mirror of
https://github.com/bitwarden/server
synced 2026-01-01 08:03:23 +00:00
9d59e4dc9e
* [AC-1637] Added HtmlEncodingStringConverter to encode/decode special chars on JSON serialization/deserialization
* [AC-1637] Added unit tests for HtmlEncodingStringConverter
* [AC-1637] Moved expected values on unit tests to the arrange phase
* [AC-1637] Added HtmlEncodingStringConverter to properties that are for input/output of Org Name and Business name
* [AC-1637] Modified views in Admin project to decode values to display
* [AC-1637] Replaced Html.Raw with HttpUtility.HtmlDecode
* [AC-1637] Added JsonConverter to Provider DTOs
* [AC-1637] Modified HandlebarsMailService to decode organization name before sending emails
* Revert "[AC-1637] Added JsonConverter to Provider DTOs"
This reverts commit 94d507cf93.
* [AC-1637] Fixed Admin panel organization search
* [AC-1637] Sanitizing Organization name and business name on creation in Admin panel
* [AC-1637] Sanitizing organization name and business name on creation by a provider
* [AC-1637] Sanitizing provider name on creation and on viewing in admin panel
* [AC-1637] Added sanitization to more places where Org name is used
* [AC-1637] Swapped using HttpUtility for WebUtility since the later is part of the dotnet framework
* [AC-1637] Updated error messages
* [AC-1637] Decoding on Admin panel add existing organization
* [AC-1637] Fix HTML decoding issues
* [AC-1637] Refactor HTML decoding in View and Model classes on Admin panel
* [AC-1637] Refactor provider name and business name usages to use methods that output decoded values
* [AC-1637] Fixed typo
* [AC-1637] Renamed Provider methods to retrieve Decoded Name and BusinessName
* [AC-1637] Renamed Organization methods to retrieve Decoded Name and BusinessName
* [AC-1637] Update the display name method in the `ProviderOrganizationOrganizationDetails` class to `DisplayName()`
310 lines
9.7 KiB
C#
310 lines
9.7 KiB
C#
using System.ComponentModel.DataAnnotations;
|
|
using System.Net;
|
|
using System.Text.Json;
|
|
using Bit.Core.Auth.Enums;
|
|
using Bit.Core.Auth.Models;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Models.Business;
|
|
using Bit.Core.Tools.Entities;
|
|
using Bit.Core.Utilities;
|
|
|
|
namespace Bit.Core.AdminConsole.Entities;
|
|
|
|
public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable, IReferenceable
|
|
{
|
|
private Dictionary<TwoFactorProviderType, TwoFactorProvider> _twoFactorProviders;
|
|
|
|
public Guid Id { get; set; }
|
|
[MaxLength(50)]
|
|
public string Identifier { get; set; }
|
|
/// <summary>
|
|
/// This value is HTML encoded. For display purposes use the method DisplayName() instead.
|
|
/// </summary>
|
|
[MaxLength(50)]
|
|
public string Name { get; set; }
|
|
/// <summary>
|
|
/// This value is HTML encoded. For display purposes use the method DisplayBusinessName() instead.
|
|
/// </summary>
|
|
[MaxLength(50)]
|
|
public string BusinessName { get; set; }
|
|
[MaxLength(50)]
|
|
public string BusinessAddress1 { get; set; }
|
|
[MaxLength(50)]
|
|
public string BusinessAddress2 { get; set; }
|
|
[MaxLength(50)]
|
|
public string BusinessAddress3 { get; set; }
|
|
[MaxLength(2)]
|
|
public string BusinessCountry { get; set; }
|
|
[MaxLength(30)]
|
|
public string BusinessTaxNumber { get; set; }
|
|
[MaxLength(256)]
|
|
public string BillingEmail { get; set; }
|
|
[MaxLength(50)]
|
|
public string Plan { get; set; }
|
|
public PlanType PlanType { get; set; }
|
|
public int? Seats { get; set; }
|
|
public short? MaxCollections { get; set; }
|
|
public bool UsePolicies { get; set; }
|
|
public bool UseSso { get; set; }
|
|
public bool UseKeyConnector { get; set; }
|
|
public bool UseScim { get; set; }
|
|
public bool UseGroups { get; set; }
|
|
public bool UseDirectory { get; set; }
|
|
public bool UseEvents { get; set; }
|
|
public bool UseTotp { get; set; }
|
|
public bool Use2fa { get; set; }
|
|
public bool UseApi { get; set; }
|
|
public bool UseResetPassword { get; set; }
|
|
public bool UseSecretsManager { get; set; }
|
|
public bool SelfHost { get; set; }
|
|
public bool UsersGetPremium { get; set; }
|
|
public bool UseCustomPermissions { get; set; }
|
|
public long? Storage { get; set; }
|
|
public short? MaxStorageGb { get; set; }
|
|
public GatewayType? Gateway { get; set; }
|
|
[MaxLength(50)]
|
|
public string GatewayCustomerId { get; set; }
|
|
[MaxLength(50)]
|
|
public string GatewaySubscriptionId { get; set; }
|
|
public string ReferenceData { get; set; }
|
|
public bool Enabled { get; set; } = true;
|
|
[MaxLength(100)]
|
|
public string LicenseKey { get; set; }
|
|
public string PublicKey { get; set; }
|
|
public string PrivateKey { get; set; }
|
|
public string TwoFactorProviders { get; set; }
|
|
public DateTime? ExpirationDate { get; set; }
|
|
public DateTime CreationDate { get; set; } = DateTime.UtcNow;
|
|
public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
|
|
public int? MaxAutoscaleSeats { get; set; } = null;
|
|
public DateTime? OwnersNotifiedOfAutoscaling { get; set; } = null;
|
|
public OrganizationStatusType Status { get; set; }
|
|
public bool UsePasswordManager { get; set; }
|
|
public int? SmSeats { get; set; }
|
|
public int? SmServiceAccounts { get; set; }
|
|
public int? MaxAutoscaleSmSeats { get; set; }
|
|
public int? MaxAutoscaleSmServiceAccounts { get; set; }
|
|
/// <summary>
|
|
/// Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
|
|
/// </summary>
|
|
public bool LimitCollectionCreationDeletion { get; set; }
|
|
/// <summary>
|
|
/// Refers to the ability for an organization to limit owner/admin access to all collection items
|
|
/// <remarks>
|
|
/// True: Owner/admins can access all items belonging to any collections
|
|
/// False: Owner/admins can only access items for collections they are assigned
|
|
/// </remarks>
|
|
/// </summary>
|
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
|
/// <summary>
|
|
/// True if the organization is using the Flexible Collections permission changes, false otherwise.
|
|
/// For existing organizations, this must only be set to true once data migrations have been run for this organization.
|
|
/// </summary>
|
|
public bool FlexibleCollections { get; set; }
|
|
|
|
public void SetNewId()
|
|
{
|
|
if (Id == default(Guid))
|
|
{
|
|
Id = CoreHelpers.GenerateComb();
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns the name of the organization, HTML decoded ready for display.
|
|
/// </summary>
|
|
public string DisplayName()
|
|
{
|
|
return WebUtility.HtmlDecode(Name);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns the business name of the organization, HTML decoded ready for display.
|
|
/// </summary>
|
|
public string DisplayBusinessName()
|
|
{
|
|
return WebUtility.HtmlDecode(BusinessName);
|
|
}
|
|
|
|
public string BillingEmailAddress()
|
|
{
|
|
return BillingEmail?.ToLowerInvariant()?.Trim();
|
|
}
|
|
|
|
public string BillingName()
|
|
{
|
|
return DisplayBusinessName();
|
|
}
|
|
|
|
public string SubscriberName()
|
|
{
|
|
return DisplayName();
|
|
}
|
|
|
|
public string BraintreeCustomerIdPrefix()
|
|
{
|
|
return "o";
|
|
}
|
|
|
|
public string BraintreeIdField()
|
|
{
|
|
return "organization_id";
|
|
}
|
|
|
|
public string BraintreeCloudRegionField()
|
|
{
|
|
return "region";
|
|
}
|
|
|
|
public string GatewayIdField()
|
|
{
|
|
return "organizationId";
|
|
}
|
|
|
|
public bool IsOrganization() => true;
|
|
|
|
public bool IsUser()
|
|
{
|
|
return false;
|
|
}
|
|
|
|
public string SubscriberType()
|
|
{
|
|
return "Organization";
|
|
}
|
|
|
|
public bool IsExpired() => ExpirationDate.HasValue && ExpirationDate.Value <= DateTime.UtcNow;
|
|
|
|
public long StorageBytesRemaining()
|
|
{
|
|
if (!MaxStorageGb.HasValue)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
return StorageBytesRemaining(MaxStorageGb.Value);
|
|
}
|
|
|
|
public long StorageBytesRemaining(short maxStorageGb)
|
|
{
|
|
var maxStorageBytes = maxStorageGb * 1073741824L;
|
|
if (!Storage.HasValue)
|
|
{
|
|
return maxStorageBytes;
|
|
}
|
|
|
|
return maxStorageBytes - Storage.Value;
|
|
}
|
|
|
|
public Dictionary<TwoFactorProviderType, TwoFactorProvider> GetTwoFactorProviders()
|
|
{
|
|
if (string.IsNullOrWhiteSpace(TwoFactorProviders))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
try
|
|
{
|
|
if (_twoFactorProviders == null)
|
|
{
|
|
_twoFactorProviders =
|
|
JsonHelpers.LegacyDeserialize<Dictionary<TwoFactorProviderType, TwoFactorProvider>>(
|
|
TwoFactorProviders);
|
|
}
|
|
|
|
return _twoFactorProviders;
|
|
}
|
|
catch (JsonException)
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
|
|
public void SetTwoFactorProviders(Dictionary<TwoFactorProviderType, TwoFactorProvider> providers)
|
|
{
|
|
if (!providers.Any())
|
|
{
|
|
TwoFactorProviders = null;
|
|
_twoFactorProviders = null;
|
|
return;
|
|
}
|
|
|
|
TwoFactorProviders = JsonHelpers.LegacySerialize(providers, JsonHelpers.LegacyEnumKeyResolver);
|
|
_twoFactorProviders = providers;
|
|
}
|
|
|
|
public bool TwoFactorProviderIsEnabled(TwoFactorProviderType provider)
|
|
{
|
|
var providers = GetTwoFactorProviders();
|
|
if (providers == null || !providers.ContainsKey(provider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return providers[provider].Enabled && Use2fa;
|
|
}
|
|
|
|
public bool TwoFactorIsEnabled()
|
|
{
|
|
var providers = GetTwoFactorProviders();
|
|
if (providers == null)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return providers.Any(p => (p.Value?.Enabled ?? false) && Use2fa);
|
|
}
|
|
|
|
public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
|
|
{
|
|
var providers = GetTwoFactorProviders();
|
|
if (providers == null || !providers.ContainsKey(provider))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
return providers[provider];
|
|
}
|
|
|
|
public void UpdateFromLicense(OrganizationLicense license)
|
|
{
|
|
// The following properties are intentionally excluded from being updated:
|
|
// - Id - self-hosted org will have its own unique Guid
|
|
// - MaxStorageGb - not enforced for self-hosted because we're not providing the storage
|
|
// - FlexibleCollections - the self-hosted organization must do its own data migration to set this property, it cannot be updated from cloud
|
|
|
|
Name = license.Name;
|
|
BusinessName = license.BusinessName;
|
|
BillingEmail = license.BillingEmail;
|
|
PlanType = license.PlanType;
|
|
Seats = license.Seats;
|
|
MaxCollections = license.MaxCollections;
|
|
UseGroups = license.UseGroups;
|
|
UseDirectory = license.UseDirectory;
|
|
UseEvents = license.UseEvents;
|
|
UseTotp = license.UseTotp;
|
|
Use2fa = license.Use2fa;
|
|
UseApi = license.UseApi;
|
|
UsePolicies = license.UsePolicies;
|
|
UseSso = license.UseSso;
|
|
UseKeyConnector = license.UseKeyConnector;
|
|
UseScim = license.UseScim;
|
|
UseResetPassword = license.UseResetPassword;
|
|
SelfHost = license.SelfHost;
|
|
UsersGetPremium = license.UsersGetPremium;
|
|
UseCustomPermissions = license.UseCustomPermissions;
|
|
Plan = license.Plan;
|
|
Enabled = license.Enabled;
|
|
ExpirationDate = license.Expires;
|
|
LicenseKey = license.LicenseKey;
|
|
RevisionDate = DateTime.UtcNow;
|
|
UsePasswordManager = license.UsePasswordManager;
|
|
UseSecretsManager = license.UseSecretsManager;
|
|
SmSeats = license.SmSeats;
|
|
SmServiceAccounts = license.SmServiceAccounts;
|
|
LimitCollectionCreationDeletion = license.LimitCollectionCreationDeletion;
|
|
AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems;
|
|
}
|
|
}
|