* fix(user-decryption-options): ManageAccountRecovery Permission Forces MP Set - Update tests, add OrganizationUser fixture customization for Permissions
* fix(user-decryption-options): ManageAccountRecovery Permission Forces MP Set - Update hasManageResetPasswordPermission evaluation.
* PM-23174 - Add TODO for endpoint per sync discussion with Dave
* fix(user-decryption-options): ManageAccountRecovery Permission Forces MP Set - Clean up comments.
* fix(user-decryption-options): ManageAccountRecovery Permission Forces MP Set - Remove an outdated comment.
* fix(user-decryption-options): ManageAccountRecovery Permission Forces MP Set - Elaborate on comments around Organization User invite-time evaluation.
* fix(user-decryption-options): Use currentContext for Provider relationships, update comments, and feature flag the change.
* fix(user-decryption-options): Update test suite and provide additional comments for future flag removal.
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
* feat: add static enumeration helper class
* test: add enumeration helper class unit tests
* feat: implement NeverAuthenticateValidator
* test: unit and integration tests SendNeverAuthenticateValidator
* test: use static class for common integration test setup for Send Access unit and integration tests
* test: update tests to use static helper
* feat: add policy to API startup and Policies class to hold the static strings
* test: add snapshot testing for constants to help with rust mappings
* doc: add docs for send access
* Improve swagger OperationIDs: Part 1
* Fix tests and fmt
* Improve docs and add more tests
* Fmt
* Improve Swagger OperationIDs for Auth
* Fix review feedback
* Use generic getcustomattributes
* Format
* replace swaggerexclude by split+obsolete
* Format
* Some remaining excludes
**feat**: create `SendGrantValidator` and initial `SendPasswordValidator` for Send access grants
**feat**: add feature flag to toggle Send grant validation logic
**feat**: add Send client to Identity and update `ApiClient` to generic `Client`
**feat**: register Send services in DI pipeline
**feat**: add claims management support to `ProfileService`
**feat**: distinguish between invalid grant and invalid request in `SendAccessGrantValidator`
**fix**: update parsing of `send_id` from request
**fix**: add early return when feature flag is disabled
**fix**: rename and organize Send access scope and grant type
**fix**: dotnet format
**test**: add unit and integration tests for `SendGrantValidator`
**test**: update OpenID configuration and API resource claims
**doc**: move documentation to interfaces and update inline comments
**chore**: add TODO for future support of `CustomGrantTypes`
* Moved license models to billing
* Moved LicensingService to billing
* Moved license command and queries to billing
* Moved LicenseController to billing
* Avoid multiple lookups in dictionaries
* Consistency in fallback to empty CollectionIds
* Readability at the cost of lines changed
* Readability
* Changes after running dotnet format
* Remove gathering and reporting of ReferenceEvents
* Fix test that relied on reference events throwing
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add DynamicClientStore
* Formatting
* Fix Debug assertion
* Make Identity internals visible to its unit tests
* Add installation client provider tests
* Add internal client provider tests
* Add DynamicClientStore tests
* Fix namespaces after merge
* Format
* Add docs and remove TODO comments
* Use preferred prefix for API keys
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* feat(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Initial changes.
* feat(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Updated tests.
* test(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Strengthened tests.
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file.
* fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery
* fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery.
* fix: return two factor provider enabled on CanGenerate() method.
* tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled.
* tech debt: removed unused service from AuthenticatorTokenProvider
* doc: added documentation to ITwoFactorProviderUsers
* doc: updated comments for TwoFactorIsEnabled impl
* test: fixing tests for ITwoFactorIsEnabledQuery
* test: updating tests to have correct DI and removing test for automatic email of TOTP.
* test: adding better test coverage
* Completed grouping of feature flags by team.
* Completed grouping feature flags by team.
* Remove email delay feature flag
* Removed feature flag
* Fixed reference.
* Remove flag after merge.
* Removed flag from server.
* Removed feature flag from server
* Remove new device verification feature flag.
* Removed unnecessary using.
* Remove feature flag from Constants
* Add trial length parameter to trial initiation endpoint and email
* Add feature flag that pegs trial length to 7 when disabled
* Add optionality to Identity
* Move feature service injection to identity accounts controller
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies
* Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable.
* Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag.
* Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods.
* Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory
* Restore ValidateRequireSsoPolicyDisabledOrNotApplicable
* Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters
* Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity
* Refactor BaseRequestValidatorTests to improve test clarity
* Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check
* Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check
* Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks
* Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required
* Refactor RequireSsoPolicyRequirement initialization
* Refactor SSO requirement check for improved readability
* Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions
* Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements
* feat : remove old registration endpoint
* fix: update integration test user registration to match current registration; We need to keep the IRegistrationCommand.RegisterUser method to JIT user.
* fix: updating accounts/profile tests to match current implementations
