Merge branch 'main' into auth/pm-30810/http-redirect-cloud

Author: Patrick-Pimentel-Bitwarden

.checkmarx/config.yml

@@ -11,3 +11,7 @@ checkmarx:
         filter: "!test"
       kics:
         filter: "!dev,!.devcontainer"
+      sca:
+        filter: "!dev,!.devcontainer"
+      containers:
+        filter: "!dev,!.devcontainer"

.claude/settings.json

@@ -0,0 +1,10 @@
+{
+  "extraKnownMarketplaces": {
+    "bitwarden-marketplace": {
+      "source": {
+        "source": "github",
+        "repo": "bitwarden/ai-plugins"
+      }
+    }
+  }
+}

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "swashbuckle.aspnetcore.cli": {
-      "version": "9.0.4",
+      "version": "10.1.0",
       "commands": ["swagger"]
     },
     "dotnet-ef": {

.devcontainer/community_dev/devcontainer.json

@@ -3,10 +3,12 @@
   "dockerComposeFile": "../../.devcontainer/bitwarden_common/docker-compose.yml",
   "service": "bitwarden_server",
   "workspaceFolder": "/workspace",
+  "initializeCommand": "mkdir -p dev/.data/keys dev/.data/mssql dev/.data/azurite dev/helpers/mssql",
   "features": {
     "ghcr.io/devcontainers/features/node:1": {
-      "version": "16"
-    }
+      "version": "22"
+    },
+    "ghcr.io/devcontainers/features/rust:1": {}
   },
   "mounts": [
     {
@@ -21,5 +23,27 @@
       "extensions": ["ms-dotnettools.csdevkit"]
     }
   },
-  "postCreateCommand": "bash .devcontainer/community_dev/postCreateCommand.sh"
+  "postCreateCommand": "bash .devcontainer/community_dev/postCreateCommand.sh",
+  "forwardPorts": [1080, 1433, 3306, 5432],
+  "portsAttributes": {
+    "default": {
+      "onAutoForward": "ignore"
+    },
+    "1080": {
+      "label": "Mail Catcher",
+      "onAutoForward": "notify"
+    },
+    "1433": {
+      "label": "SQL Server",
+      "onAutoForward": "notify"
+    },
+    "3306": {
+      "label": "MySQL",
+      "onAutoForward": "notify"
+    },
+    "5432": {
+      "label": "PostgreSQL",
+      "onAutoForward": "notify"
+    }
+  }
 }

.devcontainer/community_dev/postCreateCommand.sh

@@ -3,11 +3,46 @@ export DEV_DIR=/workspace/dev
 export CONTAINER_CONFIG=/workspace/.devcontainer/community_dev
 git config --global --add safe.directory /workspace
 
+if [[ -z "${CODESPACES}" ]]; then
+    allow_interactive=1
+else
+    echo "Doing non-interactive setup"
+    allow_interactive=0
+fi
+
+get_option() {
+    # Helper function for reading the value of an environment variable
+    # primarily but then falling back to an interactive question if allowed
+    # and lastly falling back to a default value input when either other
+    # option is available.
+    name_of_var="$1"
+    question_text="$2"
+    default_value="$3"
+    is_secret="$4"
+
+    if [[ -n "${!name_of_var}" ]]; then
+        # If the env variable they gave us has a value, then use that value
+        echo "${!name_of_var}"
+    elif [[ "$allow_interactive" == 1 ]]; then
+        # If we can be interactive, then use the text they gave us to request input
+        if [[ "$is_secret" == 1 ]]; then
+            read -r -s -p "$question_text" response
+            echo "$response"
+        else
+            read -r -p "$question_text" response
+            echo "$response"
+        fi
+    else
+        # If no environment variable and not interactive, then just give back default value
+        echo "$default_value"
+    fi
+}
+
 get_installation_id_and_key() {
     pushd ./dev >/dev/null || exit
     echo "Please enter your installation id and key from https://bitwarden.com/host:"
-    read -r -p "Installation id: " INSTALLATION_ID
-    read -r -p "Installation key: " INSTALLATION_KEY
+    INSTALLATION_ID="$(get_option "INSTALLATION_ID" "Installation id: " "00000000-0000-0000-0000-000000000001")"
+    INSTALLATION_KEY="$(get_option "INSTALLATION_KEY" "Installation key: " "" 1)"
     jq ".globalSettings.installation.id = \"$INSTALLATION_ID\" |
         .globalSettings.installation.key = \"$INSTALLATION_KEY\"" \
         secrets.json.example >secrets.json # create/overwrite secrets.json
@@ -30,11 +65,10 @@ configure_other_vars() {
 }
 
 one_time_setup() {
-    read -r -p \
-        "Would you like to configure your secrets and certificates for the first time?
+    do_secrets_json_setup="$(get_option "SETUP_SECRETS_JSON" "Would you like to configure your secrets and certificates for the first time?
 WARNING: This will overwrite any existing secrets.json and certificate files.
-Proceed? [y/N] " response
-    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+Proceed? [y/N] " "n")"
+    if [[ "$do_secrets_json_setup" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
         echo "Running one-time setup script..."
         sleep 1
         get_installation_id_and_key
@@ -50,11 +84,4 @@ Proceed? [y/N] " response
     fi
 }
 
-# main
-if [[ -z "${CODESPACES}" ]]; then
-  one_time_setup
-else
-  # Ignore interactive elements when running in codespaces since they are not supported there
-  # TODO Write codespaces specific instructions and link here
-  echo "Running in codespaces, follow instructions here: https://contributing.bitwarden.com/getting-started/server/guide/ to continue the setup"
-fi
+one_time_setup

.devcontainer/internal_dev/devcontainer.json

@@ -6,10 +6,12 @@
   ],
   "service": "bitwarden_server",
   "workspaceFolder": "/workspace",
+  "initializeCommand": "mkdir -p dev/.data/keys dev/.data/mssql dev/.data/azurite dev/helpers/mssql",
   "features": {
     "ghcr.io/devcontainers/features/node:1": {
-      "version": "16"
-    }
+      "version": "22"
+    },
+    "ghcr.io/devcontainers/features/rust:1": {}
   },
   "mounts": [
     {
@@ -24,9 +26,18 @@
       "extensions": ["ms-dotnettools.csdevkit"]
     }
   },
+  "onCreateCommand": "bash .devcontainer/internal_dev/onCreateCommand.sh",
   "postCreateCommand": "bash .devcontainer/internal_dev/postCreateCommand.sh",
-  "forwardPorts": [1080, 1433, 3306, 5432, 10000, 10001, 10002],
+  "forwardPorts": [
+    1080, 1433, 3306, 5432, 10000, 10001, 10002,
+    4000, 4001, 33656, 33657, 44519, 44559,
+    46273, 46274, 50024, 51822, 51823,
+    54103, 61840, 61841, 62911, 62912
+  ],
   "portsAttributes": {
+    "default": {
+      "onAutoForward": "ignore"
+    },
     "1080": {
       "label": "Mail Catcher",
       "onAutoForward": "notify"
@@ -48,12 +59,76 @@
       "onAutoForward": "notify"
     },
     "10001": {
-      "label": "Azurite Storage Queue ",
+      "label": "Azurite Storage Queue",
       "onAutoForward": "notify"
     },
     "10002": {
       "label": "Azurite Storage Table",
       "onAutoForward": "notify"
+    },
+    "4000": {
+      "label": "Api (Cloud)",
+      "onAutoForward": "notify"
+    },
+    "4001": {
+      "label": "Api (SelfHost)",
+      "onAutoForward": "notify"
+    },
+    "33656": {
+      "label": "Identity (Cloud)",
+      "onAutoForward": "notify"
+    },
+    "33657": {
+      "label": "Identity (SelfHost)",
+      "onAutoForward": "notify"
+    },
+    "44519": {
+      "label": "Billing",
+      "onAutoForward": "notify"
+    },
+    "44559": {
+      "label": "Scim",
+      "onAutoForward": "notify"
+    },
+    "46273": {
+      "label": "Events (Cloud)",
+      "onAutoForward": "notify"
+    },
+    "46274": {
+      "label": "Events (SelfHost)",
+      "onAutoForward": "notify"
+    },
+    "50024": {
+      "label": "Icons",
+      "onAutoForward": "notify"
+    },
+    "51822": {
+      "label": "Sso (Cloud)",
+      "onAutoForward": "notify"
+    },
+    "51823": {
+      "label": "Sso (SelfHost)",
+      "onAutoForward": "notify"
+    },
+    "54103": {
+      "label": "EventsProcessor",
+      "onAutoForward": "notify"
+    },
+    "61840": {
+      "label": "Notifications (Cloud)",
+      "onAutoForward": "notify"
+    },
+    "61841": {
+      "label": "Notifications (SelfHost)",
+      "onAutoForward": "notify"
+    },
+    "62911": {
+      "label": "Admin (Cloud)",
+      "onAutoForward": "notify"
+    },
+    "62912": {
+      "label": "Admin (SelfHost)",
+      "onAutoForward": "notify"
     }
   }
 }

.devcontainer/internal_dev/onCreateCommand.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+export REPO_ROOT="$(git rev-parse --show-toplevel)"
+
+file="$REPO_ROOT/dev/custom-root-ca.crt"
+
+if [ -e "$file" ]; then
+  echo "Adding custom root CA"
+  sudo cp "$file" /usr/local/share/ca-certificates/
+  sudo update-ca-certificates
+else
+  echo "No custom root CA found, skipping..."
+fi

.devcontainer/internal_dev/postCreateCommand.sh

@@ -108,7 +108,7 @@ Press <Enter> to continue."
     fi
 
     run_mssql_migrations="$(get_option "RUN_MSSQL_MIGRATIONS" "Would you like us to run MSSQL Migrations for you? [y/N] " "n")"
-    if [[ "$do_azurite_setup" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+    if [[ "$run_mssql_migrations" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
         echo "Running migrations..."
         sleep 5 # wait for DB container to start
         dotnet run --project "$REPO_ROOT/util/MsSqlMigratorUtility" "$SQL_CONNECTION_STRING"

.github/CODEOWNERS

@@ -11,6 +11,9 @@
 **/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
 **/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
 
+# Scanning tools
+.checkmarx/ @bitwarden/team-appsec
+
 ## BRE team owns these workflows ##
 .github/workflows/publish.yml @bitwarden/dept-bre
 
@@ -94,9 +97,7 @@ src/Admin/Views/Tools @bitwarden/team-billing-dev
 .github/workflows/test-database.yml @bitwarden/team-platform-dev
 .github/workflows/test.yml @bitwarden/team-platform-dev
 **/*Platform* @bitwarden/team-platform-dev
-**/.dockerignore @bitwarden/team-platform-dev
-**/Dockerfile @bitwarden/team-platform-dev
-**/entrypoint.sh @bitwarden/team-platform-dev
+
 # The PushType enum is expected to be editted by anyone without need for Platform review
 src/Core/Platform/Push/PushType.cs
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,27 +9,3 @@
 ## 📸 Screenshots
 
 <!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
-
-## ⏰ Reminders before review
-
-- Contributor guidelines followed
-- All formatters and local linters executed and passed
-- Written new unit and / or integration tests where applicable
-- Protected functional changes with optionality (feature flags)
-- Used internationalization (i18n) for all UI strings
-- CI builds passed
-- Communicated to DevOps any deployment requirements
-- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
-
-## 🦮 Reviewer guidelines
-
-<!-- Suggested interactions but feel free to use (or not) as you desire! -->
-
-- 👍 (`:+1:`) or similar for great changes
-- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
-- ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
-- 🎨 (`:art:`) for suggestions / improvements
-- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
-- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
-- ⛏ (`:pick:`) for minor or nitpick changes