Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AC-108] Enterprise policies are not removed when downgraded to teams #3014

Closed
wants to merge 97 commits into from
Closed

[AC-108] Enterprise policies are not removed when downgraded to teams #3014

wants to merge 97 commits into from

Conversation

r-tome
Copy link
Contributor

@r-tome r-tome commented Jun 13, 2023
edited
Loading

Type of change

- [X] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

If an organization has UsePolicies = false then any of its members should not be affected by any previously configured policy.

Code changes

Part of the solution was implemented on #2917 to select organization features for te selected plan. I've built further on that by setting the features for the Free and Families plans.

  • src/Admin/Views/Organizations/Edit.cshtml: Setting trial = true when clicking trial buttons
  • src/Admin/Views/Shared/_OrganizationFormScripts.cshtml: Using new parameter trial to set value for SalesAssistedTrialStarted. Added plans 'free' and 'families' to switch to toggle features
  • src/Infrastructure.EntityFramework/Repositories/OrganizationUserRepository.cs: Filtering by organizations that have UsePolicies = true
  • src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByUserIdWithPolicyDetails.sql: Filtering by organizations that have UsePolicies = true
  • util/Migrator/DbScripts/2023-06-13_00_OrgUserPolicyDetailsAddFilterOrgUsePolicies.sql: SQL migration file

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@r-tome r-tome requested a review from a team June 13, 2023 15:47
@r-tome r-tome marked this pull request as ready for review June 13, 2023 15:47
shane-melton and others added 23 commits June 29, 2023 10:40
@shane-melton
[AC-1423] Add AddonProduct and BitwardenProduct properties to Billing…
fd51797 
…SubscriptionItem (#3037)

* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem

- Add a helper method to determine the appropriate addon type based on the subscription items StripeId

* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId

* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct
@eliykat
Merge remote-tracking branch 'origin/master' into feature/sm-billing
039e216
@eliykat
Add SecretsManagerBilling feature flag to Constants
12e6696
@cyprain-okeke @eliykat
[AC 1409] Secrets Manager Subscription Stripe Integration (#3019)
46b2260 
* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Changes for secret manager signup and upgradeplan

* Changes for secrets manager signup and upgrade

* refactoring the code

* Format whitespace

* remove unnecessary using directive

* Resolve the PR comment on Subscription creation

* Resolve PR comment

* Add password manager to the error message

* Add UseSecretsManager to the event log

* Resolve PR comment on plan validation

* Resolving pr comments for service account count

* Resolving pr comments for service account count

* Resolve the pr comments

* Remove the store procedure that is no-longer needed

* Rename a property properly

* Resolving the PR comment

* Resolve PR comments

* Resolving PR comments

* Resolving the Pr comments

* Resolving some PR comments

* Resolving the PR comments

* Resolving the build identity build

* Add additional Validation

* Resolve the Lint issues

* remove unnecessary using directive

* Remove the white spaces

* Adding unit test for the stripe payment

* Remove the incomplete test

* Fixing the failing test

* Fix the failing test

* Fix the fail test on organization service

* Fix the failing unit test

* Fix the whitespace format

* Fix the failing test

* Fix the whitespace format

* resolve pr comments

* Fix the lint message

* Resolve the PR comments

* resolve pr comments

* Resolve pr comments

* Resolve the pr comments

* remove unused code

* Added for sm validation test

* Fix the whitespace format issues

---------

Co-authored-by: Thomas Rittson <[email protected]>
Co-authored-by: Thomas Rittson <[email protected]>
@coltonhurst
SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update
9062672
@coltonhurst
SM-802: Run EF Migrations for SecretsManagerBeta
66185f0
@coltonhurst
SM-802: Update the two Org procs and View, and move data migration to…
c9745cd 
… a separate file
@coltonhurst
SM-802: Add missing comma to Organization_Create
f00f552
@shane-melton
[AC-1418] Add missing SecretsManagerPlan property to OrganizationResp…
6c0c9c6 
…onseModel (#3055)
@coltonhurst
SM-802: Remove extra GO statement from data migration script
6a5d5a9
@eliykat
Merge remote-tracking branch 'origin/master' into feature/sm-billing
4a88894
@cyprain-okeke
[AC 1460] Update Stripe Configuration (#3070)
692c7ff 
* change the stripeseat id

* change service accountId to align with new product

* make all the Id name for consistent
@coltonhurst
SM-802: Add SecretsManagerBeta to OrganizationResponseModel
45b6954
@coltonhurst
SM-802: Move SecretsManagerBeta from OrganizationResponseModel to Org…
9cc1774 
…anizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.
@coltonhurst
SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes
2a441c1
@cyprain-okeke @eliykat
[AC 1410] Secrets Manager subscription adjustment back-end changes (#…
a1f8ca8 
…3036)

* Create UpgradeSecretsManagerSubscription command

---------

Co-authored-by: Thomas Rittson <[email protected]>
@eliykat
Merge branch 'master' into feature/sm-billing
ce03d38
@coltonhurst
SM-802: Remove SecretsManagerBetaColumn migration
2cc3fcd
@coltonhurst
SM-802: Add SecretsManagerBetaColumn migration
88338a9
@coltonhurst
Merge branch 'master' into sm/SM-802
052b61e
@coltonhurst
SM-802: Remove OrganizationUserOrganizationDetailsView update
d5682ce
@eliykat @cyprain-okeke
[AC-1495] Extract UpgradePlanAsync into a command (#3081)
a5efec3 
* This is a pure lift & shift with no refactors

* Only register subscription commands in Api

---------

Co-authored-by: cyprain-okeke <[email protected]>
@eliykat
[AC-1503] Fix Stripe integration on organization upgrade (#3084)
cab23cb 
* Fix SM parameters not being passed to Stripe

* Fix flaky test

* Fix error message
@eliykat
Fix prefill when changing plans or starting trials
06f34f8 
* [AC-1575] Don't overwrite existing org information when changing plans
* [AC-1577] Prefill SM configuration section when starting trial
@eliykat
Clarify property names
afa60a5
@eliykat
Set SM subscription based on current usage
b58c14b
@eliykat
Fix label for Service Accounts field
69cc54c
@eliykat
Prevent subscribing to SM on an invalid plan
2e95387
@eliykat
Edit comment
1b10f8e
@eliykat
Set minimum seat count for SM
4acbfa4
@eliykat
Merge branch 'master' into ac/ac-1577/prefill-bitwarden-portal-values
0205cad
@eliykat
Don't use hardcoded plan values
dd008cb
@eliykat
Use plans directly in JS
9ad71cb
@eliykat
Refactor to getPlan function
3132c5e
@eliykat
Remove unneeded namespace refs
bb2d9bc
@eliykat
Add GetPlansHelper to provide some typesafety
e318f7a
@eliykat
Use planType from form instead of model
6a218e2
@eliykat
Add @model specification
5d45768
eliykat
eliykat reviewed Aug 7, 2023
View reviewed changes
Copy link
Member

@eliykat eliykat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few notes, I'll review the rest once you've merged in master to clean up the diff.

src/Admin/Views/Shared/_OrganizationFormScripts.cshtml Outdated Show resolved Hide resolved
src/Admin/Views/Shared/_OrganizationFormScripts.cshtml Outdated Show resolved Hide resolved
src/Admin/Views/Shared/_OrganizationFormScripts.cshtml Show resolved Hide resolved
@r-tome
Merge branch 'master' into AC-108-enterprise-polices-are-not-removed-…
86095dc 
…when-downgraded-to-teams

# Conflicts:
#	src/Infrastructure.EntityFramework/Repositories/OrganizationUserRepository.cs
#	src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByUserIdWithPolicyDetails.sql
#	util/Migrator/DbScripts/2023-07-18_00_OrganizationUserReadByUserIdWithPolicyDetails.sql
@r-tome
Copy link
Contributor Author

r-tome commented Aug 7, 2023

@eliykat I experimented with using IApplicationCacheService to get the OrganizationAbilities to the determine if a given OrganizationId has UsePolicies enabled. This is what the query method on PolicyService looked like:

private async Task<IEnumerable<OrganizationUserPolicyDetails>> QueryOrganizationUserPolicyDetailsAsync(Guid userId, PolicyType? policyType, OrganizationUserStatusType minStatus = OrganizationUserStatusType.Accepted)
    {
        // Check if the cached policies are available
        if (_cachedOrganizationUserPolicyDetails == null)
        {
            // Cached policies not available, retrieve from the repository
            _cachedOrganizationUserPolicyDetails = await _organizationUserRepository.GetByUserIdWithPolicyDetailsAsync(userId);
        }

        var excludedUserTypes = GetUserTypesExcludedFromPolicy(policyType);
        var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
        return _cachedOrganizationUserPolicyDetails.Where(o =>
            (!orgAbilities.ContainsKey(o.OrganizationId) || orgAbilities[o.OrganizationId].Enabled && orgAbilities[o.OrganizationId].UsePolicies) &&
            (policyType == null || o.PolicyType == policyType) &&
            o.PolicyEnabled &&
            !excludedUserTypes.Contains(o.OrganizationUserType) &&
            o.OrganizationUserStatus >= minStatus &&
            !o.IsProvider);
    }

This worked perfectly until I also ran the Admin Panel alongside it and changed the UsePolicies value but then the cached value was not updated (even though we do update the organization abilities). Could this be an issue on my development environment?

@bitwarden-bot
Copy link

bitwarden-bot commented Aug 7, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details8e7dbf3d-ab9d-492c-a9de-d24f82756df5

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Reflected_XSS_All_Clients /src/Admin/Views/Shared/_OrganizationFormScripts.cshtml: 133 Attack Vector

@r-tome
Merge branch 'ac/ac-1577/prefill-bitwarden-portal-values' into AC-108…
7b546c7 
…-enterprise-polices-are-not-removed-when-downgraded-to-teams

# Conflicts:
#	src/Admin/Views/Organizations/Edit.cshtml
#	src/Admin/Views/Shared/_OrganizationFormScripts.cshtml
@r-tome r-tome changed the base branch from master to ac/ac-1577/prefill-bitwarden-portal-values August 7, 2023 15:08
@r-tome r-tome requested a review from eliykat August 7, 2023 15:08
@eliykat
Copy link
Member

eliykat commented Aug 8, 2023

If the org abilities cache is in memory only, it wouldn't be shared between the projects. Did you find out whether it's in memory in prod, or is it hosted on a service like redis etc? (Or otherwise shared between the projects somehow?)

@r-tome r-tome marked this pull request as draft August 9, 2023 14:56
@r-tome
Copy link
Contributor Author

r-tome commented Aug 9, 2023

@eliykat I've created another PR with the changes above implemented and tested it by using a service bus resource on Azure. It worked great!

Base automatically changed from ac/ac-1577/prefill-bitwarden-portal-values to master August 15, 2023 23:03
@eliykat eliykat removed their request for review August 20, 2023 22:04
@eliykat
Copy link
Member

eliykat commented Aug 20, 2023

@r-tome just a reminder to close this one if it's no longer needed.

@r-tome r-tome closed this Aug 21, 2023
@r-tome r-tome deleted the AC-108-enterprise-polices-are-not-removed-when-downgraded-to-teams branch August 21, 2023 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eliykat eliykat eliykat left review comments

Assignees
No one assigned
Labels
needs-qa
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@r-tome @bitwarden-bot @eliykat @shane-melton @cyprain-okeke @coltonhurst @cturnbull-bitwarden @Thomas-Avery