Merge branch 'main' into PM-13783-API-Battle-harden-the-ProviderType-…

…enum-expansion
bitwarden · Nov 11, 2024 · d92a1f3 · d92a1f3
2 parents 2345e8d + 702a81b
commit d92a1f3
Show file tree

Hide file tree

Showing 61 changed files with 10,439 additions and 273 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -21,6 +21,8 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-22.04
+    needs:
+      - check-run
     steps:
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -36,7 +38,8 @@ jobs:
   build-artifacts:
     name: Build artifacts
     runs-on: ubuntu-22.04
-    needs: lint
+    needs:
+      - lint
     strategy:
       fail-fast: false
       matrix:
@@ -130,7 +133,6 @@ jobs:
       security-events: write
     needs:
       - build-artifacts
-      - check-run
     strategy:
       fail-fast: false
       matrix:
@@ -224,7 +226,7 @@ jobs:
       - name: Generate Docker image tag
         id: tag
         run: |
-          if [[ $(grep "pull" <<< "${GITHUB_REF}") ]]; then
+          if [[ "${GITHUB_EVENT_NAME}" == "pull_request_target" ]]; then
             IMAGE_TAG=$(echo "${GITHUB_HEAD_REF}" | sed "s#/#-#g")
           else
             IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")
@@ -476,7 +478,8 @@ jobs:
   build-mssqlmigratorutility:
     name: Build MSSQL migrator utility
     runs-on: ubuntu-22.04
-    needs: lint
+    needs:
+      - lint
     defaults:
       run:
         shell: bash
@@ -527,8 +530,10 @@ jobs:
 
   self-host-build:
     name: Trigger self-host build
+    if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-22.04
-    needs: build-docker
+    needs:
+      - build-docker
     steps:
       - name: Log in to Azure - CI subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -561,7 +566,8 @@ jobs:
     name: Trigger k8s deploy
     if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-22.04
-    needs: build-docker
+    needs:
+      - build-docker
     steps:
       - name: Log in to Azure - CI subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -597,7 +603,8 @@ jobs:
       github.event_name == 'pull_request_target'
       && contains(github.event.pull_request.labels.*.name, 'ephemeral-environment')
     runs-on: ubuntu-24.04
-    needs: build-docker
+    needs:
+      - build-docker
     steps:
       - name: Log in to Azure - CI subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0

diff --git a/src/Api/AdminConsole/Controllers/PoliciesController.cs b/src/Api/AdminConsole/Controllers/PoliciesController.cs
@@ -1,7 +1,11 @@
 using Bit.Api.AdminConsole.Models.Request;
+using Bit.Api.AdminConsole.Models.Response.Helpers;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Models.Response;
+using Bit.Core;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
-using Bit.Core.AdminConsole.Models.Api.Response;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Models.Business.Tokenables;
@@ -16,7 +20,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
-using AdminConsoleEntities = Bit.Core.AdminConsole.Entities;
 
 namespace Bit.Api.AdminConsole.Controllers;
 
@@ -32,6 +35,8 @@ public class PoliciesController : Controller
     private readonly GlobalSettings _globalSettings;
     private readonly IDataProtector _organizationServiceDataProtector;
     private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
+    private readonly IFeatureService _featureService;
+    private readonly IOrganizationHasVerifiedDomainsQuery _organizationHasVerifiedDomainsQuery;
 
     public PoliciesController(
         IPolicyRepository policyRepository,
@@ -41,7 +46,9 @@ public PoliciesController(
         ICurrentContext currentContext,
         GlobalSettings globalSettings,
         IDataProtectionProvider dataProtectionProvider,
-        IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory)
+        IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory,
+        IFeatureService featureService,
+        IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery)
     {
         _policyRepository = policyRepository;
         _policyService = policyService;
@@ -53,10 +60,12 @@ public PoliciesController(
             "OrganizationServiceDataProtector");
 
         _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory;
+        _featureService = featureService;
+        _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery;
     }
 
     [HttpGet("{type}")]
-    public async Task<PolicyResponseModel> Get(Guid orgId, int type)
+    public async Task<PolicyDetailResponseModel> Get(Guid orgId, int type)
     {
         if (!await _currentContext.ManagePolicies(orgId))
         {
@@ -65,10 +74,15 @@ public async Task<PolicyResponseModel> Get(Guid orgId, int type)
         var policy = await _policyRepository.GetByOrganizationIdTypeAsync(orgId, (PolicyType)type);
         if (policy == null)
         {
-            return new PolicyResponseModel(new AdminConsoleEntities.Policy() { Type = (PolicyType)type, Enabled = false });
+            return new PolicyDetailResponseModel(new Policy { Type = (PolicyType)type });
         }
 
-        return new PolicyResponseModel(policy);
+        if (_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning) && policy.Type is PolicyType.SingleOrg)
+        {
+            return await policy.GetSingleOrgPolicyDetailResponseAsync(_organizationHasVerifiedDomainsQuery);
+        }
+
+        return new PolicyDetailResponseModel(policy);
     }
 
     [HttpGet("")]
@@ -81,8 +95,8 @@ public async Task<ListResponseModel<PolicyResponseModel>> Get(string orgId)
         }
 
         var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
-        var responses = policies.Select(p => new PolicyResponseModel(p));
-        return new ListResponseModel<PolicyResponseModel>(responses);
+
+        return new ListResponseModel<PolicyResponseModel>(policies.Select(p => new PolicyResponseModel(p)));
     }
 
     [AllowAnonymous]

diff --git a/src/Api/AdminConsole/Models/Response/Helpers/PolicyDetailResponses.cs b/src/Api/AdminConsole/Models/Response/Helpers/PolicyDetailResponses.cs
@@ -0,0 +1,19 @@
+using Bit.Api.AdminConsole.Models.Response.Organizations;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
+
+namespace Bit.Api.AdminConsole.Models.Response.Helpers;
+
+public static class PolicyDetailResponses
+{
+    public static async Task<PolicyDetailResponseModel> GetSingleOrgPolicyDetailResponseAsync(this Policy policy, IOrganizationHasVerifiedDomainsQuery hasVerifiedDomainsQuery)
+    {
+        if (policy.Type is not PolicyType.SingleOrg)
+        {
+            throw new ArgumentException($"'{nameof(policy)}' must be of type '{nameof(PolicyType.SingleOrg)}'.", nameof(policy));
+        }
+
+        return new PolicyDetailResponseModel(policy, !await hasVerifiedDomainsQuery.HasVerifiedDomainsAsync(policy.OrganizationId));
+    }
+}
diff --git a/src/Api/AdminConsole/Models/Response/Organizations/PolicyDetailResponseModel.cs b/src/Api/AdminConsole/Models/Response/Organizations/PolicyDetailResponseModel.cs
@@ -0,0 +1,20 @@
+using Bit.Core.AdminConsole.Entities;
+
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
+
+public class PolicyDetailResponseModel : PolicyResponseModel
+{
+    public PolicyDetailResponseModel(Policy policy, string obj = "policy") : base(policy, obj)
+    {
+    }
+
+    public PolicyDetailResponseModel(Policy policy, bool canToggleState) : base(policy)
+    {
+        CanToggleState = canToggleState;
+    }
+
+    /// <summary>
+    /// Indicates whether the Policy can be enabled/disabled
+    /// </summary>
+    public bool CanToggleState { get; set; } = true;
+}
diff --git a/...odels/Api/Response/PolicyResponseModel.cs → ...onse/Organizations/PolicyResponseModel.cs b/...odels/Api/Response/PolicyResponseModel.cs → ...onse/Organizations/PolicyResponseModel.cs
@@ -3,7 +3,7 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.Models.Api;
 
-namespace Bit.Core.AdminConsole.Models.Api.Response;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class PolicyResponseModel : ResponseModel
 {

diff --git a/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs b/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs
@@ -41,14 +41,13 @@ public PoliciesController(
     [ProducesResponseType((int)HttpStatusCode.NotFound)]
     public async Task<IActionResult> Get(PolicyType type)
     {
-        var policy = await _policyRepository.GetByOrganizationIdTypeAsync(
-            _currentContext.OrganizationId.Value, type);
+        var policy = await _policyRepository.GetByOrganizationIdTypeAsync(_currentContext.OrganizationId.Value, type);
         if (policy == null)
         {
             return new NotFoundResult();
         }
-        var response = new PolicyResponseModel(policy);
-        return new JsonResult(response);
+
+        return new JsonResult(new PolicyResponseModel(policy));
     }
 
     /// <summary>
@@ -62,9 +61,8 @@ public async Task<IActionResult> Get(PolicyType type)
     public async Task<IActionResult> List()
     {
         var policies = await _policyRepository.GetManyByOrganizationIdAsync(_currentContext.OrganizationId.Value);
-        var policyResponses = policies.Select(p => new PolicyResponseModel(p));
-        var response = new ListResponseModel<PolicyResponseModel>(policyResponses);
-        return new JsonResult(response);
+
+        return new JsonResult(new ListResponseModel<PolicyResponseModel>(policies.Select(p => new PolicyResponseModel(p))));
     }
 
     /// <summary>

diff --git a/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs b/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs
@@ -18,7 +18,6 @@ public MemberBaseModel(OrganizationUser user)
 
         Type = user.Type;
         ExternalId = user.ExternalId;
-        ResetPasswordEnrolled = user.ResetPasswordKey != null;
 
         if (Type == OrganizationUserType.Custom)
         {
@@ -35,7 +34,6 @@ public MemberBaseModel(OrganizationUserUserDetails user)
 
         Type = user.Type;
         ExternalId = user.ExternalId;
-        ResetPasswordEnrolled = user.ResetPasswordKey != null;
 
         if (Type == OrganizationUserType.Custom)
         {
@@ -55,11 +53,7 @@ public MemberBaseModel(OrganizationUserUserDetails user)
     /// <example>external_id_123456</example>
     [StringLength(300)]
     public string ExternalId { get; set; }
-    /// <summary>
-    /// Returns <c>true</c> if the member has enrolled in Password Reset assistance within the organization
-    /// </summary>
-    [Required]
-    public bool ResetPasswordEnrolled { get; set; }
+
     /// <summary>
     /// The member's custom permissions if the member has a Custom role. If not supplied, all custom permissions will
     /// default to false.

diff --git a/src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs b/src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs
@@ -28,6 +28,7 @@ public MemberResponseModel(OrganizationUser user, IEnumerable<CollectionAccessSe
         Email = user.Email;
         Status = user.Status;
         Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+        ResetPasswordEnrolled = user.ResetPasswordKey != null;
     }
 
     public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabled,
@@ -45,6 +46,7 @@ public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabl
         TwoFactorEnabled = twoFactorEnabled;
         Status = user.Status;
         Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+        ResetPasswordEnrolled = user.ResetPasswordKey != null;
     }
 
     /// <summary>
@@ -93,4 +95,10 @@ public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabl
     /// The associated collections that this member can access.
     /// </summary>
     public IEnumerable<AssociationWithPermissionsResponseModel> Collections { get; set; }
+
+    /// <summary>
+    /// Returns <c>true</c> if the member has enrolled in Password Reset assistance within the organization
+    /// </summary>
+    [Required]
+    public bool ResetPasswordEnrolled { get; }
 }
diff --git a/src/Api/Auth/Controllers/EmergencyAccessController.cs b/src/Api/Auth/Controllers/EmergencyAccessController.cs
@@ -1,10 +1,10 @@
 using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Auth.Models.Request;
 using Bit.Api.Auth.Models.Response;
 using Bit.Api.Models.Response;
 using Bit.Api.Vault.Models.Response;
 using Bit.Core.AdminConsole.Entities;
-using Bit.Core.AdminConsole.Models.Api.Response;
 using Bit.Core.Auth.Services;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;

diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
@@ -32,6 +32,8 @@
 using Bit.Core.Vault.Entities;
 using Bit.Api.Auth.Models.Request.WebAuthn;
 using Bit.Core.Auth.Models.Data;
+using Bit.Core.Tools.ReportFeatures;
+
 
 
 #if !OSS
@@ -176,6 +178,7 @@ public void ConfigureServices(IServiceCollection services)
         services.AddOrganizationSubscriptionServices();
         services.AddCoreLocalizationServices();
         services.AddBillingOperations();
+        services.AddReportingServices();
 
         // Authorization Handlers
         services.AddAuthorizationHandlers();