Whenever I submit a GET request to the api/public/groups endpoint, the "collections" field for each group returns "None" on every group, even if they have access to collections. I can verify that these groups have access to collections by sending a GET request to the api/public/collections endpoint as the "groups" field returns as expected on each collection. I have tried to make this request with both the Python requests module as well as Postman. I am making calls to a self-hosted Bitwarden instance.
Thanks @alexacallmebaka , looks like you found a "todo" in our public API implementation, https://github.com/bitwarden/server/blob/master/src/Api/Public/Controllers/GroupsController.cs#L90
We'll get this on our backlog.
Is anyone working on this? If not, I'd love to do it.
@AqeelAT , no one is assigned yet, if you would like to tackle this please feel free (and thank you!)
Is there any documentation about the development process? I was able to find the swagger endpoint but then I'm required to authorize the requests for which I need a client_id and secret. Where can I find these credentials for development purposes? Is it somewhere in the Identity project? I can't run Identity Server locally https://github.com/bitwarden/server/issues/943 in order to create these credentials.
Also how do you deal with CORS in development when dealing with the API and Identity Server? So maybe there is some documentation but I'm unable to find it.
Hi @DavidSSL , for local development (getting community development guides published is on our radar), here are some excerpts from our internal development wiki:
For local development and running the Server (Api, Identity, etc.) you'll need to setup a few things in order to make that work, connect to your own local SQL instance (docker image), as well as have appropriate certificates available for doing encrypty type things.
You will need to manage user secrets for each site project in the Server solution. This includes predominately the Api and Identity projects, although there are other, lessor used ones that may also need it depending on what you're doing, but these 2 set the foundation.
You can simply right-click on the Project and "View User Secrets" (or something like that), easy peasy.
You must open a terminal and go to each project directory. Once there you initiate and create the blank user secrets file by running,
dotnet user-secrets init
You can then view/list any secrets you have set by running, dotnet user-secrets list. For more info see: Safe storage of app secrets in development in ASP.NET Core
Once you have your user secrets files setup, you'll need to generate 3 of your own certificates for use in local development.
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity_server_dev.key -out identity_server_dev.crt -subj "/CN=Bitwarden Identity Server Dev" -days 3650
openssl pkcs12 -export -out identity_server_dev.pfx -inkey identity_server_dev.key -in identity_server_dev.crt -certfile identity_server_dev.crt
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout data_protection_dev.key -out data_protection_dev.crt -subj "/CN=Bitwarden Data Protection Dev" -days 3650
openssl pkcs12 -export -out data_protection_dev.pfx -inkey data_protection_dev.key -in data_protection_dev.crt -certfile data_protection_dev.crt
always trust - don’t worry, this is secure…. :)Launching the entire bitwarden/server solution for use with the bitwarden/web and other client projects.
vault_dev database is runningYou can right click on each project, Identity and then Api, in order, and click _Start Debugging Project_.
You can also, alternatively if you only need them running locally w/o debugging, open a terminal and navigate to each respective .csproj location and type,
dotnet run
NOTE: when doing this the port number on the URL may be different and you'll need to update any client configuration(s) and/or user secrets accordingly (typically the Api user secrets for the Identity URL).
@cscharf I've tried to follow the instructions but I was unable to go further at the point where I had to double click on the .pfx file because on my Linux system this just opened up application options when I guess it was supposed to be added to the certificate manager.
Since these are not 100% familiar concepts to me and the fact that I won't have time for the next couple of months, I will bow out for now.
@AqeelAT are you actively working on this? If not, I can take a crack at it.
Wanted to check in to make sure I'm not stepping on anyone's toes.
@echen805 I'm not. Feel free to do it.
Hi @cscharf, I have setup my local development server and was in the process of replicating the issue when I realized that organizations is a premium feature for a self hosted server. Is there a development license I can use?
I think this is a good first issue for me to try to work on this repo so if there isn't, I don't mind just purchasing a premium license. But I figured I'd ask first.
Hi @echen805 , you can run local w/o using "self-hosted" if you can supply properly formatted connection strings for various cloud services, which is the primary hangup there. Here's a sample secrets JSON file that should get you what you need to run locally and use the "free" account + free org(s) without having to have access to billing services/APIs or cloud infrastructure as long as your SQL connection string is all set. Unless you do actually set up S3 or Azure Table storage/queues account or run locally using emulators in Docker, etc. however some features won't work (like file storage, notifications, etc.) which likely fine for this issue.
Also, see the article, "Use the Azure Storage Emulator for development and testing", for how I use a local emulator for most of the storage operations when emulating "cloud".
For this secrets file, don't forget to replace the <thumbprint goes here> with the appropriate certificate thumbprints you've generated, as well as the globalSettings:sqlServer:connectionString value with the appropriate user + password values (and double check the database name).
Let me know if you run into any issues, I've not had a chance to test this configuration so there may need to be a tweak or 2.
Awesome, thanks so much! I'll try it out this week!
Most helpful comment
Hi @DavidSSL , for local development (getting community development guides published is on our radar), here are some excerpts from our internal development wiki:
Local Development: Server
For local development and running the Server (Api, Identity, etc.) you'll need to setup a few things in order to make that work, connect to your own local SQL instance (docker image), as well as have appropriate certificates available for doing encrypty type things.
User Secrets
You will need to manage user secrets for each site project in the Server solution. This includes predominately the Api and Identity projects, although there are other, lessor used ones that may also need it depending on what you're doing, but these 2 set the foundation.
Visual Studio on Windows
You can simply right-click on the Project and "View User Secrets" (or something like that), easy peasy.
Visual Studio on macOS
You must open a terminal and go to each project directory. Once there you initiate and create the blank user secrets file by running,
You can then view/list any secrets you have set by running,
dotnet user-secrets list. For more info see: Safe storage of app secrets in development in ASP.NET CoreRider
User Secrets - Certificates
Once you have your user secrets files setup, you'll need to generate 3 of your own certificates for use in local development.
Generate Certificates
always trust- don’t worry, this is secure…. :)Running and Debugging
Launching the entire bitwarden/server solution for use with the bitwarden/web and other client projects.
Prerequisites
vault_devdatabase is runningVisual Studio for macOS
You can right click on each project, Identity and then Api, in order, and click _Start Debugging Project_.
You can also, alternatively if you only need them running locally w/o debugging, open a terminal and navigate to each respective .csproj location and type,
NOTE: when doing this the port number on the URL may be different and you'll need to update any client configuration(s) and/or user secrets accordingly (typically the Api user secrets for the Identity URL).
Rider
Notes