* Fix parameter name to match entity
* Deserialize policy data in object
* Add policy with config type to fixtures
* Return policy with deserialized config
* Use CoreHelper serializers
* Add master password reset on accept request
* Simplify policy data parsing
* Linter
* Start switch to System.Text.Json
* Work on switching to System.Text.Json
* Main work on STJ refactor
* Fix build errors
* Run formatting
* Delete unused file
* Use legacy for two factor providers
* Run formatter
* Add TokenProviderTests
* Run formatting
* Fix merge issues
* Switch to use JsonSerializer
* Address PR feedback
* Fix formatting
* Ran formatter
* Switch to async
* Ensure Enums are serialized as strings
* Fix formatting
* Enqueue single items as arrays
* Remove CreateAsync method on AzureQueueService
* Move policy checking logic inside PolicyService
* Refactor to use currentContext.ManagePolicies
* Make orgUser status check more semantic
* Fix single org user checks
* Use CoreHelper implementation to deserialize json
* Refactor policy checks to use db query
* Use new db query for enforcing 2FA Policy
* Add Policy_ReadByTypeApplicableToUser
* Stub out EF implementations
* Refactor: use PolicyRepository only
* Refactor tests
* Copy SQL queries to proj and update sqlproj file
* Refactor importCiphersAsync to use new method
* Add EF implementations and tests
* Refactor SQL to remove unnecessary operations
* Use constants to represent file size limits
* Allow uploads of up to 500mb for self-hosted
* Set nginx max body size to 505mb
* Add reminder about updating nginx/proxy.conf
* Add Cipher attachment upload endpoints
* Add validation bool to attachment storage data
This bool is used to determine whether or not to renew upload links
* Add model to request a new attachment to be made for later upload
* Add model to respond with created attachment.
The two cipher properties represent the two different
cipher model types that can be returned. Cipher Response from
personal items and mini response from organizations
* Create Azure SAS-authorized upload links for both one-shot and block uploads
* Add service methods to handle delayed upload and file size validation
* Add emergency access method for downloading attachments direct from Azure
* Add new attachment storage methods to other services
* Update service interfaces
* Log event grid exceptions
* Limit Send and Attachment Size to 500MB
* capitalize Key property
* Add key validation to Azure Event Grid endpoint
* Delete blob for unexpected blob creation events
* Set Event Grid key at API startup
* Change renew attachment upload url request path to match Send
* Shore up attachment cleanup method.
As long as we have the required information, we should always delete
attachments from each the Repository, the cipher in memory, and the
file storage service to ensure they're all synched.
* Add send HideEmail to tables and models
* Respect HideEmail setting for Sends
* Recreate SendView to include new HideEmail column
* Enforce new Send policy
* Insert default value for new HideEmail column
* Delete c95d7598-71cc-4eab-8b08-aced0045198b.json
* Remove unrelated files
* Revert disableSendPolicy, add sendOptionsPolicy
* Minor style fixes
* Update SQL project with Send.HideEmail column
* unit test SendOptionsPolicy.DisableHideEmail
* Add SendOptionsPolicy to Portal
* Make HideEmail nullable, fix migrator script
* Remove NOT NULL constraint from HideEmail
* Fix style
* Make HideEmail nullable
* minor fixes to model and error message
* Move SendOptionsExemption banner
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Direct upload to azure
To validate file sizes in the event of a rogue client, Azure event webhooks
will be hooked up to AzureValidateFile.
Sends outside of a grace size will be deleted as non-compliant.
TODO: LocalSendFileStorageService direct upload method/endpoint.
* Quick respond to no-body event calls
These shouldn't happen, but might if some errant get requests occur
* Event Grid only POSTS to webhook
* Enable local storage direct file upload
* Increase file size difference leeway
* Upload through service
* Fix LocalFileSendStorage
It turns out that multipartHttpStreams do not have a length
until read. this causes all long files to be "invalid". We need to
write the entire stream, then validate length, just like Azure.
the difference is, We can return an exception to local storage
admonishing the client for lying
* Update src/Api/Utilities/ApiHelpers.cs
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Do not delete directory if it has files
* Allow large uploads for self hosted instances
* Fix formatting
* Re-verfiy access and increment access count on download of Send File
* Update src/Core/Services/Implementations/SendService.cs
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Add back in original Send upload
* Update size and mark as validated upon Send file validation
* Log azure file validation errors
* Lint fix
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
* Push syncs on Send Access
* Revert "Push syncs on Send Access"
This reverts commit 6a3eb7af4f1d4233b6e8854c863b2e263d7dea54.
* Push update of Send directly since we can't use SaveSendAsync method
* HttpStream must be read prior to knowing it length
We also need to create the send prior to saving the stream so we
have well defined save location. Solve chicken-and-egg problem by saving
the Send twice. This also allows for validation that the stream received
is the same length as that promissed by the content-length header
* Get encrypted file length from request
* Add sendId to path
Event Grid returns the blob path, which will be used to grab a Send and verify file size
* Re-validate access upon file download
Increment access count only when file is downloaded. File
name and size are leaked, but this is a good first step toward
solving the access-download race
* Get limited life attachment download URL
This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.
Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.
* Make GlobalSettings interface for testing
* Test LocalAttachmentStorageService equivalence
* Remove comment
* Add missing globalSettings using
* Simplify default attachment container
* Default to attachments containe for existing methods
A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads
* Remove Default MetaData fixture.
* Keep attachments container blob-level security for all instances
* Close unclosed FileStream
* Favor default value for noop services
* Add Disable Send policy
* Test DisableSend policy
* PR Review
* Update tests for using CurrentContext
This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.
I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference
* Fix failing test
* Update exemption to include all exempt users
* Move all CurrentContext usages to ICurrentContext
* PR review. Match messaging with Web
