This is still a join table, but the Data suffix was colliding with the concept of a JSON transfer model. The PlayItem name is designed to indicate that these records are not Play entities, but indications that a given Item (user or organization for now) is associated with a given Play
* Add OrganizationUser_SelfRevoked event type to EventType enum
* Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations
* Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions.
* Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality
* Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation
* Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles.
* Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message.
* Add MemberRequirement class for organization membership authorization
- Implemented MemberRequirement to check if a user is a member of the organization.
- Added unit tests for MemberRequirement to validate authorization logic for different user types.
* Update authorization requirement for self-revoke endpoint and add integration test for provider users
- Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method.
- Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves.
* Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement
- Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state.
- Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs.
* Refactor self-revoke user command to enhance eligibility checks
- Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation.
- Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity.
- Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins.
- Removed deprecated policy checks and streamlined the command's dependencies.
* Use CommandResult pattern in self-revoke command
* Clearer documentation
* update account storage endpoint
* Fix the failing test
* Added flag and refactor base on pr comments
* fix the lint error
* Resolve the pr comments
* Fix the failing test
* Fix the failing test
* Return none
* Resolve the lint error
* Fix the failing test
* Add the missing test
* Formatting issues fixed
* update send api models to support new `email` field
* normalize authentication field evaluation order
* document send response converters
* add FIXME to remove unused constructor argument
* add FIXME to remove unused constructor argument
* introduce `tools-send-email-otp-listing` feature flag
* add `ISendOwnerQuery` to dependency graph
* fix broken tests
* added AuthType prop to send related models with test coverage and debt cleanup
* dotnet format
* add migrations
* dotnet format
* make SendsController null safe (tech debt)
* add AuthType col to Sends table, change Emails col length to 4000, and run migrations
* dotnet format
* update SPs to expect AuthType
* include SP updates in migrations
* remove migrations not intended for merge
* Revert "remove migrations not intended for merge"
This reverts commit 7df56e346a.
undo migrations removal
* extract AuthType inference to util method and remove SQLite file
* fix lints
* address review comments
* fix incorrect assignment and adopt SQL conventions
* fix column assignment order in Send_Update.sql
* remove space added to email list
* assign SQL default value of NULL to AuthType
* update SPs to match migration changes
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
* feat(global-settings) [PM-20109]: Add WebAuthN global settings.
* feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings.
* test(webauthn) [PM-20109]: Update command tests to use global configs.
* feat(global-settings) [PM-20109]: Set defaults for maximum allowed credentials.
* feat(two-factor-request-model) [PM-20109]: Remove hard-coded 5 limit on ID validation.
* Revert "test(webauthn) [PM-20109]: Update command tests to use global configs."
This reverts commit ba9f0d5fb6.
* Revert "feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings."
This reverts commit d2faef0c13.
* feat(global-settings) [PM-20109]: Add WebAuthNSettings to interface for User Service consumption.
* feat(user-service) [PM-20109]: Add boundary and persistence-time validation for maximum allowed WebAuthN 2FA credentials.
* test(user-service) [PM-20109]: Update tests for WebAuthN limit scenarios.
* refactor(user-service) [PM-20109]: Typo in variable name.
* refactor(user-service) [PM-20109]: Remove unnecessary pending check.
* refactor(user-service) [PM-20109]: Pending check is necessary.
* refactor(webauthn) [PM-20109]: Re-spell WebAuthN => WebAuthn.
* refactor(user-service) [PM-20109]: Re-format pending checks for consistency.
* refactor(user-service) [PM-20109]: Fix type spelling in comments.
* test(user-service) [PM-20109]: Combine premium and non-premium test cases with AutoData.
* refactor(user-service) [PM-20109]: Swap HasPremiumAccessQuery in for CanAccessPremium.
* refactor(user-service) [PM-20109]: Convert limit check to positive, edit comments.
Main fix: only assign new key value where old keys are not set
and new keys have been provided.
Refactors:
- use consistent DTO model for keypairs
- delete duplicate property assignment for new orgs
* account v2 registration for key connector
* use new user repository functions
* test coverage
* integration test coverage
* documentation
* code review
* missing test coverage
* fix failing test
* failing test
* incorrect ticket number
* moved back request model to Api, created dedicated data class in Core
* sql stored procedure type mismatch, simplification
* key connector authorization handler
* Refactor IntegrationHandlerResult to provide more detail around failures
* ServiceUnavailable now retryable, more explicit http status handling, more consistency with different handlers, additional xmldocs
* Address PR feedback
* Removed 2FA user interface from premium method signatures
* Added some more comments for clarity and small touchups.
* Add PremiumAccessCacheCheck feature flag to Constants.cs
* Add IPremiumAccessQuery interface and PremiumAccessQuery implementation for checking user premium access status
* Add unit tests for PremiumAccessQuery to validate user premium access logic
* Add XML documentation to Premium in OrganizationUserUserDetails and User classes
* Add PremiumAccessQueries to UserServiceCollectionExtensions
* Refactor TwoFactorIsEnabledQuery to incorporate PremiumAccessQuery and feature flag for premium access checks. Enhanced user premium status retrieval logic and improved handling of user details based on feature flag state.
* Mark methods in IUserRepository and IUserService as obsolete, directing users to new methods in IPremiumAccessQuery for premium access checks.
* Rename CanAccessPremiumBulkAsync to CanAccessPremiumAsync in IPremiumAccessQuery
* Update TwoFactorIsEnabledQuery to use CanAccessPremiumAsync for premium status checks
* Refactor TwoFactorIsEnabledQuery to introduce VNextAsync methods for improved premium access checks and user detail handling. Removed obsolete feature service dependency and enhanced test coverage for new functionality.
* Refactor IPremiumAccessQuery and PremiumAccessQuery to remove the overloaded CanAccessPremiumAsync method. Update related methods to streamline premium access checks using the User object directly. Enhance test coverage by removing obsolete tests and ensuring proper functionality with the new method signatures.
* Add new sync static method to determine if TwoFactor is enabled
* Enhance XML documentation for Premium property in OrganizationUserUserDetails and User classes to clarify its usage and limitations regarding personal and organizational premium access.
* Refactor IPremiumAccessQuery and PremiumAccessQuery to replace User parameter with Guid for user ID in CanAccessPremiumAsync methods. Update related methods and tests to streamline premium access checks and improve clarity in method signatures.
* Update feature flag references in IUserRepository and IUserService to use 'PremiumAccessQuery' instead of 'PremiumAccessCacheCheck'. Adjust related XML documentation for clarity on premium access methods.
* Rename IPremiumAccessQuery to IHasPremiumAccessQuery and move to Billing owned folder
* Remove unnecessary whitespace from IHasPremiumAccessQuery interface.
* Refactor HasPremiumAccessQuery to throw NotFoundException for null users
* Add NotFoundException handling in HasPremiumAccessQuery for mismatched user counts
* Refactor TwoFactorIsEnabledQuery to optimize premium access checks and improve two-factor provider handling. Introduced bulk fetching of premium status for users with only premium providers and streamlined the logic for determining if two-factor authentication is enabled.
* Refactor TwoFactorIsEnabledQueryTests to enhance clarity and optimize test scenarios. Consolidated test cases for two-factor authentication, improved naming conventions, and ensured premium access checks are only performed when necessary.
* Add UserPremiumAccess model to represent user premium access status from personal subscriptions and memberships
* Add User_ReadPremiumAccessByIds stored procedure and UserPremiumAccessView view to enhance premium access retrieval. Updated Organization table index to include UsersGetPremium for optimized queries.
* Add SQL migration script
* Add premium access retrieval methods to IUserRepository and implementations in UserRepository classes. Introduced GetPremiumAccessByIdsAsync and GetPremiumAccessAsync methods to fetch premium status for multiple users and a single user, respectively. Updated using directives to include necessary models.
* Refactor HasPremiumAccessQuery and IHasPremiumAccessQuery to streamline premium access checks. Updated method names for clarity and improved documentation. Adjusted test cases to reflect changes in user premium access retrieval logic.
* Update IUserRepository to reflect new method names for premium access retrieval. Changed obsolete method messages to point to GetPremiumAccessByIdsAsync and GetPremiumAccessAsync. Added internal use notes for IHasPremiumAccessQuery. Improved documentation for clarity.
* Refactor TwoFactorIsEnabledQuery to utilize IFeatureService for premium access checks.
* Enhance EF UserRepository to improve premium access retrieval by including related organization data.
* Add unit tests for premium access retrieval in UserRepositoryTests.
* Optimize HasPremiumAccessQuery to eliminate duplicate user IDs before checking premium access. Updated logic to ensure accurate comparison of premium users against distinct user IDs.
* Refactor TwoFactorIsEnabledQuery to improve handling of users without two-factor providers. Added early exit for users lacking providers and streamlined premium status checks for enabled two-factor authentication.
* Update HasPremiumAccessQueryTests to use simplified exception handling and improve test clarity
* Replaced fully qualified exception references with simplified ones.
* Refactored test setup to use individual user variables for better readability.
* Ensured assertions reflect the updated user variable structure.
* Enhance TwoFactorIsEnabledQuery to throw NotFoundException for non-existent users
* Updated TwoFactorIsEnabledQuery to throw NotFoundException when a user is not found instead of returning false.
* Added a new unit test to verify that the NotFoundException is thrown when a user is not found while premium access query is enabled.
* Move premium access query to Billing owned ServiceCollectionExtensions
* Refactor IUserService to enhance premium access checks
* Updated CanAccessPremium and HasPremiumFromOrganization methods to clarify usage with the new premium access query.
* Integrated IHasPremiumAccessQuery into UserService for improved premium access handling based on feature flag.
* Adjusted method documentation to reflect changes in premium access logic.
* Update IUserRepository to clarify usage of premium access methods
* Modified Obsolete attribute messages for GetManyWithCalculatedPremiumAsync and GetCalculatedPremiumAsync to indicate that callers should use the new methods when the 'PremiumAccessQuery' feature flag is enabled.
* Enhanced documentation to improve clarity regarding premium access handling.
* Update IUserRepository and IUserService to clarify deprecation of premium access methods
* Modified Obsolete attribute messages for GetManyWithCalculatedPremiumAsync and GetCalculatedPremiumAsync in IUserRepository to indicate these methods will be removed in a future version.
* Updated Obsolete attribute message for HasPremiumFromOrganization in IUserService to reflect the same deprecation notice.
* Refactor TwoFactorIsEnabledQuery to streamline user ID retrieval
* Consolidated user ID retrieval logic to avoid redundancy.
* Ensured consistent handling of user ID checks for premium access queries.
* Improved code readability by reducing duplicate code blocks.
* Rename migration script to fix the date
* Update migration script to create the index with DROP_EXISTING = ON
* Refactor UserPremiumAccessView to use LEFT JOINs and GROUP BY for improved performance and clarity
* Update HasPremiumAccessQueryTests to return null for GetPremiumAccessAsync instead of throwing NotFoundException
* Add unit tests for premium access scenarios in UserRepositoryTests
- Implement tests for GetPremiumAccessAsync to cover various user and organization premium access combinations.
- Validate behavior when users belong to multiple organizations, including cases with and without premium access.
- Update email generation for user creation to ensure uniqueness without specific prefixes.
- Enhance assertions to verify expected premium access results across different test cases.
* Bump date on migration script
* Update OrganizationEntityTypeConfiguration to include UsersGetPremium in index properties
* Add migration scripts for OrganizationUsersGetPremiumIndex across MySQL, PostgreSQL, and SQLite
- Introduced new migration files to create the OrganizationUsersGetPremiumIndex.
- Updated the DatabaseContextModelSnapshot to include UsersGetPremium in index properties for all database types.
- Ensured consistency in index creation across different database implementations.
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* Added Auto confirm policy enforcement requirement. Includes strict single org enforcement along with blocking provider users from joining orgs with auto confirm enabled.
* Refactor configuration for azure queue service for events to include queue name
* Address PR feedback
* Add check for queue name before writing to Azure Queue Service
* Fix file encoding (lint error)
* move billing services+tests to billing namespaces
* reorganized methods in file and added comment headers
* renamed StripeAdapter methods for better clarity
* clean up redundant qualifiers
* Upgrade Stripe.net to v48.4.0
* Update PreviewTaxAmountCommand
* Remove unused UpcomingInvoiceOptionExtensions
* Added SubscriptionExtensions with GetCurrentPeriodEnd
* Update PremiumUserBillingService
* Update OrganizationBillingService
* Update GetOrganizationWarningsQuery
* Update BillingHistoryInfo
* Update SubscriptionInfo
* Remove unused Sql Billing folder
* Update StripeAdapter
* Update StripePaymentService
* Update InvoiceCreatedHandler
* Update PaymentFailedHandler
* Update PaymentSucceededHandler
* Update ProviderEventService
* Update StripeEventUtilityService
* Update SubscriptionDeletedHandler
* Update SubscriptionUpdatedHandler
* Update UpcomingInvoiceHandler
* Update ProviderSubscriptionResponse
* Remove unused Stripe Subscriptions Admin Tool
* Update RemoveOrganizationFromProviderCommand
* Update ProviderBillingService
* Update RemoveOrganizatinoFromProviderCommandTests
* Update PreviewTaxAmountCommandTests
* Update GetCloudOrganizationLicenseQueryTests
* Update GetOrganizationWarningsQueryTests
* Update StripePaymentServiceTests
* Update ProviderBillingControllerTests
* Update ProviderEventServiceTests
* Update SubscriptionDeletedHandlerTests
* Update SubscriptionUpdatedHandlerTests
* Resolve Billing test failures
I completely removed tests for the StripeEventService as they were using a system I setup a while back that read JSON files of the Stripe event structure. I did not anticipate how frequently these structures would change with each API version and the cost of trying to update these specific JSON files to test a very static data retrieval service far outweigh the benefit.
* Resolve Core test failures
* Run dotnet format
* Remove unused provider migration
* Fixed failing tests
* Run dotnet format
* Replace the old webhook secret key with new one (#6223)
* Fix compilation failures in additions
* Run dotnet format
* Bump Stripe API version
* Fix recent addition: CreatePremiumCloudHostedSubscriptionCommand
* Fix new code in main according to Stripe update
* Fix InvoiceExtensions
* Bump SDK version to match API Version
* cleanup
* fixing items missed after the merge
* use expression body for all simple returns
* forgot fixes, format, and pr feedback
* claude pr feedback
* pr feedback and cleanup
* more claude feedback
---------
Co-authored-by: Alex Morask <amorask@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Add CQRS and caching support for OrganizationIntegrationConfigurations
* Refactor event integration service collection extensions into their own extension
* fix(two-factor-controller) [PM-24211]: Update send email validation to use auth request's IsValidForAuthentication.
* refactor(login-features) [PM-24211]: Remove Core.LoginFeatures as no longer used; AuthRequest.IsValidForAuthentication should be used for any applicable use cases.
* feat(auth-request) [PM-24211]: Add tests for AuthRequest.IsValidForAuthentication.
* fix(two-factor-controller) [PM-24211]: Branching logic should return on successful send.
* chore(auth-request) [PM-24211]: Remove some old comments (solved-for).
* fix(two-factor-controller) [PM-24211]: Update some comments (clarification/naming).
* fix(two-factor-controller) [PM-24211]: Rephrase a comment (accuracy).
* Add CQRS and caching support for OrganizationIntegrations
* Use primary constructor for Delete command, per Claude suggestion
* Fix namespace
* Add XMLDoc for new commands / queries
* Remove unnecessary extra call to AddExtendedCache in Startup (call in EventIntegrationsServiceCollectionExtensions handles this instead)
* Alter strategy to use one cache / database call to retrieve all configurations for an event (including wildcards)
* Updated README documentation to reflect updated Caching doc and updated CQRS approach
* Use extended cache for caching integration configuration details
* Alter strategy to use one cache / database call to retrieve all configurations for an event (including wildcards)
* Renamed migration per @withinfocus suggestion
Fix: fix bugs reported by QA for Welcome emails
* test: add test for new plan type in welcome email
* fix: change to headStyle so styling is only included once
* fix: update MJML templates to have correct copy text
* chore: move build artifacts for updated email templates
* fix: add setting for SMTP to SSO project
* fix: update component css styling
* chore: rebuild hbs templates
* fix: using billing extension method to fetch Correct PlanType.
* Implement optimized bulk invite resend command
- Added IBulkResendOrganizationInvitesCommand interface to define the bulk resend operation.
- Created BulkResendOrganizationInvitesCommand class to handle the logic for resending invites to multiple organization users.
- Integrated logging and validation to ensure only valid users receive invites.
- Included error handling for non-existent organizations and invalid user statuses.
* Add unit tests for BulkResendOrganizationInvitesCommand
- Implemented comprehensive test cases for the BulkResendOrganizationInvitesCommand class.
- Validated user statuses and ensured correct handling of valid and invalid users during bulk invite resends.
- Included tests for scenarios such as organization not found and empty user lists.
- Utilized Xunit and NSubstitute for effective testing and mocking of dependencies.
* Add IBulkResendOrganizationInvitesCommand to service collection
- Registered IBulkResendOrganizationInvitesCommand in the service collection for dependency injection.
* Update OrganizationUsersController to utilize IBulkResendOrganizationInvitesCommand
- Added IBulkResendOrganizationInvitesCommand to the OrganizationUsersController for handling bulk invite resends based on feature flag.
- Updated BulkReinvite method to conditionally use the new command or the legacy service based on the feature flag status.
- Enhanced unit tests to verify correct command usage depending on feature flag state, ensuring robust testing for both scenarios.
* Upgrade ExtendedCache to support non-Redis distributed cache
* Update CACHING.md to use UseSharedDistributedCache setting
Updated documentation to reflect the setting rename from UseSharedRedisCache
to UseSharedDistributedCache in the ExtendedCache configuration examples.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-authored-by: Matt Bishop <withinfocus@users.noreply.github.com>
* PM-28616 Add flag UsePhishingBlocker to dbo.Organization
* PM-28616 updated as per comments from claude
* PM-28616 updated ToLicense Method to copy the license file
* PM-28616 allow phishing blocker to be imported via license files for self-hosted
* PM-28616 updated PR comments - added more views to be refreshed
* PM-28616 removed proeprty from constructor as it is not used anymore. We have moved to claims based properties
And other refactors:
- move update organization method to a command
- separate authorization from business logic
- add tests
- move Billing Team logic into their service
