* [PM-28300] Remove BlockClaimedDomainAccountCreation feature flag checks
* Fix user registration tests by adding proper email domains
* Remove redundant feature flag checks from user registration tests
* Remove BlockClaimedDomainAccountCreation constant from FeatureFlagKeys
* Extracted policy compliance checking for the organization out and added a check when attempting to enable auto user confirm via Admin Portal
* Moved injection order. Fixed error message.
* [PM-31361] Enhance domain claimed email notifications
* Updated the email template to include the claimed domain name and user email.
* Modified the `ClaimedUserDomainClaimedEmails` model to include the domain name.
* Adjusted the `SendClaimedDomainUserEmailAsync` method to pass the domain name to the email message.
* Added a new test for rendering the domain claimed email to ensure proper content delivery.
* Update email templates for domain claimed notifications
* Adjusted styles and formatting in the DomainClaimedByOrganization email template for improved readability.
* Modified the TitleContactUs layout to ensure proper rendering of titles.
* Updated the HandlebarsMailService to include HTML line breaks in the email title for better presentation.
* Update TitleContactUs email template to center-align title text for improved presentation
* Refine TitleContactUs email template by removing unnecessary text-align property for improved consistency in styling
* Fix PR comments
* Update test/Core.Test/Platform/Mail/DomainClaimedEmailRenderTest.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Update test/Core.Test/Platform/Mail/DomainClaimedEmailRenderTest.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Update test/Core.Test/Platform/Mail/DomainClaimedEmailRenderTest.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Remove unnecessary comments
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Begin migration to appropriately named sprocs
* Update method and parameter names
* Remove incorrect change
* Changes EF to match collection type comparison
* Adds integration test verifying excluded collections
* Changes EF to match collection type comparison
* Fix whitespacing
* Fix dedented if
Fixed bug where revoked users were being left out of policy requirement call. Moved out of loop and doing after users have been restored. This is more performant.
* Initial implementation of new policy query
* Remove unused using
* Adjusts method name to better match repository method
* Correct namespace
* Initial refactor of policy loading
* Add xml doc, incorporate shim data model
* Updates usages to reflect new shim model
* Prune extranneous data from policy detail response model, format code
* Fix broken test, delete inapplicable test
* Adds test cases covering query
* Adjust codebase to use new PolicyQueryçˆ
* Format code
* Fix incorrect mock on test
* Fix formatting
* Adjust method name
* More naming adjustments
* Add PolicyData constructor, update test usages
* Rename PolicyData -> PolicyStatus
* Remove unused using
* Add default collection name to call stack for restore user command
* Committing feature flag and request model.
* Added tests
* fix for tests.
* added empty string to test
* figured out the mystery commit.
* added vnext onto method name.
* updating tests and command to include feature flag
* moved event call
* last few changes.
* opting for null instead of empty string.
* Enhance MasterPasswordPolicyData with validation attributes
Added data annotations for MinComplexity and MinLength properties to enforce validation rules. MinComplexity must be between 0 and 4, and MinLength must be between 12 and 128.
* Implement model validation in PolicyDataValidator and enhance error handling
Added a ValidateModel method to enforce validation rules for policy data. Updated error messages to provide clearer feedback on validation failures. Enhanced unit tests to cover new validation scenarios for MinLength and MinComplexity properties.
* Update PoliciesControllerTests to reflect new validation rules for MinComplexity and MinLength
Modified test cases to use updated values for MinComplexity (4) and MinLength (128). Added new tests to verify that excessive values for these properties return BadRequest responses. Ensured consistency across integration tests for both Admin and Public controllers.
* Enhance MasterPasswordPolicyData with XML documentation for properties
Added XML documentation comments for MinComplexity and MinLength properties to clarify their purpose and constraints. This improves code readability and provides better context for developers using the model.
* Add unit tests for PolicyDataValidator to validate minLength and minComplexity rules
Implemented new test cases to verify the behavior of the ValidateAndSerialize method in PolicyDataValidator. Tests cover scenarios for minimum and maximum values, as well as edge cases for invalid inputs, ensuring robust validation for MasterPassword policy data.
* Fix null reference when restoring invited users in Free orgs
Add null check before querying for other free org ownership. Invited
users don't have a UserId yet, causing NullReferenceException.
* Add regression test for restoring revoked invited users with null UserId.
* Exclude invited users from claimed domain checks.
These users should be excluded by the JOIN on
UserId, but it's a known issue that some invited
users have this FK set.
* Add sproc to create multiple default collections.
SqlBulkCopy implementation is overkill for most cases.
This provides a lighter weight sproc implementation for smaller
data sets.
* DRY up collection arrangement
* DRY up tests because bulk and non-bulk share same behavior
* use EF native AddRange instead of bulk insert, because
we expect smaller data sizes on self-host
* Updated organization licenses to save the correct values from the token
* Added additional test cases around licenses
* Added missing properties from Organization to UpdateOrganizationLicenseCommand.UpdateLicenseAsync()
* Add tests to validate license property synchronization pipeline
* `dotnet format`
* Add OrganizationUser_SelfRevoked event type to EventType enum
* Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations
* Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions.
* Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality
* Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation
* Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles.
* Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message.
* Add MemberRequirement class for organization membership authorization
- Implemented MemberRequirement to check if a user is a member of the organization.
- Added unit tests for MemberRequirement to validate authorization logic for different user types.
* Update authorization requirement for self-revoke endpoint and add integration test for provider users
- Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method.
- Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves.
* Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement
- Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state.
- Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs.
* Refactor self-revoke user command to enhance eligibility checks
- Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation.
- Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity.
- Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins.
- Removed deprecated policy checks and streamlined the command's dependencies.
* Use CommandResult pattern in self-revoke command
* Clearer documentation
Main fix: only assign new key value where old keys are not set
and new keys have been provided.
Refactors:
- use consistent DTO model for keypairs
- delete duplicate property assignment for new orgs
* Refactor IntegrationHandlerResult to provide more detail around failures
* ServiceUnavailable now retryable, more explicit http status handling, more consistency with different handlers, additional xmldocs
* Address PR feedback
* Removed 2FA user interface from premium method signatures
* Added some more comments for clarity and small touchups.
* Add PremiumAccessCacheCheck feature flag to Constants.cs
* Add IPremiumAccessQuery interface and PremiumAccessQuery implementation for checking user premium access status
* Add unit tests for PremiumAccessQuery to validate user premium access logic
* Add XML documentation to Premium in OrganizationUserUserDetails and User classes
* Add PremiumAccessQueries to UserServiceCollectionExtensions
* Refactor TwoFactorIsEnabledQuery to incorporate PremiumAccessQuery and feature flag for premium access checks. Enhanced user premium status retrieval logic and improved handling of user details based on feature flag state.
* Mark methods in IUserRepository and IUserService as obsolete, directing users to new methods in IPremiumAccessQuery for premium access checks.
* Rename CanAccessPremiumBulkAsync to CanAccessPremiumAsync in IPremiumAccessQuery
* Update TwoFactorIsEnabledQuery to use CanAccessPremiumAsync for premium status checks
* Refactor TwoFactorIsEnabledQuery to introduce VNextAsync methods for improved premium access checks and user detail handling. Removed obsolete feature service dependency and enhanced test coverage for new functionality.
* Refactor IPremiumAccessQuery and PremiumAccessQuery to remove the overloaded CanAccessPremiumAsync method. Update related methods to streamline premium access checks using the User object directly. Enhance test coverage by removing obsolete tests and ensuring proper functionality with the new method signatures.
* Add new sync static method to determine if TwoFactor is enabled
* Enhance XML documentation for Premium property in OrganizationUserUserDetails and User classes to clarify its usage and limitations regarding personal and organizational premium access.
* Refactor IPremiumAccessQuery and PremiumAccessQuery to replace User parameter with Guid for user ID in CanAccessPremiumAsync methods. Update related methods and tests to streamline premium access checks and improve clarity in method signatures.
* Update feature flag references in IUserRepository and IUserService to use 'PremiumAccessQuery' instead of 'PremiumAccessCacheCheck'. Adjust related XML documentation for clarity on premium access methods.
* Rename IPremiumAccessQuery to IHasPremiumAccessQuery and move to Billing owned folder
* Remove unnecessary whitespace from IHasPremiumAccessQuery interface.
* Refactor HasPremiumAccessQuery to throw NotFoundException for null users
* Add NotFoundException handling in HasPremiumAccessQuery for mismatched user counts
* Refactor TwoFactorIsEnabledQuery to optimize premium access checks and improve two-factor provider handling. Introduced bulk fetching of premium status for users with only premium providers and streamlined the logic for determining if two-factor authentication is enabled.
* Refactor TwoFactorIsEnabledQueryTests to enhance clarity and optimize test scenarios. Consolidated test cases for two-factor authentication, improved naming conventions, and ensured premium access checks are only performed when necessary.
* Add UserPremiumAccess model to represent user premium access status from personal subscriptions and memberships
* Add User_ReadPremiumAccessByIds stored procedure and UserPremiumAccessView view to enhance premium access retrieval. Updated Organization table index to include UsersGetPremium for optimized queries.
* Add SQL migration script
* Add premium access retrieval methods to IUserRepository and implementations in UserRepository classes. Introduced GetPremiumAccessByIdsAsync and GetPremiumAccessAsync methods to fetch premium status for multiple users and a single user, respectively. Updated using directives to include necessary models.
* Refactor HasPremiumAccessQuery and IHasPremiumAccessQuery to streamline premium access checks. Updated method names for clarity and improved documentation. Adjusted test cases to reflect changes in user premium access retrieval logic.
* Update IUserRepository to reflect new method names for premium access retrieval. Changed obsolete method messages to point to GetPremiumAccessByIdsAsync and GetPremiumAccessAsync. Added internal use notes for IHasPremiumAccessQuery. Improved documentation for clarity.
* Refactor TwoFactorIsEnabledQuery to utilize IFeatureService for premium access checks.
* Enhance EF UserRepository to improve premium access retrieval by including related organization data.
* Add unit tests for premium access retrieval in UserRepositoryTests.
* Optimize HasPremiumAccessQuery to eliminate duplicate user IDs before checking premium access. Updated logic to ensure accurate comparison of premium users against distinct user IDs.
* Refactor TwoFactorIsEnabledQuery to improve handling of users without two-factor providers. Added early exit for users lacking providers and streamlined premium status checks for enabled two-factor authentication.
* Update HasPremiumAccessQueryTests to use simplified exception handling and improve test clarity
* Replaced fully qualified exception references with simplified ones.
* Refactored test setup to use individual user variables for better readability.
* Ensured assertions reflect the updated user variable structure.
* Enhance TwoFactorIsEnabledQuery to throw NotFoundException for non-existent users
* Updated TwoFactorIsEnabledQuery to throw NotFoundException when a user is not found instead of returning false.
* Added a new unit test to verify that the NotFoundException is thrown when a user is not found while premium access query is enabled.
* Move premium access query to Billing owned ServiceCollectionExtensions
* Refactor IUserService to enhance premium access checks
* Updated CanAccessPremium and HasPremiumFromOrganization methods to clarify usage with the new premium access query.
* Integrated IHasPremiumAccessQuery into UserService for improved premium access handling based on feature flag.
* Adjusted method documentation to reflect changes in premium access logic.
* Update IUserRepository to clarify usage of premium access methods
* Modified Obsolete attribute messages for GetManyWithCalculatedPremiumAsync and GetCalculatedPremiumAsync to indicate that callers should use the new methods when the 'PremiumAccessQuery' feature flag is enabled.
* Enhanced documentation to improve clarity regarding premium access handling.
* Update IUserRepository and IUserService to clarify deprecation of premium access methods
* Modified Obsolete attribute messages for GetManyWithCalculatedPremiumAsync and GetCalculatedPremiumAsync in IUserRepository to indicate these methods will be removed in a future version.
* Updated Obsolete attribute message for HasPremiumFromOrganization in IUserService to reflect the same deprecation notice.
* Refactor TwoFactorIsEnabledQuery to streamline user ID retrieval
* Consolidated user ID retrieval logic to avoid redundancy.
* Ensured consistent handling of user ID checks for premium access queries.
* Improved code readability by reducing duplicate code blocks.
* Rename migration script to fix the date
* Update migration script to create the index with DROP_EXISTING = ON
* Refactor UserPremiumAccessView to use LEFT JOINs and GROUP BY for improved performance and clarity
* Update HasPremiumAccessQueryTests to return null for GetPremiumAccessAsync instead of throwing NotFoundException
* Add unit tests for premium access scenarios in UserRepositoryTests
- Implement tests for GetPremiumAccessAsync to cover various user and organization premium access combinations.
- Validate behavior when users belong to multiple organizations, including cases with and without premium access.
- Update email generation for user creation to ensure uniqueness without specific prefixes.
- Enhance assertions to verify expected premium access results across different test cases.
* Bump date on migration script
* Update OrganizationEntityTypeConfiguration to include UsersGetPremium in index properties
* Add migration scripts for OrganizationUsersGetPremiumIndex across MySQL, PostgreSQL, and SQLite
- Introduced new migration files to create the OrganizationUsersGetPremiumIndex.
- Updated the DatabaseContextModelSnapshot to include UsersGetPremium in index properties for all database types.
- Ensured consistency in index creation across different database implementations.
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* Added Auto confirm policy enforcement requirement. Includes strict single org enforcement along with blocking provider users from joining orgs with auto confirm enabled.
* Refactor configuration for azure queue service for events to include queue name
* Address PR feedback
* Add check for queue name before writing to Azure Queue Service
* Fix file encoding (lint error)
* move billing services+tests to billing namespaces
* reorganized methods in file and added comment headers
* renamed StripeAdapter methods for better clarity
* clean up redundant qualifiers
* Upgrade Stripe.net to v48.4.0
* Update PreviewTaxAmountCommand
* Remove unused UpcomingInvoiceOptionExtensions
* Added SubscriptionExtensions with GetCurrentPeriodEnd
* Update PremiumUserBillingService
* Update OrganizationBillingService
* Update GetOrganizationWarningsQuery
* Update BillingHistoryInfo
* Update SubscriptionInfo
* Remove unused Sql Billing folder
* Update StripeAdapter
* Update StripePaymentService
* Update InvoiceCreatedHandler
* Update PaymentFailedHandler
* Update PaymentSucceededHandler
* Update ProviderEventService
* Update StripeEventUtilityService
* Update SubscriptionDeletedHandler
* Update SubscriptionUpdatedHandler
* Update UpcomingInvoiceHandler
* Update ProviderSubscriptionResponse
* Remove unused Stripe Subscriptions Admin Tool
* Update RemoveOrganizationFromProviderCommand
* Update ProviderBillingService
* Update RemoveOrganizatinoFromProviderCommandTests
* Update PreviewTaxAmountCommandTests
* Update GetCloudOrganizationLicenseQueryTests
* Update GetOrganizationWarningsQueryTests
* Update StripePaymentServiceTests
* Update ProviderBillingControllerTests
* Update ProviderEventServiceTests
* Update SubscriptionDeletedHandlerTests
* Update SubscriptionUpdatedHandlerTests
* Resolve Billing test failures
I completely removed tests for the StripeEventService as they were using a system I setup a while back that read JSON files of the Stripe event structure. I did not anticipate how frequently these structures would change with each API version and the cost of trying to update these specific JSON files to test a very static data retrieval service far outweigh the benefit.
* Resolve Core test failures
* Run dotnet format
* Remove unused provider migration
* Fixed failing tests
* Run dotnet format
* Replace the old webhook secret key with new one (#6223)
* Fix compilation failures in additions
* Run dotnet format
* Bump Stripe API version
* Fix recent addition: CreatePremiumCloudHostedSubscriptionCommand
* Fix new code in main according to Stripe update
* Fix InvoiceExtensions
* Bump SDK version to match API Version
* cleanup
* fixing items missed after the merge
* use expression body for all simple returns
* forgot fixes, format, and pr feedback
* claude pr feedback
* pr feedback and cleanup
* more claude feedback
---------
Co-authored-by: Alex Morask <amorask@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Add CQRS and caching support for OrganizationIntegrationConfigurations
* Refactor event integration service collection extensions into their own extension
* Removed 2FA user interface from premium method signatures
* Added some more comments for clarity and small touchups.
* Suggested documentation updates.
---------
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* Add CQRS and caching support for OrganizationIntegrations
* Use primary constructor for Delete command, per Claude suggestion
* Fix namespace
* Add XMLDoc for new commands / queries
* Remove unnecessary extra call to AddExtendedCache in Startup (call in EventIntegrationsServiceCollectionExtensions handles this instead)
* Alter strategy to use one cache / database call to retrieve all configurations for an event (including wildcards)
* Updated README documentation to reflect updated Caching doc and updated CQRS approach
* Use extended cache for caching integration configuration details
* Alter strategy to use one cache / database call to retrieve all configurations for an event (including wildcards)
* Renamed migration per @withinfocus suggestion
* Implement optimized bulk invite resend command
- Added IBulkResendOrganizationInvitesCommand interface to define the bulk resend operation.
- Created BulkResendOrganizationInvitesCommand class to handle the logic for resending invites to multiple organization users.
- Integrated logging and validation to ensure only valid users receive invites.
- Included error handling for non-existent organizations and invalid user statuses.
* Add unit tests for BulkResendOrganizationInvitesCommand
- Implemented comprehensive test cases for the BulkResendOrganizationInvitesCommand class.
- Validated user statuses and ensured correct handling of valid and invalid users during bulk invite resends.
- Included tests for scenarios such as organization not found and empty user lists.
- Utilized Xunit and NSubstitute for effective testing and mocking of dependencies.
* Add IBulkResendOrganizationInvitesCommand to service collection
- Registered IBulkResendOrganizationInvitesCommand in the service collection for dependency injection.
* Update OrganizationUsersController to utilize IBulkResendOrganizationInvitesCommand
- Added IBulkResendOrganizationInvitesCommand to the OrganizationUsersController for handling bulk invite resends based on feature flag.
- Updated BulkReinvite method to conditionally use the new command or the legacy service based on the feature flag status.
- Enhanced unit tests to verify correct command usage depending on feature flag state, ensuring robust testing for both scenarios.
