* [PM-31684] Remove email hashing for send access
* [PM-31684] switching the order of migration files
* [PM-31684] adding more migrations
* [PM-31684] Removing anon access emails field and reusing emails field
* [PM-31684] cleanup before adding migrations back
* [PM-31684] restore original snapshots
* [PM-31684] restore original postgres snapshots
* [PM-31684] adding migrations
* [PM-31684] removing encryption attributes from emails request model
* [PM-31684] adding missing stored proc alters
* [PM-31684] Improved formatting for stored proc defs
* [PM-31684] adding necessary comment back
* [PM-31684] adding case-insensitive check on the server for send auth
* Begin migration to appropriately named sprocs
* Update method and parameter names
* Remove incorrect change
* Changes EF to match collection type comparison
* Adds integration test verifying excluded collections
* Changes EF to match collection type comparison
* Fix whitespacing
* Fix dedented if
* [PM-29599] create proration preview endpoint
* forgot to inject user and fixing stripe errors
* updated proration preview and upgrade to be consistent
also using the correct proration behavior and making the upgrade flow start a trial
* missed using the billing address
* changes to proration behavior
and returning more properties from the proration endpoint
* missed in refactor
* pr feedback
* Initial implementation of new policy query
* Remove unused using
* Adjusts method name to better match repository method
* Correct namespace
* Initial refactor of policy loading
* Add xml doc, incorporate shim data model
* Updates usages to reflect new shim model
* Prune extranneous data from policy detail response model, format code
* Fix broken test, delete inapplicable test
* Adds test cases covering query
* Adjust codebase to use new PolicyQueryçˆ
* Format code
* Fix incorrect mock on test
* Fix formatting
* Adjust method name
* More naming adjustments
* Add PolicyData constructor, update test usages
* Rename PolicyData -> PolicyStatus
* Remove unused using
* fix(logging): [PM-28877] Remove Config for PII Logging - Removed all references to logging being set to true even in dev environment.
* fix(logging): [PM-28877] Remove Config for PII Logging - Fixed up with a better understanding of the original ask.
* fix(logging): [PM-28877] Remove Config for PII Logging - Removed all show pii.
* Add default collection name to call stack for restore user command
* Committing feature flag and request model.
* Added tests
* fix for tests.
* added empty string to test
* figured out the mystery commit.
* added vnext onto method name.
* updating tests and command to include feature flag
* moved event call
* last few changes.
* opting for null instead of empty string.
* models, entity, and stored procs updated to work with EmailHashes with migrations
* configure data protection for EmailHashes
* update SendAuthenticationQuery to use EmailHashes and perform validation
* respond to Claude's comments and update tests
* fix send.sql alignment
Co-authored-by: mkincaid-bw <mkincaid@bitwarden.com>
---------
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
Co-authored-by: mkincaid-bw <mkincaid@bitwarden.com>
* Add restore and revoke to public api
* Follow naming conventions
* Use POST instead of PUT
* hello claude
* Update test names
* Actually fix test names
* Add JsonConstructor attr
* Fix test
* Initial refactor
* Add WebauthnPRFOptions to syncResponse
* MAYBE: Use KM owned ResponseModel?
* REVERT ^- Keep using PrfUnlockOptions for simplicity
This reverts commit 5a34e7dfa8.
* UserDecryptionOptions: Only send one credential
* format
* Update UserDecryptionOptions.cs
* format
* Added feature flag (#6600)
* feat(emergency-access) [PM-29584]: Add email template.
* refactor(emergency-access) [PM-29584]: Move Emergency Access to Auth/UserFeatures.
* refactor(emergency-access) [PM-29584]: Move EmergencyAccess tests to UserFeatures space.
* feat(emergency-access) [PM-29584]: Add compiled EmergencyAccess templates.
* test(emergency-access) [PM-29584]: Add mailer-specific tests.
* refactor(emergency-access) [PM-29584]: Move mail to UserFeatures area.
* feat(emergency-access) [PM-29584]: Update link for help pages, not web vault.
* test(emergency-access) [PM-29584]: Update mail tests for new URL and single responsibility.
* refactor(emergency-access) [PM-29584]: Add comments for added test.
* update send api models to support new `email` field
* normalize authentication field evaluation order
* document send response converters
* add FIXME to remove unused constructor argument
* add FIXME to remove unused constructor argument
* introduce `tools-send-email-otp-listing` feature flag
* add `ISendOwnerQuery` to dependency graph
* fix broken tests
* added AuthType prop to send related models with test coverage and debt cleanup
* dotnet format
* add migrations
* dotnet format
* make SendsController null safe (tech debt)
* add AuthType col to Sends table, change Emails col length to 4000, and run migrations
* dotnet format
* update SPs to expect AuthType
* include SP updates in migrations
* remove migrations not intended for merge
* Revert "remove migrations not intended for merge"
This reverts commit 7df56e346a.
undo migrations removal
* extract AuthType inference to util method and remove SQLite file
* fix lints
* address review comments
* fix incorrect assignment and adopt SQL conventions
* fix column assignment order in Send_Update.sql
* remove space added to email list
* assign SQL default value of NULL to AuthType
* update SPs to match migration changes
* remove FF, update SendAuthQuery, and update tests
* new endpoints added but lack test coverage
* dotnet format
* add PutRemoveAuth endpoint with test coverage and tests for new non-anon endpoints
* update RequireFeatureFlag comment for clarity
* respond to Claude's findings
* add additional validation logic to new auth endpoints
* enforce auth policies on individual action methods
* remove JsonConverter directive for AuthType
* remove tools-send-email-otp-listing feature flag
---------
Co-authored-by: ✨ Audrey ✨ <audrey@audreyality.com>
Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
We want to reduce the amount of business critical test data in the company. One way of doing that is to generate test data on demand prior to client side testing.
Clients will request a scene to be set up with a JSON body set of options, specific to a given scene. Successful seed requests will be responded to with a mangleMap which maps magic strings present in the request to the mangled, non-colliding versions inserted into the database. This way, the server is solely responsible for understanding uniqueness requirements in the database. scenes also are able to return custom data, depending on the scene. For example, user creation would benefit from a return value of the userId for further test setup on the client side.
Clients will indicate they are running tests by including a unique header, x-play-id which specifies a unique testing context. The server uses this PlayId as the seed for any mangling that occurs. This allows the client to decide it will reuse a given PlayId if the test context builds on top of previously executed tests. When a given context is no longer needed, the API user will delete all test data associated with the PlayId by calling a delete endpoint.
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Add the ticket implementation
* Add the unit test
* Fix the lint and test issues
* resolve pr comments
* Fix the error on the test file
* Review suggestion and fixes
* resolve the api access comments
* Gte the key from the client
* Add the gateway type as stripe
* Address the legacy plans issues
* Resolve the misunderstanding
* Add additional storage that we will need if they revert
* Add the previous premium UserId
* V2 prep, rename existing SSO JIT MP command to V1
* set initial master password for account registraton V2
* later removel docs
* TDE MP onboarding split
* revert separate TDE onboarding controller api
* Server side hash of the user master password hash
* use `ValidationResult` instead for validation errors
* unit test coverage
* integration test coverage
* update sql migration script date
* revert validate password change
* better requests validation
* explicit error message when org sso identifier invalid
* more unit test coverage
* renamed onboarding to set, hash naming clarifications
* update db sql script, formatting
* use raw json as request instead of request models for integration test
* v1 integration test coverage
* change of name
* Add OrganizationUser_SelfRevoked event type to EventType enum
* Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations
* Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions.
* Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality
* Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation
* Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles.
* Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message.
* Add MemberRequirement class for organization membership authorization
- Implemented MemberRequirement to check if a user is a member of the organization.
- Added unit tests for MemberRequirement to validate authorization logic for different user types.
* Update authorization requirement for self-revoke endpoint and add integration test for provider users
- Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method.
- Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves.
* Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement
- Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state.
- Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs.
* Refactor self-revoke user command to enhance eligibility checks
- Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation.
- Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity.
- Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins.
- Removed deprecated policy checks and streamlined the command's dependencies.
* Use CommandResult pattern in self-revoke command
* Clearer documentation
* update account storage endpoint
* Fix the failing test
* Added flag and refactor base on pr comments
* fix the lint error
* Resolve the pr comments
* Fix the failing test
* Fix the failing test
* Return none
* Resolve the lint error
* Fix the failing test
* Add the missing test
* Formatting issues fixed
* update send api models to support new `email` field
* normalize authentication field evaluation order
* document send response converters
* add FIXME to remove unused constructor argument
* add FIXME to remove unused constructor argument
* introduce `tools-send-email-otp-listing` feature flag
* add `ISendOwnerQuery` to dependency graph
* fix broken tests
* added AuthType prop to send related models with test coverage and debt cleanup
* dotnet format
* add migrations
* dotnet format
* make SendsController null safe (tech debt)
* add AuthType col to Sends table, change Emails col length to 4000, and run migrations
* dotnet format
* update SPs to expect AuthType
* include SP updates in migrations
* remove migrations not intended for merge
* Revert "remove migrations not intended for merge"
This reverts commit 7df56e346a.
undo migrations removal
* extract AuthType inference to util method and remove SQLite file
* fix lints
* address review comments
* fix incorrect assignment and adopt SQL conventions
* fix column assignment order in Send_Update.sql
* remove space added to email list
* assign SQL default value of NULL to AuthType
* update SPs to match migration changes
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
* implement the ticket request
* resolve the build lint error
* Resolve the build lint error
* Address review comments
* Fixt the lint and failing unit test
* Fix NSubstitute mock - use concrete ClaimsPrincipal instead of Arg.Any in Returns()
* resolve InjectUser issues
* Fix the failing testing
* Fix the failing unit test
* feat(global-settings) [PM-20109]: Add WebAuthN global settings.
* feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings.
* test(webauthn) [PM-20109]: Update command tests to use global configs.
* feat(global-settings) [PM-20109]: Set defaults for maximum allowed credentials.
* feat(two-factor-request-model) [PM-20109]: Remove hard-coded 5 limit on ID validation.
* Revert "test(webauthn) [PM-20109]: Update command tests to use global configs."
This reverts commit ba9f0d5fb6.
* Revert "feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings."
This reverts commit d2faef0c13.
* feat(global-settings) [PM-20109]: Add WebAuthNSettings to interface for User Service consumption.
* feat(user-service) [PM-20109]: Add boundary and persistence-time validation for maximum allowed WebAuthN 2FA credentials.
* test(user-service) [PM-20109]: Update tests for WebAuthN limit scenarios.
* refactor(user-service) [PM-20109]: Typo in variable name.
* refactor(user-service) [PM-20109]: Remove unnecessary pending check.
* refactor(user-service) [PM-20109]: Pending check is necessary.
* refactor(webauthn) [PM-20109]: Re-spell WebAuthN => WebAuthn.
* refactor(user-service) [PM-20109]: Re-format pending checks for consistency.
* refactor(user-service) [PM-20109]: Fix type spelling in comments.
* test(user-service) [PM-20109]: Combine premium and non-premium test cases with AutoData.
* refactor(user-service) [PM-20109]: Swap HasPremiumAccessQuery in for CanAccessPremium.
* refactor(user-service) [PM-20109]: Convert limit check to positive, edit comments.
Main fix: only assign new key value where old keys are not set
and new keys have been provided.
Refactors:
- use consistent DTO model for keypairs
- delete duplicate property assignment for new orgs
* account v2 registration for key connector
* use new user repository functions
* test coverage
* integration test coverage
* documentation
* code review
* missing test coverage
* fix failing test
* failing test
* incorrect ticket number
* moved back request model to Api, created dedicated data class in Core
* sql stored procedure type mismatch, simplification
* key connector authorization handler
* Integration test around getting and saving collection with group/user permissions
* This adds groups to the collections returned.
* Added new stored procedures so we don't accidentally wipe out access due to null parameters.
* wrapping all calls in transaction in the event that there is an error.
