bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-06 02:23:51 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into feature/flexible-collections

Browse Source
This commit is contained in:
Vincent Salucci
2023-09-12 10:32:23 -05:00
parent 3c9c8acc22 0be766c98a
commit 4ac1b10fb1
21 changed files with 270 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/Core/Auth/Services/Implementations/AuthRequestService.cs
View File

@@ -82,34 +82,39 @@ public class AuthRequestService : IAuthRequestService
/// </remarks>
public async Task<AuthRequest> CreateAuthRequestAsync(AuthRequestCreateRequestModel model)
{
var user = await _userRepository.GetByEmailAsync(model.Email);
if (user == null)
{
throw new NotFoundException();
}
if (!_currentContext.DeviceType.HasValue)
{
throw new BadRequestException("Device type not provided.");
}
if (_globalSettings.PasswordlessAuth.KnownDevicesOnly)
var userNotFound = false;
var user = await _userRepository.GetByEmailAsync(model.Email);
if (user == null)
{
userNotFound = true;
}
else if (_globalSettings.PasswordlessAuth.KnownDevicesOnly)
{
var devices = await _deviceRepository.GetManyByUserIdAsync(user.Id);
if (devices == null || !devices.Any(d => d.Identifier == model.DeviceIdentifier))
{
throw new BadRequestException(
"Login with device is only available on devices that have been previously logged in.");
userNotFound = true;
}
}
// Anonymous endpoints must not leak that a user exists or not
if (userNotFound)
{
throw new BadRequestException("User or known device not found.");
}
// AdminApproval requests require correlating the user and their organization
if (model.Type == AuthRequestType.AdminApproval)
{
// TODO: When single org policy is turned on we should query for only a single organization from the current user
// and create only an AuthRequest for that organization and return only that one
// This will send out the request to all organizations this user belongs to
// This will send out the request to all organizations this user belongs to
var organizationUsers = await _organizationUserRepository.GetManyByUserAsync(_currentContext.UserId!.Value);
if (organizationUsers.Count == 0)
@@ -173,7 +178,7 @@ public class AuthRequestService : IAuthRequestService
switch (authRequest.Type)
{
case AuthRequestType.AdminApproval:
// AdminApproval has a different expiration time, by default is 7 days compared to
// AdminApproval has a different expiration time, by default is 7 days compared to
// non-AdminApproval ones having a default of 15 minutes.
if (IsDateExpired(authRequest.CreationDate, _globalSettings.PasswordlessAuth.AdminRequestExpiration))
{
@@ -213,7 +218,7 @@ public class AuthRequestService : IAuthRequestService
await _authRequestRepository.ReplaceAsync(authRequest);
// We only want to send an approval notification if the request is approved (or null),
// We only want to send an approval notification if the request is approved (or null),
// to not leak that it was denied to the originating client if it was originated by a malicious actor.
if (authRequest.Approved ?? true)
{

4
src/Core/Context/CurrentContext.cs
View File

@@ -358,7 +358,9 @@ public class CurrentContext : ICurrentContext
public async Task<bool> ViewAssignedCollections(Guid orgId)
{
return await EditAssignedCollections(orgId) || await DeleteAssignedCollections(orgId);
return await CreateNewCollections(orgId) // Required to display the existing collections under which the new collection can be nested
|| await EditAssignedCollections(orgId)
|| await DeleteAssignedCollections(orgId);
}
public async Task<bool> ManageGroups(Guid orgId)

74
src/Core/Models/Business/TaxInfo.cs
View File

@@ -35,14 +35,23 @@ public class TaxInfo
return _taxIdType;
}
switch (BillingAddressCountry)
switch (BillingAddressCountry.ToUpper())
{
case "AD":
_taxIdType = "ad_nrt";
break;
case "AE":
_taxIdType = "ae_trn";
break;
case "AR":
_taxIdType = "ar_cuit";
break;
case "AU":
_taxIdType = "au_abn";
break;
case "BO":
_taxIdType = "bo_tin";
break;
case "BR":
_taxIdType = "br_cnpj";
break;
@@ -55,9 +64,45 @@ public class TaxInfo
}
_taxIdType = "ca_bn";
break;
case "CH":
_taxIdType = "ch_vat";
break;
case "CL":
_taxIdType = "cl_tin";
break;
case "CN":
_taxIdType = "cn_tin";
break;
case "CO":
_taxIdType = "co_nit";
break;
case "CR":
_taxIdType = "cr_tin";
break;
case "DO":
_taxIdType = "do_rcn";
break;
case "EC":
_taxIdType = "ec_ruc";
break;
case "EG":
_taxIdType = "eg_tin";
break;
case "GE":
_taxIdType = "ge_vat";
break;
case "ID":
_taxIdType = "id_npwp";
break;
case "IL":
_taxIdType = "il_vat";
break;
case "IS":
_taxIdType = "is_vat";
break;
case "KE":
_taxIdType = "ke_pin";
break;
case "AT":
case "BE":
case "BG":
@@ -115,6 +160,15 @@ public class TaxInfo
case "NZ":
_taxIdType = "nz_gst";
break;
case "PE":
_taxIdType = "pe_ruc";
break;
case "PH":
_taxIdType = "ph_tin";
break;
case "RS":
_taxIdType = "rs_pib";
break;
case "RU":
_taxIdType = "ru_inn";
break;
@@ -124,15 +178,33 @@ public class TaxInfo
case "SG":
_taxIdType = "sg_gst";
break;
case "SV":
_taxIdType = "sv_nit";
break;
case "TH":
_taxIdType = "th_vat";
break;
case "TR":
_taxIdType = "tr_tin";
break;
case "TW":
_taxIdType = "tw_vat";
break;
case "UA":
_taxIdType = "ua_vat";
break;
case "US":
_taxIdType = "us_ein";
break;
case "UY":
_taxIdType = "uy_ruc";
break;
case "VE":
_taxIdType = "ve_rif";
break;
case "VN":
_taxIdType = "vn_tin";
break;
case "ZA":
_taxIdType = "za_vat";
break;

2
src/Core/SecretsManager/Queries/Projects/Interfaces/IMaxProjectsQuery.cs
View File

@@ -2,5 +2,5 @@
public interface IMaxProjectsQuery
{
Task<(short? max, bool? atMax)> GetByOrgIdAsync(Guid organizationId);
Task<(short? max, bool? overMax)> GetByOrgIdAsync(Guid organizationId, int projectsToAdd);
}

6
src/Core/Services/IOrganizationService.cs
View File

@@ -39,6 +39,12 @@ public interface IOrganizationService
OrganizationUserType type, bool accessAll, string externalId, IEnumerable<CollectionAccessSelection> collections, IEnumerable<Guid> groups);
Task<IEnumerable<Tuple<OrganizationUser, string>>> ResendInvitesAsync(Guid organizationId, Guid? invitingUserId, IEnumerable<Guid> organizationUsersId);
Task ResendInviteAsync(Guid organizationId, Guid? invitingUserId, Guid organizationUserId, bool initOrganization = false);
/// <summary>
/// Moves an OrganizationUser into the Accepted status and marks their email as verified.
/// This method is used where the user has clicked the invitation link sent by email.
/// </summary>
/// <param name="token">The token embedded in the email invitation link</param>
/// <returns>The accepted OrganizationUser.</returns>
Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token, IUserService userService);
Task<OrganizationUser> AcceptUserAsync(string orgIdentifier, User user, IUserService userService);
Task<OrganizationUser> AcceptUserAsync(Guid organizationId, User user, IUserService userService);

10
src/Core/Services/Implementations/OrganizationService.cs
View File

@@ -1093,7 +1093,15 @@ public class OrganizationService : IOrganizationService
throw new BadRequestException("User email does not match invite.");
}
return await AcceptUserAsync(orgUser, user, userService);
var organizationUser = await AcceptUserAsync(orgUser, user, userService);
if (user.EmailVerified == false)
{
user.EmailVerified = true;
await _userRepository.ReplaceAsync(user);
}
return organizationUser;
}
public async Task<OrganizationUser> AcceptUserAsync(string orgIdentifier, User user, IUserService userService)