nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-12 23:22:18 -05:00
Code
5,786 Commits 388 Branches 199 Tags
Commit Graph

197 Commits

Author SHA1 Message Date
Matt Gibson
5537470703
Use sas token for attachment downloads (#1153) 
* Get limited life attachment download URL

This change limits url download to a 1min lifetime.
This requires moving to a new container to allow for non-public blob
access.

Clients will have to call GetAttachmentData api function to receive the download
URL. For backwards compatibility, attachment URLs are still present, but will not
work for attachments stored in non-public access blobs.

* Make GlobalSettings interface for testing

* Test LocalAttachmentStorageService equivalence

* Remove comment

* Add missing globalSettings using

* Simplify default attachment container

* Default to attachments containe for existing methods

A new upload method will be made for uploading to attachments-v2.
For compatibility for clients which don't use these new methods, we need
to still use the old container. The new container will be used only for
new uploads

* Remove Default MetaData fixture.

* Keep attachments container blob-level security for all instances

* Close unclosed FileStream

* Favor default value for noop services
 2021-02-22 15:35:16 -06:00
Matt Gibson
edd4bc2623
Add disable send policy (#1130) 
* Add Disable Send policy

* Test DisableSend policy

* PR Review

* Update tests for using CurrentContext

This required making an interface for CurrentContext and mocking out
the members used. The interface can be expanded as needed for tests.

I moved CurrentContext to a folder, which changes the namespace
and causes a lot of file touches, but most are just adding a reference

* Fix failing test

* Update exemption to include all exempt users

* Move all CurrentContext usages to ICurrentContext

* PR review. Match messaging with Web
 2021-02-04 12:54:21 -06:00
Chad Scharf
99b95b5330
Fix safari sso header size (#1065) 
* Safari SSO header size fix - in progress

* Cleanup of memoryCacheTicketStore

* Redis cache ticket store + registration

* Revert some unecessary changes

* temp - distributed cookie: idsrv.external

* Ticket data cached storage added

* OIDC working w/ substantially reduced cookie size

* Added distributed cache cookie manager

* Removed hybrid OIDC flow

* Enable self-hosted folks to use Redis  for SSO

* Also allow self-hosted to use Redis cont...
 2021-01-11 11:03:46 -05:00
Oscar Hinton
0f1af2333e
Add support for Emergency Access (#1000) 
* Add support for Emergency Access

* Add migration script

* Review comments

* Ensure grantor has premium when inviting new grantees.

* Resolve review comments

* Remove two factor references
 2020-12-16 14:36:47 -05:00
Chad Scharf
db7d05b52f
Added PreValidate endpoint on Account controller (#896) 
* Added PreValidate endpoint on Account controller

* Fixed IHttpClientFactory implementation

* Core localization and org sproc fix

* Pass culture, fixed sso middleware bug
 2020-08-28 12:14:23 -04:00
Kyle Spearrin
0d0c6c7167
sso integrations (#822) 
* stub out hybrid sso

* support for PKCE authorization_code clients

* sso service urls

* sso client key

* abstract request validator

* support for verifying password

* custom AuthorizationCodeStore that does not remove codes

* cleanup

* comment

* created master password

* ResetMasterPassword

* rename Sso client to OidcIdentity

* update env builder

* bitwarden sso project in docker-compose

* sso path in nginx config
 2020-07-16 08:01:39 -04:00
Kyle Spearrin
6bc7a3cdc0
adjust cors origin checks (#800) 
* allow cors from bitwarden.com on cloud

* allow file:// cors for safari extension

* fix missing paren
 2020-06-27 15:08:50 -04:00
Kyle Spearrin
cf70a5e480
set cors policies to only allow web vault origin (#787) 
* set cors policy to only allow web vault

* vault cors policy service
 2020-06-23 18:47:53 -04:00
Kyle Spearrin
beb40eb682
Update swagger config to use proper URL scheme (#744) 2020-05-21 15:00:03 -04:00
Chad Scharf
9800b752c0 Changed all C# control flow block statements to include space between keyword and open paren 2020-03-27 14:36:37 -04:00
Kyle Spearrin
e13f022c90 upgrade swagger 2020-01-10 09:36:12 -05:00
Kyle Spearrin
29580684a3 upgrade to aspnet core 3.1 2020-01-10 08:33:13 -05:00
Kyle Spearrin
9e470c1f7a log startup 2019-11-27 14:42:24 -05:00
Kyle Spearrin
aca274a49b add new properties to LogContext 2019-09-03 14:44:22 -04:00
Kyle Spearrin
53ba5fe324 all host origins allowed 2019-08-22 15:05:00 -04:00
Kyle Spearrin
19850631f6 allow cors origin wildcard 2019-08-22 12:00:10 -04:00
Kyle Spearrin
48ec345702 update stripe SDK 2019-08-08 17:36:41 -04:00
Kyle Spearrin
edd49c7e67 show pii on api 2019-07-25 21:17:58 -04:00
Kyle Spearrin
f6da38f931 allow web vault origin for cors requests 2019-07-25 15:05:03 -04:00
Kyle Spearrin
94188fa0b5 update to net core 2.2 2019-07-23 16:38:49 -04:00
Kyle Spearrin
242e509b9d set en-US as default current culture 2019-07-11 15:03:17 -04:00
Kyle Spearrin
6f0d64119a keep application cache in sync with service bus 2019-06-13 00:10:37 -04:00
Kyle Spearrin
e6baa1490c UseForwardedHeaders with known proxies 2019-04-26 09:52:54 -04:00
Kyle Spearrin
685928a4c7 fix bitpay initalization 2019-03-19 23:32:54 -04:00
Kyle Spearrin
3c9b2ef2f5 remove protocol from host 2019-03-08 17:15:42 -05:00
Kyle Spearrin
14ecb8af93 set swagger host 2019-03-08 16:21:37 -05:00
Kyle Spearrin
61f473390f fix spec link 2019-03-08 15:48:34 -05:00
Kyle Spearrin
88cb0443b7 serializer and swagger adjustments for dev 2019-03-01 17:37:11 -05:00
Kyle Spearrin
8d51700120 modelstate and exception handling for public apis 2019-03-01 17:30:44 -05:00
Kyle Spearrin
c02f732056 camelcase swagger/public apis 2019-02-28 20:50:40 -05:00
Kyle Spearrin
77b673f768 doc title 2019-02-28 14:25:47 -05:00
Kyle Spearrin
1c71af47bb swagger specs for public api 2019-02-28 14:20:14 -05:00
Kyle Spearrin
5923b4c9bd org API clients 2019-02-26 17:01:33 -05:00
Kyle Spearrin
fdaa9504d5 bitpay invoice api 2019-02-21 22:43:37 -05:00
Kyle Spearrin
18131ba1e3 remove jsreport pdfs. use stripe invoice pages. 2018-09-13 16:03:04 -04:00
Kyle Spearrin
25899fd326 adjusted serilog inclusion predicate with bypassid 2018-08-15 10:54:15 -04:00
Kyle Spearrin
6b4605e228 centralize AddIdentityAuthenticationServices 2018-08-15 09:26:19 -04:00
Kyle Spearrin
5f79af2e18 move premium renewal job to hosted job service 2018-08-10 11:20:04 -04:00
Kyle Spearrin
e00492b03b log jobs information 2018-08-09 16:22:11 -04:00
Kyle Spearrin
10a19c90d3 Move jobs to api hosted service w/ quartz 2018-08-09 16:08:09 -04:00
Kyle Spearrin
658b47b2fc XForwardedFor on self host 2018-05-21 21:24:35 -04:00
David Roth
702d833cea Add sentry logging support. (#240) 2018-03-23 13:33:31 -04:00
Kyle Spearrin
64277f54f8 token retrieval from header or qs 2018-03-09 11:02:31 -05:00
Kyle Spearrin
f61acdd3b9 remove old token retrieval schemes 2018-01-03 14:11:56 -05:00
Kyle Spearrin
eea119a4b6 simplified cors policy 2017-12-04 21:44:02 -05:00
Kyle Spearrin
51534f159c AllowCredentials for CORS policy 2017-12-04 15:11:33 -05:00
Kyle Spearrin
9cb1047f2b setup to receive & process event postings 2017-12-04 10:59:07 -05:00
Kyle Spearrin
f4586002c4 organize event models. stub out event services 2017-12-01 09:22:04 -05:00
Kyle Spearrin
953f2aa3ef filter TokenRequestValidator and TokenValidator 2017-10-27 09:24:09 -04:00
Kyle Spearrin
f44419de7b filter id server TokenValidator error logs 2017-10-26 23:21:43 -04:00