Merge branch 'master' into flexible-collections/deprecate-custom-collection-perm

2026-01-07 02:53:38 +00:00 · 2023-11-14 13:36:28 +00:00
parent 7845381a9b fb89e07df7
commit 6436efcc5d
84 changed files with 4321 additions and 2183 deletions
--- a/src/Core/Auth/Models/Data/RotateUserKeyData.cs
+++ b/src/Core/Auth/Models/Data/RotateUserKeyData.cs
@@ -0,0 +1,19 @@
+using Bit.Core.Auth.Entities;
+using Bit.Core.Entities;
+using Bit.Core.Tools.Entities;
+using Bit.Core.Vault.Entities;
+
+namespace Bit.Core.Auth.Models.Data;
+
+public class RotateUserKeyData
+{
+    public User User { get; set; }
+    public string MasterPasswordHash { get; set; }
+    public string Key { get; set; }
+    public string PrivateKey { get; set; }
+    public IEnumerable<Cipher> Ciphers { get; set; }
+    public IEnumerable<Folder> Folders { get; set; }
+    public IEnumerable<Send> Sends { get; set; }
+    public IEnumerable<EmergencyAccess> EmergencyAccessKeys { get; set; }
+    public IEnumerable<OrganizationUser> ResetPasswordKeys { get; set; }
+}
--- a/src/Core/Auth/UserFeatures/UserKey/IRotateUserKeyCommand.cs
+++ b/src/Core/Auth/UserFeatures/UserKey/IRotateUserKeyCommand.cs
@@ -0,0 +1,18 @@
+using Bit.Core.Auth.Models.Data;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Data.SqlClient;
+
+namespace Bit.Core.Auth.UserFeatures.UserKey;
+
+public interface IRotateUserKeyCommand
+{
+    /// <summary>
+    /// Sets a new user key and updates all encrypted data.
+    /// </summary>
+    /// <param name="model">All necessary information for rotation. Warning: Any encrypted data not included will be lost.</param>
+    /// <returns>An IdentityResult for verification of the master password hash</returns>
+    /// <exception cref="ArgumentNullException">User must be provided.</exception>
+    Task<IdentityResult> RotateUserKeyAsync(RotateUserKeyData model);
+}
+
+public delegate Task UpdateEncryptedDataForKeyRotation(SqlTransaction transaction = null);
--- a/src/Core/Auth/UserFeatures/UserKey/Implementations/RotateUserKeyCommand.cs
+++ b/src/Core/Auth/UserFeatures/UserKey/Implementations/RotateUserKeyCommand.cs
@@ -0,0 +1,61 @@
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Microsoft.AspNetCore.Identity;
+
+namespace Bit.Core.Auth.UserFeatures.UserKey.Implementations;
+
+public class RotateUserKeyCommand : IRotateUserKeyCommand
+{
+    private readonly IUserService _userService;
+    private readonly IUserRepository _userRepository;
+    private readonly IPushNotificationService _pushService;
+    private readonly IdentityErrorDescriber _identityErrorDescriber;
+
+    public RotateUserKeyCommand(IUserService userService, IUserRepository userRepository,
+        IPushNotificationService pushService, IdentityErrorDescriber errors)
+    {
+        _userService = userService;
+        _userRepository = userRepository;
+        _pushService = pushService;
+        _identityErrorDescriber = errors;
+    }
+
+    /// <inheritdoc />
+    public async Task<IdentityResult> RotateUserKeyAsync(RotateUserKeyData model)
+    {
+        if (model.User == null)
+        {
+            throw new ArgumentNullException(nameof(model.User));
+        }
+
+        if (!await _userService.CheckPasswordAsync(model.User, model.MasterPasswordHash))
+        {
+            return IdentityResult.Failed(_identityErrorDescriber.PasswordMismatch());
+        }
+
+        var now = DateTime.UtcNow;
+        model.User.RevisionDate = model.User.AccountRevisionDate = now;
+        model.User.LastKeyRotationDate = now;
+        model.User.SecurityStamp = Guid.NewGuid().ToString();
+        model.User.Key = model.Key;
+        model.User.PrivateKey = model.PrivateKey;
+        if (model.Ciphers.Any() || model.Folders.Any() || model.Sends.Any() || model.EmergencyAccessKeys.Any() ||
+            model.ResetPasswordKeys.Any())
+        {
+            List<UpdateEncryptedDataForKeyRotation> saveEncryptedDataActions = new();
+            // if (model.Ciphers.Any())
+            // {
+            //      saveEncryptedDataActions.Add(_cipherRepository.SaveRotatedData);
+            // }
+            await _userRepository.UpdateUserKeyAndEncryptedDataAsync(model.User, saveEncryptedDataActions);
+        }
+        else
+        {
+            await _userRepository.ReplaceAsync(model.User);
+        }
+
+        await _pushService.PushLogOutAsync(model.User.Id, excludeCurrentContextFromPush: true);
+        return IdentityResult.Success;
+    }
+}
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -65,6 +65,7 @@ public static class FeatureFlagKeys
    public const string ItemShare = "item-share";
    public const string BillingPlansUpgrade = "billing-plans-upgrade";
    public const string BillingStarterPlan = "billing-starter-plan";
+    public const string KeyRotationImprovements = "key-rotation-improvements";

    public static List<string> GetAllKeys()
    {
--- a/src/Core/Core.csproj
+++ b/src/Core/Core.csproj
@@ -32,11 +32,13 @@
    <PackageReference Include="Fido2.AspNet" Version="3.0.1" />
    <PackageReference Include="Handlebars.Net" Version="2.1.2" />
    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
-    <PackageReference Include="MailKit" Version="3.2.0" />
+    <PackageReference Include="MailKit" Version="4.2.0" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.4" />
    <PackageReference Include="Microsoft.Azure.Cosmos.Table" Version="1.0.8" />
    <PackageReference Include="Microsoft.Azure.NotificationHubs" Version="4.1.0" />
    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.0.1" />
+    <!-- Azure.Identity is a explicit dependency to Microsoft.Data.SqlClient -->
+    <PackageReference Include="Azure.Identity" Version="1.10.2"/>
    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="6.0.1" />
    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="6.0.1" />
    <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="6.0.4" />
@@ -56,7 +58,7 @@
    <PackageReference Include="Otp.NET" Version="1.2.2" />
    <PackageReference Include="YubicoDotNetClient" Version="1.2.0" />
    <PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="6.0.6" />
-    <PackageReference Include="LaunchDarkly.ServerSdk" Version="7.0.0" />
+    <PackageReference Include="LaunchDarkly.ServerSdk" Version="8.0.0" />
  </ItemGroup>

  <ItemGroup>
--- a/src/Core/Enums/DeviceType.cs
+++ b/src/Core/Enums/DeviceType.cs
@@ -49,5 +49,11 @@ public enum DeviceType : byte
    [Display(Name = "SDK")]
    SDK = 21,
    [Display(Name = "Server")]
-    Server = 22
+    Server = 22,
+    [Display(Name = "Windows CLI")]
+    WindowsCLI = 23,
+    [Display(Name = "MacOs CLI")]
+    MacOsCLI = 24,
+    [Display(Name = "Linux CLI")]
+    LinuxCLI = 25
 }
--- a/src/Core/Models/Stripe/StripeInvoiceListOptions.cs
+++ b/src/Core/Models/Stripe/StripeInvoiceListOptions.cs
@@ -0,0 +1,27 @@
+using Stripe;
+
+namespace Bit.Core.Models.BitStripe;
+
+/// <summary>
+/// A model derived from the Stripe <see cref="InvoiceListOptions"/> class that includes a flag used to
+/// retrieve all invoices from the Stripe API rather than a limited set.
+/// </summary>
+public class StripeInvoiceListOptions : InvoiceListOptions
+{
+    public bool SelectAll { get; set; }
+
+    public InvoiceListOptions ToInvoiceListOptions()
+    {
+        var options = (InvoiceListOptions)this;
+
+        if (!SelectAll)
+        {
+            return options;
+        }
+
+        options.EndingBefore = null;
+        options.StartingAfter = null;
+
+        return options;
+    }
+}
--- a/src/Core/Repositories/IUserRepository.cs
+++ b/src/Core/Repositories/IUserRepository.cs
@@ -1,4 +1,5 @@
-using Bit.Core.Entities;
+using Bit.Core.Auth.UserFeatures.UserKey;
+using Bit.Core.Entities;
 using Bit.Core.Models.Data;

 namespace Bit.Core.Repositories;
@@ -15,4 +16,13 @@ public interface IUserRepository : IRepository<User, Guid>
    Task UpdateStorageAsync(Guid id);
    Task UpdateRenewalReminderDateAsync(Guid id, DateTime renewalReminderDate);
    Task<IEnumerable<User>> GetManyAsync(IEnumerable<Guid> ids);
+    /// <summary>
+    /// Sets a new user key and updates all encrypted data.
+    /// <para>Warning: Any user key encrypted data not included will be lost.</para>
+    /// </summary>
+    /// <param name="user">The user to update</param>
+    /// <param name="updateDataActions">Registered database calls to update re-encrypted data.</param>
+    [Obsolete("Intended for future improvements to key rotation. Do not use.")]
+    Task UpdateUserKeyAndEncryptedDataAsync(User user,
+        IEnumerable<UpdateEncryptedDataForKeyRotation> updateDataActions);
 }
--- a/src/Core/SecretsManager/AuthorizationRequirements/ProjectPeopleAccessPoliciesOperationRequirement.cs
+++ b/src/Core/SecretsManager/AuthorizationRequirements/ProjectPeopleAccessPoliciesOperationRequirement.cs
@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+
+namespace Bit.Core.SecretsManager.AuthorizationRequirements;
+
+public class ProjectPeopleAccessPoliciesOperationRequirement : OperationAuthorizationRequirement
+{
+}
+
+public static class ProjectPeopleAccessPoliciesOperations
+{
+    public static readonly ProjectPeopleAccessPoliciesOperationRequirement Replace = new() { Name = nameof(Replace) };
+}
--- a/src/Core/SecretsManager/Models/Data/PeopleGrantees.cs
+++ b/src/Core/SecretsManager/Models/Data/PeopleGrantees.cs
@@ -0,0 +1,22 @@
+namespace Bit.Core.SecretsManager.Models.Data;
+
+public class PeopleGrantees
+{
+    public IEnumerable<UserGrantee> UserGrantees { get; set; }
+    public IEnumerable<GroupGrantee> GroupGrantees { get; set; }
+}
+
+public class UserGrantee
+{
+    public Guid OrganizationUserId { get; set; }
+    public string Name { get; set; }
+    public string Email { get; set; }
+    public bool CurrentUser { get; set; }
+}
+
+public class GroupGrantee
+{
+    public Guid GroupId { get; set; }
+    public string Name { get; set; }
+    public bool CurrentUserInGroup { get; set; }
+}
--- a/src/Core/SecretsManager/Models/Data/ProjectPeopleAccessPolicies.cs
+++ b/src/Core/SecretsManager/Models/Data/ProjectPeopleAccessPolicies.cs
@@ -0,0 +1,27 @@
+using Bit.Core.SecretsManager.Entities;
+
+namespace Bit.Core.SecretsManager.Models.Data;
+
+public class ProjectPeopleAccessPolicies
+{
+    public Guid Id { get; set; }
+    public Guid OrganizationId { get; set; }
+    public IEnumerable<UserProjectAccessPolicy> UserAccessPolicies { get; set; }
+    public IEnumerable<GroupProjectAccessPolicy> GroupAccessPolicies { get; set; }
+
+    public IEnumerable<BaseAccessPolicy> ToBaseAccessPolicies()
+    {
+        var policies = new List<BaseAccessPolicy>();
+        if (UserAccessPolicies != null && UserAccessPolicies.Any())
+        {
+            policies.AddRange(UserAccessPolicies);
+        }
+
+        if (GroupAccessPolicies != null && GroupAccessPolicies.Any())
+        {
+            policies.AddRange(GroupAccessPolicies);
+        }
+
+        return policies;
+    }
+}
--- a/src/Core/SecretsManager/Repositories/IAccessPolicyRepository.cs
+++ b/src/Core/SecretsManager/Repositories/IAccessPolicyRepository.cs
@@ -1,6 +1,7 @@
 #nullable enable
 using Bit.Core.Enums;
 using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Models.Data;

 namespace Bit.Core.SecretsManager.Repositories;

@@ -15,4 +16,7 @@ public interface IAccessPolicyRepository
        AccessClientType accessType);
    Task ReplaceAsync(BaseAccessPolicy baseAccessPolicy);
    Task DeleteAsync(Guid id);
+    Task<IEnumerable<BaseAccessPolicy>> GetPeoplePoliciesByGrantedProjectIdAsync(Guid id, Guid userId);
+    Task<IEnumerable<BaseAccessPolicy>> ReplaceProjectPeopleAsync(ProjectPeopleAccessPolicies peopleAccessPolicies, Guid userId);
+    Task<PeopleGrantees> GetPeopleGranteesAsync(Guid organizationId, Guid currentUserId);
 }
--- a/src/Core/Services/IStripeAdapter.cs
+++ b/src/Core/Services/IStripeAdapter.cs
@@ -18,7 +18,7 @@ public interface IStripeAdapter
    Task<Stripe.Invoice> InvoiceCreateAsync(Stripe.InvoiceCreateOptions options);
    Task<Stripe.InvoiceItem> InvoiceItemCreateAsync(Stripe.InvoiceItemCreateOptions options);
    Task<Stripe.Invoice> InvoiceGetAsync(string id, Stripe.InvoiceGetOptions options);
-    Task<Stripe.StripeList<Stripe.Invoice>> InvoiceListAsync(Stripe.InvoiceListOptions options);
+    Task<List<Stripe.Invoice>> InvoiceListAsync(StripeInvoiceListOptions options);
    IEnumerable<InvoiceItem> InvoiceItemListAsync(InvoiceItemListOptions options);
    Task<Stripe.Invoice> InvoiceUpdateAsync(string id, Stripe.InvoiceUpdateOptions options);
    Task<Stripe.Invoice> InvoiceFinalizeInvoiceAsync(string id, Stripe.InvoiceFinalizeOptions options);
--- a/src/Core/Services/Implementations/LaunchDarklyFeatureService.cs
+++ b/src/Core/Services/Implementations/LaunchDarklyFeatureService.cs
@@ -1,5 +1,6 @@
 using Bit.Core.Context;
 using Bit.Core.Settings;
+using Bit.Core.Utilities;
 using LaunchDarkly.Logging;
 using LaunchDarkly.Sdk.Server;
 using LaunchDarkly.Sdk.Server.Integrations;
@@ -17,6 +18,16 @@ public class LaunchDarklyFeatureService : IFeatureService, IDisposable
        var ldConfig = Configuration.Builder(globalSettings.LaunchDarkly?.SdkKey);
        ldConfig.Logging(Components.Logging().Level(LogLevel.Error));

+        if (!string.IsNullOrEmpty(globalSettings.ProjectName))
+        {
+            ldConfig.ApplicationInfo(Components.ApplicationInfo()
+                .ApplicationId(globalSettings.ProjectName)
+                .ApplicationName(globalSettings.ProjectName)
+                .ApplicationVersion(AssemblyHelpers.GetGitHash() ?? $"v{AssemblyHelpers.GetVersion()}")
+                .ApplicationVersionName(AssemblyHelpers.GetVersion())
+            );
+        }
+
        if (string.IsNullOrEmpty(globalSettings.LaunchDarkly?.SdkKey))
        {
            // support a file to load flag values
--- a/src/Core/Services/Implementations/StripeAdapter.cs
+++ b/src/Core/Services/Implementations/StripeAdapter.cs
@@ -97,9 +97,23 @@ public class StripeAdapter : IStripeAdapter
        return _invoiceService.GetAsync(id, options);
    }

-    public Task<Stripe.StripeList<Stripe.Invoice>> InvoiceListAsync(Stripe.InvoiceListOptions options)
+    public async Task<List<Stripe.Invoice>> InvoiceListAsync(StripeInvoiceListOptions options)
    {
-        return _invoiceService.ListAsync(options);
+        if (!options.SelectAll)
+        {
+            return (await _invoiceService.ListAsync(options.ToInvoiceListOptions())).Data;
+        }
+
+        options.Limit = 100;
+
+        var invoices = new List<Stripe.Invoice>();
+
+        await foreach (var invoice in _invoiceService.ListAutoPagingAsync(options.ToInvoiceListOptions()))
+        {
+            invoices.Add(invoice);
+        }
+
+        return invoices;
    }

    public IEnumerable<InvoiceItem> InvoiceItemListAsync(InvoiceItemListOptions options)
--- a/src/Core/Services/Implementations/StripePaymentService.cs
+++ b/src/Core/Services/Implementations/StripePaymentService.cs
@@ -2,6 +2,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.BitStripe;
 using Bit.Core.Models.Business;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
@@ -668,7 +669,7 @@ public class StripePaymentService : IPaymentService

            if (!stripePaymentMethod && subInvoiceMetadata.Any())
            {
-                var invoices = await _stripeAdapter.InvoiceListAsync(new Stripe.InvoiceListOptions
+                var invoices = await _stripeAdapter.InvoiceListAsync(new StripeInvoiceListOptions
                {
                    Subscription = subscription.Id
                });
@@ -2138,15 +2139,26 @@ public class StripePaymentService : IPaymentService
            return null;
        }

-        var invoices = await _stripeAdapter.InvoiceListAsync(new Stripe.InvoiceListOptions
+        var options = new StripeInvoiceListOptions
        {
            Customer = customer.Id,
-            Limit = 50
-        });
+            SelectAll = true
+        };

-        return invoices.Data.Where(i => i.Status != "void" && i.Status != "draft")
-            .OrderByDescending(i => i.Created).Select(i => new BillingInfo.BillingInvoice(i));
+        try
+        {
+            var invoices = await _stripeAdapter.InvoiceListAsync(options);

+            return invoices
+                .Where(invoice => invoice.Status != "void" && invoice.Status != "draft")
+                .OrderByDescending(invoice => invoice.Created)
+                .Select(invoice => new BillingInfo.BillingInvoice(invoice));
+        }
+        catch (Stripe.StripeException exception)
+        {
+            _logger.LogError(exception, "An error occurred while listing Stripe invoices");
+            throw new GatewayException("Failed to retrieve current invoices", exception);
+        }
    }

    // We are taking only first 30 characters of the SubscriberName because stripe provide
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -540,8 +540,8 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        var authenticatorSelection = new AuthenticatorSelection
        {
            AuthenticatorAttachment = null,
-            RequireResidentKey = false, // TODO: This is using the old residentKey selection variant, we need to update our lib so that we can set this to preferred
-            UserVerification = UserVerificationRequirement.Preferred
+            RequireResidentKey = true,
+            UserVerification = UserVerificationRequirement.Required
        };

        var extensions = new AuthenticationExtensionsClientInputs { };
@@ -604,7 +604,7 @@ public class UserService : UserManager<User>, IUserService, IDisposable
        {
            UserVerificationMethod = true
        };
-        var options = _fido2.GetAssertionOptions(existingCredentials, UserVerificationRequirement.Preferred, exts);
+        var options = _fido2.GetAssertionOptions(existingCredentials, UserVerificationRequirement.Required, exts);

        // TODO: temp save options to user record somehow

--- a/src/Core/Settings/IGlobalSettings.cs
+++ b/src/Core/Settings/IGlobalSettings.cs
@@ -8,6 +8,7 @@ public interface IGlobalSettings
    bool SelfHosted { get; set; }
    bool UnifiedDeployment { get; set; }
    string KnownProxies { get; set; }
+    string ProjectName { get; set; }
    bool EnableCloudCommunication { get; set; }
    string LicenseDirectory { get; set; }
    string LicenseCertificatePassword { get; set; }
--- a/src/Core/Utilities/DeviceTypes.cs
+++ b/src/Core/Utilities/DeviceTypes.cs
@@ -17,5 +17,8 @@ public static class DeviceTypes
        DeviceType.MacOsDesktop,
        DeviceType.WindowsDesktop,
        DeviceType.UWP,
+        DeviceType.WindowsCLI,
+        DeviceType.MacOsCLI,
+        DeviceType.LinuxCLI,
    };
 }
--- a/src/Core/packages.lock.json
+++ b/src/Core/packages.lock.json
@@ -53,6 +53,21 @@
          "Microsoft.AspNetCore.DataProtection": "3.1.32"
        }
      },
+      "Azure.Identity": {
+        "type": "Direct",
+        "requested": "[1.10.2, )",
+        "resolved": "1.10.2",
+        "contentHash": "jfq07QnxB7Rx15DWHxIfZbdbgICL1IARncBPIYmnmF+1Xqn6KqiF6ijlKv2hj82WFr9kUi+jzU8zVqrBocJZ8A==",
+        "dependencies": {
+          "Azure.Core": "1.35.0",
+          "Microsoft.Identity.Client": "4.54.1",
+          "Microsoft.Identity.Client.Extensions.Msal": "2.31.0",
+          "System.Memory": "4.5.4",
+          "System.Security.Cryptography.ProtectedData": "4.7.0",
+          "System.Text.Json": "4.7.2",
+          "System.Threading.Tasks.Extensions": "4.5.4"
+        }
+      },
      "Azure.Messaging.ServiceBus": {
        "type": "Direct",
        "requested": "[7.15.0, )",
@@ -160,25 +175,25 @@
      },
      "LaunchDarkly.ServerSdk": {
        "type": "Direct",
-        "requested": "[7.0.0, )",
-        "resolved": "7.0.0",
-        "contentHash": "gkTWb+f5QlsXIqFAciBef3qKZU2y0Hy3Fpt4pvZoxNcnBKg2PNTDSnbpbYEKPeQ1yk1avNaI/tKprnahfrmJFg==",
+        "requested": "[8.0.0, )",
+        "resolved": "8.0.0",
+        "contentHash": "vosFEXYJABuIDIA0+6sncalTmrKXEkBKeqzuP9/vvcCVlFSXUl/ZnrkrAVg3ViDWDi7kjpJSk2W3h5D0TUfCGA==",
        "dependencies": {
          "LaunchDarkly.Cache": "1.0.2",
-          "LaunchDarkly.CommonSdk": "6.0.0",
-          "LaunchDarkly.EventSource": "5.0.1",
-          "LaunchDarkly.InternalSdk": "3.1.0",
+          "LaunchDarkly.CommonSdk": "6.2.0",
+          "LaunchDarkly.EventSource": "5.1.0",
+          "LaunchDarkly.InternalSdk": "3.3.0",
          "LaunchDarkly.Logging": "2.0.0",
          "System.Collections.Immutable": "1.7.1"
        }
      },
      "MailKit": {
        "type": "Direct",
-        "requested": "[3.2.0, )",
-        "resolved": "3.2.0",
-        "contentHash": "5MTpTqmjqT7HPvYbP3HozRZMth5vSaT0ReN0iM3rAM4CgLI/R1qqtLDDNWGnFFIlcNzeJkZQRJJMkv8cgzWBbA==",
+        "requested": "[4.2.0, )",
+        "resolved": "4.2.0",
+        "contentHash": "NXm66YkEHyLXSyH1Ga/dUS8SB0vYTlGESUluLULa7pG0/eK8c/R9JzMyH0KbKQsgpLGwbji9quAlrcUOL0OjPA==",
        "dependencies": {
-          "MimeKit": "3.2.0"
+          "MimeKit": "4.2.0"
        }
      },
      "Microsoft.AspNetCore.Authentication.JwtBearer": {
@@ -414,11 +429,11 @@
      },
      "Azure.Core": {
        "type": "Transitive",
-        "resolved": "1.32.0",
-        "contentHash": "NmnJxaNqKjPwnHXngVg63SrkwbJXrkT0mcK8uCx9rSq0nK6Q3Q+/GZRCaTWcdcECoRP5XK0lr3Ce8PZkHkuHNg==",
+        "resolved": "1.35.0",
+        "contentHash": "hENcx03Jyuqv05F4RBEPbxz29UrM3Nbhnr6Wl6NQpoU9BCIbL3XLentrxDCTrH54NLS11Exxi/o8MYgT/cnKFA==",
        "dependencies": {
          "Microsoft.Bcl.AsyncInterfaces": "1.1.1",
-          "System.Diagnostics.DiagnosticSource": "4.6.0",
+          "System.Diagnostics.DiagnosticSource": "6.0.1",
          "System.Memory.Data": "1.0.2",
          "System.Numerics.Vectors": "4.5.0",
          "System.Text.Encodings.Web": "4.7.2",
@@ -436,20 +451,6 @@
          "System.Memory.Data": "1.0.2"
        }
      },
-      "Azure.Identity": {
-        "type": "Transitive",
-        "resolved": "1.6.0",
-        "contentHash": "EycyMsb6rD2PK9P0SyibFfEhvWWttdrYhyPF4f41uzdB/44yQlV+2Wehxyg489Rj6gbPvSPgbKq0xsHJBhipZA==",
-        "dependencies": {
-          "Azure.Core": "1.24.0",
-          "Microsoft.Identity.Client": "4.39.0",
-          "Microsoft.Identity.Client.Extensions.Msal": "2.19.3",
-          "System.Memory": "4.5.4",
-          "System.Security.Cryptography.ProtectedData": "4.7.0",
-          "System.Text.Json": "4.7.2",
-          "System.Threading.Tasks.Extensions": "4.5.4"
-        }
-      },
      "Azure.Storage.Common": {
        "type": "Transitive",
        "resolved": "12.13.0",
@@ -459,6 +460,11 @@
          "System.IO.Hashing": "6.0.0"
        }
      },
+      "BouncyCastle.Cryptography": {
+        "type": "Transitive",
+        "resolved": "2.2.1",
+        "contentHash": "A6Zr52zVqJKt18ZBsTnX0qhG0kwIQftVAjLmszmkiR/trSp8H+xj1gUOzk7XHwaKgyREMSV1v9XaKrBUeIOdvQ=="
+      },
      "Fido2": {
        "type": "Transitive",
        "resolved": "3.0.1",
@@ -508,26 +514,27 @@
      },
      "LaunchDarkly.CommonSdk": {
        "type": "Transitive",
-        "resolved": "6.0.0",
-        "contentHash": "YYYq+41gZRMQ8dIoMC6HOq/dI+4RY3HsexLLAaE9T1+1tVMeQkbCqak7sVeKX4QcE7xlXx23lWgipYUkRoRUyw==",
+        "resolved": "6.2.0",
+        "contentHash": "eLeb+tTNLwOxlUIsZWzJlcPmG9Wyf20NYyucP6MW6aqKW6doKFeSO+aJe0z+WyijbvfX1Dp1U1HQatOu6fa1Gg==",
        "dependencies": {
+          "LaunchDarkly.Logging": "2.0.0",
          "System.Collections.Immutable": "1.7.1"
        }
      },
      "LaunchDarkly.EventSource": {
        "type": "Transitive",
-        "resolved": "5.0.1",
-        "contentHash": "DN44Ry5M4lyrjiF7LEu0Ijco7Wm8R7mJopN+giYsYjkQlszsXdFvm3POoehIDAOtL1HHl5bZvF9k9xK034u3IA==",
+        "resolved": "5.1.0",
+        "contentHash": "PztDWiMvPWODx+kfBnCroZ8Lpya4nPc7ZO4TZysOogODbVXDDPDYrdcgVivCMgf4davhGrp61ekvZc+Uy1NYMA==",
        "dependencies": {
-          "LaunchDarkly.Logging": "[1.0.1, 3.0.0)"
+          "LaunchDarkly.Logging": "[2.0.0, 3.0.0)"
        }
      },
      "LaunchDarkly.InternalSdk": {
        "type": "Transitive",
-        "resolved": "3.1.0",
-        "contentHash": "jW8VEfFciuCcJUEuvSzmrbMVYYXwGL/ZWHUZLiA4aDOQ1LcEXp32uK405NQW/izEypUfWB+9TaSjPpFIC+5Wzw==",
+        "resolved": "3.3.0",
+        "contentHash": "TBvs/B6iyXp9MqRKjIoBZ/T0+/xgp5xg+MuHqr5U+N5+7DghtI2FnsmgeBedTIeQdA3Tk8Z4Bj4hlqU9FBiEnw==",
        "dependencies": {
-          "LaunchDarkly.CommonSdk": "6.0.0",
+          "LaunchDarkly.CommonSdk": "6.2.0",
          "LaunchDarkly.Logging": "[2.0.0, 3.0.0)",
          "System.Collections.Immutable": "1.7.1"
        }
@@ -845,25 +852,26 @@
      },
      "Microsoft.Identity.Client": {
        "type": "Transitive",
-        "resolved": "4.45.0",
-        "contentHash": "ircobISCLWbtE5eEoLKU+ldfZ8O41vg4lcy38KRj/znH17jvBiAl8oxcyNp89CsuqE3onxIpn21Ca7riyDDrRw==",
+        "resolved": "4.54.1",
+        "contentHash": "YkQkV3IRaA1W36HD4NRD1cq+QFr+4QPKK3SgTSpx+RiobXnLZ6E9anOjDi2TS7okOEofBbjR6GyTPp4IR0MnEQ==",
        "dependencies": {
-          "Microsoft.IdentityModel.Abstractions": "6.18.0"
+          "Microsoft.IdentityModel.Abstractions": "6.22.0"
        }
      },
      "Microsoft.Identity.Client.Extensions.Msal": {
        "type": "Transitive",
-        "resolved": "2.19.3",
-        "contentHash": "zVVZjn8aW7W79rC1crioDgdOwaFTQorsSO6RgVlDDjc7MvbEGz071wSNrjVhzR0CdQn6Sefx7Abf1o7vasmrLg==",
+        "resolved": "2.31.0",
+        "contentHash": "IhGSqN0szneKC5Qk3/okJQJbDpQfLW/+mvslhzJPox4t2UuIkA2ZHe4w/z62ASye46G9sQWF9qqLXTgNacE2xQ==",
        "dependencies": {
-          "Microsoft.Identity.Client": "4.38.0",
+          "Microsoft.Identity.Client": "4.54.1",
+          "System.IO.FileSystem.AccessControl": "5.0.0",
          "System.Security.Cryptography.ProtectedData": "4.5.0"
        }
      },
      "Microsoft.IdentityModel.Abstractions": {
        "type": "Transitive",
-        "resolved": "6.21.0",
-        "contentHash": "XeE6LQtD719Qs2IG7HDi1TSw9LIkDbJ33xFiOBoHbApVw/8GpIBCbW+t7RwOjErUDyXZvjhZliwRkkLb8Z1uzg=="
+        "resolved": "6.22.0",
+        "contentHash": "iI+9V+2ciCrbheeLjpmjcqCnhy+r6yCoEcid3nkoFWerHgjVuT6CPM4HODUTtUPe1uwks4wcnAujJ8u+IKogHQ=="
      },
      "Microsoft.IdentityModel.JsonWebTokens": {
        "type": "Transitive",
@@ -969,11 +977,13 @@
      },
      "MimeKit": {
        "type": "Transitive",
-        "resolved": "3.2.0",
-        "contentHash": "l9YHMBhBUwY7qQHUp8fw0EvjcbmhN4Iggz6MdjqIShBf42+0nJTa5gu0kuupCOPuiARc9ZaS9c9f0gKz4OnxKw==",
+        "resolved": "4.2.0",
+        "contentHash": "HlfWiJ6t40r8u/rCK2p/8dm1ILiWw4XHucm2HImDYIFS3uZe7IKZyaCDafEoZR7VG7AW1JQxNPQCAxmAnJfRvA==",
        "dependencies": {
-          "Portable.BouncyCastle": "1.9.0",
-          "System.Security.Cryptography.Pkcs": "6.0.0"
+          "BouncyCastle.Cryptography": "2.2.1",
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0",
+          "System.Security.Cryptography.Pkcs": "7.0.2",
+          "System.Text.Encoding.CodePages": "7.0.0"
        }
      },
      "NETStandard.Library": {
@@ -1043,11 +1053,6 @@
          "System.IO.Pipelines": "5.0.1"
        }
      },
-      "Portable.BouncyCastle": {
-        "type": "Transitive",
-        "resolved": "1.9.0",
-        "contentHash": "eZZBCABzVOek+id9Xy04HhmgykF0wZg9wpByzrWN7q8qEI0Qen9b7tfd7w8VA3dOeesumMG7C5ZPy0jk7PSRHw=="
-      },
      "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl": {
        "type": "Transitive",
        "resolved": "4.3.2",
@@ -1376,8 +1381,8 @@
      },
      "System.Diagnostics.DiagnosticSource": {
        "type": "Transitive",
-        "resolved": "6.0.0",
-        "contentHash": "frQDfv0rl209cKm1lnwTgFPzNigy2EKk1BS3uAvHvlBVKe5cymGyHO+Sj+NLv5VF/AhHsqPIUUwya5oV4CHMUw==",
+        "resolved": "6.0.1",
+        "contentHash": "KiLYDu2k2J82Q9BJpWiuQqCkFjRBWVq4jDzKKWawVi9KWzyD0XG3cmfX0vqTQlL14Wi9EufJrbL0+KCLTbqWiQ==",
        "dependencies": {
          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
        }
@@ -1461,8 +1466,8 @@
      },
      "System.Formats.Asn1": {
        "type": "Transitive",
-        "resolved": "6.0.0",
-        "contentHash": "T6fD00dQ3NTbPDy31m4eQUwKW84s03z0N2C8HpOklyeaDgaJPa/TexP4/SkORMSOwc7WhKifnA6Ya33AkzmafA=="
+        "resolved": "7.0.0",
+        "contentHash": "+nfpV0afLmvJW8+pLlHxRjz3oZJw4fkyU9MMEaMhCsHi/SN9bGF9q79ROubDiwTiCHezmK0uCWkPP7tGFP/4yg=="
      },
      "System.Formats.Cbor": {
        "type": "Transitive",
@@ -1577,6 +1582,15 @@
          "System.Threading.Tasks": "4.3.0"
        }
      },
+      "System.IO.FileSystem.AccessControl": {
+        "type": "Transitive",
+        "resolved": "5.0.0",
+        "contentHash": "SxHB3nuNrpptVk+vZ/F+7OHEpoHUIKKMl02bUmYHQr1r+glbZQxs7pRtsf4ENO29TVm2TH3AEeep2fJcy92oYw==",
+        "dependencies": {
+          "System.Security.AccessControl": "5.0.0",
+          "System.Security.Principal.Windows": "5.0.0"
+        }
+      },
      "System.IO.FileSystem.Primitives": {
        "type": "Transitive",
        "resolved": "4.3.0",
@@ -2136,10 +2150,10 @@
      },
      "System.Security.Cryptography.Pkcs": {
        "type": "Transitive",
-        "resolved": "6.0.0",
-        "contentHash": "elM3x+xSRhzQysiqo85SbidJJ2YbZlnvmh+53TuSZHsD7dNuuEWser+9EFtY+rYupBwkq2avc6ZCO3/6qACgmg==",
+        "resolved": "7.0.2",
+        "contentHash": "xhFNJOcQSWhpiVGLLBQYoxAltQSQVycMkwaX1z7I7oEdT9Wr0HzSM1yeAbfoHaERIYd5s6EpLSOLs2qMchSKlA==",
        "dependencies": {
-          "System.Formats.Asn1": "6.0.0"
+          "System.Formats.Asn1": "7.0.0"
        }
      },
      "System.Security.Cryptography.Primitives": {
@@ -2251,10 +2265,10 @@
      },
      "System.Text.Encoding.CodePages": {
        "type": "Transitive",
-        "resolved": "5.0.0",
-        "contentHash": "NyscU59xX6Uo91qvhOs2Ccho3AR2TnZPomo1Z0K6YpyztBPM/A5VbkzOO19sy3A3i1TtEnTxA7bCe3Us+r5MWg==",
+        "resolved": "7.0.0",
+        "contentHash": "LSyCblMpvOe0N3E+8e0skHcrIhgV2huaNcjUUEa8hRtgEAm36aGkRoC8Jxlb6Ra6GSfF29ftduPNywin8XolzQ==",
        "dependencies": {
-          "Microsoft.NETCore.Platforms": "5.0.0"
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
        }
      },
      "System.Text.Encoding.Extensions": {