* feat: add policy to API startup and Policies class to hold the static strings
* test: add snapshot testing for constants to help with rust mappings
* doc: add docs for send access
**feat**: create `SendGrantValidator` and initial `SendPasswordValidator` for Send access grants
**feat**: add feature flag to toggle Send grant validation logic
**feat**: add Send client to Identity and update `ApiClient` to generic `Client`
**feat**: register Send services in DI pipeline
**feat**: add claims management support to `ProfileService`
**feat**: distinguish between invalid grant and invalid request in `SendAccessGrantValidator`
**fix**: update parsing of `send_id` from request
**fix**: add early return when feature flag is disabled
**fix**: rename and organize Send access scope and grant type
**fix**: dotnet format
**test**: add unit and integration tests for `SendGrantValidator`
**test**: update OpenID configuration and API resource claims
**doc**: move documentation to interfaces and update inline comments
**chore**: add TODO for future support of `CustomGrantTypes`
* Remove gathering and reporting of ReferenceEvents
* Fix test that relied on reference events throwing
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add DynamicClientStore
* Formatting
* Fix Debug assertion
* Make Identity internals visible to its unit tests
* Add installation client provider tests
* Add internal client provider tests
* Add DynamicClientStore tests
* Fix namespaces after merge
* Format
* Add docs and remove TODO comments
* Use preferred prefix for API keys
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* feat(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Initial changes.
* feat(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Updated tests.
* test(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Strengthened tests.
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file.
* fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery
* fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery.
* fix: return two factor provider enabled on CanGenerate() method.
* tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled.
* tech debt: removed unused service from AuthenticatorTokenProvider
* doc: added documentation to ITwoFactorProviderUsers
* doc: updated comments for TwoFactorIsEnabled impl
* test: fixing tests for ITwoFactorIsEnabledQuery
* test: updating tests to have correct DI and removing test for automatic email of TOTP.
* test: adding better test coverage
* Completed grouping of feature flags by team.
* Completed grouping feature flags by team.
* Remove email delay feature flag
* Removed feature flag
* Fixed reference.
* Remove flag after merge.
* Removed flag from server.
* Removed feature flag from server
* Remove new device verification feature flag.
* Removed unnecessary using.
* Remove feature flag from Constants
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies
* Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable.
* Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag.
* Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods.
* Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory
* Restore ValidateRequireSsoPolicyDisabledOrNotApplicable
* Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters
* Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity
* Refactor BaseRequestValidatorTests to improve test clarity
* Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check
* Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check
* Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks
* Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required
* Refactor RequireSsoPolicyRequirement initialization
* Refactor SSO requirement check for improved readability
* Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions
* Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements
* feat : remove old registration endpoint
* fix: update integration test user registration to match current registration; We need to keep the IRegistrationCommand.RegisterUser method to JIT user.
* fix: updating accounts/profile tests to match current implementations
* feat(newDeviceVerification) : Initial update to email
* fix : email copying over extra whitespace when using keyboard short cuts
* test : Fixing tests for new device verificaiton email format
* kdf defaults on null map to email hash
* cleanup code. add some randomness as well
* remove null check
* fix test
* move to private method
* remove random options
* tests for random defaults
* SetDefaultKdfHmacKey for old test
feat(NewDeviceVerification) :
* Created database migration scripts for VerifyDevices column in [dbo].[User].
* Updated DeviceValidator to check if user has opted out of device verification.
* Added endpoint to AccountsController.cs to allow editing of new User.VerifyDevices property.
* Added tests for new methods and endpoint.
* Updating queries to track [dbo].[User].[VerifyDevices].
* Updated DeviceValidator to set `User.EmailVerified` property during the New Device Verification flow.
feat(NewDeviceVerification) :
Added constat for the cache key in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC Admin project.
Updated DeviceValidator class to handle checking cache for user information to allow pass through.
Updated and Added tests to handle new flow.
* feat(BaseRequestValidator):
Add global setting for new device verification.
Refactor BaseRequestValidator enabling better self-documenting code and better single responsibility principle for validators.
Updated DeviceValidator to handle new device verification, behind a feature flag.
Moved IDeviceValidator interface to separate file.
Updated CustomRequestValidator to act as the conduit by which *Validators communicate authentication context between themselves and the RequestValidators.
Adding new test for DeviceValidator class.
Updated tests for BaseRequestValidator as some functionality was moved to the DeviceValidator class.
refactor(TwoFactorAuthentication): Remove references to old Duo SDK version 2 code and replace them with the Duo SDK version 4 supported library DuoUniversal code.
Increased unit test coverage in the Two Factor Authentication code space. We opted to use DI instead of Inheritance for the Duo and OrganizaitonDuo two factor tokens to increase testability, since creating a testing mock of the Duo.Client was non-trivial.
Reviewed-by: @JaredSnider-Bitwarden
* PM-11945 - Rename RegisterUserWithOptionalOrgInvite to RegisterUserViaOrgInvite as the org invite isn't optional in the function - just the overall process of registration.
* PM-11945 - Yet another rename
* PM-11945 - Wire up call to RegisterUserViaOrgSponsoredFreeFamilyPlanInviteToken and test.
* PM-11945 - RegisterUserCommandTests - test new method
* PM-11949 - Rename tests
* PM-11945 - AccountsControllerTests.cs - add integration test for RegistrationWithEmailVerification_WithOrgSponsoredFreeFamilyPlanInviteToken_Succeeds
* PM-11945 - Adjust naming per PR feedback to match docs.
* PM-11945 - More renaming
* Add Collections Tests
* Update CollectionRepository Implementation
* Test Adding And Deleting Through Replace
* Format
* Fix Most Test Warnings
* Format
* PM-6198 - RegistrationEmailVerificationTokenable - add new static validate token method
* PM-6198 - Rename RegistrationStart to Registration as we now have to add another anonymous reference event.
* PM-6198 - rest of work
* PM-6198 - Unit test new account controller method.
* PM-6198 - Integration test new account controller endpoint
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.
* PM-7322 - Start on RegisterFinishRequestModel.cs
* PM-7322 - WIP on Complete Registration endpoint
* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.
* PM-7322 - UserService - Rename MP to MPHash
* PM-7322 - More WIP progress on getting new finish registration process in place.
* PM-7322 Create IRegisterUserCommand
* PM-7322 - RegisterUserCommand.cs - first WIP draft
* PM-7322 - Implement use of new command in Identity.
* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.
* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.
* PM-7322 - More WIP on RegisterUserCommand.cs and tests
* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.
* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.
* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite
* PM-7322 - IRegisterUserCommand - DOCS
* PM-7322 - Test RegisterUser
* PM-7322 - IRegisterUserCommand - Add more docs.
* PM-7322 - Finish updating all existing user service register calls to use the new command.
* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests
* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.
* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested
* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place
* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.
* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.
* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step
* PM-7322 - RegisterUserCommandTests.cs - add API key assertions
* PM-7322 - Clean up RegisterUserCommand.cs
* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.
* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO
* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.
* PM-7322 - Work on getting PostRegisterFinish tests in place.
* PM-7322 - AccountsControllerTests.cs - test new method.
* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.
* PM-7322 - Fix misspelling
* PM-7322 - Integration tests for RegistrationWithEmailVerification
* PM-7322 - Fix leaky integration tests.
* PM-7322 - Another leaky test fix.
* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds
* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.
* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.
* PM-3833 - FIX LINT
* PM-3833 - Fix issues after merge conflict fixes.
* PM-3833 - Another test fix
* PM-5092 - Add new EnableEmailVerification global setting.
* PM-5092 - WIP - AccountsController.cs - create stub for new PostRegisterSendEmailVerification
* PM-5092 - RegisterSendEmailVerificationRequestModel
* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).
* PM-5092 - EmailVerificationTokenable.cs finished + tests working.
* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.
* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.
* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.
* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.
* PM-5092 - Add new registration verify email method on mail service.
* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.
* PM-5092 - NoopMailService.cs needs to implement all interface methods.
* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.
* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP
* PM-5092 - SendVerificationEmailForRegistrationCommandTests
* PM-5092 - Add integration tests for new acct controller method
* PM-5092 - Cleanup unit tests
* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.
* PM-5092 - Rename to read better - send verification email > send email verification
* PM-5092 - Revert primary constructor approach so DI works.
* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.
* PM-5092 - Fix email text
* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests
* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.
* PM-5092 - Per PR feedback, cleanup used dict.
* PM-5092 - formatting pass (manual + dotnet format)
* PM-5092 - Per PR feedback, log reference event after core business logic executes
* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.
* PM-5092 - Per PR feedback, add constructor validation for required tokenable data
* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.
* PM-5092 - Add fromEmail flag + some docs
* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable
* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback
* PM-5092 - Per PR feedback, use default constructor and manually create reference event.
* PM-5092 - Per PR feedback, add more docs!
