1
0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 23:52:50 -05:00
Commit Graph

5906 Commits

Author SHA1 Message Date
8354929ff1 [PM-18608] Don't require new device verification on newly created accounts (#5440)
* Limit new device verification to aged accounts

* set user creation date context for test

* formatting
2025-02-27 11:01:40 -05:00
3533f82d0f Tools/import cipher controller tests (#5436)
* initial commit

* PM-17954 adding unit tests for ImportCiphersController.PostImport
2025-02-27 09:53:26 -06:00
546b5a0849 [pm-17804] Fix deferred execution issue in EF CreateManyAsync (#5425)
* Add failing repository tests

* test

* clean up comments

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2025-02-27 10:21:01 -05:00
4c5bf495f3 [deps] Auth: Update Duende.IdentityServer to 7.1.0 (#5293)
* [deps] Auth: Update Duende.IdentityServer to 7.1.0

* fix(identity): fixing name space for Identity 7.1.0 update

* fix: formatting

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
2025-02-27 09:54:28 -05:00
1267332b5b [PM-14406] Security Task Notifications (#5344)
* initial commit of `CipherOrganizationPermission_GetManyByUserId`

* create queries to get all of the security tasks that are actionable by a user

- A task is "actionable" when the user has manage permissions for that cipher

* rename query

* return the user's email from the query as well

* Add email notification for at-risk passwords

- Added email layouts for security tasks

* add push notification for security tasks

* update entity framework to match stored procedure plus testing

* update date of migration and remove orderby

* add push service to security task controller

* rename `SyncSecurityTasksCreated` to `SyncNotification`

* remove duplicate return

* remove unused directive

* remove unneeded new notification type

* use `createNotificationCommand` to alert all platforms

* return the cipher id that is associated with the security task and store the security task id on the notification entry

* Add `TaskId` to the output model of `GetUserSecurityTasksByCipherIdsAsync`

* move notification logic to command

* use TaskId from `_getSecurityTasksNotificationDetailsQuery`

* add service

* only push last notification for each user

* formatting

* refactor `CreateNotificationCommand` parameter to `sendPush`

* flip boolean in test

* update interface to match usage

* do not push any of the security related notifications to the user

* add `PendingSecurityTasks` push type

* add push notification for pending security tasks
2025-02-27 08:34:42 -06:00
a2e665cb96 [PM-16684] Integrate Pricing Service behind FF (#5276)
* Remove gRPC and convert PricingClient to HttpClient wrapper

* Add PlanType.GetProductTier extension

Many instances of StaticStore use are just to get the ProductTierType of a PlanType, but this can be derived from the PlanType itself without having to fetch the entire plan.

* Remove invocations of the StaticStore in non-Test code

* Deprecate StaticStore entry points

* Run dotnet format

* Matt's feedback

* Run dotnet format

* Rui's feedback

* Run dotnet format

* Replacements since approval

* Run dotnet format
2025-02-27 07:55:46 -05:00
bd66f06bd9 Prefer record to implementing IEquatable (#5449) 2025-02-26 17:41:24 -05:00
4a4d256fd9 [PM-16787] Web push enablement for server (#5395)
* Allow for binning of comb IDs by date and value

* Introduce notification hub pool

* Replace device type sharding with comb + range sharding

* Fix proxy interface

* Use enumerable services for multiServiceNotificationHub

* Fix push interface usage

* Fix push notification service dependencies

* Fix push notification keys

* Fixup documentation

* Remove deprecated settings

* Fix tests

* PascalCase method names

* Remove unused request model properties

* Remove unused setting

* Improve DateFromComb precision

* Prefer readonly service enumerable

* Pascal case template holes

* Name TryParse methods TryParse

* Apply suggestions from code review

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* Include preferred push technology in config response

SignalR will be the fallback, but clients should attempt web push first if offered and available to the client.

* Register web push devices

* Working signing and content encrypting

* update to RFC-8291 and RFC-8188

* Notification hub is now working, no need to create our own

* Fix body

* Flip Success Check

* use nifty json attribute

* Remove vapid private key

This is only needed to encrypt data for transmission along webpush -- it's handled by NotificationHub for us

* Add web push feature flag to control config response

* Update src/Core/NotificationHub/NotificationHubConnection.cs

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* Update src/Core/NotificationHub/NotificationHubConnection.cs

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* fixup! Update src/Core/NotificationHub/NotificationHubConnection.cs

* Move to platform ownership

* Remove debugging extension

* Remove unused dependencies

* Set json content directly

* Name web push registration data

* Fix FCM type typo

* Determine specific feature flag from set of flags

* Fixup merged tests

* Fixup tests

* Code quality suggestions

* Fix merged tests

* Fix test

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-02-26 16:48:51 -05:00
Ike
dd78361aa4 Revert "[deps] Platform: Update azure azure-sdk-for-net monorepo (#4815)" (#5447)
This reverts commit 492a3d6484.
2025-02-26 14:44:35 +00:00
492a3d6484 [deps] Platform: Update azure azure-sdk-for-net monorepo (#4815)
* [deps] Platform: Update azure azure-sdk-for-net monorepo

* fix: fixing tests for package downgrade

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
2025-02-25 21:42:40 -05:00
622ef902ed [PM-18578] Don't enable automatic tax for non-taxable non-US businesses during invoice.upcoming (#5443)
* Only enable automatic tax for US subscriptions or EU subscriptions that are taxable.

* Run dotnet format
2025-02-25 13:36:12 -05:00
66feebd358 [PM-13127]Breadcrumb event logs (#5430)
* Rename the feature flag to lowercase

* Rename the feature flag to epic

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2025-02-25 15:32:19 +00:00
d15c1faa74 [PM-12491] Create Organization disable command (#5348)
* Add command interface and implementation for disabling organizations

* Register organization disable command for dependency injection

* Add unit tests for OrganizationDisableCommand

* Refactor subscription handlers to use IOrganizationDisableCommand for disabling organizations

* Remove DisableAsync method from IOrganizationService and its implementation in OrganizationService

* Remove IOrganizationService dependency from SubscriptionDeletedHandler

* Remove commented TODO for sending email to owners in OrganizationDisableCommand
2025-02-25 14:57:30 +00:00
0f10ca52b4 [deps] Auth: Lock file maintenance (#5301)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-24 15:45:39 -05:00
6ca98df721 Ac/pm 17449/add managed user validation to email token (#5437) 2025-02-24 10:42:04 -05:00
6bc579f51e Bumped version to 2025.2.1 2025-02-24 12:32:27 +00:00
2b1db97d5c [PM-18085] Add Manage property to UserCipherDetails (#5390)
* Add Manage permission to UserCipherDetails and CipherDetails_ReadByIdUserId

* Add Manage property to CipherDetails and UserCipherDetailsQuery

* Add integration test for CipherRepository Manage permission rules

* Update CipherDetails_ReadWithoutOrganizationsByUserId to include Manage permission

* Refactor UserCipherDetailsQuery to include detailed permission and organization properties

* Refactor CipherRepositoryTests to improve test organization and readability

- Split large test method into smaller, focused methods
- Added helper methods for creating test data and performing assertions
- Improved test coverage for cipher permissions in different scenarios
- Maintained existing test logic while enhancing code structure

* Refactor CipherRepositoryTests to consolidate cipher permission tests

- Removed redundant helper methods for permission assertions
- Simplified test methods for GetCipherPermissionsForOrganizationAsync, GetManyByUserIdAsync, and GetByIdAsync
- Maintained existing test coverage for cipher manage permissions
- Improved code readability and reduced code duplication

* Add integration test for CipherRepository group collection manage permissions

- Added new test method GetCipherPermissionsForOrganizationAsync_ManageProperty_RespectsCollectionGroupRules
- Implemented helper method CreateCipherInOrganizationCollectionWithGroup to support group-based collection permission testing
- Verified manage permissions are correctly applied based on group collection access settings

* Add @Manage parameter to Cipher stored procedures

- Updated CipherDetails_Create, CipherDetails_CreateWithCollections, and CipherDetails_Update stored procedures
- Added @Manage parameter with comment "-- not used"
- Included new stored procedure implementations in migration script
- Consistent with previous work on adding Manage property to cipher details

* Update UserCipherDetails functions to reorder Manage and ViewPassword columns

* Reorder Manage and ViewPassword properties in cipher details queries

* Bump date in migration script
2025-02-24 11:40:53 +00:00
b0c6fc9146 [PM-18234] Add SendPolicyRequirement (#5409) 2025-02-24 09:19:52 +10:00
5241e09c1a PM-15882: Added RemoveUnlockWithPin policy (#5388) 2025-02-21 20:59:37 +01:00
d8cf658207 [deps] Auth: Update sass to v1.85.0 (#4947)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-21 19:35:39 +00:00
c1ac96814e remove feature flag (#5432) 2025-02-21 13:23:06 -05:00
Ike
b00f11fc43 [PM-17645] : update email for new email multi factor tokens (#5428)
* feat(newDeviceVerification) : Initial update to email

* fix : email copying over extra whitespace when using keyboard short cuts

* test : Fixing tests for new device verificaiton email format
2025-02-21 11:12:31 -05:00
b66f255c5c Add import-logins-flow flag (#5397) 2025-02-21 10:21:31 -05:00
f6365fa385 [PM-17593] Remove Multi-Org Enterprise feature flag (#5351) 2025-02-21 14:35:36 +00:00
06c96a96c5 [PM-17449] Add logic to handle email updates for managed users. (#5422) 2025-02-20 15:38:59 -05:00
2f4d5283d3 [PM-17449] Add stored proc, EF query, and an integration test for them (#5413) 2025-02-20 15:08:06 -05:00
93e5f7d0fe Incorrect Read only connection string on development self-hosted environment (#5426) 2025-02-20 20:21:50 +01:00
5bbd905401 [PM-18436] Only cancel subscriptions when creating or renewing (#5423)
* Only cancel subscriptions during creation or cycle renewal

* Resolved possible null reference warning

* Inverted conitional to reduce nesting
2025-02-20 13:03:29 -05:00
0b6f0d9fe8 Collect Code Coverage In DB Tests (#5431) 2025-02-20 11:19:48 -05:00
fb74512d27 refactor(TwoFactorComponentRefactor Feature Flag): [PM-8113] - Deprecate TwoFactorComponentRefactor feature flag in favor of UnauthenticatedExtensionUIRefresh feature flag. (#5120) 2025-02-20 10:10:10 -05:00
4bef2357d5 [PM-18028] Enabling automatic tax for customers without country or with manual tax rates set (#5376) 2025-02-20 16:01:48 +01:00
9f4aa1ab2b [PM-15084] Push global notification creation to affected clients (#5079)
* PM-10600: Notification push notification

* PM-10600: Sending to specific client types for relay push notifications

* PM-10600: Sending to specific client types for other clients

* PM-10600: Send push notification on notification creation

* PM-10600: Explicit group names

* PM-10600: Id typos

* PM-10600: Revert global push notifications

* PM-10600: Added DeviceType claim

* PM-10600: Sent to organization typo

* PM-10600: UT coverage

* PM-10600: Small refactor, UTs coverage

* PM-10600: UTs coverage

* PM-10600: Startup fix

* PM-10600: Test fix

* PM-10600: Required attribute, organization group for push notification fix

* PM-10600: UT coverage

* PM-10600: Fix Mobile devices not registering to organization push notifications

We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.

* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService

Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.

* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict

* PM-10600: Organization push notifications not sending to mobile device from self-hosted.

Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.

* PM-10600: Fix self-hosted organization notification not being received by mobile device.

When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.

* PM-10600: Broken NotificationsController integration test

Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.

* PM-10600: Merge conflicts fix

* merge conflict fix

* PM-10600: Push notification with full notification center content.

Notification Center push notification now includes all the fields.

* PM-10564: Push notification updates to other clients

Cherry-picked and squashed commits:
d9711b6031 6e69c8a0ce 01c814595e 3885885d5f 1285a7e994 fcf346985f 28ff53c293 57804ae27c 1c9339b686

* PM-15084: Push global notification creation to affected clients

Cherry-picked and squashed commits:
ed5051e0eb 181f3e4ae6 49fe7c93fd a8efb45a63 7b4122c837 d21d4a67b3 186a09bb92 1531f564b5

* PM-15084: Log warning when invalid notification push notification sent

* explicit Guid default value

* push notification tests in wrong namespace

* Installation push notification not received for on global notification center message

* wrong merge conflict

* wrong merge conflict

* installation id type Guid in push registration request
2025-02-20 15:35:48 +01:00
228ce3b2e9 Scale seats before inserting ProviderOrganization when adding existing organization (#5420) 2025-02-19 12:01:11 -05:00
4f73081e41 Give provider credit for unused client organization time (#5421) 2025-02-19 10:13:03 -05:00
43be2dbc83 Prevent organization disablement on addition to provider (#5419) 2025-02-19 09:52:17 -05:00
fcb9848180 [PM-13620]Existing user email linking to create-organization (#5315)
* Changes for the existing customer

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* removed the added character

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2025-02-19 13:13:48 +01:00
f27886e312 [PM-17932] Convert Renovate config to JSON5 (#5414)
* Migrated Renovate config to JSON5

* Apply Prettier

* Added comment for demonstration

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2025-02-18 12:54:11 -05:00
055e4e3066 Add RequestDeviceIdentifier to response (#5403) 2025-02-18 10:42:00 -05:00
ac443ed495 [pm-13985] Add a cancel endpoint to prevent authorization errors (#5229) 2025-02-18 09:53:49 -05:00
f80acaec0a [PM-17562] Refactor to Support Multiple Message Payloads (#5400)
* [PM-17562] Refactor to Support Multiple Message Payloads

* Change signature as per PR suggestion
2025-02-14 13:38:27 -05:00
5709ea36f4 [PM-15485] Add provider plan details to provider Admin pages (#5326)
* Add Provider Plan details to Provider Admin pages

* Run dotnet format

* Thomas' feedback

* Updated code ownership

* Robert's feedback

* Thomas' feedback
2025-02-14 12:03:09 -05:00
288f08da2a [PM-18268] SM Marketing Initiated Trials cause invoice previewing to … (#5404) 2025-02-14 18:01:49 +01:00
762acdbd03 [deps] Tools: Update MailKit to 4.10.0 (#5408)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
2025-02-14 17:37:34 +01:00
f4c37df883 [PM-12490] Extract OrganizationService.EnableAsync into commands (#5321)
* Add organization enable command implementation

* Add unit tests for OrganizationEnableCommand

* Add organization enable command registration for dependency injection

* Refactor payment and subscription handlers to use IOrganizationEnableCommand for organization enabling

* Remove EnableAsync methods from IOrganizationService and OrganizationService

* Add xmldoc to IOrganizationEnableCommand

* Refactor OrganizationEnableCommand to consolidate enable logic and add optional expiration
2025-02-14 11:25:29 +00:00
f4341b2f3b [PM-14439] Add PolicyRequirementQuery for enforcement logic (#5336)
* Add PolicyRequirementQuery, helpers and models in preparation for migrating domain code

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
2025-02-14 11:05:49 +00:00
54d59b3b92 [PM-16812] Shortcut duplicate group patch requests (#5354)
* Copy PatchGroupCommand to vNext and refactor

* Detect duplicate add requests and return early

* Update read repository method to use HA replica

* Add new write repository method
2025-02-14 11:09:01 +10:00
ac6bc40d85 feat(2FA): [PM-17129] Login with 2FA Recovery Code
* feat(2FA): [PM-17129] Login with 2FA Recovery Code - Login with Recovery Code working.

* feat(2FA): [PM-17129] Login with 2FA Recovery Code - Feature flagged implementation.

* style(2FA): [PM-17129] Login with 2FA Recovery Code - Code cleanup.

* test(2FA): [PM-17129] Login with 2FA Recovery Code - Tests.
2025-02-13 15:51:36 -05:00
465549b812 PM-17954 changing import permissions around based on requirements (#5385)
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
2025-02-13 19:43:34 +01:00
6cb00ebc8e Add entity path to database test workflow (#5401)
* Add entity path to database test workflow

* Add entity path to pull request - path database test workflow

---------

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2025-02-13 08:57:41 -07:00
c3924bbf3b [PM-10564] Push notification updates to other clients (#5057)
* PM-10600: Notification push notification

* PM-10600: Sending to specific client types for relay push notifications

* PM-10600: Sending to specific client types for other clients

* PM-10600: Send push notification on notification creation

* PM-10600: Explicit group names

* PM-10600: Id typos

* PM-10600: Revert global push notifications

* PM-10600: Added DeviceType claim

* PM-10600: Sent to organization typo

* PM-10600: UT coverage

* PM-10600: Small refactor, UTs coverage

* PM-10600: UTs coverage

* PM-10600: Startup fix

* PM-10600: Test fix

* PM-10600: Required attribute, organization group for push notification fix

* PM-10600: UT coverage

* PM-10600: Fix Mobile devices not registering to organization push notifications

We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.

* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService

Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.

* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict

* PM-10600: Organization push notifications not sending to mobile device from self-hosted.

Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.

* PM-10600: Fix self-hosted organization notification not being received by mobile device.

When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.

* PM-10600: Broken NotificationsController integration test

Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.

* PM-10600: Merge conflicts fix

* merge conflict fix

* PM-10600: Push notification with full notification center content.

Notification Center push notification now includes all the fields.

* PM-10564: Push notification updates to other clients

Cherry-picked and squashed commits:
d9711b6031 6e69c8a0ce 01c814595e 3885885d5f 1285a7e994 fcf346985f 28ff53c293 57804ae27c 1c9339b686

* null check fix

* logging using template formatting
2025-02-13 14:23:33 +01:00