1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-12 13:19:01 -05:00
Commit Graph

1407 Commits

Author SHA1 Message Date
a2109175b0 Add self-host eligibility to organization metadata (#4867) 2024-10-21 14:02:21 -04:00
91409a45f0 Split Organization.LimitCollectionCreationDeletion into two separate business rules (#4730)
* Add feature flag

* Promoted the new Entiy Framework properties

* Deprecate the old property

* Update references

* Fix mispelling

* Re-add contextual comment regarding dropped license properties

* Add back deleted assertion for deprecated property

* Add back removed fixture property assignment

* Improve feature toggling scenerios for self hosted org creation/update

* Unblock `PutCollectionManagement` for self host

* Simplify logic of a couple of conditionals

* Feature toggle route unblocking

* Adjust logic collection creation/deletion authorization handler

* Create tests

* Fix bug caught by tests

* Fix bugs caught during manual testing

* Remove remark about license
2024-10-18 11:00:01 -04:00
4fec7cadb7 [PM-13722] Refactor ValidateOrganizationsDomainAsync (#4905)
Refactored ValidateOrganizationsDomainAsync to use VerifyOrganizationDomainAsync
2024-10-18 07:45:34 -05:00
d6cd73cfcc [PM-11404] Account Management: Prevent a verified user from purging their vault (#4853)
* Add check for managed user before purging account

* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel

* Rename the property ManagesActiveUser to UserIsManagedByOrganization

* Remove whole class #nullable enable and add it to specific places

* Remove unnecessary .ToList()

* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable

* Update error message when unable to purge vault for managed account
2024-10-17 16:06:32 +01:00
93e49ffe74 [AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)
* Add HasConfirmedOwnersExceptQuery class, interface and unit tests

* Register IHasConfirmedOwnersExceptQuery for dependency injection

* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery

* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery

* Fix unit tests

* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests

* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests

* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser

* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names

* Refactor controller actions to accept Guid directly instead of parsing strings

* Add unit tests for removing OrganizationUser by UserId

* Refactor remove OrganizationUser by UserId method

* Add summary to IHasConfirmedOwnersExceptQuery
2024-10-16 10:33:00 +01:00
7a5faae496 [deps] Billing: Update swashbuckle-aspnetcore monorepo to 6.8.1 (#4884)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
2024-10-15 12:46:29 +01:00
d4c486e189 [PM-12429] Remove authenticator token flag from business logic on 2FA controller (#4868)
* Removed flag from business logic on 2FA controller

* Linting.
2024-10-09 13:47:14 -04:00
58c6f09629 [PM-12684] Remove Members Bulk 2FA feature flag logic (#4864) 2024-10-09 15:32:49 +01:00
9d06c7b1e0 Added filter for status when getting invoices (#4866) 2024-10-09 13:00:36 +00:00
e288ca97a3 [PM-12358] New Verified Organization Domain SSO Detail endpoint (#4838)
* Added /domain/sso/verified to organization controller

* Restricting sproc to only return verified domains if the org has sso. Adding name. corrected route. removed not found exception. Adding the sproc definition to the SQL project
2024-10-07 14:39:57 -05:00
f89900c3f9 [deps] Vault: Update aspnet-health-checks monorepo (#4132)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
2024-10-07 12:32:14 +02:00
337eedcd2c [PM-10321/PM-10322] Add Endpoints for Deleting Single and Multiple Organization-Managed Users (#4727)
* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add new event types for organization user deletion and voluntary departure

* Add DeleteManagedOrganizationUserAccountCommand to remove user and delete account

* Refactor DeleteManagedOrganizationUserAccountCommand to use orgUser.Id instead of orgUser.UserId.Value

* Add DeleteManagedOrganizationUserAccountCommandTests

* Add an endpoint to the OrganizationUsersController to delete a user account managed by an organization

* Add unit tests for OrganizationUsersController.DeleteAccount

* Add an endpoint to the OrganizationUsersController to bulk delete user accounts managed by an organization

* Add unit tests for OrganizationUsersController.BulkDeleteAccount

* Gate new endpoints behind feature flag

* Remove duplicate migration

* Remove unnecessary _userService.GetProperUserId
2024-10-01 15:45:23 +01:00
c94a084c86 [PM-3478] Refactor OrganizationUser api (#4752)
* Add OrganizationUserMiniDetails endpoint, models and authorization
* Restrict access to current OrganizationUserUserDetails endpoint
Both are behind feature flags
2024-10-01 07:14:16 +10:00
f20f646a7e [deps] Billing: Update swashbuckle-aspnetcore monorepo to 6.8.0 (#4826)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-30 09:45:06 +02:00
c66879eb89 [PM-8445] Update trial initiation UI (#4712)
* Add the feature flag

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Initial comment

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* changes to subscribe with payment method

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add new objects

* Implementation for subscription without payment method

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Remove unused codes and classes

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Rename the flag properly

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* remove implementation that is no longer needed

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* revert the changes on some code removal

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the pr comment

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* format the data annotations line breaks

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-09-27 19:39:44 +01:00
3f629e0a5a [PM-11334] Add managed status to sync data (#4791)
* Refactor UserService to add GetOrganizationManagingUserAsync method to retrive the organization that manages a user

* Refactor SyncController and AccountsController to include ManagedByOrganizationId in profile response
2024-09-26 11:21:51 +01:00
42f6112c55 Remove device trust logging controller flag restriction (#4795)
* Removed controller restriction

* Linting.
2024-09-24 16:46:04 -04:00
9a5c6fe527 PM-11123: Device Type mapping (#4768)
* PM-11123: Device Type mapping

* PM-11123: Moving ClientType out of NotificationCenter, naming clash with Identity ClientType

* PM-11123: Rename ClientType in ICurrentContext to match the type
2024-09-23 23:02:32 +02:00
2384e0b7ef Add AuthorizeOrThrowAsync extension method (#4790) 2024-09-23 08:45:14 +10:00
ab8c3af685 [PM-6630][INT-188] krb5 to dockerfile and kinit entrypoint (#3841) 2024-09-20 12:15:47 -04:00
5c9da2e5ea [PM-5237] Add new Settings property to config endpoint (#4785)
* Added new Settings property to Config endpoint.

* Linting
2024-09-17 11:38:48 -04:00
a19fc6a2b0 [SM-1433] Update SM Event Logs (#4759)
* SM-1433: Fix bug using cipherId instead of secretId

* SM-1433: Add secretId and serviceAccountId
2024-09-16 12:30:23 -04:00
95ba256511 Remove IP API response (#4771) 2024-09-12 15:23:04 -04:00
aa361341bd [PM-10914] add endpoint to delete all folders (#4761)
* add endpoint to delete all folders

* await folder deletions
2024-09-12 13:47:04 -04:00
68b421fa2b [PM-11728] Upgrade free organizations without Stripe Sources API (#4757)
* Refactor: Update metadata in OrganizationSignup and OrganizationUpgrade

This commit moves the IsFromSecretsManagerTrial flag from the OrganizationUpgrade to the OrganizationSignup because it will only be passed in on organization creation. Additionally, it removes the nullable boolean 'provider' flag passed to OrganizationService.SignUpAsync and instead adds that boolean flag to the OrganizationSignup which seems more appropriate.

* Introduce OrganizationSale

While I'm trying to ingrain a singular model that can be used to purchase or upgrade organizations, I disliked my previously implemented OrganizationSubscriptionPurchase for being a little too wordy and specific. This sale class aligns more closely with the work we need to complete against Stripe and also uses a private constructor so that it can only be created and utilized via an Organiztion and either OrganizationSignup or OrganizationUpgrade object.

* Use OrganizationSale in OrganizationBillingService

This commit renames the OrganizationBillingService.PurchaseSubscription to Finalize and passes it the OrganizationSale object. It also updates the method so that, if the organization already has a customer, it retrieves that customer instead of automatically trying to create one which we'll need for upgraded free organizations.

* Add functionality for free organization upgrade

This commit adds an UpdatePaymentMethod to the OrganizationBillingService that will check if a customer exists for the organization and if not, creates one with the updated payment source and tax information. Then, in the UpgradeOrganizationPlanCommand, we can use the OrganizationUpgrade to get an OrganizationSale and finalize it, which will create a subscription using the customer created as part of the payment method update that takes place right before it on the client-side. Additionally, it adds some tax ID backfill logic to SubscriberService.UpdateTaxInformation

* (No Logic) Re-order OrganizationBillingService methods alphabetically

* (No Logic) Run dotnet format
2024-09-11 09:04:15 -04:00
f2180aa7b7 [PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)
* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
2024-09-11 11:29:57 +01:00
add8783e31 [PM-11667] Remove all code related to the outdated custom permissions 'Edit/Delete Assigned Collections' (#4736) 2024-09-10 15:06:13 +01:00
Tom
aa72c0b800 Fixes the dupe issue on group and colletion (#4743) 2024-09-09 11:48:07 -04:00
46ac2a9b3b [AC-2568] Added invoices and transaction history endpoints. Added cursor paging for each (#4692)
* Added invoices and transaction history endpoints. Added cursor paging for each

* Removed try/catch since it's handled by middleware. Updated condition to use pattern matching

* Added unit tests for PaymentHistoryService

* Removed organizationId from account billing controller endpoints
2024-09-09 09:38:58 -04:00
ebf8bc0b85 [PM-11749] Add device type to device trust loss logging (#4742)
* Add device type to trust loss logging.

* Added check for null.
2024-09-06 18:06:39 -04:00
c3ba6697e9 Fix typo in OrganizationsController.cs (#4739) 2024-09-06 14:39:01 +10:00
Tom
af3797c540 [AC-2614] Member Access Report Endpoint (#4599)
* Initial draft of moving the org user controller details method into a query

* Removing comments and addressing pr items

* Adding the org users query to core

* Adding the member access report

* Addressing some pr concerns and refactoring to be more efficient

* Some minor changes to the way properties are spelled

* Setting authorization to organization

* Adding the permissions check for reports and comments

* removing unnecessary usings

* Removing ciphers controller change that was a mistake

* There was a duplication issue in getting collections for users grabbing groups

* Adding comments to the CreateReport method

* Only get the user collections by userId

* Some finaly refactoring

* Adding the no group, no collection, and no perms local strings

* Modifying and adding query test cases

* Removing unnecessary permissions code in query

* Added mapping for id and UsesKeyConnector to MemberAccessReportModel (#4681)

* Moving test cases from controller fully into the query.

---------

Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
2024-09-04 14:33:33 -04:00
471851978b [PM-10325] Rename OrganizationUser Delete and BulkDelete endpoints to Remove and BulkRemove (#4711)
* Rename IDeleteOrganizationUserCommand to IRemoveOrganizationUserCommand

* Rename IOrganizationService DeleteUser methods to RemoveUser

* Rename API endpoints for deleting organization users to "Remove"

* chore: Rename Delete method to Remove in MembersController
2024-09-04 11:18:23 +01:00
3c86ec6a35 [AC-2959] ACH Direct Debit POC (#4703)
* Refactor: Rename some methods and models for consistency

This commit contains no logic changes at all. It's entirely comprised of renames of existing models and methods to bring our codebase more in line with our app's functionality and terminology.

* Add feature flag: AC-2476-deprecate-stripe-sources-api

* Standardize error responses from applicable billing controllers

During my work on CB, I found that just using the built-in TypedResults errors results in the client choking on the response because it's looking for the ErrroResponseModel. The new BaseBillingController provides Error utilities to return TypedResults wrapping that model so the client can process it.

* Add feature flagged payment method endoints to OrganizationBillingController

* Run dotnet format
2024-08-28 10:48:14 -04:00
20478949d8 [deps] Billing: Update swashbuckle-aspnetcore monorepo to v6.7.3 (#4650)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 09:18:57 -04:00
13ad872f51 Resolve Vault and DB Warnings (#4646)
* Resolve Vault Warnings

* Resolve DB Warnings
2024-08-27 19:05:34 -04:00
acb71d87d9 Log events from the import organization flow (#4632)
* Log events from the import organization flow

* Use an interface for the `OrganizationUser` object used to log events

* Log import events as being from the public api if they are

* Add logging for created groups

* Log proper group ids

* Fix tests

* Also log update events for groups

* Remove private API `import` endpoint

* Make `eventSystemUser` non-nullable for `ImportAsync`

* Fix tests

* Delete `ImportOrganizationUsersRequestModel`

* Fix tests
2024-08-28 08:19:48 +10:00
ccf2ebd142 [deps] Auth: Update azure azure-sdk-for-net monorepo (#4658)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-08-26 14:44:26 -07:00
Tom
78beac9f19 Added the AccessReports permission to enable report viewing (#4648) 2024-08-26 12:59:49 +02:00
aa66b5ad11 Remove hints from responses (#4635) 2024-08-23 13:51:21 -04:00
b9d75326a7 Removed feature flag and unused endpoint (#4677) 2024-08-21 10:44:14 -04:00
9a7165b489 [AC-2972] AC Team ownership: Events (2/2) (#4675) 2024-08-21 09:03:26 +10:00
1a584b4477 [PM-9361] Generate Swagger specs in CI for the SDK (#4428)
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2024-08-20 15:34:22 +02:00
0230013b20 [AC-2972] AC Team ownership: Events (#4647)
* Move Event domain under AC Team ownership
2024-08-19 08:00:17 +10:00
faa9afbe5e Resolve Billing and Secrets Manager Code (#4645)
* Resolve Billing Warnings

* Resolve SM Warnings
2024-08-17 07:06:31 -04:00
86cd03ce52 [deps] Billing: Update swashbuckle-aspnetcore monorepo to v6.7.0 (#4545)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Morask <144709477+amorask-bitwarden@users.noreply.github.com>
2024-08-13 15:10:46 -04:00
1442bf94ae Fix send rotation error message (#4624) 2024-08-13 11:41:27 -04:00
e2110da4a7 fix: restore using core for remaining feature flag references, refs PM-10291 (#4607) 2024-08-08 14:07:05 -05:00
746a35a14a [PM-10291] Remove Flexible Collections v1 flag from API (#4578)
* chore: remove fc v1 from groups controller, refs PM-10291

* chore: remove fc v1 from organization users controller, refs PM-10291

* chore: remove fc v1 from organizations controller and clean up unsused imports, refs PM-10291

* chore: remove fc v1 from BulkCollectionAuthorizationHandler, refs PM-10291

* chore: remove fc v1 from CiphersCollections, refs PM-10291

* fix: unit tests related to fc v1 flag removal, refs PM-10291

* chore: update AllowAdminAccessToAllCollectionItems to take optional params, increase usage, refs PM-10291

* fix: format files, refs PM-10291

* chore: revert change to helper method, ignore double cache call, refs PM-10291
2024-08-08 12:26:07 -05:00
8d69bb0aaa [AC-1698] Check if a user has 2FA enabled more efficiently (#4524)
* feat: Add stored procedure for reading organization user details with premium access by organization ID

The code changes include:
- Addition of a new stored procedure [dbo].[OrganizationUserUserDetailsWithPremiumAccess_ReadByOrganizationId] to read organization user details with premium access by organization ID
- Modification of the IUserService interface to include an optional parameter for checking two-factor authentication with premium access
- Modification of the UserService class to handle the new optional parameter in the TwoFactorIsEnabledAsync method
- Addition of a new method GetManyDetailsWithPremiumAccessByOrganizationAsync in the IOrganizationUserRepository interface to retrieve organization user details with premium access by organization ID
- Addition of a new view [dbo].[OrganizationUserUserDetailsWithPremiumAccessView] to retrieve organization user details with premium access

* Add IUserRepository.SearchDetailsAsync that includes the field HasPremiumAccess

* Check the feature flag on Admin.UsersController to see if the optimization runs

* Modify PolicyService to run query optimization if the feature flag is enabled

* Refactor the parameter check on UserService.TwoFactorIsEnabledAsync

* Run query optimization on public MembersController if feature flag is enabled

* Restore refactor

* Reverted change used for development

* Add unit tests for OrganizationService.RestoreUser

* Separate new CheckPoliciesBeforeRestoreAsync optimization into new method

* Add more unit tests

* Apply refactor to bulk restore

* Add GetManyDetailsAsync method to IUserRepository. Add ConfirmUsersAsync_vNext method to IOrganizationService

* Add unit tests for ConfirmUser_vNext

* Refactor the optimization to use the new TwoFactorIsEnabledAsync method instead of changing the existing one

* Removed unused sql scripts and added migration script

* Remove unnecessary view

* chore: Remove unused SearchDetailsAsync method from IUserRepository and UserRepository

* refactor: Use UserDetails constructor in UserRepository

* Add summary to IUserRepository.GetManyDetailsAsync

* Add summary descriptions to IUserService.TwoFactorIsEnabledAsync

* Remove obsolete annotation from IUserRepository.UpdateUserKeyAndEncryptedDataAsync

* refactor: Rename UserDetails to UserWithCalculatedPremium across the codebase

* Extract IUserService.TwoFactorIsEnabledAsync into a new TwoFactorIsEnabledQuery class

* Add unit tests for TwoFactorIsEnabledQuery

* Update TwoFactorIsEnabledQueryTests to include additional provider types

* Refactor TwoFactorIsEnabledQuery

* Refactor TwoFactorIsEnabledQuery and update tests

* refactor: Update TwoFactorIsEnabledQueryTests to include test for null TwoFactorProviders

* refactor: Improve TwoFactorIsEnabledQuery and update tests

* refactor: Improve TwoFactorIsEnabledQuery and update tests

* Remove empty <returns> from summary

* Update User_ReadByIdsWithCalculatedPremium stored procedure to accept JSON array of IDs
2024-08-08 15:43:45 +01:00