Change ConfirmUserAsync to internally use ConfirmUsersAsync
* Refactor to be a bit more readable
* Change BulkReinvite and BulkRemove to return a list of errors/success
* Refactor
* Fix removing owner preventing removing non owners
* Add another unit test
* Use fixtures for OrganizationUser and Policies
* Fix spelling
* [Reset Password] Organization Keys APIs
* Updated details response to include private key and added more security checks for reset password methods
* Added org type and policy security checks to the enrollment api
* Updated based on PR feedback
* Added org user type permission checks
* Added TODO for email to user
* Removed unecessary policyRepository object
* Increase organization max seat size from 30k to 2b (#1274)
* Increase organization max seat size from 30k to 2b
* PR review. Do not modify unless state matches expected
* Organization sync simultaneous event reporting (#1275)
* Split up azure messages according to max size
* Allow simultaneous login of organization user events
* Early resolve small event lists
* Clarify logic
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Improve readability
This comes at the cost of multiple serializations, but the
improvement in wire-time should more than make up for this
on message where serialization time matters
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Queue emails (#1286)
* Extract common Azure queue methods
* Do not use internal entity framework namespace
* Prefer IEnumerable to IList unless needed
All of these implementations were just using `Count == 1`,
which is easily replicated. This will be used when abstracting Azure queues
* Add model for azure queue message
* Abstract Azure queue for reuse
* Creat service to enqueue mail messages for later processing
Azure queue mail service uses Azure queues.
Blocking just blocks until all the work is done -- This is
how emailing works today
* Provide mail queue service to DI
* Queue organization invite emails for later processing
All emails can later be added to this queue
* Create Admin hosted service to process enqueued mail messages
* Prefer constructors to static generators
* Mass delete organization users (#1287)
* Add delete many to Organization Users
* Correct formatting
* Remove erroneous migration
* Clarify parameter name
* Formatting fixes
* Simplify bump account revision sproc
* Formatting fixes
* Match file names to objects
* Indicate if large import is expected
* Early pull all existing users we were planning on inviting (#1290)
* Early pull all existing users we were planning on inviting
* Improve sproc name
* Batch upsert org users (#1289)
* Add UpsertMany sprocs to OrganizationUser
* Add method to create TVPs from any object.
Uses DbOrder attribute to generate.
Sproc will fail unless TVP column order matches that of the db type
* Combine migrations
* Correct formatting
* Include sql objects in sql project
* Keep consisten parameter names
* Batch deletes for performance
* Correct formatting
* consolidate migrations
* Use batch methods in OrganizationImport
* Declare @BatchSize
* Transaction names limited to 32 chars
Drop sproc before creating it if it exists
* Update import tests
* Allow for more users in org upgrades
* Fix formatting
* Improve class hierarchy structure
* Use name tuple types
* Fix formatting
* Front load all reflection
* Format constructor
* Simplify ToTvp as class-specific extension
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Add API for bulk removal of org users
* Refactor OrganizationService, extract some common code.
* Add tests for DeleteUserAsync
* Add tests for DeleteUsers
* Formating
* Update test/Core.Test/Services/OrganizationServiceTests.cs
added a space
Co-authored-by: Addison Beck <abeck@bitwarden.com>
* [Reset Password] Enterprise Policy
* Created UI for policy/edit policy // Updated TODOs for policy dependent checks
* Updated reset password data model field name to be more descriptive
* Update title to Master Password Reset
* Updated PoliciesModel, Policy Model spacing, and strings
* [Reset Password] Organization Key Pair
* Fixed type in Organization_ReadAbilites sproc
* Fixed broken unit test by making sure premium addon was false
* Updated PublicKey decorator and removed unecessary validation
* Fix single org policy when creating organization
Exclude owners and admins from policy when creating new org
* Fix single org and 2FA policy on accepting invite
Exclude owners and admins from policies
* Remove looped async calls
* Fix code style and formatting
* Get limited life attachment download URL
This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.
Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.
* Make GlobalSettings interface for testing
* Test LocalAttachmentStorageService equivalence
* Remove comment
* Add missing globalSettings using
* Simplify default attachment container
* Default to attachments containe for existing methods
A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads
* Remove Default MetaData fixture.
* Keep attachments container blob-level security for all instances
* Close unclosed FileStream
* Favor default value for noop services
* Null checked org invite collections
* Null checked permissions on org invite
* Gave a static seat count to org invite fixture
* Null checked the right way
* Implemented Custom role and permissions
* Converted permissions columns to a json blob
* Code review fixes for Permissions
* sql build fix
* Update Permissions.cs
* formatting
* Update IOrganizationService.cs
* reworked a conditional
* built out tests for relevant organization service methods
* removed unused usings
* fixed a broken test and a bad empty string init
* removed 'Attribute' from some attribute instances
* Implemented tax collection for subscriptions
* Cleanup for Sales Tax
* Cleanup for Sales Tax
* Changes a constraint to an index for checking purposes
* Added and implemented a ReadById method for TaxRate
* Code review fixes for Tax Rate implementation
* Code review fixes for Tax Rate implementation
* Made the SalesTax migration script rerunnable
* added OnlyOrg to PolicyType enum
* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg
* blocked creating new orgs if already in an org with OnlyOrg enabled
* created email alert for OnlyOrg policy
* removed users & sent alerts when appropriate for the OnlyOrg policy
* added method to noop mail service
* cleanup for OnlyOrg policy server logic
* blocked confirming new org users if they have violated the OnlyOrg policy since accepting
* added localization strings needed for the OnlyOrg policy
* allowed OnlyOrg policy configuration from the portal
* used correct localization key for onlyorg
* formatting and messaging changes for OnlyOrg
* formatting
* messaging change
* code review changes for onlyorg
* slimmed down a conditional
* optimized getting many orgUser records from many userIds
* removed a test file
* sql formatting
* weirdness
* trying to resolve git diff formatting issues
* Initial commit of accept user during set password flow
* changed new org user from accepted to invited // moved another check to token accept function
* Revised some white space // Moved business logic to UserService
* Fixed UserServiceTest
* Removed some white-space
* Removed more white-space
* Final white-space issues
* facilitate linking/unlinking existing users from an sso enabled org
* added user_identifier to identity methods for sso
* moved sso user delete method to account controller
* fixed a broken test
* Update AccountsController.cs
* facilitate linking/unlinking existing users from an sso enabled org
* added user_identifier to identity methods for sso
* moved sso user delete method to account controller
* fixed a broken test
* added a token to the existing user sso link flow
* added a token to the existing user sso link flow
* fixed a typo
* added an event log for unlink ssoUser records
* fixed a merge issue
* fixed a busted test
* fixed a busted test
* ran a formatter over everything & changed .vscode settings in .gitignore
* chagned a variable to use string interpolation
* removed a blank line
* Changed TokenPurpose enum to a static class of strings
* code review cleanups
* formatting fix
* Changed parameters & logging for delete sso user
* changed th method used to get organization user for deleting sso user records
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
* Expanded the Plan model to make plan & product data a bit more dynamic
* Created a Product enum to track versioned instances of the same plan
* Created and API call and Response model for getting plan & product data from the server
