mirror of
https://github.com/bitwarden/server
synced 2026-01-06 18:43:36 +00:00
3573aee2ef
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037)
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem
- Add a helper method to determine the appropriate addon type based on the subscription items StripeId
* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId
* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct
* Add SecretsManagerBilling feature flag to Constants
* [AC 1409] Secrets Manager Subscription Stripe Integration (#3019)
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Changes for secret manager signup and upgradeplan
* Changes for secrets manager signup and upgrade
* refactoring the code
* Format whitespace
* remove unnecessary using directive
* Resolve the PR comment on Subscription creation
* Resolve PR comment
* Add password manager to the error message
* Add UseSecretsManager to the event log
* Resolve PR comment on plan validation
* Resolving pr comments for service account count
* Resolving pr comments for service account count
* Resolve the pr comments
* Remove the store procedure that is no-longer needed
* Rename a property properly
* Resolving the PR comment
* Resolve PR comments
* Resolving PR comments
* Resolving the Pr comments
* Resolving some PR comments
* Resolving the PR comments
* Resolving the build identity build
* Add additional Validation
* Resolve the Lint issues
* remove unnecessary using directive
* Remove the white spaces
* Adding unit test for the stripe payment
* Remove the incomplete test
* Fixing the failing test
* Fix the failing test
* Fix the fail test on organization service
* Fix the failing unit test
* Fix the whitespace format
* Fix the failing test
* Fix the whitespace format
* resolve pr comments
* Fix the lint message
* Resolve the PR comments
* resolve pr comments
* Resolve pr comments
* Resolve the pr comments
* remove unused code
* Added for sm validation test
* Fix the whitespace format issues
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update
* SM-802: Run EF Migrations for SecretsManagerBeta
* SM-802: Update the two Org procs and View, and move data migration to a separate file
* SM-802: Add missing comma to Organization_Create
* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055)
* SM-802: Remove extra GO statement from data migration script
* [AC 1460] Update Stripe Configuration (#3070)
* change the stripeseat id
* change service accountId to align with new product
* make all the Id name for consistent
* SM-802: Add SecretsManagerBeta to OrganizationResponseModel
* SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.
* SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes
* [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036)
* Create UpgradeSecretsManagerSubscription command
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* SM-802: Remove SecretsManagerBetaColumn migration
* SM-802: Add SecretsManagerBetaColumn migration
* SM-802: Remove OrganizationUserOrganizationDetailsView update
* [AC-1495] Extract UpgradePlanAsync into a command (#3081)
* This is a pure lift & shift with no refactors
* Only register subscription commands in Api
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
* [AC-1503] Fix Stripe integration on organization upgrade (#3084)
* Fix SM parameters not being passed to Stripe
* Fix flaky test
* Fix error message
* [AC-1504] Allow SM max autoscale limits to be disabled (#3085)
* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086)
* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089)
* Revert changes to ReferenceEvent code (#3091)
* Revert changes to ReferenceEvent code
This will be done in AC-1481
* Revert ReferenceEventType change
* Move NoopServiceAccountRepository to SM and update namespace
* [AC-1462] Add secrets manager service accounts autoscaling commands (#3059)
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Changes for secret manager signup and upgradeplan
* Changes for secrets manager signup and upgrade
* refactoring the code
* Format whitespace
* remove unnecessary using directive
* Changes for subscription Update
* Update the seatAdjustment and update
* Resolve the PR comment on Subscription creation
* Resolve PR comment
* Add password manager to the error message
* Add UseSecretsManager to the event log
* Resolve PR comment on plan validation
* Resolving pr comments for service account count
* Resolving pr comments for service account count
* Resolve the pr comments
* Remove the store procedure that is no-longer needed
* Add a new class for update subscription
* Modify the Update subscription for sm
* Add the missing property
* Rename a property properly
* Resolving the PR comment
* Resolve PR comments
* Resolving PR comments
* Resolving the Pr comments
* Resolving some PR comments
* Resolving the PR comments
* Resolving the build identity build
* Add additional Validation
* Resolve the Lint issues
* remove unnecessary using directive
* Remove the white spaces
* Adding unit test for the stripe payment
* Remove the incomplete test
* Fixing the failing test
* Fix the failing test
* Fix the fail test on organization service
* Fix the failing unit test
* Fix the whitespace format
* Fix the failing test
* Fix the whitespace format
* resolve pr comments
* Fix the lint message
* refactor the code
* Fix the failing Test
* adding a new endpoint
* Remove the unwanted code
* Changes for Command and Queries
* changes for command and queries
* Fix the Lint issues
* Fix imports ordering
* Resolve the PR comments
* resolve pr comments
* Resolve pr comments
* Fix the failing test on adjustSeatscommandtests
* Fix the failing test
* Fix the whitespaces
* resolve failing test
* rename a property
* Resolve the pr comments
* refactoring the existing implementation
* Resolve the whitespaces format issue
* Resolve the pr comments
* [AC-1462] Created IAvailableServiceAccountsQuery along its implementation and with unit tests
* [AC-1462] Renamed ICountNewServiceAccountSlotsRequiredQuery
* [AC-1462] Added IAutoscaleServiceAccountsCommand and implementation
* Add more unit testing
* fix the whitespaces issues
* [AC-1462] Added unit tests for AutoscaleServiceAccountsCommand
* Add more unit test
* Remove unnecessary directive
* Resolve some pr comments
* Adding more unit test
* adding more test
* add more test
* Resolving some pr comments
* Resolving some pr comments
* Resolving some pr comments
* resolve some pr comments
* Resolving pr comments
* remove whitespaces
* remove white spaces
* Resolving pr comments
* resolving pr comments and fixing white spaces
* resolving the lint error
* Run dotnet format
* resolving the pr comments
* Add a missing properties to plan response model
* Add the email sender for sm seat and service acct
* Add the email sender for sm seat and service acct
* Fix the failing test after email sender changes
* Add staticstorewrapper to properly test the plans
* Add more test and validate the existing test
* Fix the white spaces issues
* Remove staticstorewrapper and fix the test
* fix a null issue on autoscaling
* Suggestion: do all seat calculations in update model
* Resolve some pr comments
* resolving some pr comments
* Return value is unnecessary
* Resolve the failing test
* resolve pr comments
* Resolve the pr comments
* Resolving admin api failure and adding more test
* Resolve the issue failing admin project
* Fixing the failed test
* Clarify naming and add comments
* Clarify naming conventions
* Dotnet format
* Fix the failing dependency
* remove similar test
* [AC-1462] Rewrote AutoscaleServiceAccountsCommand to use UpdateSecretsManagerSubscriptionCommand which has the same logic
* [AC-1462] Deleted IAutoscaleServiceAccountsCommand as the logic will be moved to UpdateSecretsManagerSubscriptionCommand
* [AC-1462] Created method AdjustSecretsManagerServiceAccountsAsync
* [AC-1462] Changed SecretsManagerSubscriptionUpdate to only be set by its constructor
* [AC-1462] Added check to CountNewServiceAccountSlotsRequiredQuery and revised unit tests
* [AC-1462] Revised logic for CountNewServiceAccountSlotsRequiredQuery and fixed unit tests
* [AC-1462] Changed SecretsManagerSubscriptionUpdate to receive Organization as a parameter and fixed the unit tests
* [AC-1462] Renamed IUpdateSecretsManagerSubscriptionCommand methods UpdateSubscriptionAsync and AdjustServiceAccountsAsync
* [AC-1462] Rewrote unit test UpdateSubscriptionAsync_ValidInput_Passes
* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection
* [AC-1462] Added parameter names to SecretsManagerSubscriptionUpdateRequestModel
* [AC-1462] Updated SecretsManagerSubscriptionUpdate logic to handle null parameters. Revised the unit tests to test null values
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Add UsePasswordManager to sync data (#3114)
* [AC-1522] Fix service account check on upgrading (#3111)
* Resolved the checkmarx issues
* [AC-1521] Address checkmarx security feedback (#3124)
* Reinstate target attribute but add noopener noreferrer
* Update date on migration script
* Remove unused constant
* Revert "Remove unused constant"
This reverts commit 4fcb9da4d6.
This is required to make feature flags work on the client
* [AC-1458] Add Endpoint And Service Logic for secrets manager to existing subscription (#3087)
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* Remove duplicate migrations from incorrectly resolved merge
* [AC-1468] Modified CountNewServiceAccountSlotsRequiredQuery to return zero if organization has SecretsManagerBeta == true (#3112)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* [Ac 1563] Unable to load billing and subscription related pages for non-enterprise organizations (#3138)
* Resolve the failing family plan
* resolve issues
* Resolve code related pr comments
* Resolve test related comments
* Resolving or comments
* [SM-809] Add service account slot limit check (#3093)
* Add service account slot limit check
* Add query to DI
* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection
* remove duplicate DI entry
* Update unit tests
* Remove comment
* Code review updates
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* [AC-1461] Secrets manager seat autoscaling (#3121)
* Add autoscaling code to invite user, save user, and bulk enable SM
flows
* Add tests
* Delete command for BulkEnableSecretsManager
* circular dependency between OrganizationService and
UpdateSecretsManagerSubscriptionCommand - fixed by temporarily
duplicating ReplaceAndUpdateCache
* Unresolvable dependencies in other services - fixed by temporarily
registering noop services and moving around some DI code
All should be resolved in PM-1880
* Refactor: improve the update object and use it to adjust values,
remove excess interfaces on the command
* Handle autoscaling-specific errors
---------
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Move bitwarden_license include reference into conditional block
* [AC 1526]Show current SM seat and service account usage in Bitwarden Portal (#3142)
* changes base on the tickets request
* Code refactoring
* Removed the unwanted method
* Add implementation to the new method
* Resolve some pr comments
* resolve lint issue
* resolve pr comments
* add the new noop files
* Add new noop file and resolve some pr comments
* resolve pr comments
* removed unused method
---------
Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
232 lines
8.1 KiB
C#
232 lines
8.1 KiB
C#
using System.Globalization;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using AspNetCoreRateLimit;
|
|
using Bit.Core;
|
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
|
using Bit.Core.Context;
|
|
using Bit.Core.SecretsManager.Repositories;
|
|
using Bit.Core.SecretsManager.Repositories.Noop;
|
|
using Bit.Core.Settings;
|
|
using Bit.Core.Utilities;
|
|
using Bit.Identity.Utilities;
|
|
using Bit.SharedWeb.Utilities;
|
|
using IdentityServer4.Extensions;
|
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
|
using Microsoft.IdentityModel.Logging;
|
|
using Microsoft.OpenApi.Models;
|
|
|
|
namespace Bit.Identity;
|
|
|
|
public class Startup
|
|
{
|
|
public Startup(IWebHostEnvironment env, IConfiguration configuration)
|
|
{
|
|
CultureInfo.DefaultThreadCurrentCulture = new CultureInfo("en-US");
|
|
Configuration = configuration;
|
|
Environment = env;
|
|
}
|
|
|
|
public IConfiguration Configuration { get; private set; }
|
|
public IWebHostEnvironment Environment { get; set; }
|
|
|
|
public void ConfigureServices(IServiceCollection services)
|
|
{
|
|
// Options
|
|
services.AddOptions();
|
|
|
|
// Settings
|
|
var globalSettings = services.AddGlobalSettingsServices(Configuration, Environment);
|
|
if (!globalSettings.SelfHosted)
|
|
{
|
|
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
|
|
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
|
|
}
|
|
|
|
// Data Protection
|
|
services.AddCustomDataProtectionServices(Environment, globalSettings);
|
|
|
|
// Repositories
|
|
services.AddDatabaseRepositories(globalSettings);
|
|
|
|
// Context
|
|
services.AddScoped<ICurrentContext, CurrentContext>();
|
|
services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
|
|
|
|
// Caching
|
|
services.AddMemoryCache();
|
|
services.AddDistributedCache(globalSettings);
|
|
|
|
// Mvc
|
|
services.AddMvc(config =>
|
|
{
|
|
config.Filters.Add(new ModelStateValidationFilterAttribute());
|
|
});
|
|
|
|
services.AddSwaggerGen(c =>
|
|
{
|
|
c.SwaggerDoc("v1", new OpenApiInfo { Title = "Bitwarden Identity", Version = "v1" });
|
|
});
|
|
|
|
if (!globalSettings.SelfHosted)
|
|
{
|
|
services.AddIpRateLimiting(globalSettings);
|
|
}
|
|
|
|
// Cookies
|
|
if (Environment.IsDevelopment())
|
|
{
|
|
services.Configure<CookiePolicyOptions>(options =>
|
|
{
|
|
options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
|
|
options.OnAppendCookie = ctx =>
|
|
{
|
|
ctx.CookieOptions.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
|
|
};
|
|
});
|
|
}
|
|
|
|
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
|
|
|
|
// Authentication
|
|
services
|
|
.AddDistributedIdentityServices(globalSettings)
|
|
.AddAuthentication()
|
|
.AddCookie(AuthenticationSchemes.BitwardenExternalCookieAuthenticationScheme)
|
|
.AddOpenIdConnect("sso", "Single Sign On", options =>
|
|
{
|
|
options.Authority = globalSettings.BaseServiceUri.InternalSso;
|
|
options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
|
|
globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
|
|
options.ClientId = "oidc-identity";
|
|
options.ClientSecret = globalSettings.OidcIdentityClientKey;
|
|
options.ResponseMode = "form_post";
|
|
|
|
options.SignInScheme = AuthenticationSchemes.BitwardenExternalCookieAuthenticationScheme;
|
|
options.ResponseType = "code";
|
|
options.SaveTokens = false;
|
|
options.GetClaimsFromUserInfoEndpoint = true;
|
|
|
|
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
|
|
{
|
|
OnRedirectToIdentityProvider = context =>
|
|
{
|
|
// Pass domain_hint onto the sso idp
|
|
context.ProtocolMessage.DomainHint = context.Properties.Items["domain_hint"];
|
|
context.ProtocolMessage.Parameters.Add("organizationId", context.Properties.Items["organizationId"]);
|
|
if (context.Properties.Items.ContainsKey("user_identifier"))
|
|
{
|
|
context.ProtocolMessage.SessionState = context.Properties.Items["user_identifier"];
|
|
}
|
|
|
|
if (context.Properties.Parameters.Count > 0 &&
|
|
context.Properties.Parameters.TryGetValue(SsoTokenable.TokenIdentifier, out var tokenValue))
|
|
{
|
|
var token = tokenValue?.ToString() ?? "";
|
|
context.ProtocolMessage.Parameters.Add(SsoTokenable.TokenIdentifier, token);
|
|
}
|
|
return Task.FromResult(0);
|
|
}
|
|
};
|
|
});
|
|
|
|
// IdentityServer
|
|
services.AddCustomIdentityServerServices(Environment, globalSettings);
|
|
|
|
// Identity
|
|
services.AddCustomIdentityServices(globalSettings);
|
|
|
|
// Services
|
|
services.AddBaseServices(globalSettings);
|
|
services.AddDefaultServices(globalSettings);
|
|
services.AddCoreLocalizationServices();
|
|
|
|
// TODO: Remove when OrganizationUser methods are moved out of OrganizationService, this noop dependency should
|
|
// TODO: no longer be required - see PM-1880
|
|
services.AddScoped<IServiceAccountRepository, NoopServiceAccountRepository>();
|
|
|
|
if (CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ConnectionString) &&
|
|
CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ApplicationCacheTopicName))
|
|
{
|
|
services.AddHostedService<Core.HostedServices.ApplicationCacheHostedService>();
|
|
}
|
|
|
|
// HttpClients
|
|
services.AddHttpClient("InternalSso", client =>
|
|
{
|
|
client.BaseAddress = new Uri(globalSettings.BaseServiceUri.InternalSso);
|
|
});
|
|
}
|
|
|
|
public void Configure(
|
|
IApplicationBuilder app,
|
|
IWebHostEnvironment env,
|
|
IHostApplicationLifetime appLifetime,
|
|
GlobalSettings globalSettings,
|
|
ILogger<Startup> logger)
|
|
{
|
|
IdentityModelEventSource.ShowPII = true;
|
|
|
|
app.UseSerilog(env, appLifetime, globalSettings);
|
|
|
|
// Add general security headers
|
|
app.UseMiddleware<SecurityHeadersMiddleware>();
|
|
|
|
if (!env.IsDevelopment())
|
|
{
|
|
var uri = new Uri(globalSettings.BaseServiceUri.Identity);
|
|
app.Use(async (ctx, next) =>
|
|
{
|
|
ctx.SetIdentityServerOrigin($"{uri.Scheme}://{uri.Host}");
|
|
await next();
|
|
});
|
|
}
|
|
|
|
if (globalSettings.SelfHosted)
|
|
{
|
|
app.UsePathBase("/identity");
|
|
app.UseForwardedHeaders(globalSettings);
|
|
}
|
|
|
|
// Default Middleware
|
|
app.UseDefaultMiddleware(env, globalSettings);
|
|
|
|
if (!globalSettings.SelfHosted)
|
|
{
|
|
// Rate limiting
|
|
app.UseMiddleware<CustomIpRateLimitMiddleware>();
|
|
}
|
|
|
|
if (env.IsDevelopment())
|
|
{
|
|
app.UseSwagger();
|
|
app.UseDeveloperExceptionPage();
|
|
app.UseCookiePolicy();
|
|
}
|
|
|
|
// Add localization
|
|
app.UseCoreLocalization();
|
|
|
|
// Add static files to the request pipeline.
|
|
app.UseStaticFiles();
|
|
|
|
// Add routing
|
|
app.UseRouting();
|
|
|
|
// Add Cors
|
|
app.UseCors(policy => policy.SetIsOriginAllowed(o => CoreHelpers.IsCorsOriginAllowed(o, globalSettings))
|
|
.AllowAnyMethod().AllowAnyHeader().AllowCredentials());
|
|
|
|
// Add current context
|
|
app.UseMiddleware<CurrentContextMiddleware>();
|
|
|
|
// Add IdentityServer to the request pipeline.
|
|
app.UseIdentityServer();
|
|
|
|
// Add Mvc stuff
|
|
app.UseEndpoints(endpoints => endpoints.MapDefaultControllerRoute());
|
|
|
|
// Log startup
|
|
logger.LogInformation(Constants.BypassFiltersEventId, globalSettings.ProjectName + " started.");
|
|
}
|
|
}
|