* Avoid multiple lookups in dictionaries
* Consistency in fallback to empty CollectionIds
* Readability at the cost of lines changed
* Readability
* Changes after running dotnet format
* Add DynamicClientStore
* Formatting
* Fix Debug assertion
* Make Identity internals visible to its unit tests
* Add installation client provider tests
* Add internal client provider tests
* Add DynamicClientStore tests
* Fix namespaces after merge
* Format
* Add docs and remove TODO comments
* Use preferred prefix for API keys
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* feat(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Initial changes.
* feat(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Updated tests.
* test(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Strengthened tests.
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file.
* fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery
* fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery.
* fix: return two factor provider enabled on CanGenerate() method.
* tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled.
* tech debt: removed unused service from AuthenticatorTokenProvider
* doc: added documentation to ITwoFactorProviderUsers
* doc: updated comments for TwoFactorIsEnabled impl
* test: fixing tests for ITwoFactorIsEnabledQuery
* test: updating tests to have correct DI and removing test for automatic email of TOTP.
* test: adding better test coverage
* Completed grouping of feature flags by team.
* Completed grouping feature flags by team.
* Remove email delay feature flag
* Removed feature flag
* Fixed reference.
* Remove flag after merge.
* Removed flag from server.
* Removed feature flag from server
* Remove new device verification feature flag.
* Removed unnecessary using.
* Remove feature flag from Constants
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies
* Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable.
* Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag.
* Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods.
* Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory
* Restore ValidateRequireSsoPolicyDisabledOrNotApplicable
* Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters
* Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity
* Refactor BaseRequestValidatorTests to improve test clarity
* Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check
* Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check
* Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks
* Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required
* Refactor RequireSsoPolicyRequirement initialization
* Refactor SSO requirement check for improved readability
* Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions
* Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements
* feat(newDeviceVerification) : Initial update to email
* fix : email copying over extra whitespace when using keyboard short cuts
* test : Fixing tests for new device verificaiton email format
* PM-10600: Notification push notification
* PM-10600: Sending to specific client types for relay push notifications
* PM-10600: Sending to specific client types for other clients
* PM-10600: Send push notification on notification creation
* PM-10600: Explicit group names
* PM-10600: Id typos
* PM-10600: Revert global push notifications
* PM-10600: Added DeviceType claim
* PM-10600: Sent to organization typo
* PM-10600: UT coverage
* PM-10600: Small refactor, UTs coverage
* PM-10600: UTs coverage
* PM-10600: Startup fix
* PM-10600: Test fix
* PM-10600: Required attribute, organization group for push notification fix
* PM-10600: UT coverage
* PM-10600: Fix Mobile devices not registering to organization push notifications
We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.
* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService
Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.
* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict
* PM-10600: Organization push notifications not sending to mobile device from self-hosted.
Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.
* PM-10600: Fix self-hosted organization notification not being received by mobile device.
When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.
* PM-10600: Broken NotificationsController integration test
Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.
* PM-10600: Merge conflicts fix
* merge conflict fix
feat(NewDeviceVerification) :
* Created database migration scripts for VerifyDevices column in [dbo].[User].
* Updated DeviceValidator to check if user has opted out of device verification.
* Added endpoint to AccountsController.cs to allow editing of new User.VerifyDevices property.
* Added tests for new methods and endpoint.
* Updating queries to track [dbo].[User].[VerifyDevices].
* Updated DeviceValidator to set `User.EmailVerified` property during the New Device Verification flow.
* chore: set up a `CODEOWNERS` space for platform
* chore: move sql objects for `Installation` to platform's domain
* chore: move `Installation` and `PushRelay` code to platform's domain
feat(NewDeviceVerification) :
Added constat for the cache key in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC Admin project.
Updated DeviceValidator class to handle checking cache for user information to allow pass through.
Updated and Added tests to handle new flow.
* feat(BaseRequestValidator):
Add global setting for new device verification.
Refactor BaseRequestValidator enabling better self-documenting code and better single responsibility principle for validators.
Updated DeviceValidator to handle new device verification, behind a feature flag.
Moved IDeviceValidator interface to separate file.
Updated CustomRequestValidator to act as the conduit by which *Validators communicate authentication context between themselves and the RequestValidators.
Adding new test for DeviceValidator class.
Updated tests for BaseRequestValidator as some functionality was moved to the DeviceValidator class.
refactor(TwoFactorAuthentication): Remove references to old Duo SDK version 2 code and replace them with the Duo SDK version 4 supported library DuoUniversal code.
Increased unit test coverage in the Two Factor Authentication code space. We opted to use DI instead of Inheritance for the Duo and OrganizaitonDuo two factor tokens to increase testability, since creating a testing mock of the Duo.Client was non-trivial.
Reviewed-by: @JaredSnider-Bitwarden
* PM-11123: Device Type mapping
* PM-11123: Moving ClientType out of NotificationCenter, naming clash with Identity ClientType
* PM-11123: Rename ClientType in ICurrentContext to match the type
* Attempt to fix tde to mp flow
* Move tde offboarding to dedicated flag
* Add tde offboarding password request
* Validate tde offboarding input
* Correctly check whether tde is active when building trusted device options
* Refactor Tde offboarding into a separate command
* Add unit tests for tde offboarding
* Update tde offboarding request model
* Fix tests
* Fix further tests
* Fix documentation
* Add validation for updatetdepasswordasync key/newmasterpassword
* Add comment explaining test
* Remove unrelated changes
* inital changes
* add provider GatewayType migrations
* db provider migrations
* removed duo migrations added v2 metadata to duo response
* removed helper scripts
* remove signature from org duo
* added backward compatibility for Duo v2
* added tests for duo request + response models
* refactors to TwoFactorController
* updated test methods to be compartmentalized by usage
* fix organization add duo
* Assert.Empty() fix for validator
* block legacy users from authN
* undo change to GetDeviceFromRequest
* lint
* add feature flag
* format
* add web vault url to error message
* fix test
* format
