* PM-28616 Add flag UsePhishingBlocker to dbo.Organization
* PM-28616 updated as per comments from claude
* PM-28616 updated ToLicense Method to copy the license file
* PM-28616 allow phishing blocker to be imported via license files for self-hosted
* PM-28616 updated PR comments - added more views to be refreshed
* PM-28616 removed proeprty from constructor as it is not used anymore. We have moved to claims based properties
* Add template properites for Datadog
* Add test and implementation for including User and ActingUser when only the Type is referenced
* Refactored database calls to fetch the user details in a single DB call
* Refactor to use a dedicated stored procedure for Dapper
* Remove TOP 1 from stored procedure
* Accept Claude's optimization of SingleOrDefaultAsync to unify Dapper/EF
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Revert earlier change and add TOP 1 back into stored procedure
* Change go to GO
* Revert back to version that assumes uniqueness, remove TOP 1
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Add policy for blocking account creation from claimed domains.
* dotnet format
* check as part of email verification
* add feature flag
* fix tests
* try to fix dates on database integration tests
* PR feedback from claude
* remove claude local settings
* pr feedback
* format
* fix test
* create or alter
* PR feedback
* PR feedback
* Update src/Core/Constants.cs
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* fix merge issues
* fix tests
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Add changes for initial migration
* Fix the failing Database test
* Fix the failing database test
* Address the pr comments
* revert some change sthat are not
* Address the remaining comments
* Remove unused object
* remove MaxStorageGbIncreased in the views
* refresh commands will ensure all stored procedures
* Fix the typo
* Updated sproc to update account revision date after cipher has been created in collection
* check response from update collection success
* removed the org check
* Update ProviderUserOrganizationDetailsView to include SSO configuration data
* Updated the ProviderUserOrganizationDetailsViewQuery to join with SsoConfigs and select SSO-related fields.
* Modified the SQL view to reflect the inclusion of SSO configuration data.
* Added a new migration script for the updated view structure.
* Add SSO configuration properties to ProviderUserOrganizationDetails model
* Add SSO configuration handling to ProfileProviderOrganizationResponseModel
* Introduced properties for SSO configuration, including SSO enabled status and KeyConnector details.
* Implemented deserialization of SSO configuration data to populate new fields in the response model.
* Add integration tests for ProviderUserRepository.GetManyOrganizationDetailsByUserAsync
* Add BaseUserOrganizationDetails model to encapsulate common properties
* Introduced a new abstract class to define shared properties for organization users and provider organization users
* Add BaseProfileOrganizationResponseModel to encapsulate organization response properties
* Introduced a new abstract class that ensures all properties are fully populated for profile organization responses.
* Update ProviderUserOrganizationDetailsViewQuery to include missing ProviderUserId
* Refactor OrganizationUserOrganizationDetails and ProviderUserOrganizationDetails to inherit from BaseUserOrganizationDetails
* Updated both models to extend BaseUserOrganizationDetails, promoting code reuse and ensure they have the same base properties
* Refactor ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel to inherit from BaseProfileOrganizationResponseModel
* Refactor ProviderUserRepositoryTests to improve organization detail assertions
* Consolidated assertions for organization details into a new method, AssertProviderOrganizationDetails, enhancing code readability and maintainability.
* Updated test cases to verify all relevant properties for organizations with and without SSO configurations.
* Add integration test for GetManyDetailsByUserAsync to verify SSO properties
* Implemented a new test case to ensure that the SSO properties are correctly populated for organizations with and without SSO configurations.
* The test verifies the expected behavior of the method when interacting with the user and organization repositories, including cleanup of created entities after the test execution.
* Add unit tests for ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel
* Introduced tests to validate the constructors of ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel, ensuring that all properties are populated correctly based on the provided organization details.
* Verified expected behavior for both organization and provider models, including SSO configurations and relevant properties.
* Update SyncControllerTests.Get_ProviderPlanTypeProperlyPopulated to nullify SSO configurations in provider user organization details
* Refactor BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel for null safety
Updated properties in BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel to support null safety by introducing nullable types where appropriate.
* Enhance null safety in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails
Updated properties in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails to support null safety by introducing nullable types where appropriate, ensuring better handling of potential null values.
* Move common properties from ProfileOrganizationResponseModel to BaseProfileOrganizationResponseModel
* Refactor organization details: Remove BaseUserOrganizationDetails and introduce IProfileMemberOrganizationDetails interface for improved structure and clarity in organization user data management.
* Enhance OrganizationUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface
* Refactor ProviderUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface
* Refactor ProfileOrganizationResponseModelTests and ProfileProviderOrganizationResponseModelTests: Update constructors to utilize Organization and ProviderUserOrganizationDetails, enhancing property population and test coverage.
* Enhance ProviderUserOrganizationDetails: Add UseResetPassword, UseSecretsManager, and UsePasswordManager properties to the query and SQL views
* Update BaseProfileOrganizationResponseModel documentation: Clarify purpose and usage of organization properties for OrganizationUsers and ProviderUsers.
* Rename ProfileOrganizationResponseModel to ProfileMemberOrganizationResponseModel, update references and update related test names
* Add XML documentation for ProfileMemberOrganizationResponseModel and ProfileProviderOrganizationResponseModel to clarify their purpose and relationships
* Remove unnecessary cleanup code from OrganizationUserRepositoryTests
* Remove unnecessary cleanup code from ProviderUserRepositoryTests
* Rename test method in ProviderUserRepositoryTests to improve clarity on property population
* Add CreateFullOrganization method to ProviderUserRepositoryTests for improved organization setup in tests
* Refactor organization creation in tests to use CreateTestOrganizationAsync for consistency and improved setup
* Rename IProfileMemberOrganizationDetails to IProfileOrganizationDetails
* Rename ProfileMemberOrganizationResponseModel back to ProfileOrganizationResponseModel
* Refactor organization response models to remove Family Sponsorship properties from BaseProfileOrganizationResponseModel and reintroduce them in ProfileOrganizationResponseModel. Update related interfaces and tests accordingly.
* Bump date on migration script
* Update OrganizationUserOrganizationDetailsViewQuery to include UseAutomaticUserConfirmation property
* Add integration tests for GetByUserIdWithPolicyDetailsAsync in OrganizationUserRepository
- Implemented multiple test cases to verify the behavior of GetByUserIdWithPolicyDetailsAsync for different user statuses (Confirmed, Accepted, Invited, Revoked).
- Ensured that the method returns correct policy details based on user status and organization.
- Added tests for scenarios with multiple organizations and non-existing policy types.
- Included checks for provider users and custom user permissions.
These tests enhance coverage and ensure the correctness of policy retrieval logic.
* Add UserProviderAccessView to identify which organizations a user can access as a provider
* Refactor PolicyDetails_ReadByUserId stored procedure to improve user access logic
- Introduced a Common Table Expression (CTE) for organization users to streamline the selection process based on user status and email.
- Added a CTE for providers to enhance clarity and maintainability.
- Updated the main query to utilize the new CTEs, improving readability and performance.
- Ensured that the procedure correctly identifies provider access based on user permissions.
* Refactor OrganizationUser_ReadByUserIdWithPolicyDetails stored procedure to enhance user access logic
- Introduced a Common Table Expression (CTE) for organization users to improve selection based on user status and email.
- Updated the main query to utilize the new CTEs, enhancing readability and performance.
- Adjusted the logic for identifying provider access to ensure accurate policy retrieval based on user permissions.
* Add new SQL migration script to refactor policy details queries
- Created a new view, UserProviderAccessView, to streamline user access to provider organizations.
- Introduced two stored procedures: PolicyDetails_ReadByUserId and OrganizationUser_ReadByUserIdWithPolicyDetails, enhancing the logic for retrieving policy details based on user ID and policy type.
- Utilized Common Table Expressions (CTEs) to improve query readability and performance, ensuring accurate policy retrieval based on user permissions and organization status.
* Remove GetPolicyDetailsByUserIdTests
* Refactor PolicyRequirementQuery to use GetPolicyDetailsByUserIdsAndPolicyType and update unit tests
* Remove GetPolicyDetailsByUserId method from IPolicyRepository and its implementations in PolicyRepository classes
* Revert changes to PolicyDetails_ReadByUserId stored procedure
* Refactor OrganizationUser_ReadByUserIdWithPolicyDetails stored procedure to use UNION instead of OR
* Reduce UserEmail variable size from NVARCHAR(320) to NVARCHAR(256) for consistency in stored procedures
* Bump date on migration script
Adds a Rust SDK for performing seed related cryptograhic operations. It depends on internal portions of our Rust SDK. Primarily parts of the bitwarden-crypto crate.
* Adding AutoConfrim and migrations.
* Add value to Admin Page and update sproc to correct name.
* Correcting license constant.
* Adding feature check back in.
* Fixing sprocs :face_palm:
* Remove Coalesce
* Adding property to plan and model constructor
* Correcting name of column. Cascading change throughout. Updating response models. Updating sprocs and views. Updating migrations
* fixing sproc
* Fixing up license stuff.
* Updating org view
* Code review changes and renames :face_palm:
* Refershing additional views
* Last two fixes.
* Adding SecretVersion table to server
* making the names singular not plural for new table
* removing migration
* fixing migration
* Adding indexes for serviceacct and orguserId
* indexes for sqllite
* fixing migrations
* adding indexes to secretVeriosn.sql
* tests
* removing tests
* adding GO
* Add Microsoft Teams integration
* Fix method naming error
* Expand and clean up unit test coverage
* Update with PR feedback
* Add documentation, add In Progress logic/tests for Teams
* Fixed lowercase Slack
* Added docs; Updated PR suggestions;
* Fix broken tests
* feat: migrate DefaultUserCollection to SharedCollection during user deletion
- Implemented migration of DefaultUserCollection to SharedCollection in EF UserRepository before deleting organization users.
- Updated stored procedures User_DeleteById and User_DeleteByIds to include migration logic.
- Added new migration script for updating stored procedures.
* Add unit test for user deletion and DefaultUserCollection migration
- Implemented a new test to verify the migration of DefaultUserCollection to SharedCollection during user deletion in UserRepository.
- The test ensures that the user is deleted and the associated collection is updated correctly.
* Refactor user deletion process in UserRepository
- Moved migrating DefaultUserCollection to SharedCollection to happen before the deletion of user-related entities.
- Updated the deletion logic to use ExecuteDeleteAsync for improved performance and clarity.
- Ensured that all related entities are removed in a single transaction to maintain data integrity.
* Add unit test for DeleteManyAsync in UserRepository
- Implemented a new test to verify the deletion of multiple users and the migration of their DefaultUserCollections to SharedCollections.
- Ensured that both users are deleted and their associated collections are updated correctly in a single transaction.
* Refactor UserRepositoryTests to use test user creation methods and streamline collection creation
* Ensure changes are saved after deleting users in bulk
* Refactor UserRepository to simplify migration queries and remove unnecessary loops for better performance
* Refactor UserRepository to encapsulate DefaultUserCollection migration logic in a separate method
* Refactor UserRepository to optimize deletion queries by using joins instead of subqueries for improved performance
* Refactor UserRepositoryTest DeleteManyAsync_Works to ensure GroupUser and CollectionUser deletion
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Adding new logging for secrets
* fixing secrest controller tests
* fixing the tests
* Server side changes for adding ProjectId to Event table, adding Project event logging to projectsController
* Rough draft with TODO's need to work on EventRepository.cs, and ProjectRepository.cs
* Undoing changes to make projects soft delete, we want those to be fully deleted still. Adding GetManyTrashedSecretsByIds to secret repo so we can get soft deleted secrets, getSecrets in eventsController takes in orgdId, so that we can check the permission even if the secret was permanently deleted and doesn' thave the org Id set. Adding Secret Perm Deleted, and Restored to event logs
* db changes
* fixing the way we log events
* Trying to undo some manual changes that should have been migrations
* adding migration files
* fixing test
* setting up userid for project controller tests
* adding sql
* sql
* Rename file
* Trying to get it to for sure add the column before we try and update sprocs
* Adding code to refresh the view to include ProjectId I hope
* code improvements
* Suggested changes
* suggested changes
* trying to fix sql issues
* fixing swagger issue
* Update src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Suggested changes
* Adding event logging for machine accounts
* fixing two tests
* trying to fix all tests
* trying to fix tests
* fixing test
* Migrations
* fix
* updating eps
* adding migration
* Adding missing SQL changes
* updating sql
* fixing sql
* running migration again
* fixing sql
* adding query to add grantedSErviceAccountId to event table
* Suggested improvements
* removing more migrations
* more removal
* removing all migrations to them redo them
* redoing migration
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* do not purge ciphers in the default collection
* Update `DeleteByOrganizationId` procedure to be more performant based on PR review feedback
* update EF integration for purge to match new SQL implementation
* update Cipher_DeleteByOrganizationId based on PR feedback from dbops team
* fix(pending-auth-request-view): [PM-25453] Bugfix Auth Requests Multiple Users Same Device - fixed view to allow for multiple users for each device when partitioning for the auth request view.
* PM-23754 initial commit
* pm-23754 fixing controller tests
* pm-23754 adding commands and queries
* pm-23754 adding endpoints, command/queries, repositories, and sql migrations
* pm-23754 add new sql scripts
* PM-23754 adding sql scripts
* pm-23754
* PM-23754 fixing migration script
* PM-23754 fixing migration script again
* PM-23754 fixing migration script validation
* PM-23754 fixing db validation script issue
* PM-23754 fixing endpoint and db validation
* PM-23754 fixing unit tests
* PM-23754 fixing implementation based on comments and tests
* PM-23754 updating logging statements
* PM-23754 making changes based on PR comments.
* updating migration scripts
* removing old migration files
* update code based testing for whole data object for OrganizationReport and add a stored procedure.
* updating services, unit tests, repository tests
* fixing unit tests
* fixing migration script
* fixing migration script again
* fixing migration script
* another fix
* fixing sql file, updating controller to account for different orgIds in the url and body.
* updating error message in controllers without a body
* making a change to the command
* Refactor ReportsController by removing organization reports
The IDropOrganizationReportCommand is no longer needed
* will code based on PR comments.
* fixing unit test
* fixing migration script based on last changes.
* adding another check in endpoint and adding unit tests
* fixing route parameter.
* PM-23754 updating data fields to return just the column
* PM-23754 fixing repository method signatures
* PM-23754 making change to orgId parameter through out code to align with api naming
---------
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* Add SsoEnabled field to OrganizationUserOrganizationDetailsView
- Updated OrganizationUserOrganizationDetailsViewQuery to include SsoEnabled property.
- Modified SQL view to select SsoEnabled from SsoConfig.
- Created migration script to alter the view and refresh dependent views.
* Enhance OrganizationUserRepositoryTests to include SSO configuration
- Added ISsoConfigRepository dependency to GetManyDetailsByUserAsync test.
- Created SsoConfigurationData instance and integrated SSO configuration checks in assertions.
- Updated tests to validate SSO-related properties in the response model.
* Add SSO properties to ProfileOrganizationResponseModel and OrganizationUserOrganizationDetails
- Introduced SsoEnabled and SsoMemberDecryptionType fields in ProfileOrganizationResponseModel.
- Added SsoEnabled property to OrganizationUserOrganizationDetails for enhanced SSO configuration support.
If user cleanly follow install instructions Setup app will create nginx
`default.conf` (and other files) with `644` permission owned by
`bitwarden:bitwarden`.
During Nginx entrypoint script it copies generated `default.conf` to
`/etc/nginx/conf.d/` but without `-p` flag new file permissions would be
`root:root 644`.
Then during startup Nginx will start as `bitwarden` user, which will not
cause any issues by itself as `default.conf` is still readable by the
world.
The issue is that for some reason some users have their Nginx config
file (or sometimes even entire `bwdata` recursively) have `600` or `700`
permissions. In this case Nginx will fail to start due to `default.conf`
not readable by `bitwarden` user.
I assume that root cause is that some users mistakenly run `sudo chmod
-R 700 /opt/bitwarden` from Linux installation guide after they have run
`./bitwarden.sh install`. Or maybe some older version of Setup app where
creating `default.conf` with `600` permissions and users are using very
legacy installations.
Whatever may be the case I do not see any harm with copying with `-p` it
even looks to me that this was the intended behavior. This will both fix
the issue for mentioned users and preserve permission structure aligned
with other files.
* Adding new logging for secrets
* fixing secrest controller tests
* fixing the tests
* Server side changes for adding ProjectId to Event table, adding Project event logging to projectsController
* Rough draft with TODO's need to work on EventRepository.cs, and ProjectRepository.cs
* Undoing changes to make projects soft delete, we want those to be fully deleted still. Adding GetManyTrashedSecretsByIds to secret repo so we can get soft deleted secrets, getSecrets in eventsController takes in orgdId, so that we can check the permission even if the secret was permanently deleted and doesn' thave the org Id set. Adding Secret Perm Deleted, and Restored to event logs
* db changes
* fixing the way we log events
* Trying to undo some manual changes that should have been migrations
* adding migration files
* fixing test
* setting up userid for project controller tests
* adding sql
* sql
* Rename file
* Trying to get it to for sure add the column before we try and update sprocs
* Adding code to refresh the view to include ProjectId I hope
* code improvements
* Suggested changes
* suggested changes
* trying to fix sql issues
* fixing swagger issue
* Update src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Suggested changes
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* migrate default collection to a shared collection when users are removed
* remove redundant logic
* fix test
* fix tests
* fix test
* clean up
* add migrations
* run dotnet format
* clean up, refactor duplicate logic to sproc, wip integration test
* fix sql
* add migration for new sproc
* integration test wip
* integration test wip
* integration test wip
* integration test wip
* fix integration test LINQ expression
* fix using wrong Id
* wip integration test for DeleteManyAsync
* fix LINQ
* only set DefaultUserEmail when it is null in sproc
* check for null
* spelling, separate create and update request models
* fix test
* fix child class
* refactor sproc
* clean up
* more cleanup
* fix tests
* fix user email
* remove unneccesary test
* add DefaultUserCollectionEmail to EF query
* fix test
* fix EF logic to match sprocs
* clean up logic
* cleanup
* add metrics endpoint for an organization to return completed and total security tasks
* refactor metrics fetch to use sql sproc for efficiency rather than having to pull all security task data
* add separate response model for security task metrics endpoint
* Pascal Case to match existing implementations
* refactor org to organization for consistency with other methods
* alter security task endpoint:
- remove "count" from variable naming
- update sproc naming
* remove enablement check
* replace orgId with organizationId
* Adding job to update stripe subscriptions and increment seat count when inviting a user.
* Updating name
* Added ef migrations
* Fixing script
* Fixing procedures. Added repo tests.
* Fixed set stored procedure. Fixed parameter name.
* Added tests for database calls and updated stored procedures
* Fixed build for sql file.
* fixing sproc
* File is nullsafe
* Adding view to select from instead of table.
* Updating UpdateSubscriptionStatus to use a CTE and do all the updates in 1 statement.
* Setting revision date when incrementing seat count
* Added feature flag check for the background job.
* Fixing nullable property.
* Removing new table and just adding the column to org. Updating to query and command. Updated tests.
* Adding migration script rename
* Add SyncSeats to Org.sql def
* Adding contraint name
* Removing old table files.
* Added tests
* Upped the frequency to be at the top of every 3rd hour.
* Updating error message.
* Removing extension method
* Changed to GuidIdArray
* Added xml doc and switched class to record
* feat: exclude DefaultUserCollection from GetManyByOrganizationIdWithPermissionsAsync
Updated EF implementation, SQL procedure, and unit test to verify that default user collections are filtered from results
* Update the public CollectionsController.Get method to return a NotFoundResult for collections of type DefaultUserCollection.
* Add unit tests for the public CollectionsController
* Update ICollectionRepository.GetManyByOrganizationIdAsync to exclude results of the type DefaultUserCollection
Modified the SQL stored procedure and the EF query to reflect this change and added a new integration test to ensure the functionality works as expected.
* Refactor CollectionsController to remove unused IApplicationCacheService dependency
* Update IOrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to exclude DefaultUserCollections
* Update IOrganizationUserRepository.GetManyDetailsByOrganizationAsync to exclude DefaultUserCollections
* Undo change to GetByIdWithCollectionsAsync
* Update integration test to verify exclusion of DefaultUserCollection in OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync
* Clarify documentation in ICollectionRepository to specify that GetManyByOrganizationIdWithAccessAsync returns only shared collections belonging to the organization.
* Update IOrganizationUserRepository.ReplaceAsync to preserve existing access to collections of the type DefaultUserCollection
* Refactor ICollectionRepository.GetManyByOrganizationIdAsync logic to include default user collections
* Add stored procedure Collection_ReadSharedCollectionsByOrganizationId to retrieve collections by organization ID, excluding default user collections.
* Add GetManySharedCollectionsByOrganizationIdAsync method to ICollectionRepository and its implementations to retrieve collections excluding default user collections.
* Add unit test for GetManySharedCollectionsByOrganizationIdAsync method in CollectionRepositoryTests to verify retrieval of collections excluding default user collections.
* Refactor controllers to use GetManySharedCollectionsByOrganizationIdAsync for retrieving shared collections
* Update unit tests to use GetManySharedCollectionsByOrganizationIdAsync for verifying shared collections retrieval
* Revert CiphersController.CanEditItemsInCollections to use GetManyByOrganizationIdAsync for retrieving organization collections
* Update stored procedures to retrieve only DefaultUserCollection by modifying the WHERE clause in Collection_ReadSharedCollectionsByOrganizationId.sql and its corresponding migration script.
* Update EF CollectionRepository.GetManySharedCollectionsByOrganizationIdAsync to filter collections by SharedCollection
* Update OrganizationUserRepository.GetManyDetailsByOrganizationAsync_vNext to only include Shared collections
* Update comments in stored procedure and migration script to clarify filtering for SharedCollections only
