Merge branch 'auth/pm-12613/registration-w-email-verification-provide…

…r-portal-inv-support' of https://github.com/bitwarden/server into auth/pm-12613/registration-w-email-verification-provider-portal-inv-support

.github/CODEOWNERS

@@ -4,13 +4,22 @@
 #
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
-# DevOps for Actions and other workflow changes
-.github/workflows @bitwarden/dept-devops
+## Docker files have shared ownership ##
+**/Dockerfile
+**/*.Dockerfile
+**/.dockerignore
+**/entrypoint.sh
 
-# DevOps for Docker changes
-**/Dockerfile @bitwarden/dept-devops
-**/*.Dockerfile @bitwarden/dept-devops
-**/.dockerignore @bitwarden/dept-devops
+## BRE team owns these workflows ##
+.github/workflows/publish.yml @bitwarden/dept-bre
+
+## These are shared workflows ##
+.github/workflows/_move_finalization_db_scripts.yml
+.github/workflows/build.yml
+.github/workflows/cleanup-after-pr.yml
+.github/workflows/cleanup-rc-branch.yml
+.github/workflows/release.yml
+.github/workflows/repository-management.yml
 
 # Database Operations for database changes
 src/Sql/** @bitwarden/dept-dbops
@@ -60,6 +69,6 @@ src/EventsProcessor @bitwarden/team-admin-console-dev
 src/Admin/Controllers/ToolsController.cs @bitwarden/team-billing-dev
 src/Admin/Views/Tools @bitwarden/team-billing-dev
 
-# Multiple owners - DO NOT REMOVE (DevOps)
+# Multiple owners - DO NOT REMOVE (BRE)
 **/packages.lock.json
 Directory.Build.props

.github/workflows/_move_finalization_db_scripts.yml

@@ -1,4 +1,3 @@
----
 name: _move_finalization_db_scripts
 run-name: Move finalization database scripts
 

.github/workflows/automatic-issue-responses.yml

@@ -1,4 +1,3 @@
----
 name: Automatic responses
 on:
   issues:

.github/workflows/build.yml

@@ -1,4 +1,3 @@
----
 name: Build
 
 on:
@@ -408,25 +407,25 @@ jobs:
           name: swagger.json
           path: swagger.json
           if-no-files-found: error
-      
+
       - name: Build Internal API Swagger
         run: |
           cd ./src/Api
           echo "Restore API tools"
           dotnet tool restore
           echo "Publish API"
           dotnet publish -c "Release" -o obj/build-output/publish
-          
+
           dotnet swagger tofile --output ../../internal.json --host https://api.bitwarden.com \
             ./obj/build-output/publish/Api.dll internal
-          
+
           cd ../Identity
-          
+
           echo "Restore Identity tools"
           dotnet tool restore
           echo "Publish Identity"
           dotnet publish -c "Release" -o obj/build-output/publish
-          
+
           dotnet swagger tofile --output ../../identity.json --host https://identity.bitwarden.com \
             ./obj/build-output/publish/Identity.dll v1
           cd ../..
@@ -448,7 +447,7 @@ jobs:
         with:
           name: identity.json
           path: identity.json
-          if-no-files-found: error  
+          if-no-files-found: error
 
   build-mssqlmigratorutility:
     name: Build MSSQL migrator utility
@@ -565,7 +564,7 @@ jobs:
                 tag: 'main'
               }
             })
-  
+
   trigger-ee-updates:
     name: Trigger Ephemeral Environment updates
     if: github.ref != 'refs/heads/main' && contains(github.event.pull_request.labels.*.name, 'ephemeral-environment')
@@ -595,7 +594,7 @@ jobs:
               workflow_id: '_update_ephemeral_tags.yml',
               ref: 'main',
               inputs: {
-                ephemeral_env_branch: '${{ github.head_ref }}'
+                ephemeral_env_branch: process.env.GITHUB_HEAD_REF
               }
             })
 

.github/workflows/cleanup-after-pr.yml

@@ -1,4 +1,3 @@
----
 name: Container registry cleanup
 
 on:

.github/workflows/cleanup-ephemeral-environment.yml

@@ -0,0 +1,59 @@
+name: Ephemeral environment cleanup
+
+on:
+  pull_request:
+    types: [unlabeled]
+
+jobs:
+  validate-pr:
+    name: Validate PR
+    runs-on: ubuntu-24.04
+    outputs:
+      config-exists: ${{ steps.validate-config.outputs.config-exists }}
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+
+      - name: Validate config exists in path
+        id: validate-config
+        run: |
+          if [[ -f "ephemeral-environments/$GITHUB_HEAD_REF.yaml" ]]; then
+            echo "Ephemeral environment config found in path, continuing."
+            echo "config-exists=true" >> $GITHUB_OUTPUT
+          fi
+
+
+  cleanup-config:
+    name: Cleanup ephemeral environment
+    runs-on: ubuntu-24.04
+    needs: validate-pr
+    if: ${{ needs.validate-pr.outputs.config-exists }}
+    steps:
+      - name: Log in to Azure - CI subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve GitHub PAT secrets
+        id: retrieve-secret-pat
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Trigger Ephemeral Environment cleanup
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+              owner: 'bitwarden',
+              repo: 'devops',
+              workflow_id: '_ephemeral_environment_pr_manager.yml',
+              ref: 'main',
+              inputs: {
+                ephemeral_env_branch: process.env.GITHUB_HEAD_REF,
+                cleanup_config: true,
+                project: 'server'
+              }
+            })

.github/workflows/cleanup-rc-branch.yml

@@ -1,4 +1,3 @@
----
 name: Cleanup RC Branch
 
 on:

.github/workflows/enforce-labels.yml

@@ -1,4 +1,3 @@
----
 name: Enforce PR labels
 
 on:
@@ -7,13 +6,13 @@ on:
     types: [labeled, unlabeled, opened, reopened, synchronize]
 jobs:
   enforce-label:
-    if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') }}
+    if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') || contains(github.event.*.labels.*.name, 'ephemeral-environment') }}
     name: Enforce label
     runs-on: ubuntu-22.04
 
     steps:
       - name: Check for label
         run: |
-          echo "PRs with the hold or needs-qa labels cannot be merged"
-          echo "### :x: PRs with the hold or needs-qa labels cannot be merged" >> $GITHUB_STEP_SUMMARY
+          echo "PRs with the hold, needs-qa or ephemeral-environment labels cannot be merged"
+          echo "### :x: PRs with the hold, needs-qa or ephemeral-environment labels cannot be merged" >> $GITHUB_STEP_SUMMARY
           exit 1

.github/workflows/protect-files.yml

@@ -1,7 +1,6 @@
 # Runs if there are changes to the paths: list.
 # Starts a matrix job to check for modified files, then sets output based on the results.
 # The input decides if the label job is ran, adding a label to the PR.
----
 name: Protect files
 
 on:

.github/workflows/publish.yml

@@ -1,4 +1,3 @@
----
 name: Publish
 run-name: Publish ${{ inputs.publish_type }}
 

.github/workflows/release.yml

@@ -1,4 +1,3 @@
----
 name: Release
 run-name: Release ${{ inputs.release_type }}
 

.github/workflows/stale-bot.yml

@@ -1,4 +1,3 @@
----
 name: Staleness
 on:
   workflow_dispatch:

.github/workflows/test-database.yml

@@ -1,4 +1,3 @@
----
 name: Database testing
 
 on:
@@ -55,7 +54,7 @@ jobs:
       # I've seen the SQL Server container not be ready for commands right after starting up and just needing a bit longer to be ready
       - name: Sleep
         run: sleep 15s
-      
+
       - name: Checking pending model changes (MySQL)
         working-directory: "util/MySqlMigrations"
         run: 'dotnet ef migrations has-pending-model-changes -- --GlobalSettings:MySql:ConnectionString="$CONN_STR"'
@@ -114,7 +113,7 @@ jobs:
           BW_TEST_DATABASES__3__CONNECTIONSTRING: "Data Source=${{ runner.temp }}/test.db"
         run: dotnet test --logger "trx;LogFileName=infrastructure-test-results.trx"
         shell: pwsh
-      
+
       - name: Print MySQL Logs
         if: failure()
         run: 'docker logs $(docker ps --quiet --filter "name=mysql")'

Directory.Build.props

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
 
-    <Version>2024.10.0</Version>
+    <Version>2024.10.1</Version>
 
     <RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>

src/Admin/AdminConsole/Controllers/OrganizationsController.cs

@@ -11,7 +11,6 @@
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
 using Bit.Core.Enums;
-using Bit.Core.Exceptions;
 using Bit.Core.Models.OrganizationConnectionConfigs;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces;
 using Bit.Core.Repositories;
@@ -236,7 +235,8 @@ public async Task<IActionResult> Edit(Guid id, OrganizationEditModel model)
         if (organization.UseSecretsManager &&
             !StaticStore.GetPlan(organization.PlanType).SupportsSecretsManager)
         {
-            throw new BadRequestException("Plan does not support Secrets Manager");
+            TempData["Error"] = "Plan does not support Secrets Manager";
+            return RedirectToAction("Edit", new { id });
         }
 
         await _organizationRepository.ReplaceAsync(organization);

src/Admin/AdminConsole/Models/OrganizationEditModel.cs

@@ -181,7 +181,6 @@ public OrganizationEditModel(
      */
     public object GetPlansHelper() =>
         StaticStore.Plans
-            .Where(p => p.SupportsSecretsManager)
             .Select(p =>
             {
                 var plan = new

src/Api/AdminConsole/Controllers/PoliciesController.cs

@@ -25,7 +25,6 @@ public class PoliciesController : Controller
 {
     private readonly IPolicyRepository _policyRepository;
     private readonly IPolicyService _policyService;
-    private readonly IOrganizationService _organizationService;
     private readonly IOrganizationUserRepository _organizationUserRepository;
     private readonly IUserService _userService;
     private readonly ICurrentContext _currentContext;
@@ -36,7 +35,6 @@ public class PoliciesController : Controller
     public PoliciesController(
         IPolicyRepository policyRepository,
         IPolicyService policyService,
-        IOrganizationService organizationService,
         IOrganizationUserRepository organizationUserRepository,
         IUserService userService,
         ICurrentContext currentContext,
@@ -46,7 +44,6 @@ public PoliciesController(
     {
         _policyRepository = policyRepository;
         _policyService = policyService;
-        _organizationService = organizationService;
         _organizationUserRepository = organizationUserRepository;
         _userService = userService;
         _currentContext = currentContext;
@@ -185,7 +182,7 @@ public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody] Po
         }
 
         var userId = _userService.GetProperUserId(User);
-        await _policyService.SaveAsync(policy, _organizationService, userId);
+        await _policyService.SaveAsync(policy, userId);
         return new PolicyResponseModel(policy);
     }
 }

src/Api/AdminConsole/Public/Controllers/PoliciesController.cs

@@ -6,7 +6,6 @@
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Context;
-using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -18,18 +17,15 @@ public class PoliciesController : Controller
 {
     private readonly IPolicyRepository _policyRepository;
     private readonly IPolicyService _policyService;
-    private readonly IOrganizationService _organizationService;
     private readonly ICurrentContext _currentContext;
 
     public PoliciesController(
         IPolicyRepository policyRepository,
         IPolicyService policyService,
-        IOrganizationService organizationService,
         ICurrentContext currentContext)
     {
         _policyRepository = policyRepository;
         _policyService = policyService;
-        _organizationService = organizationService;
         _currentContext = currentContext;
     }
 
@@ -96,7 +92,7 @@ public async Task<IActionResult> Put(PolicyType type, [FromBody] PolicyUpdateReq
         {
             policy = model.ToPolicy(policy);
         }
-        await _policyService.SaveAsync(policy, _organizationService, null);
+        await _policyService.SaveAsync(policy, null);
         var response = new PolicyResponseModel(policy);
         return new JsonResult(response);
     }

src/Api/Billing/Models/Responses/OrganizationMetadataResponse.cs

@@ -3,8 +3,11 @@
 namespace Bit.Api.Billing.Models.Responses;
 
 public record OrganizationMetadataResponse(
+    bool IsEligibleForSelfHost,
     bool IsOnSecretsManagerStandalone)
 {
     public static OrganizationMetadataResponse From(OrganizationMetadata metadata)
-        => new(metadata.IsOnSecretsManagerStandalone);
+        => new(
+            metadata.IsEligibleForSelfHost,
+            metadata.IsOnSecretsManagerStandalone);
 }

src/Api/Controllers/PushController.cs

@@ -46,15 +46,15 @@ await _pushRegistrationService.CreateOrUpdateRegistrationAsync(model.PushToken,
     public async Task PostDelete([FromBody] PushDeviceRequestModel model)
     {
         CheckUsage();
-        await _pushRegistrationService.DeleteRegistrationAsync(Prefix(model.Id), model.Type);
+        await _pushRegistrationService.DeleteRegistrationAsync(Prefix(model.Id));
     }
 
     [HttpPut("add-organization")]
     public async Task PutAddOrganization([FromBody] PushUpdateRequestModel model)
     {
         CheckUsage();
         await _pushRegistrationService.AddUserRegistrationOrganizationAsync(
-            model.Devices.Select(d => new KeyValuePair<string, Core.Enums.DeviceType>(Prefix(d.Id), d.Type)),
+            model.Devices.Select(d => Prefix(d.Id)),
             Prefix(model.OrganizationId));
     }
 
@@ -63,7 +63,7 @@ public async Task PutDeleteOrganization([FromBody] PushUpdateRequestModel model)
     {
         CheckUsage();
         await _pushRegistrationService.DeleteUserRegistrationOrganizationAsync(
-            model.Devices.Select(d => new KeyValuePair<string, Core.Enums.DeviceType>(Prefix(d.Id), d.Type)),
+            model.Devices.Select(d => Prefix(d.Id)),
             Prefix(model.OrganizationId));
     }