Make Sso available in org license (#73)

* Exclude cert.cert from git

* Use latest release of bitwarden as base image (#67, #66)

* Add a script which simplifies Bitwarden updates

* fix typo

* Add UseApi

* Updated version, created update section

* Workaround for docker-compose --ignore-pull-failures bugs (4377 and 7127)

* use version from docker script

* check if bitbetter images are outdated

* Make Sso available in org license

Add `UseSso` var and enable

* Update README.md

Co-authored-by: Christoph Haas <christoph.h@sprinternet.at>
Co-authored-by: Lework <kuailemy123@163.com>
Co-authored-by: Captainhook <ec14018@qmul.ac.uk>

README.md

@@ -13,6 +13,7 @@ Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/B
     + [Dependencies](#dependencies)
     + [Setting up BitBetter](#setting-up-bitbetter)
     + [Building BitBetter](#building-bitbetter)
+    + [Updating Bitwarden and BitBetter](#updating-bitwarden-and-bitbetter)
     + [Generating Signed Licenses](#generating-signed-licenses)
 2. [FAQ](#faq-questions-you-might-have-)
 3. [Footnotes](#footnotes)
@@ -23,7 +24,7 @@ The following instructions are for unix-based systems (Linux, BSD, macOS), it is
 ## Dependencies
 Aside from docker, which you also need for Bitwarden, BitBetter requires the following:
 
-* Bitwarden (tested with 1.33.0, might work on lower versions)
+* Bitwarden (tested with 1.37.0, might work on lower versions)
 * openssl (probably already installed on most Linux or WSL systems, any version should work)
 
 ## Setting up BitBetter
@@ -78,6 +79,10 @@ openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:te
 
 ---
 
+## Updating Bitwarden and BitBetter
+
+To update Bitwarden, the provided `update-bitwarden.sh` script can be used. It will rebuild the BitBetter images and automatically update Bitwarden afterwards. Docker pull errors can be ignored for api and identity images.
+
 ## Generating Signed Licenses
 
 There is a tool included in the directory `src/licenseGen/` that will generate new individual and organization licenses. These licenses will be accepted by the modified Bitwarden because they will be signed by the certificate you generated in earlier steps.

build.sh

@@ -2,6 +2,9 @@
 
 DIR=`dirname "$0"`
 DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd`
+BW_VERSION="$(curl --silent https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh | grep 'COREVERSION="' | sed 's/^[^"]*"//; s/".*//')"
+
+echo "Building BitBetter for BitWarden version $BW_VERSION"
 
 # If there aren't any keys, generate them first.
 [ -e "$DIR/.keys/cert.cert" ] || "$DIR/.keys/generate-keys.sh"
@@ -12,7 +15,11 @@ cp "$DIR/.keys/cert.cert" "$DIR/src/bitBetter/.keys"
 
 docker run --rm -v "$DIR/src/bitBetter:/bitBetter" -w=/bitBetter mcr.microsoft.com/dotnet/core/sdk:3.1 sh build.sh
 
-docker build --build-arg BITWARDEN_TAG=bitwarden/api -t bitbetter/api "$DIR/src/bitBetter" # --squash
-docker build --build-arg BITWARDEN_TAG=bitwarden/identity -t bitbetter/identity "$DIR/src/bitBetter" # --squash
+docker build --no-cache --build-arg BITWARDEN_TAG=bitwarden/api:$BW_VERSION -t bitbetter/api "$DIR/src/bitBetter" # --squash
+docker build --no-cache --build-arg BITWARDEN_TAG=bitwarden/identity:$BW_VERSION -t bitbetter/identity "$DIR/src/bitBetter" # --squash
 
+docker tag bitbetter/api bitbetter/api:latest
+docker tag bitbetter/identity bitbetter/identity:latest
+docker tag bitbetter/api bitbetter/api:$BW_VERSION
+docker tag bitbetter/identity bitbetter/identity:$BW_VERSION
 

src/bitBetter/Program.cs

@@ -51,10 +51,10 @@ namespace bitwardenSelfLicensor
 
             var existingCert = new X509Certificate2(x.GetResourceData());
 
-            Console.WriteLine($"Existing Cert Thumbprin: {existingCert.Thumbprint}");
+            Console.WriteLine($"Existing Cert Thumbprint: {existingCert.Thumbprint}");
             X509Certificate2 certificate = new X509Certificate2(cert);
 
-            Console.WriteLine($"New cert Thumbprint: {certificate.Thumbprint}");
+            Console.WriteLine($"New Cert Thumbprint: {certificate.Thumbprint}");
 
             var ctor = licensingType.GetConstructors().Single();
 

src/licenseGen/Program.cs

@@ -359,6 +359,7 @@ namespace bitwardenSelfLicensor
             set("Seats", (short)32767);
             set("MaxCollections", short.MaxValue);
             set("UsePolicies", true);
+            set("UseSso", true);
             set("UseGroups", true);
             set("UseEvents", true);
             set("UseDirectory", true);
@@ -367,11 +368,12 @@ namespace bitwardenSelfLicensor
             set("MaxStorageGb", short.MaxValue);
             set("SelfHost", true);
             set("UsersGetPremium", true);
-            set("Version", 5);
+            set("Version", 6);
             set("Issued", DateTime.UtcNow);
             set("Refresh", DateTime.UtcNow.AddYears(100).AddMonths(-1));
             set("Expires", DateTime.UtcNow.AddYears(100));
             set("Trial", false);
+            set("UseApi", true);
 
             set("Hash", Convert.ToBase64String((byte[])type.GetMethod("ComputeHash").Invoke(license, new object[0])));
             set("Signature", Convert.ToBase64String((byte[])type.GetMethod("Sign").Invoke(license, new object[] { cert })));

update-bitwarden.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+SCRIPT_BASE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+BW_VERSION="$(curl --silent https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh | grep 'COREVERSION="' | sed 's/^[^"]*"//; s/".*//')"
+
+echo "Starting Bitwarden update, newest server version: $BW_VERSION"
+
+# Default path is the parent directory of the BitBetter location
+BITWARDEN_BASE="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." >/dev/null 2>&1 && pwd )"
+
+# Get Bitwarden base from user (or keep default value)
+read -p "Enter Bitwarden base directory [$BITWARDEN_BASE]: " tmpbase
+BITWARDEN_BASE=${tmpbase:-$BITWARDEN_BASE}
+
+# Check if directory exists and is valid
+[ -d "$BITWARDEN_BASE" ] || { echo "Bitwarden base directory $BITWARDEN_BASE not found!"; exit 1; }
+[ -f "$BITWARDEN_BASE/bitwarden.sh" ] || { echo "Bitwarden base directory $BITWARDEN_BASE is not valid!"; exit 1; }
+
+# Check if user wants to recreate the docker-compose override file
+RECREATE_OV="y"
+read -p "Rebuild docker-compose override? [Y/n]: " tmprecreate
+RECREATE_OV=${tmprecreate:-$RECREATE_OV}
+
+if [[ $RECREATE_OV =~ ^[Yy]$ ]]
+then
+    {
+        echo "version: '3'"
+        echo ""
+        echo "services:"
+        echo "  api:"
+        echo "    image: bitbetter/api:$BW_VERSION"
+        echo ""
+        echo "  identity:"
+        echo "    image: bitbetter/identity:$BW_VERSION"
+        echo ""
+    } > $BITWARDEN_BASE/bwdata/docker/docker-compose.override.yml
+    echo "BitBetter docker-compose override created!"
+else
+    echo "Make sure to check if the docker override contains the correct image version ($BW_VERSION) in $BITWARDEN_BASE/bwdata/docker/docker-compose.override.yml!"
+fi
+
+# Check if user wants to rebuild the bitbetter images
+docker images bitbetter/api --format="{{ .Tag }}" | grep -F -- "${BW_VERSION}" > /dev/null
+retval=$?
+REBUILD_BB="n"
+REBUILD_BB_DESCR="[y/N]"
+if [ $retval -ne 0 ]; then
+    REBUILD_BB="y"
+    REBUILD_BB_DESCR="[Y/n]"
+fi
+read -p "Rebuild BitBetter images? $REBUILD_BB_DESCR: " tmprebuild
+REBUILD_BB=${tmprebuild:-$REBUILD_BB}
+
+if [[ $REBUILD_BB =~ ^[Yy]$ ]]
+then
+    ./build.sh
+    echo "BitBetter images updated to version: $BW_VERSION"
+fi
+
+# Now start the bitwarden update
+cd $BITWARDEN_BASE
+
+./bitwarden.sh updateself
+
+# Update the bitwarden.sh: automatically patch run.sh to fix docker-compose pull errors for private images
+awk '1;/function downloadRunFile/{c=6}c&&!--c{print "sed -i '\''s/docker-compose pull/docker-compose pull --ignore-pull-failures || true/g'\'' $SCRIPTS_DIR/run.sh"}' $BITWARDEN_BASE/bitwarden.sh > tmp_bw.sh && mv tmp_bw.sh $BITWARDEN_BASE/bitwarden.sh
+chmod +x $BITWARDEN_BASE/bitwarden.sh
+echo "Patching bitwarden.sh completed..."
+
+./bitwarden.sh update
+
+cd $SCRIPT_BASE
+echo "Bitwarden update completed!"