bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-28 22:23:30 +00:00
Code Issues Releases Wiki Activity

Merge branch 'main' into ac/ac-1682/data-migrations-for-deprecated-permissions

Browse Source
This commit is contained in:
Rui Tome
2024-01-11 12:15:40 +00:00
parent ee43767c84 b829812a3f
commit 71978fe954
72 changed files with 23037 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/AdminConsole/Controllers/OrganizationAuthRequestsController.cs
View File

@@ -1,14 +1,12 @@
using Bit.Api.AdminConsole.Models.Request;
using Bit.Api.AdminConsole.Models.Response;
using Bit.Api.Models.Response;
using Bit.Core;
using Bit.Core.AdminConsole.OrganizationAuth.Interfaces;
using Bit.Core.Auth.Models.Api.Request.AuthRequest;
using Bit.Core.Auth.Services;
using Bit.Core.Context;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@@ -16,7 +14,6 @@ namespace Bit.Api.AdminConsole.Controllers;
[Route("organizations/{orgId}/auth-requests")]
[Authorize("Application")]
[RequireFeature(FeatureFlagKeys.TrustedDeviceEncryption)]
public class OrganizationAuthRequestsController : Controller
{
private readonly IAuthRequestRepository _authRequestRepository;

6
src/Api/AdminConsole/Controllers/OrganizationsController.cs
View File

@@ -764,12 +764,6 @@ public class OrganizationsController : Controller
throw new NotFoundException();
}
if (model.Data.MemberDecryptionType == MemberDecryptionType.TrustedDeviceEncryption &&
!_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext))
{
throw new BadRequestException(nameof(model.Data.MemberDecryptionType), "Invalid member decryption type.");
}
var ssoConfig = await _ssoConfigRepository.GetByOrganizationIdAsync(id);
ssoConfig = ssoConfig == null ? model.ToSsoConfig(id) : model.ToSsoConfig(ssoConfig);
organization.Identifier = model.Identifier;

2
src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs
View File

@@ -56,6 +56,7 @@ public class OrganizationResponseModel : ResponseModel
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
FlexibleCollections = organization.FlexibleCollections;
}
public Guid Id { get; set; }
@@ -97,6 +98,7 @@ public class OrganizationResponseModel : ResponseModel
public int? MaxAutoscaleSmServiceAccounts { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}
public class OrganizationSubscriptionResponseModel : OrganizationResponseModel

2
src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
View File

@@ -61,6 +61,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
AccessSecretsManager = organization.AccessSecretsManager;
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
FlexibleCollections = organization.FlexibleCollections;
if (organization.SsoConfig != null)
{
@@ -116,4 +117,5 @@ public class ProfileOrganizationResponseModel : ResponseModel
public bool AccessSecretsManager { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}

4
src/Api/AdminConsole/Public/Controllers/GroupsController.cs
View File

@@ -110,7 +110,7 @@ public class GroupsController : Controller
public async Task<IActionResult> Post([FromBody] GroupCreateUpdateRequestModel model)
{
var group = model.ToGroup(_currentContext.OrganizationId.Value);
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
await _createGroupCommand.CreateGroupAsync(group, organization, associations);
var response = new GroupResponseModel(group, associations);
@@ -139,7 +139,7 @@ public class GroupsController : Controller
}
var updatedGroup = model.ToGroup(existingGroup);
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
await _updateGroupCommand.UpdateGroupAsync(updatedGroup, organization, associations);
var response = new GroupResponseModel(updatedGroup, associations);

4
src/Api/AdminConsole/Public/Controllers/MembersController.cs
View File

@@ -119,7 +119,7 @@ public class MembersController : Controller
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
public async Task<IActionResult> Post([FromBody] MemberCreateRequestModel model)
{
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
var invite = new OrganizationUserInvite
{
Emails = new List<string> { model.Email },
@@ -154,7 +154,7 @@ public class MembersController : Controller
return new NotFoundResult();
}
var updatedUser = model.ToOrganizationUser(existingUser);
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups);
MemberResponseModel response = null;
if (existingUser.UserId.HasValue)

5
src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
View File

@@ -15,4 +15,9 @@ public abstract class AssociationWithPermissionsBaseModel
/// </summary>
[Required]
public bool? ReadOnly { get; set; }
/// <summary>
/// When true, the hide passwords permission will not allow the user or group to view passwords.
/// This prevents easy copy-and-paste of hidden items, however it may not completely prevent user access.
/// </summary>
public bool? HidePasswords { get; set; }
}

5
src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
View File

@@ -4,12 +4,13 @@ namespace Bit.Api.AdminConsole.Public.Models.Request;
public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel
{
public CollectionAccessSelection ToSelectionReadOnly()
public CollectionAccessSelection ToCollectionAccessSelection()
{
return new CollectionAccessSelection
{
Id = Id.Value,
ReadOnly = ReadOnly.Value
ReadOnly = ReadOnly.Value,
HidePasswords = HidePasswords.GetValueOrDefault()
};
}
}

1
src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
View File

@@ -12,5 +12,6 @@ public class AssociationWithPermissionsResponseModel : AssociationWithPermission
}
Id = selection.Id;
ReadOnly = selection.ReadOnly;
HidePasswords = selection.HidePasswords;
}
}

2
src/Api/Public/Controllers/CollectionsController.cs
View File

@@ -89,7 +89,7 @@ public class CollectionsController : Controller
return new NotFoundResult();
}
var updatedCollection = model.ToCollection(existingCollection);
var associations = model.Groups?.Select(c => c.ToSelectionReadOnly());
var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection());
await _collectionService.SaveAsync(updatedCollection, associations);
var response = new CollectionResponseModel(updatedCollection, associations);
return new JsonResult(response);

5
src/Core/AdminConsole/Entities/Organization.cs
View File

@@ -91,6 +91,11 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
/// </remarks>
/// </summary>
public bool AllowAdminAccessToAllCollectionItems { get; set; }
/// <summary>
/// True if the organization is using the Flexible Collections permission changes, false otherwise.
/// For existing organizations, this must only be set to true once data migrations have been run for this organization.
/// </summary>
public bool FlexibleCollections { get; set; }
public void SetNewId()
{

2
src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs
View File

@@ -23,6 +23,7 @@ public class OrganizationAbility
UsePolicies = organization.UsePolicies;
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
FlexibleCollections = organization.FlexibleCollections;
}
public Guid Id { get; set; }
@@ -39,4 +40,5 @@ public class OrganizationAbility
public bool UsePolicies { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}

1
src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
View File

@@ -50,4 +50,5 @@ public class OrganizationUserOrganizationDetails
public int? SmServiceAccounts { get; set; }
public bool LimitCollectionCreationDeletion { get; set; }
public bool AllowAdminAccessToAllCollectionItems { get; set; }
public bool FlexibleCollections { get; set; }
}

20
src/Core/Auth/Entities/Grant.cs
View File

@@ -1,10 +1,28 @@
#nullable enable
using System.ComponentModel.DataAnnotations;
using Bit.Core.Auth.Models.Data;
using Duende.IdentityServer.Models;
namespace Bit.Core.Auth.Entities;
public class Grant
public class Grant : IGrant
{
public Grant() { }
public Grant(PersistedGrant pGrant)
{
Key = pGrant.Key;
Type = pGrant.Type;
SubjectId = pGrant.SubjectId;
SessionId = pGrant.SessionId;
ClientId = pGrant.ClientId;
Description = pGrant.Description;
CreationDate = pGrant.CreationTime;
ExpirationDate = pGrant.Expiration;
ConsumedDate = pGrant.ConsumedTime;
Data = pGrant.Data;
}
public int Id { get; set; }
[MaxLength(200)]
public string Key { get; set; } = null!;

77
src/Core/Auth/Models/Data/GrantItem.cs Normal file
View File

@@ -0,0 +1,77 @@
using System.Text.Json.Serialization;
using Bit.Core.Auth.Repositories.Cosmos;
using Duende.IdentityServer.Models;
namespace Bit.Core.Auth.Models.Data;
public class GrantItem : IGrant
{
public GrantItem() { }
public GrantItem(PersistedGrant pGrant)
{
Key = pGrant.Key;
Type = pGrant.Type;
SubjectId = pGrant.SubjectId;
SessionId = pGrant.SessionId;
ClientId = pGrant.ClientId;
Description = pGrant.Description;
CreationDate = pGrant.CreationTime;
ExpirationDate = pGrant.Expiration;
ConsumedDate = pGrant.ConsumedTime;
Data = pGrant.Data;
SetTtl();
}
public GrantItem(IGrant g)
{
Key = g.Key;
Type = g.Type;
SubjectId = g.SubjectId;
SessionId = g.SessionId;
ClientId = g.ClientId;
Description = g.Description;
CreationDate = g.CreationDate;
ExpirationDate = g.ExpirationDate;
ConsumedDate = g.ConsumedDate;
Data = g.Data;
SetTtl();
}
[JsonPropertyName("id")]
[JsonConverter(typeof(Base64IdStringConverter))]
public string Key { get; set; }
[JsonPropertyName("typ")]
public string Type { get; set; }
[JsonPropertyName("sub")]
public string SubjectId { get; set; }
[JsonPropertyName("sid")]
public string SessionId { get; set; }
[JsonPropertyName("cid")]
public string ClientId { get; set; }
[JsonPropertyName("des")]
public string Description { get; set; }
[JsonPropertyName("cre")]
public DateTime CreationDate { get; set; } = DateTime.UtcNow;
[JsonPropertyName("exp")]
public DateTime? ExpirationDate { get; set; }
[JsonPropertyName("con")]
public DateTime? ConsumedDate { get; set; }
[JsonPropertyName("data")]
public string Data { get; set; }
// https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-time-to-live?tabs=dotnet-sdk-v3#set-time-to-live-on-an-item-using-an-sdk
[JsonPropertyName("ttl")]
public int Ttl { get; set; } = -1;
public void SetTtl()
{
if (ExpirationDate != null)
{
var sec = (ExpirationDate.Value - DateTime.UtcNow).TotalSeconds;
if (sec > 0)
{
Ttl = (int)sec;
}
}
}
}

15
src/Core/Auth/Models/Data/IGrant.cs Normal file
View File

@@ -0,0 +1,15 @@
namespace Bit.Core.Auth.Models.Data;
public interface IGrant
{
string Key { get; set; }
string Type { get; set; }
string SubjectId { get; set; }
string SessionId { get; set; }
string ClientId { get; set; }
string Description { get; set; }
DateTime CreationDate { get; set; }
DateTime? ExpirationDate { get; set; }
DateTime? ConsumedDate { get; set; }
string Data { get; set; }
}

32
src/Core/Auth/Repositories/Cosmos/Base64IdStringConverter.cs Normal file
View File

@@ -0,0 +1,32 @@
using System.Text.Json;
using System.Text.Json.Serialization;
using Bit.Core.Utilities;
namespace Bit.Core.Auth.Repositories.Cosmos;
public class Base64IdStringConverter : JsonConverter<string>
{
public override string Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options) =>
ToKey(reader.GetString());
public override void Write(Utf8JsonWriter writer, string value, JsonSerializerOptions options) =>
writer.WriteStringValue(ToId(value));
public static string ToId(string key)
{
if (key == null)
{
return null;
}
return CoreHelpers.TransformToBase64Url(key);
}
public static string ToKey(string id)
{
if (id == null)
{
return null;
}
return CoreHelpers.TransformFromBase64Url(id);
}
}

81
src/Core/Auth/Repositories/Cosmos/GrantRepository.cs Normal file
View File

@@ -0,0 +1,81 @@
using System.Net;
using System.Text.Json;
using System.Text.Json.Serialization;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Microsoft.Azure.Cosmos;
namespace Bit.Core.Auth.Repositories.Cosmos;
public class GrantRepository : IGrantRepository
{
private readonly CosmosClient _client;
private readonly Database _database;
private readonly Container _container;
public GrantRepository(GlobalSettings globalSettings)
: this(globalSettings.IdentityServer.CosmosConnectionString)
{ }
public GrantRepository(string cosmosConnectionString)
{
var options = new CosmosClientOptions
{
Serializer = new SystemTextJsonCosmosSerializer(new JsonSerializerOptions
{
DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
WriteIndented = false
})
};
// TODO: Perhaps we want to evaluate moving this to DI as a keyed service singleton in .NET 8
_client = new CosmosClient(cosmosConnectionString, options);
_database = _client.GetDatabase("identity");
_container = _database.GetContainer("grant");
}
public async Task<IGrant> GetByKeyAsync(string key)
{
var id = Base64IdStringConverter.ToId(key);
try
{
var response = await _container.ReadItemAsync<GrantItem>(id, new PartitionKey(id));
return response.Resource;
}
catch (CosmosException e)
{
if (e.StatusCode == HttpStatusCode.NotFound)
{
return null;
}
throw;
}
}
public Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type)
=> throw new NotImplementedException();
public async Task SaveAsync(IGrant obj)
{
if (obj is not GrantItem item)
{
item = new GrantItem(obj);
}
item.SetTtl();
var id = Base64IdStringConverter.ToId(item.Key);
await _container.UpsertItemAsync(item, new PartitionKey(id), new ItemRequestOptions
{
// ref: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/best-practice-dotnet#best-practices-for-write-heavy-workloads
EnableContentResponseOnWrite = false
});
}
public async Task DeleteByKeyAsync(string key)
{
var id = Base64IdStringConverter.ToId(key);
await _container.DeleteItemAsync<IGrant>(id, new PartitionKey(id));
}
public Task DeleteManyAsync(string subjectId, string sessionId, string clientId, string type)
=> throw new NotImplementedException();
}

8
src/Core/Auth/Repositories/IGrantRepository.cs
View File

@@ -1,12 +1,12 @@
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Data;
namespace Bit.Core.Auth.Repositories;
public interface IGrantRepository
{
Task<Grant> GetByKeyAsync(string key);
Task<ICollection<Grant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type);
Task SaveAsync(Grant obj);
Task<IGrant> GetByKeyAsync(string key);
Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type);
Task SaveAsync(IGrant obj);
Task DeleteByKeyAsync(string key);
Task DeleteManyAsync(string subjectId, string sessionId, string clientId, string type);
}

2
src/Core/Core.csproj
View File

@@ -37,7 +37,7 @@
<PackageReference Include="Microsoft.Azure.NotificationHubs" Version="4.1.0" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.0.1" />
<!-- Azure.Identity is a explicit dependency to Microsoft.Data.SqlClient -->
<PackageReference Include="Azure.Identity" Version="1.10.2"/>
<PackageReference Include="Azure.Identity" Version="1.10.2" />
<PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="6.0.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="6.0.1" />
<PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="6.0.25" />

1
src/Core/Settings/GlobalSettings.cs
View File

@@ -327,6 +327,7 @@ public class GlobalSettings : IGlobalSettings
public string CertificateThumbprint { get; set; }
public string CertificatePassword { get; set; }
public string RedisConnectionString { get; set; }
public string CosmosConnectionString { get; set; }
public string LicenseKey { get; set; } = "eyJhbGciOiJQUzI1NiIsImtpZCI6IklkZW50aXR5U2VydmVyTGljZW5zZWtleS83Y2VhZGJiNzgxMzA0NjllODgwNjg5MTAyNTQxNGYxNiIsInR5cCI6ImxpY2Vuc2Urand0In0.eyJpc3MiOiJodHRwczovL2R1ZW5kZXNvZnR3YXJlLmNvbSIsImF1ZCI6IklkZW50aXR5U2VydmVyIiwiaWF0IjoxNzAxODIwODAwLCJleHAiOjE3MzM0NDMyMDAsImNvbXBhbnlfbmFtZSI6IkJpdHdhcmRlbiBJbmMuIiwiY29udGFjdF9pbmZvIjoiY29udGFjdEBkdWVuZGVzb2Z0d2FyZS5jb20iLCJlZGl0aW9uIjoiU3RhcnRlciIsImlkIjoiNDMxOSIsImZlYXR1cmUiOlsiaXN2IiwidW5saW1pdGVkX2NsaWVudHMiXSwicHJvZHVjdCI6IkJpdHdhcmRlbiJ9.iLA771PffgIh0ClRS8OWHbg2cAgjhgOkUjRRkLNr9dpQXhYZkVKdpUn-Gw9T7grsGcAx0f4p-TQmtcCpbN9EJCF5jlF0-NfsRTp_gmCgQ5eXyiE4DzJp2OCrz_3STf07N1dILwhD3nk9rzcA6SRQ4_kja8wAMHKnD5LisW98r5DfRDBecRs16KS5HUhg99DRMR5fd9ntfydVMTC_E23eEOHVLsR4YhiSXaEINPjFDG1czyOBClJItDW8g9X8qlClZegr630UjnKKg06A4usoL25VFHHn8Ew3v-_-XdlWoWsIpMMVvacwZT8rwkxjIesFNsXG6yzuROIhaxAvB1297A";
}

40
src/Core/Utilities/CoreHelpers.cs
View File

@@ -338,16 +338,50 @@ public static class CoreHelpers
return Encoding.UTF8.GetString(Base64UrlDecode(input));
}
/// <summary>
/// Encodes a Base64 URL formatted string.
/// </summary>
/// <param name="input">Byte data</param>
/// <returns>Base64 URL formatted string</returns>
public static string Base64UrlEncode(byte[] input)
{
var output = Convert.ToBase64String(input)
// Standard base64 encoder
var standardB64 = Convert.ToBase64String(input);
return TransformToBase64Url(standardB64);
}
/// <summary>
/// Transforms a Base64 standard formatted string to a Base64 URL formatted string.
/// </summary>
/// <param name="input">Base64 standard formatted string</param>
/// <returns>Base64 URL formatted string</returns>
public static string TransformToBase64Url(string input)
{
var output = input
.Replace('+', '-')
.Replace('/', '_')
.Replace("=", string.Empty);
return output;
}
/// <summary>
/// Decodes a Base64 URL formatted string.
/// </summary>
/// <param name="input">Base64 URL formatted string</param>
/// <returns>Data as bytes</returns>
public static byte[] Base64UrlDecode(string input)
{
var standardB64 = TransformFromBase64Url(input);
// Standard base64 decoder
return Convert.FromBase64String(standardB64);
}
/// <summary>
/// Transforms a Base64 URL formatted string to a Base64 standard formatted string.
/// </summary>
/// <param name="input">Base64 URL formatted string</param>
/// <returns>Base64 standard formatted string</returns>
public static string TransformFromBase64Url(string input)
{
var output = input;
// 62nd char of encoding
@@ -370,8 +404,8 @@ public static class CoreHelpers
throw new InvalidOperationException("Illegal base64url string!");
}
// Standard base64 decoder
return Convert.FromBase64String(output);
// Standard base64 string output
return output;
}
public static string PunyEncode(string text)

40
src/Core/Utilities/SystemTextJsonCosmosSerializer.cs Normal file
View File

@@ -0,0 +1,40 @@
using System.Text.Json;
using Azure.Core.Serialization;
using Microsoft.Azure.Cosmos;
namespace Bit.Core.Utilities;
// ref: https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos.Samples/Usage/SystemTextJson/CosmosSystemTextJsonSerializer.cs
public class SystemTextJsonCosmosSerializer : CosmosSerializer
{
private readonly JsonObjectSerializer _systemTextJsonSerializer;
public SystemTextJsonCosmosSerializer(JsonSerializerOptions jsonSerializerOptions)
{
_systemTextJsonSerializer = new JsonObjectSerializer(jsonSerializerOptions);
}
public override T FromStream<T>(Stream stream)
{
using (stream)
{
if (stream.CanSeek && stream.Length == 0)
{
return default;
}
if (typeof(Stream).IsAssignableFrom(typeof(T)))
{
return (T)(object)stream;
}
return (T)_systemTextJsonSerializer.Deserialize(stream, typeof(T), default);
}
}
public override Stream ToStream<T>(T input)
{
var streamPayload = new MemoryStream();
_systemTextJsonSerializer.Serialize(streamPayload, input, input.GetType(), default);
streamPayload.Position = 0;
return streamPayload;
}
}

38
src/Identity/IdentityServer/PersistedGrantStore.cs
View File

@@ -1,18 +1,24 @@
using Bit.Core.Auth.Repositories;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Stores;
using Grant = Bit.Core.Auth.Entities.Grant;
namespace Bit.Identity.IdentityServer;
public class PersistedGrantStore : IPersistedGrantStore
{
private readonly IGrantRepository _grantRepository;
private readonly Func<PersistedGrant, IGrant> _toGrant;
private readonly IPersistedGrantStore _fallbackGrantStore;
public PersistedGrantStore(
IGrantRepository grantRepository)
IGrantRepository grantRepository,
Func<PersistedGrant, IGrant> toGrant,
IPersistedGrantStore fallbackGrantStore = null)
{
_grantRepository = grantRepository;
_toGrant = toGrant;
_fallbackGrantStore = fallbackGrantStore;
}
public async Task<PersistedGrant> GetAsync(string key)
@@ -20,6 +26,11 @@ public class PersistedGrantStore : IPersistedGrantStore
var grant = await _grantRepository.GetByKeyAsync(key);
if (grant == null)
{
if (_fallbackGrantStore != null)
{
// It wasn't found, there is a chance is was instead stored in the fallback store
return await _fallbackGrantStore.GetAsync(key);
}
return null;
}
@@ -47,28 +58,11 @@ public class PersistedGrantStore : IPersistedGrantStore
public async Task StoreAsync(PersistedGrant pGrant)
{
var grant = ToGrant(pGrant);
var grant = _toGrant(pGrant);
await _grantRepository.SaveAsync(grant);
}
private Grant ToGrant(PersistedGrant pGrant)
{
return new Grant
{
Key = pGrant.Key,
Type = pGrant.Type,
SubjectId = pGrant.SubjectId,
SessionId = pGrant.SessionId,
ClientId = pGrant.ClientId,
Description = pGrant.Description,
CreationDate = pGrant.CreationTime,
ExpirationDate = pGrant.Expiration,
ConsumedDate = pGrant.ConsumedTime,
Data = pGrant.Data
};
}
private PersistedGrant ToPersistedGrant(Grant grant)
private PersistedGrant ToPersistedGrant(IGrant grant)
{
return new PersistedGrant
{

9
src/Identity/IdentityServer/UserDecryptionOptionsBuilder.cs
View File

@@ -1,12 +1,10 @@
using Bit.Core;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Enums;
using Bit.Core.Auth.Models.Api.Response;
using Bit.Core.Auth.Utilities;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Identity.Utilities;
namespace Bit.Identity.IdentityServer;
@@ -20,7 +18,6 @@ namespace Bit.Identity.IdentityServer;
public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
{
private readonly ICurrentContext _currentContext;
private readonly IFeatureService _featureService;
private readonly IDeviceRepository _deviceRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
@@ -31,13 +28,11 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
public UserDecryptionOptionsBuilder(
ICurrentContext currentContext,
IFeatureService featureService,
IDeviceRepository deviceRepository,
IOrganizationUserRepository organizationUserRepository
)
{
_currentContext = currentContext;
_featureService = featureService;
_deviceRepository = deviceRepository;
_organizationUserRepository = organizationUserRepository;
}
@@ -95,7 +90,7 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
private async Task BuildTrustedDeviceOptions()
{
// TrustedDeviceEncryption only exists for SSO, if that changes then these guards should change
if (_ssoConfig == null || !_featureService.IsEnabled(FeatureFlagKeys.TrustedDeviceEncryption, _currentContext))
if (_ssoConfig == null)
{
return;
}

66
src/Identity/Utilities/ServiceCollectionExtensions.cs
View File

@@ -1,4 +1,5 @@
using Bit.Core.IdentityServer;
using Bit.Core.Auth.Repositories;
using Bit.Core.IdentityServer;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Bit.Identity.IdentityServer;
@@ -51,31 +52,58 @@ public static class ServiceCollectionExtensions
.AddIdentityServerCertificate(env, globalSettings)
.AddExtensionGrantValidator<WebAuthnGrantValidator>();
if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
{
// If we have redis, prefer it
// Add the original persisted grant store via it's implementation type
// so we can inject it right after.
services.AddSingleton<PersistedGrantStore>();
services.AddSingleton<IPersistedGrantStore>(sp =>
{
return new RedisPersistedGrantStore(
// TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
sp.GetRequiredService<PersistedGrantStore>() // Fallback grant store
);
});
services.AddSingleton<IPersistedGrantStore>(sp => BuildCosmosGrantStore(sp, globalSettings));
}
else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
{
services.AddSingleton<IPersistedGrantStore>(sp => BuildRedisGrantStore(sp, globalSettings));
}
else
{
// Use the original grant store
identityServerBuilder.AddPersistedGrantStore<PersistedGrantStore>();
services.AddTransient<IPersistedGrantStore>(sp => BuildSqlGrantStore(sp));
}
services.AddTransient<ICorsPolicyService, CustomCorsPolicyService>();
return identityServerBuilder;
}
private static PersistedGrantStore BuildCosmosGrantStore(IServiceProvider sp, GlobalSettings globalSettings)
{
if (!CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
{
throw new ArgumentException("No cosmos config string available.");
}
return new PersistedGrantStore(
// TODO: Perhaps we want to evaluate moving this repo to DI as a keyed service singleton in .NET 8
new Core.Auth.Repositories.Cosmos.GrantRepository(globalSettings),
g => new Core.Auth.Models.Data.GrantItem(g),
fallbackGrantStore: BuildRedisGrantStore(sp, globalSettings, true));
}
private static RedisPersistedGrantStore BuildRedisGrantStore(IServiceProvider sp,
GlobalSettings globalSettings, bool allowNull = false)
{
if (!CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
{
if (allowNull)
{
return null;
}
throw new ArgumentException("No redis config string available.");
}
return new RedisPersistedGrantStore(
// TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
fallbackGrantStore: BuildSqlGrantStore(sp));
}
private static PersistedGrantStore BuildSqlGrantStore(IServiceProvider sp)
{
return new PersistedGrantStore(sp.GetRequiredService<IGrantRepository>(),
g => new Core.Auth.Entities.Grant(g));
}
}

14
src/Infrastructure.Dapper/Auth/Repositories/GrantRepository.cs
View File

@@ -1,5 +1,6 @@
using System.Data;
using Bit.Core.Auth.Entities;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Core.Settings;
using Bit.Infrastructure.Dapper.Repositories;
@@ -18,7 +19,7 @@ public class GrantRepository : BaseRepository, IGrantRepository
: base(connectionString, readOnlyConnectionString)
{ }
public async Task<Grant> GetByKeyAsync(string key)
public async Task<IGrant> GetByKeyAsync(string key)
{
using (var connection = new SqlConnection(ConnectionString))
{
@@ -31,7 +32,7 @@ public class GrantRepository : BaseRepository, IGrantRepository
}
}
public async Task<ICollection<Grant>> GetManyAsync(string subjectId, string sessionId,
public async Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId,
string clientId, string type)
{
using (var connection = new SqlConnection(ConnectionString))
@@ -41,12 +42,17 @@ public class GrantRepository : BaseRepository, IGrantRepository
new { SubjectId = subjectId, SessionId = sessionId, ClientId = clientId, Type = type },
commandType: CommandType.StoredProcedure);
return results.ToList();
return results.ToList<IGrant>();
}
}
public async Task SaveAsync(Grant obj)
public async Task SaveAsync(IGrant obj)
{
if (obj is not Grant gObj)
{
throw new ArgumentException(null, nameof(obj));
}
using (var connection = new SqlConnection(ConnectionString))
{
var results = await connection.ExecuteAsync(

29
src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,29 @@
using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
public class OrganizationEntityTypeConfiguration : IEntityTypeConfiguration<Organization>
{
public void Configure(EntityTypeBuilder<Organization> builder)
{
builder
.Property(o => o.Id)
.ValueGeneratedNever();
builder.Property(c => c.LimitCollectionCreationDeletion)
.ValueGeneratedNever()
.HasDefaultValue(true);
builder.Property(c => c.AllowAdminAccessToAllCollectionItems)
.ValueGeneratedNever()
.HasDefaultValue(true);
NpgsqlIndexBuilderExtensions.IncludeProperties(
builder.HasIndex(o => new { o.Id, o.Enabled }),
o => o.UseTotp);
builder.ToTable(nameof(Organization));
}
}

26
src/Infrastructure.EntityFramework/AdminConsole/Configurations/PolicyEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,26 @@
using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
public class PolicyEntityTypeConfiguration : IEntityTypeConfiguration<Policy>
{
public void Configure(EntityTypeBuilder<Policy> builder)
{
builder
.Property(p => p.Id)
.ValueGeneratedNever();
builder
.HasIndex(p => p.OrganizationId)
.IsClustered(false);
builder
.HasIndex(p => new { p.OrganizationId, p.Type })
.IsUnique()
.IsClustered(false);
builder.ToTable(nameof(Policy));
}
}

3
src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
View File

@@ -90,7 +90,8 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
UseCustomPermissions = e.UseCustomPermissions,
UsePolicies = e.UsePolicies,
LimitCollectionCreationDeletion = e.LimitCollectionCreationDeletion,
AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems
AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems,
FlexibleCollections = e.FlexibleCollections
}).ToListAsync();
}
}

22
src/Infrastructure.EntityFramework/Auth/Repositories/GrantRepository.cs
View File

@@ -1,4 +1,5 @@
using AutoMapper;
using Bit.Core.Auth.Models.Data;
using Bit.Core.Auth.Repositories;
using Bit.Infrastructure.EntityFramework.Auth.Models;
using Bit.Infrastructure.EntityFramework.Repositories;
@@ -42,7 +43,7 @@ public class GrantRepository : BaseEntityFrameworkRepository, IGrantRepository
}
}
public async Task<Core.Auth.Entities.Grant> GetByKeyAsync(string key)
public async Task<IGrant> GetByKeyAsync(string key)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
@@ -55,7 +56,7 @@ public class GrantRepository : BaseEntityFrameworkRepository, IGrantRepository
}
}
public async Task<ICollection<Core.Auth.Entities.Grant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type)
public async Task<ICollection<IGrant>> GetManyAsync(string subjectId, string sessionId, string clientId, string type)
{
using (var scope = ServiceScopeFactory.CreateScope())
{
@@ -67,26 +68,31 @@ public class GrantRepository : BaseEntityFrameworkRepository, IGrantRepository
g.Type == type
select g;
var grants = await query.ToListAsync();
return (ICollection<Core.Auth.Entities.Grant>)grants;
return (ICollection<IGrant>)grants;
}
}
public async Task SaveAsync(Core.Auth.Entities.Grant obj)
public async Task SaveAsync(IGrant obj)
{
if (obj is not Core.Auth.Entities.Grant gObj)
{
throw new ArgumentException(null, nameof(obj));
}
using (var scope = ServiceScopeFactory.CreateScope())
{
var dbContext = GetDatabaseContext(scope);
var existingGrant = await (from g in dbContext.Grants
where g.Key == obj.Key
where g.Key == gObj.Key
select g).FirstOrDefaultAsync();
if (existingGrant != null)
{
obj.Id = existingGrant.Id;
dbContext.Entry(existingGrant).CurrentValues.SetValues(obj);
gObj.Id = existingGrant.Id;
dbContext.Entry(existingGrant).CurrentValues.SetValues(gObj);
}
else
{
var entity = Mapper.Map<Grant>(obj);
var entity = Mapper.Map<Grant>(gObj);
await dbContext.AddAsync(entity);
await dbContext.SaveChangesAsync();
}

26
src/Infrastructure.EntityFramework/Configurations/DeviceEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,26 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class DeviceEntityTypeConfiguration : IEntityTypeConfiguration<Device>
{
public void Configure(EntityTypeBuilder<Device> builder)
{
builder
.HasIndex(d => d.UserId)
.IsClustered(false);
builder
.HasIndex(d => new { d.UserId, d.Identifier })
.IsUnique()
.IsClustered(false);
builder
.HasIndex(d => d.Identifier)
.IsClustered(false);
builder.ToTable(nameof(Device));
}
}

21
src/Infrastructure.EntityFramework/Configurations/EventEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,21 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class EventEntityTypeConfiguration : IEntityTypeConfiguration<Event>
{
public void Configure(EntityTypeBuilder<Event> builder)
{
builder
.Property(e => e.Id)
.ValueGeneratedNever();
builder
.HasIndex(e => new { e.Date, e.OrganizationId, e.ActingUserId, e.CipherId })
.IsClustered(false);
builder.ToTable(nameof(Event));
}
}

21
src/Infrastructure.EntityFramework/Configurations/OrganizationSponsorshipEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,21 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class OrganizationSponsorshipEntityTypeConfiguration : IEntityTypeConfiguration<OrganizationSponsorship>
{
public void Configure(EntityTypeBuilder<OrganizationSponsorship> builder)
{
builder
.Property(o => o.Id)
.ValueGeneratedNever();
builder
.HasIndex(o => o.SponsoringOrganizationUserId)
.IsClustered(false);
builder.ToTable(nameof(OrganizationSponsorship));
}
}

29
src/Infrastructure.EntityFramework/Configurations/OrganizationUserEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,29 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class OrganizationUserEntityTypeConfiguration : IEntityTypeConfiguration<OrganizationUser>
{
public void Configure(EntityTypeBuilder<OrganizationUser> builder)
{
builder
.Property(ou => ou.Id)
.ValueGeneratedNever();
NpgsqlIndexBuilderExtensions.IncludeProperties(
builder.HasIndex(ou => new { ou.UserId, ou.OrganizationId, ou.Status }).IsClustered(false),
ou => ou.AccessAll);
builder
.HasIndex(ou => ou.OrganizationId)
.IsClustered(false);
builder
.HasIndex(ou => ou.UserId)
.IsClustered(false);
builder.ToTable(nameof(OrganizationUser));
}
}

25
src/Infrastructure.EntityFramework/Configurations/TransactionEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,25 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class TransactionEntityTypeConfiguration : IEntityTypeConfiguration<Transaction>
{
public void Configure(EntityTypeBuilder<Transaction> builder)
{
builder
.Property(t => t.Id)
.ValueGeneratedNever();
builder
.HasIndex(t => t.UserId)
.IsClustered(false);
builder
.HasIndex(t => new { t.UserId, t.OrganizationId, t.CreationDate })
.IsClustered(false);
builder.ToTable(nameof(Transaction));
}
}

26
src/Infrastructure.EntityFramework/Configurations/UserEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,26 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Configurations;
public class UserEntityTypeConfiguration : IEntityTypeConfiguration<User>
{
public void Configure(EntityTypeBuilder<User> builder)
{
builder
.Property(u => u.Id)
.ValueGeneratedNever();
builder
.HasIndex(u => u.Email)
.IsUnique()
.IsClustered(false);
builder
.HasIndex(u => new { u.Premium, u.PremiumExpirationDate, u.RenewalReminderDate })
.IsClustered(false);
builder.ToTable(nameof(User));
}
}

33
src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs
View File

@@ -77,25 +77,17 @@ public class DatabaseContext : DbContext
var eCollectionCipher = builder.Entity<CollectionCipher>();
var eCollectionUser = builder.Entity<CollectionUser>();
var eCollectionGroup = builder.Entity<CollectionGroup>();
var eDevice = builder.Entity<Device>();
var eEmergencyAccess = builder.Entity<EmergencyAccess>();
var eEvent = builder.Entity<Event>();
var eFolder = builder.Entity<Folder>();
var eGroup = builder.Entity<Group>();
var eGroupUser = builder.Entity<GroupUser>();
var eInstallation = builder.Entity<Installation>();
var eOrganization = builder.Entity<Organization>();
var eOrganizationSponsorship = builder.Entity<OrganizationSponsorship>();
var eOrganizationUser = builder.Entity<OrganizationUser>();
var ePolicy = builder.Entity<Policy>();
var eProvider = builder.Entity<Provider>();
var eProviderUser = builder.Entity<ProviderUser>();
var eProviderOrganization = builder.Entity<ProviderOrganization>();
var eSend = builder.Entity<Send>();
var eSsoConfig = builder.Entity<SsoConfig>();
var eSsoUser = builder.Entity<SsoUser>();
var eTaxRate = builder.Entity<TaxRate>();
var eTransaction = builder.Entity<Transaction>();
var eUser = builder.Entity<User>();
var eOrganizationApiKey = builder.Entity<OrganizationApiKey>();
var eOrganizationConnection = builder.Entity<OrganizationConnection>();
@@ -105,26 +97,12 @@ public class DatabaseContext : DbContext
eCipher.Property(c => c.Id).ValueGeneratedNever();
eCollection.Property(c => c.Id).ValueGeneratedNever();
eEmergencyAccess.Property(c => c.Id).ValueGeneratedNever();
eEvent.Property(c => c.Id).ValueGeneratedNever();
eFolder.Property(c => c.Id).ValueGeneratedNever();
eGroup.Property(c => c.Id).ValueGeneratedNever();
eInstallation.Property(c => c.Id).ValueGeneratedNever();
eOrganization.Property(c => c.Id).ValueGeneratedNever();
eOrganization.Property(c => c.LimitCollectionCreationDeletion)
.ValueGeneratedNever()
.HasDefaultValue(true);
eOrganization.Property(c => c.AllowAdminAccessToAllCollectionItems)
.ValueGeneratedNever()
.HasDefaultValue(true);
eOrganizationSponsorship.Property(c => c.Id).ValueGeneratedNever();
eOrganizationUser.Property(c => c.Id).ValueGeneratedNever();
ePolicy.Property(c => c.Id).ValueGeneratedNever();
eProvider.Property(c => c.Id).ValueGeneratedNever();
eProviderUser.Property(c => c.Id).ValueGeneratedNever();
eProviderOrganization.Property(c => c.Id).ValueGeneratedNever();
eSend.Property(c => c.Id).ValueGeneratedNever();
eTransaction.Property(c => c.Id).ValueGeneratedNever();
eUser.Property(c => c.Id).ValueGeneratedNever();
eOrganizationApiKey.Property(c => c.Id).ValueGeneratedNever();
eOrganizationConnection.Property(c => c.Id).ValueGeneratedNever();
eOrganizationDomain.Property(ar => ar.Id).ValueGeneratedNever();
@@ -148,33 +126,24 @@ public class DatabaseContext : DbContext
builder.HasCollation(postgresIndetermanisticCollation, locale: "en-u-ks-primary", provider: "icu", deterministic: false);
eUser.Property(e => e.Email).UseCollation(postgresIndetermanisticCollation);
eSsoUser.Property(e => e.ExternalId).UseCollation(postgresIndetermanisticCollation);
eOrganization.Property(e => e.Identifier).UseCollation(postgresIndetermanisticCollation);
builder.Entity<Organization>().Property(e => e.Identifier).UseCollation(postgresIndetermanisticCollation);
//
}
eCipher.ToTable(nameof(Cipher));
eCollection.ToTable(nameof(Collection));
eCollectionCipher.ToTable(nameof(CollectionCipher));
eDevice.ToTable(nameof(Device));
eEmergencyAccess.ToTable(nameof(EmergencyAccess));
eEvent.ToTable(nameof(Event));
eFolder.ToTable(nameof(Folder));
eGroup.ToTable(nameof(Group));
eGroupUser.ToTable(nameof(GroupUser));
eInstallation.ToTable(nameof(Installation));
eOrganization.ToTable(nameof(Organization));
eOrganizationSponsorship.ToTable(nameof(OrganizationSponsorship));
eOrganizationUser.ToTable(nameof(OrganizationUser));
ePolicy.ToTable(nameof(Policy));
eProvider.ToTable(nameof(Provider));
eProviderUser.ToTable(nameof(ProviderUser));
eProviderOrganization.ToTable(nameof(ProviderOrganization));
eSend.ToTable(nameof(Send));
eSsoConfig.ToTable(nameof(SsoConfig));
eSsoUser.ToTable(nameof(SsoUser));
eTaxRate.ToTable(nameof(TaxRate));
eTransaction.ToTable(nameof(Transaction));
eUser.ToTable(nameof(User));
eOrganizationApiKey.ToTable(nameof(OrganizationApiKey));
eOrganizationConnection.ToTable(nameof(OrganizationConnection));
eOrganizationDomain.ToTable(nameof(OrganizationDomain));

29
src/Infrastructure.EntityFramework/Tools/Configurations/SendEntityTypeConfiguration.cs Normal file
View File

@@ -0,0 +1,29 @@
using Bit.Infrastructure.EntityFramework.Models;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
namespace Bit.Infrastructure.EntityFramework.Tools.Configurations;
public class SendEntityTypeConfiguration : IEntityTypeConfiguration<Send>
{
public void Configure(EntityTypeBuilder<Send> builder)
{
builder
.Property(s => s.Id)
.ValueGeneratedNever();
builder
.HasIndex(s => s.UserId)
.IsClustered(false);
builder
.HasIndex(s => new { s.UserId, s.OrganizationId })
.IsClustered(false);
builder
.HasIndex(s => s.DeletionDate)
.IsClustered(false);
builder.ToTable(nameof(Send));
}
}

9
src/Sql/dbo/Stored Procedures/Organization_Create.sql
View File

@@ -52,7 +52,8 @@
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0,
@LimitCollectionCreationDeletion BIT = 1,
@AllowAdminAccessToAllCollectionItems BIT = 1
@AllowAdminAccessToAllCollectionItems BIT = 1,
@FlexibleCollections BIT = 0
AS
BEGIN
SET NOCOUNT ON
@@ -112,7 +113,8 @@ BEGIN
[MaxAutoscaleSmServiceAccounts],
[SecretsManagerBeta],
[LimitCollectionCreationDeletion],
[AllowAdminAccessToAllCollectionItems]
[AllowAdminAccessToAllCollectionItems],
[FlexibleCollections]
)
VALUES
(
@@ -169,6 +171,7 @@ BEGIN
@MaxAutoscaleSmServiceAccounts,
@SecretsManagerBeta,
@LimitCollectionCreationDeletion,
@AllowAdminAccessToAllCollectionItems
@AllowAdminAccessToAllCollectionItems,
@FlexibleCollections
)
END

3
src/Sql/dbo/Stored Procedures/Organization_ReadAbilities.sql
View File

@@ -22,7 +22,8 @@ BEGIN
[UsePolicies],
[Enabled],
[LimitCollectionCreationDeletion],
[AllowAdminAccessToAllCollectionItems]
[AllowAdminAccessToAllCollectionItems],
[FlexibleCollections]
FROM
[dbo].[Organization]
END

6
src/Sql/dbo/Stored Procedures/Organization_Update.sql
View File

@@ -52,7 +52,8 @@
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0,
@LimitCollectionCreationDeletion BIT = 1,
@AllowAdminAccessToAllCollectionItems BIT = 1
@AllowAdminAccessToAllCollectionItems BIT = 1,
@FlexibleCollections BIT = 0
AS
BEGIN
SET NOCOUNT ON
@@ -112,7 +113,8 @@ BEGIN
[MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
[SecretsManagerBeta] = @SecretsManagerBeta,
[LimitCollectionCreationDeletion] = @LimitCollectionCreationDeletion,
[AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems
[AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
[FlexibleCollections] = @FlexibleCollections
WHERE
[Id] = @Id
END

1
src/Sql/dbo/Tables/Organization.sql
View File

@@ -53,6 +53,7 @@
[SecretsManagerBeta] BIT NOT NULL CONSTRAINT [DF_Organization_SecretsManagerBeta] DEFAULT (0),
[LimitCollectionCreationDeletion] BIT NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCreationDeletion] DEFAULT (1),
[AllowAdminAccessToAllCollectionItems] BIT NOT NULL CONSTRAINT [DF_Organization_AllowAdminAccessToAllCollectionItems] DEFAULT (1),
[FlexibleCollections] BIT NOT NULL CONSTRAINT [DF_Organization_FlexibleCollections] DEFAULT (0)
CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
);

3
src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
View File

@@ -46,7 +46,8 @@ SELECT
O.[SmSeats],
O.[SmServiceAccounts],
O.[LimitCollectionCreationDeletion],
O.[AllowAdminAccessToAllCollectionItems]
O.[AllowAdminAccessToAllCollectionItems],
O.[FlexibleCollections]
FROM
[dbo].[OrganizationUser] OU
LEFT JOIN