1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Commit Graph

1346 Commits

Author SHA1 Message Date
fd90bf5f3d fix logic (#4550) 2024-07-22 19:43:14 +00:00
a0599e71eb [deps] Auth: Update azure azure-sdk-for-net monorepo (#4537)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
2024-07-22 12:37:09 -07:00
091c03a90c [PM-9826] Remove validation from 2fa GET and mask sensitive data (#4526)
* remove validation from 2fa GET and mask sensitive data

* skip verification check on put email

* disable verification on send-email and reenable on put email

* validate authenticator on set instead of get

* Revert "validate authenticator on set instead of get"

This reverts commit 7bf2084531.

* fix tests

* fix more tests

* Narrow scope of verify bypass

* Defaulted to false on VerifySecretAsync

* fix default param value

---------

Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2024-07-22 11:21:14 -04:00
9b9f202f79 Resolved an issue where the API required users to be organization owners when accessing the members page (#4534) 2024-07-19 10:24:48 -04:00
45ec57f81b [AC-2887] Added Billing Authorization Where Missing (#4525)
* Added missing authorization validation to OrganizationBillingController endpoints

* Moved authorization validation to top of each method

* Resolved broken unit tests and added some new ones
2024-07-17 16:15:28 -04:00
88d5a97a86 Fix key rotation being broken due to org ciphers being included (#4522) 2024-07-17 09:21:32 -04:00
5df0e2180d [AC-2847] Simplify OrganizationUser and Group PUT methods and tests (#4479)
* refactor controller logic
* add additional validation checks to update commands
* refactor and improve tests
2024-07-16 10:47:28 +10:00
7fe4fe16cb [AC-1331] Remove Manager role - final (#4493)
* Remove OrganizationUserType.Manager

* Add EnumDataType validation to prevent invalid enum values
2024-07-12 06:13:10 +10:00
ca50eb8fe3 [AC-2741] Turn on BulkDeviceApproval feature for self-host (#4453)
Also remove the feature flagging on server, but keep definition
for old clients
2024-07-11 08:38:06 +10:00
ff8a436cd4 chore: remove UnassignedItemBanners feature flag and API endpoint, refs AC-2520 (#4461) 2024-07-09 15:59:41 -05:00
acc4808509 [SM-1256] Add BulkSecretAuthorizationHandler (#4099)
* Add AccessToSecretsAsync to the repository

* Add BulkSecretAuthorizationHandler

* Update controller to use the new authz handler

* Add integration test coverage
2024-07-09 10:06:33 -05:00
b8f71271eb [Sm-1197] - dupe guids (#4202)
* Show a more detailed error message if duplicate GUIDS are passed ot get by Ids

* Update test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Making requested changes to tests

* lint fix

* fixing whitespace

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-07-03 11:50:11 -04:00
07d37b1b41 [AC-2805] Add AssignedSeats to ProviderOrganizationOrganizationDetailsView (#4446)
* Add 'AssignedSeats' to ProviderOrganizationOrganizationDetailsView

* Add newline

* Thomas' feedback
2024-07-03 10:33:37 -04:00
ef44def88b [AC-2810] Remove unused FlexibleCollections feature flag from CollectionCipher Repository (#4284)
Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync

This feature flag was never turned on and we will update the sprocs
directly as required.
2024-07-03 12:06:36 +10:00
4e0a981b43 [AC-2809] Remove unused FlexibleCollections feature flag from Cipher Repository (#4282)
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync

This feature flag was never turned on and we will update the sprocs
directly as required.
2024-07-03 11:45:44 +10:00
b5d42eb189 Handle TDE enrollment case in put account recovery enrollment endpoint (#4449)
* Handle TDE enrollment case in put account recovery enrollment endpoint

* Use `ssoConfig` to derive if an organization is using TDE
2024-07-02 14:18:29 -05:00
e2d2a2ba90 Add a master password hash check to account recovery enrollment (#4154) 2024-07-01 11:52:58 -04:00
750321afaa Updated CSV column header, removed invoice PDF URL (#4212) 2024-06-26 09:30:30 -04:00
e8e725c389 [AC-2795] Add account credit & tax information to provider subscription (#4276)
* Add account credit, suspension and tax information to subscription response

* Run dotnet format'
2024-06-26 09:08:18 -04:00
d064ee73fc [PM-8997] Revert restriction for provider users (#4223)
* reverted restriction for provider users

* updated comment
2024-06-24 15:05:25 -04:00
95f54b616e [AC-2744] Add provider portal pricing for consolidated billing (#4210)
* Expanded Teams and Enterprise plan with provider seat data

* Updated provider setup process with new plan information

* Updated provider subscription retrieval and update with new plan information

* Updated client invoice report with new plan information

* Fixed tests

* Fix broken test
2024-06-24 11:16:57 -04:00
fa62b36d44 [AC-2774] Consolidated issues for Consolidated Billing (#4201)
* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
2024-06-24 11:15:47 -04:00
f275b2567d [PM-517] Added validation to maximum and minimum expiry date (#4199)
* Added validation to maximum and minimum expiry date

* Updated error text on SendRequestModel

* Add tests to ValidateEdit on SendRequestModel
2024-06-21 13:56:43 +01:00
9595252224 [AC-2656] Remove old permissions code from CiphersController (#4186) 2024-06-21 09:57:43 +10:00
6262686c0c [AC-2699] Remove AccessAll from api request/response models (#4203) 2024-06-21 09:00:01 +10:00
01d67dce48 [SM-654] Individual secret permissions (#4160)
* Add new data and request models

* Update authz handlers

* Update secret commands to handle access policy updates

* Update secret repository to handle access policy updates

* Update secrets controller to handle access policy updates

* Add tests

* Add integration tests for secret create
2024-06-20 12:45:28 -05:00
0e6e461602 [SM-654] Add support for direct secret permissions at the repo layer (#4156)
* calculate direct secret permissions at the repo layer

* Add integration tests for service account secret access count
2024-06-20 10:40:24 -05:00
7f496e7399 Add a CancelAt to the response (#4205)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-06-20 13:50:42 +01:00
29b47f72ca Auth/PM-3833 - Remove Deprecated Register and Prelogin endpoints from API (#4206)
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.

* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.

* PM-3833 - FIX LINT

* PM-3833 - Fix issues after merge conflict fixes.

* PM-3833 - Another test fix
2024-06-19 15:11:24 -04:00
c375c18257 [AC-2655] Remove old permissions logic from CollectionsController (#4185)
* Replace all old methods with vNext methods

* Remove remaining Flexible Collections checks and remove helper method

* Remove unused private methods

* Update tests
2024-06-18 06:23:32 +10:00
3ad4bc1cab [PM-4371] Implement PRF key rotation (#4157)
* Send rotateable keyset on list webauthn keys

* Implement basic prf key rotation

* Add validator for webauthn rotation

* Fix accounts controller tests

* Add webauthn rotation validator tests

* Introduce separate request model

* Fix tests

* Remove extra empty line

* Remove filtering in validator

* Don't send encrypted private key

* Fix tests

* Implement delegated webauthn db transactions

* Add backward compatibility

* Fix query not working

* Update migration sql

* Update dapper query

* Remove unused helper

* Rename webauthn to WebAuthnLogin

* Fix linter errors

* Fix tests

* Fix tests
2024-06-17 20:46:57 +02:00
2841c1aba0 fix: remove required annotation for AccessAll, refs PM-8792 (#4191) 2024-06-17 08:08:12 +10:00
721d2969d4 [PM-8830] Billing Enums Rename (#4180)
* Renamed ProductType to ProductTierType

* Renamed Product properties to ProductTier

* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums

* Moved PlanType enum to Bit.Core.Billing.Enums

* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace

* Added ProductType enum

* dotnet format
2024-06-14 15:34:47 -04:00
41ed38080f Revert "[SM-1197] - Duplicate GUIDS Show a more detailed error message if dup…" (#4190)
This reverts commit 43b34c433c.
2024-06-14 17:45:17 +00:00
43b34c433c [SM-1197] - Duplicate GUIDS Show a more detailed error message if duplicate GUIDS are passed ot g… (#4161)
* Show a more detailed error message if duplicate GUIDS are passed ot get by Ids

* Update test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update src/Api/SecretsManager/Models/Request/GetSecretsRequestModel.cs

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Making requested changes to tests

* lint fix

* fixing whitespace

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2024-06-14 17:23:23 +00:00
83604cceb1 [AC-1943] Implement provider client invoice report (#4178)
* Update ProviderInvoiceItem SQL configuration

* Implement provider client invoice export

* Add tests

* Run dotnet format

* Fixed SPROC backwards compatibility issue
2024-06-14 12:26:49 -04:00
fc1c488a78 [AC-2567] Billing Performance Improvements (#4143)
* Moved AccountsBilling controller to be owned by Billing

* Added org billing history endpoint

* Updated GetBillingInvoicesAsync to only retrieve paid, open, and uncollectible invoices, and added option to limit results

* Removed invoices and transactions from GetBillingAsync

* Limiting the number of invoices and transactions returned

* Moved Billing models to Billing namespace

* Split billing info and billing history objects

* Removed billing method GetBillingBalanceAndSourceAsync

* Removed unused using

* Cleaned up BillingInfo a bit

* Update migration scripts to use `CREATE OR ALTER` instead of checking for the `OBJECT_ID`

* Applying limit to aggregated invoices after they return from Stripe
2024-06-11 13:55:23 -04:00
308bd555a4 [AC-2286] Include the OrganizationUserId for each Organization in the user sync data (#4142)
* [AC-2286] Include the OrganizationUserId for each Organization in the user sync data

* Make OrganizationUserId property non-nullable
2024-06-07 13:32:09 -05:00
36705790ad [SM-1293] Add endpoint to fetch secret's access policies (#4146)
* Add authz handling for secret access policy reads

* Add the ability to fetch secret access polices from the repository

* refactor response models

* Add new endpoint
2024-06-07 12:08:38 -05:00
fef34d845f Add additional return properties ti providerSubscriptionResponse (#4159)
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
2024-06-06 15:54:08 +01:00
Ike
97b3f3e7ee [PM-5216] User and Organization Duo Request and Response Model refactor (#4126)
* inital changes

* add provider GatewayType migrations

* db provider migrations

* removed duo migrations added v2 metadata to duo response

* removed helper scripts

* remove signature from org duo

* added backward compatibility for Duo v2

* added tests for duo request + response models

* refactors to TwoFactorController

* updated test methods to be compartmentalized by usage

* fix organization add duo

* Assert.Empty() fix for validator
2024-06-05 11:42:02 -07:00
a0a7654077 [AC-1942] Add endpoint to get provider invoices (#4158)
* Added endpoint to get provider invoices

* Added missing properties of invoice

* Run dotnet format'
2024-06-05 13:33:28 -04:00
cae417e2a2 [AC-2317] Public API - remove old permissions code (#4125)
* Remove FlexibleCollections checks from Public API controllers

* Remove AccessAll from Public API

* Update tests
2024-06-04 08:58:44 +10:00
2c40dc0602 [AC-2654] Remove old permissions code from OrganizationUsersController (#4149) 2024-06-04 08:47:12 +10:00
80793d1ffa [AC-2653] Remove old permissions code from GroupsController (#4148) 2024-06-04 08:46:48 +10:00
fe76de63a0 Fix optional properties being required in public api (#4150) 2024-06-04 08:17:01 +10:00
395d6e845c [AC-2678] Enterprise to Families Sponsorship Bugs (#4118)
* Removed prorationDate as it wasn't used, and wasn't needed

* Fixed logic to detect if a subscription was sponsored

* Moved OrganizationSponsorshipsController.cs to Billing folder
2024-06-03 13:18:46 -04:00
2b43cde99b [AC-1938] Update provider payment method (#4140)
* Refactored GET provider subscription

Refactoring this endpoint and its associated tests in preparation for the addition of more endpoints that share similar patterns

* Replaced StripePaymentService call in AccountsController, OrganizationsController

This was made in error during a previous PR. Since this is not related to Consolidated Billing, we want to try not to include it in these changes.

* Removing GetPaymentInformation call from ProviderBillingService

This method is a good call for the SubscriberService as we'll want to extend the functionality to all subscriber types

* Refactored GetTaxInformation to use Billing owned DTO

* Add UpdateTaxInformation to SubscriberService

* Added GetTaxInformation and UpdateTaxInformation endpoints to ProviderBillingController

* Added controller to manage creation of Stripe SetupIntents

With the deprecation of the Sources API, we need to move the bank account creation process to using SetupIntents. This controller brings both the creation of "card" and "us_bank_account" SetupIntents
under billing management.

* Added UpdatePaymentMethod method to SubscriberService

This method utilizes the SetupIntents created by the StripeController from the previous commit when a customer adds a card or us_bank_account payment method (Stripe). We need to cache the most recent SetupIntent for the subscriber so that we know which PaymentMethod is their most recent even when it hasn't been confirmed yet.

* Refactored GetPaymentMethod to use billing owned DTO and check setup intents

* Added GetPaymentMethod and UpdatePaymentMethod endpoints to ProviderBillingController

* Re-added GetPaymentInformation endpoint to consolidate API calls on the payment method page

* Added VerifyBankAccount endpoint to ProviderBillingController in order to finalize bank account payment methods

* Updated BitPayInvoiceRequestModel to support providers

* run dotnet format

* Conner's feedback

* Run dotnet format'
2024-06-03 11:00:52 -04:00
357ac4f40a [AC-292] Public Api - allow configuration of custom permissions (#4022)
* Also refactor OrganizationService user invite methods
2024-05-31 09:23:31 +10:00
0189952e1f [PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)
* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests
2024-05-30 11:08:26 +02:00