Skip to content

Commit

Permalink
Merge branch 'master' into fido2
Browse files Browse the repository at this point in the history
  • Loading branch information
trmartin4 committed Oct 26, 2023
2 parents d56900b + 26dd8b0 commit 272dc78
Show file tree
Hide file tree
Showing 468 changed files with 20,663 additions and 3,578 deletions.
21 changes: 20 additions & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,18 @@
#
# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

# The following owners will be the default owners for everything in the repo.
# Unless a later match takes precedence
* @bitwarden/tech-leads

# DevOps for Actions and other workflow changes.
.github/workflows @bitwarden/dept-devops

# DevOps for Docker changes.
**/Dockerfile @bitwarden/dept-devops
**/*.Dockerfile @bitwarden/dept-devops
**/.dockerignore @bitwarden/dept-devops

## Auth team files ##
**/Auth @bitwarden/team-auth-dev
bitwarden_license/src/Sso @bitwarden/team-auth-dev
Expand All @@ -18,4 +27,14 @@ src/Identity @bitwarden/team-auth-dev
bitwarden_license/src/Scim @bitwarden/team-admin-console-dev
bitwarden_license/src/test/Scim.IntegrationTest @bitwarden/team-admin-console-dev
bitwarden_license/src/test/Scim.ScimTest @bitwarden/team-admin-console-dev
**/AdminConsole @bitwarden/team-admin-console-dev
**/AdminConsole @bitwarden/team-admin-console-dev

# Billing Team
**/*billing* @bitwarden/team-billing-dev
**/*subscription* @bitwarden/team-billing-dev
**/*stripe* @bitwarden/team-billing-dev
**/*paypal* @bitwarden/team-billing-dev
**/*braintree* @bitwarden/team-billing-dev
**/*bitpay* @bitwarden/team-billing-dev
**/*freshdesk* @bitwarden/team-billing-dev
**/*freshsales* @bitwarden/team-billing-dev
20 changes: 10 additions & 10 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Install cloc
run: |
Expand All @@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand All @@ -49,7 +49,7 @@ jobs:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand Down Expand Up @@ -135,7 +135,7 @@ jobs:
node: true
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand Down Expand Up @@ -246,7 +246,7 @@ jobs:
dotnet: true
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Check Branch to Publish
env:
Expand Down Expand Up @@ -277,7 +277,7 @@ jobs:

- name: Retrieve github PAT secrets
id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
with:
keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
Expand Down Expand Up @@ -337,7 +337,7 @@ jobs:
needs: build-docker
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand Down Expand Up @@ -476,7 +476,7 @@ jobs:
- win-x64
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand Down Expand Up @@ -528,7 +528,7 @@ jobs:

- name: Retrieve github PAT secrets
id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
with:
keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
Expand Down Expand Up @@ -603,7 +603,7 @@ jobs:

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
if: failure()
with:
keyvault: "bitwarden-ci"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cleanup-after-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

########## ACR ##########
- name: Login to Azure - QA Subscription
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/container-registry-purge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ jobs:

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
if: failure()
with:
keyvault: "bitwarden-ci"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/database.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/infrastructure-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/protect-files.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
label: "DB-migrations-changed"
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 2

Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,11 @@ jobs:
fi
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Check Release Version
id: version
uses: bitwarden/gh-actions/release-version-check@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/release-version-check@c970b0fb89bd966749280e832928db62040812bf
with:
release-type: ${{ github.event.inputs.release_type }}
project-type: dotnet
Expand Down Expand Up @@ -89,7 +89,7 @@ jobs:

- name: Download latest Release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
with:
workflow: build.yml
workflow_conclusion: success
Expand All @@ -98,7 +98,7 @@ jobs:

- name: Dry Run - Download latest Release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
with:
workflow: build.yml
workflow_conclusion: success
Expand Down Expand Up @@ -211,7 +211,7 @@ jobs:
echo "Github Release Option: $RELEASE_OPTION"
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Setup project name
id: setup
Expand Down Expand Up @@ -274,7 +274,7 @@ jobs:
steps:
- name: Download latest Release Docker Stubs
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
with:
workflow: build.yml
workflow_conclusion: success
Expand All @@ -287,7 +287,7 @@ jobs:

- name: Dry Run - Download latest Release Docker Stubs
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@bc3bf31f1d9cac9c9d02cae01fc615fa25d38929
uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
with:
workflow: build.yml
workflow_conclusion: success
Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/version-bump.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout Branch
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Login to Azure - CI Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
Expand All @@ -23,13 +23,13 @@ jobs:

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
with:
keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"

- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
with:
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
Expand All @@ -40,11 +40,14 @@ jobs:
run: git switch -c version_bump_${{ github.event.inputs.version_number }}

- name: Bump Version - Props
uses: bitwarden/gh-actions/version-bump@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/version-bump@c970b0fb89bd966749280e832928db62040812bf
with:
version: ${{ github.event.inputs.version_number }}
file_path: "Directory.Build.props"

- name: Refresh lockfiles
run: dotnet restore -f --force-evaluate --no-cache

- name: Setup git
run: |
git config --local user.email "[email protected]"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/workflow-linter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ on:

jobs:
call-workflow:
uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@f096207b7a2f31723165aee6ad03e91716686e78
uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@c970b0fb89bd966749280e832928db62040812bf
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -225,4 +225,4 @@ src/Identity/Identity.zip
src/Notifications/Notifications.zip
bitwarden_license/src/Portal/Portal.zip
bitwarden_license/src/Sso/Sso.zip
src/Api/flags.json
**/src/*/flags.json
2 changes: 1 addition & 1 deletion Directory.Build.props
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Version>2023.9.0</Version>
<Version>2023.9.1</Version>
<RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
<RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
<ImplicitUsings>enable</ImplicitUsings>
Expand Down
4 changes: 0 additions & 4 deletions NuGet.Config

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
using Bit.Core.Entities.Provider;
using Bit.Core.Enums.Provider;
using Bit.Core.AdminConsole.Entities.Provider;
using Bit.Core.AdminConsole.Enums.Provider;
using Bit.Core.AdminConsole.Providers.Interfaces;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Exceptions;
using Bit.Core.Providers.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.Services;

namespace Bit.Commercial.Core.Providers;
namespace Bit.Commercial.Core.AdminConsole.Providers;

public class CreateProviderCommand : ICreateProviderCommand
{
Expand Down
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
using Bit.Core.Context;
using Bit.Core.AdminConsole.Entities.Provider;
using Bit.Core.AdminConsole.Enums.Provider;
using Bit.Core.AdminConsole.Models.Business.Provider;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Entities.Provider;
using Bit.Core.Enums;
using Bit.Core.Enums.Provider;
using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
using Bit.Core.Models.Business.Provider;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.DataProtection;

namespace Bit.Commercial.Core.Services;
namespace Bit.Commercial.Core.AdminConsole.Services;

public class ProviderService : IProviderService
{
Expand Down Expand Up @@ -354,6 +356,12 @@ public async Task AddOrganization(Guid providerId, Guid organizationId, string k
var organization = await _organizationRepository.GetByIdAsync(organizationId);
ThrowOnInvalidPlanType(organization.PlanType);

if (organization.UseSecretsManager)
{
throw new BadRequestException(
"The organization is subscribed to Secrets Manager. Please contact Customer Support to manage the subscription.");
}

var providerOrganization = new ProviderOrganization
{
ProviderId = providerId,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using Bit.Core.Context;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Repositories;
using Bit.Core.SecretsManager.AuthorizationRequirements;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
case not null when requirement == ServiceAccountOperations.RevokeAccessTokens:
await CanRevokeAccessTokensAsync(context, requirement, resource);
break;
case not null when requirement == ServiceAccountOperations.ReadEvents:
await CanReadEventsAsync(context, requirement, resource);
break;
default:
throw new ArgumentException("Unsupported operation requirement type provided.",
nameof(requirement));
Expand Down Expand Up @@ -169,4 +172,19 @@ await _serviceAccountRepository.AccessToServiceAccountAsync(resource.Id, userId,
context.Succeed(requirement);
}
}

private async Task CanReadEventsAsync(AuthorizationHandlerContext context,
ServiceAccountOperationRequirement requirement, ServiceAccount resource)
{
var (accessClient, userId) =
await _accessClientQuery.GetAccessClientAsync(context.User, resource.OrganizationId);
var access =
await _serviceAccountRepository.AccessToServiceAccountAsync(resource.Id, userId,
accessClient);

if (access.Read)
{
context.Succeed(requirement);
}
}
}
Loading

0 comments on commit 272dc78

Please sign in to comment.