Merge remote-tracking branch 'origin/main' into ac/pm-16812/shortcut-…

…duplicate-group-patch-requests
bitwarden · Jan 30, 2025 · 42c58ca · 42c58ca
2 parents 3e462c3 + 2f2ef20
commit 42c58ca
Show file tree

Hide file tree

Showing 116 changed files with 11,332 additions and 704 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -120,7 +120,7 @@ jobs:
           ls -atlh ../../../
 
       - name: Upload project artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: ${{ matrix.project_name }}.zip
           path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip
@@ -278,7 +278,7 @@ jobs:
 
       - name: Build Docker image
         id: build-docker
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
           context: ${{ matrix.base_path }}/${{ matrix.project_name }}
           file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
@@ -393,7 +393,7 @@ jobs:
         if: |
           github.event_name != 'pull_request_target'
           && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc')
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: docker-stub-US.zip
           path: docker-stub-US.zip
@@ -403,7 +403,7 @@ jobs:
         if: |
           github.event_name != 'pull_request_target'
           && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc')
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: docker-stub-EU.zip
           path: docker-stub-EU.zip
@@ -413,7 +413,7 @@ jobs:
         if: |
           github.event_name != 'pull_request_target'
           && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc')
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: docker-stub-US-sha256.txt
           path: docker-stub-US-sha256.txt
@@ -423,7 +423,7 @@ jobs:
         if: |
           github.event_name != 'pull_request_target'
           && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc')
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: docker-stub-EU-sha256.txt
           path: docker-stub-EU-sha256.txt
@@ -447,7 +447,7 @@ jobs:
           GLOBALSETTINGS__SQLSERVER__CONNECTIONSTRING: "placeholder"
 
       - name: Upload Public API Swagger artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: swagger.json
           path: swagger.json
@@ -481,14 +481,14 @@ jobs:
           GLOBALSETTINGS__SQLSERVER__CONNECTIONSTRING: "placeholder"
 
       - name: Upload Internal API Swagger artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: internal.json
           path: internal.json
           if-no-files-found: error
 
       - name: Upload Identity Swagger artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: identity.json
           path: identity.json
@@ -533,15 +533,15 @@ jobs:
 
       - name: Upload project artifact for Windows
         if: ${{ contains(matrix.target, 'win') == true }}
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: MsSqlMigratorUtility-${{ matrix.target }}
           path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility.exe
           if-no-files-found: error
 
       - name: Upload project artifact
         if: ${{ contains(matrix.target, 'win') == false }}
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: MsSqlMigratorUtility-${{ matrix.target }}
           path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility

diff --git a/.github/workflows/code-references.yml b/.github/workflows/code-references.yml
@@ -37,7 +37,7 @@ jobs:
 
       - name: Collect
         id: collect
-        uses: launchdarkly/find-code-references-in-pull-request@b2d44bb453e13c11fd1a6ada7b1e5f9fb0ace629 # v2.0.1
+        uses: launchdarkly/find-code-references-in-pull-request@30f4c4ab2949bbf258b797ced2fbf6dea34df9ce # v2.1.0
         with:
           project-key: default
           environment-key: dev

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -85,7 +85,7 @@ jobs:
 
       - name: Create release
         if: ${{ inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
+        uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
         with:
           artifacts: "docker-stub-US.zip,
             docker-stub-US-sha256.txt,

diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check
-        uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
         with:
           stale-issue-label: "needs-reply"
           stale-pr-label: "needs-changes"

diff --git a/.github/workflows/test-database.yml b/.github/workflows/test-database.yml
@@ -200,7 +200,7 @@ jobs:
         shell: pwsh
 
       - name: Upload DACPAC
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: sql.dacpac
           path: Sql.dacpac
@@ -226,7 +226,7 @@ jobs:
         shell: pwsh
 
       - name: Report validation results
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: report.xml
           path: |

diff --git a/Directory.Build.props b/Directory.Build.props
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
 
-    <Version>2025.1.3</Version>
+    <Version>2025.1.5</Version>
 
     <RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>

diff --git a/bitwarden_license/src/Commercial.Core/Billing/ProviderBillingService.cs b/bitwarden_license/src/Commercial.Core/Billing/ProviderBillingService.cs
@@ -352,12 +352,10 @@ public async Task<Customer> SetupCustomer(
                 throw new BadRequestException("billingTaxIdTypeInferenceError");
             }
 
-            customerCreateOptions.TaxIdData = taxInfo.HasTaxId
-                ?
-                [
-                    new CustomerTaxIdDataOptions { Type = taxIdType, Value = taxInfo.TaxIdNumber }
-                ]
-                : null;
+            customerCreateOptions.TaxIdData =
+            [
+                new CustomerTaxIdDataOptions { Type = taxIdType, Value = taxInfo.TaxIdNumber }
+            ];
         }
 
         try

diff --git a/bitwarden_license/src/Commercial.Core/Commercial.Core.csproj b/bitwarden_license/src/Commercial.Core/Commercial.Core.csproj
@@ -5,7 +5,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="CsvHelper" Version="32.0.3" />
+    <PackageReference Include="CsvHelper" Version="33.0.1" />
   </ItemGroup>
 
 </Project>
diff --git a/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs b/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs
@@ -103,7 +103,7 @@ public async Task<IActionResult> Put(Guid organizationId, Guid id, [FromBody] Sc
     [HttpPatch("{id}")]
     public async Task<IActionResult> Patch(Guid organizationId, Guid id, [FromBody] ScimPatchModel model)
     {
-        if (_featureService.IsEnabled(FeatureFlagKeys.Pm16812ShortcutPatchRequests))
+        if (_featureService.IsEnabled(FeatureFlagKeys.ShortcutDuplicatePatchRequests))
         {
             var group = await _groupRepository.GetByIdAsync(id);
             if (group == null || group.OrganizationId != organizationId)

diff --git a/dev/migrate.ps1 b/dev/migrate.ps1
@@ -7,11 +7,13 @@ param(
   [switch]$mysql,
   [switch]$mssql,
   [switch]$sqlite,
-  [switch]$selfhost
+  [switch]$selfhost,
+  [switch]$test
 )
 
 # Abort on any error
 $ErrorActionPreference = "Stop"
+$currentDir = Get-Location
 
 if (!$all -and !$postgres -and !$mysql -and !$sqlite) {
   $mssql = $true;
@@ -25,36 +27,62 @@ if ($all -or $postgres -or $mysql -or $sqlite) {
   }
 }
 
+function Get-UserSecrets {
+  # The dotnet cli command sometimes adds //BEGIN and //END comments to the output, Where-Object removes comments
+  # to ensure a valid json
+  return dotnet user-secrets list --json --project "$currentDir/../src/Api" | Where-Object { $_ -notmatch "^//" } | ConvertFrom-Json
+}
+
 if ($all -or $mssql) {
-  function Get-UserSecrets {
-    # The dotnet cli command sometimes adds //BEGIN and //END comments to the output, Where-Object removes comments
-    # to ensure a valid json
-    return dotnet user-secrets list --json --project ../src/Api | Where-Object { $_ -notmatch "^//" } | ConvertFrom-Json
-  }
+  if ($all -or !$test) {
+    if ($selfhost) {
+      $msSqlConnectionString = $(Get-UserSecrets).'dev:selfHostOverride:globalSettings:sqlServer:connectionString'
+      $envName = "self-host"
+    } else {
+      $msSqlConnectionString = $(Get-UserSecrets).'globalSettings:sqlServer:connectionString'
+      $envName = "cloud"
+    }
 
-  if ($selfhost) {
-    $msSqlConnectionString = $(Get-UserSecrets).'dev:selfHostOverride:globalSettings:sqlServer:connectionString'
-    $envName = "self-host"
-  } else {
-    $msSqlConnectionString = $(Get-UserSecrets).'globalSettings:sqlServer:connectionString'
-    $envName = "cloud"
+    Write-Host "Starting Microsoft SQL Server Migrations for $envName"
+    dotnet run --project ../util/MsSqlMigratorUtility/ "$msSqlConnectionString"
   }
 
-  Write-Host "Starting Microsoft SQL Server Migrations for $envName"
-
-  dotnet run --project ../util/MsSqlMigratorUtility/ "$msSqlConnectionString"
+  if ($all -or $test) {
+    $testMsSqlConnectionString = $(Get-UserSecrets).'databases:3:connectionString'
+    if ($testMsSqlConnectionString) {
+      $testEnvName = "test databases"
+      Write-Host "Starting Microsoft SQL Server Migrations for $testEnvName"
+      dotnet run --project ../util/MsSqlMigratorUtility/ "$testMsSqlConnectionString"
+    } else {
+      Write-Host "Connection string for a test MSSQL database not found in secrets.json!"
+    }
+  }
 }
 
-$currentDir = Get-Location
-
-Foreach ($item in @(@($mysql, "MySQL", "MySqlMigrations"), @($postgres, "PostgreSQL", "PostgresMigrations"), @($sqlite, "SQLite", "SqliteMigrations"))) {
+Foreach ($item in @(
+    @($mysql, "MySQL", "MySqlMigrations", "mySql", 2),
+    @($postgres, "PostgreSQL", "PostgresMigrations", "postgreSql", 0),
+    @($sqlite, "SQLite", "SqliteMigrations", "sqlite", 1)
+)) {
   if (!$item[0] -and !$all) {
     continue
   }
 
-  Write-Host "Starting $($item[1]) Migrations"
   Set-Location "$currentDir/../util/$($item[2])/"
-  dotnet ef database update
+  if(!$test -or $all) {
+    Write-Host "Starting $($item[1]) Migrations"
+    $connectionString = $(Get-UserSecrets)."globalSettings:$($item[3]):connectionString"
+    dotnet ef database update --connection "$connectionString"
+  }
+  if ($test -or $all) {
+    $testConnectionString = $(Get-UserSecrets)."databases:$($item[4]):connectionString"
+    if ($testConnectionString) {
+      Write-Host "Starting $($item[1]) Migrations for test databases"
+      dotnet ef database update --connection "$testConnectionString"
+    } else {
+      Write-Host "Connection string for a test $($item[1]) database not found in secrets.json!"
+    }
+  }
 }
 
 Set-Location "$currentDir"
diff --git a/dev/secrets.json.example b/dev/secrets.json.example
@@ -21,7 +21,7 @@
       "connectionString": "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev"
     },
     "sqlite": {
-      "connectionString": "Data Source=/path/to/bitwardenServer/repository/server/dev/db/bitwarden.sqlite"
+      "connectionString": "Data Source=/path/to/bitwardenServer/repository/server/dev/db/bitwarden.db"
     },
     "identityServer": {
       "certificateThumbprint": "<your Identity certificate thumbprint with no spaces>"

diff --git a/src/Admin/AdminConsole/Controllers/OrganizationsController.cs b/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
@@ -5,6 +5,7 @@
 using Bit.Admin.Utilities;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.AdminConsole.OrganizationFeatures.Organizations.Interfaces;
 using Bit.Core.AdminConsole.Providers.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Billing.Enums;
@@ -56,6 +57,7 @@ public class OrganizationsController : Controller
     private readonly IRemoveOrganizationFromProviderCommand _removeOrganizationFromProviderCommand;
     private readonly IProviderBillingService _providerBillingService;
     private readonly IFeatureService _featureService;
+    private readonly IOrganizationInitiateDeleteCommand _organizationInitiateDeleteCommand;
 
     public OrganizationsController(
         IOrganizationService organizationService,
@@ -82,7 +84,8 @@ public OrganizationsController(
         IProviderOrganizationRepository providerOrganizationRepository,
         IRemoveOrganizationFromProviderCommand removeOrganizationFromProviderCommand,
         IProviderBillingService providerBillingService,
-        IFeatureService featureService)
+        IFeatureService featureService,
+        IOrganizationInitiateDeleteCommand organizationInitiateDeleteCommand)
     {
         _organizationService = organizationService;
         _organizationRepository = organizationRepository;
@@ -109,6 +112,7 @@ public OrganizationsController(
         _removeOrganizationFromProviderCommand = removeOrganizationFromProviderCommand;
         _providerBillingService = providerBillingService;
         _featureService = featureService;
+        _organizationInitiateDeleteCommand = organizationInitiateDeleteCommand;
     }
 
     [RequirePermission(Permission.Org_List_View)]
@@ -305,7 +309,7 @@ await _providerBillingService.ScaleSeats(
 
     [HttpPost]
     [ValidateAntiForgeryToken]
-    [RequirePermission(Permission.Org_Delete)]
+    [RequirePermission(Permission.Org_RequestDelete)]
     public async Task<IActionResult> DeleteInitiation(Guid id, OrganizationInitiateDeleteModel model)
     {
         if (!ModelState.IsValid)
@@ -319,7 +323,7 @@ public async Task<IActionResult> DeleteInitiation(Guid id, OrganizationInitiateD
                 var organization = await _organizationRepository.GetByIdAsync(id);
                 if (organization != null)
                 {
-                    await _organizationService.InitiateDeleteAsync(organization, model.AdminEmail);
+                    await _organizationInitiateDeleteCommand.InitiateDeleteAsync(organization, model.AdminEmail);
                     TempData["Success"] = "The request to initiate deletion of the organization has been sent.";
                 }
             }

diff --git a/src/Admin/Views/Users/Edit.cshtml b/src/Admin/Views/Users/Edit.cshtml
@@ -1,13 +1,15 @@
 @using Bit.Admin.Enums;
 @inject Bit.Admin.Services.IAccessControlService AccessControlService
 @inject Bit.Core.Services.IFeatureService FeatureService
+@inject Bit.Core.Settings.GlobalSettings GlobalSettings
 @inject IWebHostEnvironment HostingEnvironment
 @model UserEditModel
 @{
     ViewData["Title"] = "User: " + Model.User.Email;
 
     var canViewUserInformation = AccessControlService.UserHasPermission(Permission.User_UserInformation_View);
     var canViewNewDeviceException = AccessControlService.UserHasPermission(Permission.User_NewDeviceException_Edit) &&
+                                    GlobalSettings.EnableNewDeviceVerification &&
                                     FeatureService.IsEnabled(Bit.Core.FeatureFlagKeys.NewDeviceVerification);
     var canViewBillingInformation = AccessControlService.UserHasPermission(Permission.User_BillingInformation_View);
     var canViewGeneral = AccessControlService.UserHasPermission(Permission.User_GeneralDetails_View);
@@ -35,11 +37,7 @@
                 // Premium
                 document.getElementById('@(nameof(Model.MaxStorageGb))').value = '1';
                 document.getElementById('@(nameof(Model.Premium))').checked = true;
-    using Stripe.Entitlements;
                 // Licensing
-    using Bit.Core;
-    using Stripe.Entitlements;
-                using Microsoft.Identity.Client.Extensibility;
                 document.getElementById('@(nameof(Model.LicenseKey))').value = '@Model.RandomLicenseKey';
                 document.getElementById('@(nameof(Model.PremiumExpirationDate))').value =
                     '@Model.OneYearExpirationDate';