* Families for enterprise/split up organization sponsorship service (#1829)
* Split OrganizationSponsorshipService into commands
* Use tokenable for token validation
* Use interfaces to set up for DI
* Use commands over services
* Move service tests to command tests
* Value types can't be null
* Run dotnet format
* Update src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/CancelSponsorshipCommand.cs
Co-authored-by: Justin Baur <admin@justinbaur.com>
* Fix controller tests
Co-authored-by: Justin Baur <admin@justinbaur.com>
* Families for enterprise/split up organization sponsorship service (#1875)
* Split OrganizationSponsorshipService into commands
* Use tokenable for token validation
* Use interfaces to set up for DI
* Use commands over services
* Move service tests to command tests
* Value types can't be null
* Run dotnet format
* Update src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/CancelSponsorshipCommand.cs
Co-authored-by: Justin Baur <admin@justinbaur.com>
* Fix controller tests
* Split create and send sponsorships
* Split up create sponsorship
* Add self hosted commands to dependency injection
* Add field to store cloud billing sync key on self host instances
* Fix typo
* Fix data protector purpose of sponsorship offers
* Split cloud and selfhosted sponsorship offer tokenable
* Generate offer from self hosted with all necessary auth data
* Add Required properties to constructor
* Split up cancel sponsorship command
* Split revoke sponsorship command between cloud and self hosted
* Fix/f4e multiple sponsorships (#1838)
* Use sponosorship from validate to redeem
* Update tests
* Format
* Remove sponsorship service
* Run dotnet format
* Fix self hosted only controller attribute
* Clean up file structure and fixes
* Remove unneeded tokenables
* Remove obsolete commands
* Do not require file/class prefix if unnecessary
* Update Organizaiton sprocs
* Remove unnecessary models
* Fix tests
* Generalize LicenseService path calculation
Use async file read and deserialization
* Use interfaces for testability
* Remove unused usings
* Correct test direction
* Test license reading
* remove unused usings
* Format
Co-authored-by: Justin Baur <admin@justinbaur.com>
* Improve DataProtectorTokenFactory test coverage (#1884)
* Add encstring to server
* Test factory
Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>
* Format
* Remove SymmetricKeyProtectedString
Not needed
* Set ForcInvalid
Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>
* Feature/self f4e/api keys (#1896)
* Add in ApiKey
* Work on API Key table
* Work on apikey table
* Fix response model
* Work on information for UI
* Work on last sync date
* Work on sync status
* Work on auth
* Work on tokenable
* Work on merge
* Add custom requirement
* Add policy
* Run formatting
* Work on EF Migrations
* Work on OrganizationConnection
* Work on database
* Work on additional database table
* Run formatting
* Small fixes
* More cleanup
* Cleanup
* Add RevisionDate
* Add GO
* Finish Sql project
* Add newlines
* Fix stored proc file
* Fix sqlproj
* Add newlines
* Fix table
* Add navigation property
* Delete Connections when organization is deleted
* Add connection validation
* Start adding ID column
* Work on ID column
* Work on SQL migration
* Work on migrations
* Run formatting
* Fix test build
* Fix sprocs
* Work on migrations
* Fix Create table
* Fix sproc
* Add prints to migration
* Add default value
* Update EF migrations
* Formatting
* Add to integration tests
* Minor fixes
* Formatting
* Cleanup
* Address PR feedback
* Address more PR feedback
* Fix formatting
* Fix formatting
* Fix
* Address PR feedback
* Remove accidential change
* Fix SQL build
* Run formatting
* Address PR feedback
* Add sync data to OrganizationUserOrgDetails
* Add comments
* Remove OrganizationConnectionService interface
* Remove unused using
* Address PR feedback
* Formatting
* Minor fix
* Feature/self f4e/update db (#1930)
* Fix migration
* Fix TimesRenewed
* Add comments
* Make two properties non-nullable
* Remove need for SponsoredOrg on SH (#1934)
* Remove need for SponsoredOrg on SH
* Add Family prefix
* Add check for enterprise org on BillingSync key (#1936)
* [PS-10] Feature/sponsorships removed at end of term (#1938)
* Rename commands to min unique names
* Inject revoke command based on self hosting
* WIP: Remove/Revoke marks to delete
* Complete WIP
* Improve remove/revoke tests
* PR review
* Fail validation if sponsorship has failed to sync for 6 months
* Feature/do not accept old self host sponsorships (#1939)
* Do not accept >6mo old self-hosted sponsorships
* Give disabled grace period of 3 months
* Fix issues of Sql.proj differing from migration outcome (#1942)
* Fix issues of Sql.proj differing from migration outcome
* Yoink int tests
* Add missing assert helpers
* Feature/org sponsorship sync (#1922)
* Self-hosted side sync first pass
TODO:
* flush out org sponsorship model
* implement cloud side
* process cloud-side response and update self-hosted records
* sync scaffolding second pass
* remove list of Org User ids from sync and begin work on SelfHostedRevokeSponsorship
* allow authenticated http calls from server to return a result
* update models
* add logic for sync and change offer email template
* add billing sync key and hide CreateSponsorship without user
* fix tests
* add job scheduling
* add authorize attributes to endpoints
* separate models into data/model and request/response
* batch sync more, add EnableCloudCommunication for testing
* send emails in bulk
* make userId and sponsorshipType non nullable
* batch more on self hosted side of sync
* remove TODOs and formatting
* changed logic of cloud sync
* let BaseIdentityClientService handle all logging
* call sync from scheduled job on self host
* create bulk db operations for OrganizationSponsorships
* remove SponsoredOrgId from sync, return default from server http call
* validate BillingSyncKey during sync
revert changes to CreateSponsorshipCommand
* revert changes to ICreateSponsorshipCommand
* add some tests
* add DeleteExpiredSponsorshipsJob
* add cloud sync test
* remove extra method
* formatting
* prevent new sponsorships from disabled orgs
* update packages
* - pulled out send sponsorship command dependency from sync on cloud
- don't throw error when sponsorships are empty
- formatting
* formatting models
* more formatting
* remove licensingService dependency from selfhosted sync
* use installation urls and formatting
* create constructor for RequestModel and formatting
* add date parameter to OrganizationSponsorship_DeleteExpired
* add new migration
* formatting
* rename OrganizationCreateSponsorshipRequestModel to OrganizationSponsorshipCreateRequestModel
* prevent whole sync from failing if one sponsorship type is unsupported
* deserialize config and billingsynckey from org connection
* alter log message when sync disabled
* Add grace period to disabled orgs
* return early on self hosted if there are no sponsorships in database
* rename BillingSyncConfig
* send sponsorship offers from controller
* allow config to be a null object
* better exception handling in sync scheduler
* add ef migrations
* formatting
* fix tests
* fix validate test
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Fix OrganizationApiKey issues (#1941)
Co-authored-by: Justin Baur <admin@justinbaur.com>
* Feature/org sponsorship self hosted tests (#1947)
* Self-hosted side sync first pass
TODO:
* flush out org sponsorship model
* implement cloud side
* process cloud-side response and update self-hosted records
* sync scaffolding second pass
* remove list of Org User ids from sync and begin work on SelfHostedRevokeSponsorship
* allow authenticated http calls from server to return a result
* update models
* add logic for sync and change offer email template
* add billing sync key and hide CreateSponsorship without user
* fix tests
* add job scheduling
* add authorize attributes to endpoints
* separate models into data/model and request/response
* batch sync more, add EnableCloudCommunication for testing
* send emails in bulk
* make userId and sponsorshipType non nullable
* batch more on self hosted side of sync
* remove TODOs and formatting
* changed logic of cloud sync
* let BaseIdentityClientService handle all logging
* call sync from scheduled job on self host
* create bulk db operations for OrganizationSponsorships
* remove SponsoredOrgId from sync, return default from server http call
* validate BillingSyncKey during sync
revert changes to CreateSponsorshipCommand
* revert changes to ICreateSponsorshipCommand
* add some tests
* add DeleteExpiredSponsorshipsJob
* add cloud sync test
* remove extra method
* formatting
* prevent new sponsorships from disabled orgs
* update packages
* - pulled out send sponsorship command dependency from sync on cloud
- don't throw error when sponsorships are empty
- formatting
* formatting models
* more formatting
* remove licensingService dependency from selfhosted sync
* use installation urls and formatting
* create constructor for RequestModel and formatting
* add date parameter to OrganizationSponsorship_DeleteExpired
* add new migration
* formatting
* rename OrganizationCreateSponsorshipRequestModel to OrganizationSponsorshipCreateRequestModel
* prevent whole sync from failing if one sponsorship type is unsupported
* deserialize config and billingsynckey from org connection
* add mockHttp nuget package and use httpclientfactory
* fix current tests
* WIP of creating tests
* WIP of new self hosted tests
* WIP self hosted tests
* finish self hosted tests
* formatting
* format of interface
* remove extra config file
* added newlines
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Fix Organization_DeleteById (#1950)
* Fix Organization_Delete
* Fix L
* [PS-4] block enterprise user from sponsoring itself (#1943)
* [PS-248] Feature/add connections enabled endpoint (#1953)
* Move Organization models to sub namespaces
* Add Organization Connection api endpoints
* Get all connections rather than just enabled ones
* Add missing services to DI
* pluralize private api endpoints
* Add type protection to org connection request/response
* Fix route
* Use nullable Id to signify no connection
* Test Get Connections enabled
* Fix data discoverer
* Also drop this sproc for rerunning
* Id is the OUTPUT of create sprocs
* Fix connection config parsing
* Linter fixes
* update sqlproj file name
* Use param xdocs on methods
* Simplify controller path attribute
* Use JsonDocument to avoid escaped json in our response/request strings
* Fix JsonDoc tests
* Linter fixes
* Fix ApiKey Command and add tests (#1949)
* Fix ApiKey command
* Formatting
* Fix test failures introduced in #1943 (#1957)
* Remove "Did you know?" copy from emails. (#1962)
* Remove "Did you know"
* Remove jsonIf helper
* Feature/fix send single sponsorship offer email (#1956)
* Fix sponsorship offer email
* Do not sanitize org name
* PR feedback
* Feature/f4e sync event [PS-75] (#1963)
* Create sponsorship sync event type
* Add InstallationId to Event model
* Add combinatorics-based test case generators
* Log sponsorships sync event on sync
* Linter and test fixes
* Fix failing test
* Migrate sprocs and view
* Remove unused `using`s
* [PS-190] Add manual sync trigger in self hosted (#1955)
* WIP add button to admin project for billing sync
* add connection table to view page
* minor fixes for self hosted side of sync
* fixes number of bugs for cloud side of sync
* deserialize before returning for some reason
* add json attributes to return models
* list of sponsorships parameter is immutable, add secondary list
* change sproc name
* add error handling
* Fix tests
* modify call to connection
* Update src/Admin/Controllers/OrganizationsController.cs
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* undo change to sproc name
* simplify logic
* Update src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/Cloud/CloudSyncSponsorshipsCommand.cs
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* register services despite if self hosted or cloud
* remove json properties
* revert merge conflict
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Update OrganizationSponsorship valid until when updating org expirati… (#1966)
* Update OrganizationSponsorship valid until when updating org expiration date
* Linter fixes
* [PS-7] change revert email copy and add ValidUntil to sponsorship (#1965)
* change revert email copy and add ValidUntil to sponsorship
* add 15 days if no ValidUntil
* Chore/merge/self hosted families for enterprise (#1972)
* Log swallowed HttpRequestExceptions (#1866)
Co-authored-by: Hinton <oscar@oscarhinton.com>
* Allow for utilization of readonly db connection (#1937)
* Bump the pin of the download-artifacts action to bypass the broken GitHub api (#1952)
* Bumped version to 1.48.0 (#1958)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* [EC-160] Give Provider Users access to all org ciphers and collections (#1959)
* Bumped version to 1.48.1 (#1961)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Avoid sending "user need confirmation" emails when there are no org admins (#1960)
* Remove noncompliant users for new policies (#1951)
* [PS-284] Allow installation clients to not need a user. (#1968)
* Allow installation clients to not need a user.
* Run formatting
Co-authored-by: Andrei <30410186+Manolachi@users.noreply.github.com>
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Justin Baur <136baur@gmail.com>
* Fix/license file not found (#1974)
* Handle null license
* Throw hint message if license is not found by the admin project.
* Use CloudOrganizationId from Connection config
* Change test to support change
* Fix test
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Feature/f4e selfhosted rename migration to .sql (#1971)
* rename migration to .sql
* format
* Add unit tests to self host F4E (#1975)
* Work on tests
* Added more tests
* Run linting
* Address PR feedback
* Fix AssertRecent
* Linting
* Fixed empty tests
* Fix/misc self hosted f4e (#1973)
* Allow setting of ApiUri
* Return updates sponsorshipsData objects
* Bind arguments by name
* Greedy load sponsorships to email.
When upsert was called, it creates Ids on _all_ records, which meant
that the lazy-evaluation from this call always returned an empty list.
* add scope for sync command DI in job. simplify error logic
* update the sync job to get CloudOrgId from the BillingSyncKey
Co-authored-by: Jacob Fink <jfink@bitwarden.com>
* Chore/merge/self hosted families for enterprise (#1987)
* Log swallowed HttpRequestExceptions (#1866)
Co-authored-by: Hinton <oscar@oscarhinton.com>
* Allow for utilization of readonly db connection (#1937)
* Bump the pin of the download-artifacts action to bypass the broken GitHub api (#1952)
* Bumped version to 1.48.0 (#1958)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* [EC-160] Give Provider Users access to all org ciphers and collections (#1959)
* Bumped version to 1.48.1 (#1961)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Avoid sending "user need confirmation" emails when there are no org admins (#1960)
* Remove noncompliant users for new policies (#1951)
* [PS-284] Allow installation clients to not need a user. (#1968)
* Allow installation clients to not need a user.
* Run formatting
* Use accept flow for sponsorship offers (#1964)
* PS-82 check send 2FA email for new devices on TwoFactorController send-email-login (#1977)
* [Bug] Skip WebAuthn 2fa event logs during login flow (#1978)
* [Bug] Supress WebAuthn 2fa event logs during login process
* Formatting
* Simplified method call with new paramter input
* Update RealIps Description (#1980)
Describe the syntax of the real_ips configuration key with an example, to prevent type errors in the `setup` container when parsing `config.yml`
* add proper URI validation to duo host (#1984)
* captcha scores (#1967)
* captcha scores
* some api fixes
* check bot on captcha attribute
* Update src/Core/Services/Implementations/HCaptchaValidationService.cs
Co-authored-by: e271828- <e271828-@users.noreply.github.com>
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>
* ensure no path specific in duo host (#1985)
Co-authored-by: Andrei <30410186+Manolachi@users.noreply.github.com>
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Justin Baur <136baur@gmail.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Jordan Cooks <notnamed@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>
* Address feedback (#1990)
Co-authored-by: Justin Baur <admin@justinbaur.com>
Co-authored-by: Carlos Muentes <cmuentes@bitwarden.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Justin Baur <136baur@gmail.com>
Co-authored-by: Andrei <30410186+Manolachi@users.noreply.github.com>
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: sneakernuts <671942+sneakernuts@users.noreply.github.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Jordan Cooks <notnamed@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Co-authored-by: e271828- <e271828-@users.noreply.github.com>
* added enum values for new events
* hooked up directory sync event
* upgraded the OrganizationUpgrade ReferenceEvent
* Added metadata to the OrganizationUserInvited event noting if this is the first event sent from an organization
* Added metadata to the AdjustedSeats event
* Implemented vaultImported event
* Implemented FirstGroupAdded event
* Implemented FirstCollectionAdded event
* Implemented FirstSecretAdded event type
* Implemented SalesAssisted reference event
* changed events to match updated requirements
* renamed an event enum
* Share globalSettings hcaptcha public key with clients
* Require captcha valid only prior to two factor
users with two factor will have already solved captcha is necessary.
Users without two factor will have`TwoFactorVerified` set to false
* Do not require CaptchaResponse on two-factor requests
* Add option to always require captcha for testing purposes
* Allow for self-hosted instances if they want to use it
* Move refresh suggestion to correct error
* Expect lifetime in helper method
* Add captcha bypass token to successful captcha validations
* Remove twofactorValidated
* PR Feedback
* Get limited life attachment download URL
This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.
Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.
* Make GlobalSettings interface for testing
* Test LocalAttachmentStorageService equivalence
* Remove comment
* Add missing globalSettings using
* Simplify default attachment container
* Default to attachments containe for existing methods
A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads
* Remove Default MetaData fixture.
* Keep attachments container blob-level security for all instances
* Close unclosed FileStream
* Favor default value for noop services
* Add Disable Send policy
* Test DisableSend policy
* PR Review
* Update tests for using CurrentContext
This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.
I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference
* Fix failing test
* Update exemption to include all exempt users
* Move all CurrentContext usages to ICurrentContext
* PR review. Match messaging with Web
* Implemented Custom role and permissions
* Converted permissions columns to a json blob
* Code review fixes for Permissions
* sql build fix
* Update Permissions.cs
* formatting
* Update IOrganizationService.cs
* reworked a conditional
* built out tests for relevant organization service methods
* removed unused usings
* fixed a broken test and a bad empty string init
* removed 'Attribute' from some attribute instances
* added column ApiKey to dbo.User
* added dbo.User.ApiKey to User_Update
* added dbo.User.ApiKey to User_Create
* wrote migration script for implementing dbo.User.ApiKey
* Added ApiKey prop to the User table model
* Created AccountsController method for getting a user's API Key
* Created AccountsController method for rotating a user API key
* Added support to ApiClient for passed-through ClientSecrets when the request comes from the cli
* Added a new conditional to ClientStore to account for user API keys
* Wrote unit tests for new user API Key methods
* Added a refresh of dbo.UserView to new migration script for ApiKey
* Let client_credentials grants into the custom token logic
* Cleanup for ApiKey auth in the CLI feature
* Created user API key on registration
* Removed uneeded code for user API keys
* Changed a .Contains() to a .StartsWith() in ClientStore
* Changed index that an array is searched on
* Added more claims to the user apikey clients
* Moved some claim finding logic to a helper method
* Initial commit of require sso authentication policy enforcement
* Updated sproc to send UseSso flag // Updated base validator to send back error message // Added changes to EntityFramework (just so its there for the future
* Update policy name // adjusted conditional to demorgan's
* Updated sproc // Added migrator script
* Added .sql file extension to DeleteOrgUserWithOrg migrator script
* Added policy // edit // strings // validation to business portal
* Change requests from review // Added Owner & Admin exemption
* Updated repository function used to get org user's type
* Updated with requested changes
