bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-10 21:33:41 +00:00
Code Issues Releases Wiki Activity
Files
8471326b1eb5b6a5f333c0673be9d0e3513f0412
server/src/Core/Constants.cs
Jared Snider 8471326b1e Auth/PM-7322 - Registration with Email verification - Finish registration endpoint (#4182) 
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.

* PM-7322 - Start on RegisterFinishRequestModel.cs

* PM-7322 - WIP on Complete Registration endpoint

* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.

* PM-7322 - UserService - Rename MP to MPHash

* PM-7322 - More WIP progress on getting new finish registration process in place.

* PM-7322 Create IRegisterUserCommand

* PM-7322 - RegisterUserCommand.cs - first WIP draft

* PM-7322 - Implement use of new command in Identity.

* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.

* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.

* PM-7322 - More WIP on RegisterUserCommand.cs and tests

* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.

* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.

* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite

* PM-7322 - IRegisterUserCommand - DOCS

* PM-7322 - Test RegisterUser

* PM-7322 - IRegisterUserCommand - Add more docs.

* PM-7322 - Finish updating all existing user service register calls to use the new command.

* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests

* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.

* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested

* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place

* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.

* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.

* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step

* PM-7322 - RegisterUserCommandTests.cs - add API key assertions

* PM-7322 - Clean up RegisterUserCommand.cs

* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.

* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO

* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.

* PM-7322 - Work on getting PostRegisterFinish tests in place.

* PM-7322 - AccountsControllerTests.cs - test new method.

* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.

* PM-7322 - Fix misspelling

* PM-7322 - Integration tests for RegistrationWithEmailVerification

* PM-7322 - Fix leaky integration tests.

* PM-7322 - Another leaky test fix.

* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds

* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
2024-07-02 17:03:36 -04:00

158 lines
6.6 KiB
C#
Raw Blame History

using System.Reflection;
namespace Bit.Core;
public static class Constants
{
public const int BypassFiltersEventId = 12482444;
public const int FailedSecretVerificationDelay = 2000;
// File size limits - give 1 MB extra for cushion.
// Note: if request size limits are changed, 'client_max_body_size'
// in nginx/proxy.conf may also need to be updated accordingly.
public const long FileSize101mb = 101L * 1024L * 1024L;
public const long FileSize501mb = 501L * 1024L * 1024L;
public const string DatabaseFieldProtectorPurpose = "DatabaseFieldProtection";
public const string DatabaseFieldProtectedPrefix = "P|";
/// <summary>
/// Default number of days an organization has to apply an updated license to their self-hosted installation after
/// their subscription has expired.
/// </summary>
public const int OrganizationSelfHostSubscriptionGracePeriodDays = 60;
public const string Fido2KeyCipherMinimumVersion = "2023.10.0";
public const string CipherKeyEncryptionMinimumVersion = "2024.2.0";
/// <summary>
/// Used by IdentityServer to identify our own provider.
/// </summary>
public const string IdentityProvider = "bitwarden";
/// <summary>
/// Date identifier used in ProviderService to determine if a provider was created before Nov 6, 2023.
/// If true, the organization plan assigned to that provider is updated to a 2020 plan.
/// </summary>
public static readonly DateTime ProviderCreatedPriorNov62023 = new DateTime(2023, 11, 6);
/// <summary>
/// When you set the ProrationBehavior to create_prorations,
/// Stripe will automatically create prorations for any changes made to the subscription,
/// such as changing the plan, adding or removing quantities, or applying discounts.
/// </summary>
public const string CreateProrations = "create_prorations";
/// <summary>
/// When you set the ProrationBehavior to always_invoice,
/// Stripe will always generate an invoice when a subscription update occurs,
/// regardless of whether there is a proration or not.
/// </summary>
public const string AlwaysInvoice = "always_invoice";
}
public static class AuthConstants
{
public static readonly RangeConstant PBKDF2_ITERATIONS = new(600_000, 2_000_000, 600_000);
public static readonly RangeConstant ARGON2_ITERATIONS = new(2, 10, 3);
public static readonly RangeConstant ARGON2_MEMORY = new(15, 1024, 64);
public static readonly RangeConstant ARGON2_PARALLELISM = new(1, 16, 4);
}
public class RangeConstant
{
public int Default { get; }
public int Min { get; }
public int Max { get; }
public RangeConstant(int min, int max, int defaultValue)
{
Default = defaultValue;
Min = min;
Max = max;
if (Min > Max)
{
throw new ArgumentOutOfRangeException($"{Min} is larger than {Max}.");
}
if (!InsideRange(defaultValue))
{
throw new ArgumentOutOfRangeException($"{Default} is outside allowed range of {Min}-{Max}.");
}
}
public bool InsideRange(int number)
{
return Min <= number && number <= Max;
}
}
public static class TokenPurposes
{
public const string LinkSso = "LinkSso";
}
public static class AuthenticationSchemes
{
public const string BitwardenExternalCookieAuthenticationScheme = "bw.external";
}
public static class FeatureFlagKeys
{
public const string DisplayEuEnvironment = "display-eu-environment";
public const string BrowserFilelessImport = "browser-fileless-import";
public const string ReturnErrorOnExistingKeypair = "return-error-on-existing-keypair";
public const string UseTreeWalkerApiForPageDetailsCollection = "use-tree-walker-api-for-page-details-collection";
/// <summary>
/// Deprecated - never used, do not use. Will always default to false. Will be deleted as part of Flexible Collections cleanup
/// </summary>
public const string FlexibleCollections = "flexible-collections-disabled-do-not-use";
public const string FlexibleCollectionsV1 = "flexible-collections-v-1"; // v-1 is intentional
public const string ItemShare = "item-share";
public const string KeyRotationImprovements = "key-rotation-improvements";
public const string DuoRedirect = "duo-redirect";
public const string PM5766AutomaticTax = "PM-5766-automatic-tax";
public const string PM5864DollarThreshold = "PM-5864-dollar-threshold";
public const string ShowPaymentMethodWarningBanners = "show-payment-method-warning-banners";
public const string AC2101UpdateTrialInitiationEmail = "AC-2101-update-trial-initiation-email";
public const string EnableConsolidatedBilling = "enable-consolidated-billing";
public const string AC1795_UpdatedSubscriptionStatusSection = "AC-1795_updated-subscription-status-section";
public const string UnassignedItemsBanner = "unassigned-items-banner";
public const string EnableDeleteProvider = "AC-1218-delete-provider";
public const string EmailVerification = "email-verification";
public const string EmailVerificationDisableTimingDelays = "email-verification-disable-timing-delays";
public const string AnhFcmv1Migration = "anh-fcmv1-migration";
public const string ExtensionRefresh = "extension-refresh";
public const string RestrictProviderAccess = "restrict-provider-access";
public const string VaultBulkManagementAction = "vault-bulk-management-action";
public const string BulkDeviceApproval = "bulk-device-approval";
public const string MemberAccessReport = "ac-2059-member-access-report";
public const string BlockLegacyUsers = "block-legacy-users";
public const string InlineMenuFieldQualification = "inline-menu-field-qualification";
public const string TwoFactorComponentRefactor = "two-factor-component-refactor";
public const string GroupsComponentRefactor = "groups-component-refactor";
public static List<string> GetAllKeys()
{
return typeof(FeatureFlagKeys).GetFields(BindingFlags.Public | BindingFlags.Static | BindingFlags.FlattenHierarchy)
.Where(fi => fi.IsLiteral && !fi.IsInitOnly && fi.FieldType == typeof(string))
.Select(x => (string)x.GetRawConstantValue())
.ToList();
}
public static Dictionary<string, string> GetLocalOverrideFlagValues()
{
// place overriding values when needed locally (offline), or return null
return new Dictionary<string, string>()
{
{ DuoRedirect, "true" },
{ UnassignedItemsBanner, "true"},
{ FlexibleCollectionsV1, "true" }
};
}
}
Reference in New Issue View Git Blame Copy Permalink