* First pass at adding Automatic User Confirmation Policy.
* Adding edge case tests. Adding side effect of updating organization feature. Removing account recovery restriction from validation.
* Added implementation for the vnext save
* Added documentation to different event types with remarks. Updated IPolicyValidator xml docs.
* Add PolicyValidatorsRefactor constant to FeatureFlagKeys in Constants.cs
* Add Metadata property and ToSavePolicyModel method to PolicyUpdateRequestModel
* Refactor PoliciesController to utilize IVNextSavePolicyCommand based on feature flag
- Added IFeatureService and IVNextSavePolicyCommand dependencies to PoliciesController.
- Updated PutVNext method to conditionally use VNextSavePolicyCommand or SavePolicyCommand based on the PolicyValidatorsRefactor feature flag.
- Enhanced unit tests to verify behavior for both enabled and disabled states of the feature flag.
* Update public PoliciesController to to utilize IVNextSavePolicyCommand based on feature flag
- Introduced IFeatureService and IVNextSavePolicyCommand to manage policy saving based on the PolicyValidatorsRefactor feature flag.
- Updated the Put method to conditionally use the new VNextSavePolicyCommand or the legacy SavePolicyCommand.
- Added unit tests to validate the behavior of the Put method for both enabled and disabled states of the feature flag.
* Refactor VerifyOrganizationDomainCommand to utilize IVNextSavePolicyCommand based on feature flag
- Added IFeatureService and IVNextSavePolicyCommand dependencies to VerifyOrganizationDomainCommand.
- Updated EnableSingleOrganizationPolicyAsync method to conditionally use VNextSavePolicyCommand or SavePolicyCommand based on the PolicyValidatorsRefactor feature flag.
- Enhanced unit tests to validate the behavior when the feature flag is enabled.
* Enhance SsoConfigService to utilize IVNextSavePolicyCommand based on feature flag
- Added IFeatureService and IVNextSavePolicyCommand dependencies to SsoConfigService.
- Updated SaveAsync method to conditionally use VNextSavePolicyCommand or SavePolicyCommand based on the PolicyValidatorsRefactor feature flag.
- Added unit tests to validate the behavior when the feature flag is enabled.
* Refactor SavePolicyModel to simplify constructor usage by removing EmptyMetadataModel parameter. Update related usages across the codebase to reflect the new constructor overloads.
* Update PolicyUpdateRequestModel to make Metadata property nullable for improved null safety
* Add validation to URI Match Default Policy for Single Org prerequisite
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove nullable enable; Replace Task.FromResult(0) with Task.CompletedTask
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add unit test for our new validator
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Improve comments and whitespace for unit test
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove unnecessary whitespace in unit test
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove unneccessary unit tets
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Re-add using NSubstitute
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Revert unintended changes to AccountControllerTest.cs
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Revert unintended changes to AccountControllerTest.cs
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Revert unintended changes to HubHelpersTest.cs
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add IEnforceDependentPoliciesEvent interface to UriMatchDefaultPolicyValidator
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add integration tests for GetByUserIdWithPolicyDetailsAsync in OrganizationUserRepository
- Implemented multiple test cases to verify the behavior of GetByUserIdWithPolicyDetailsAsync for different user statuses (Confirmed, Accepted, Invited, Revoked).
- Ensured that the method returns correct policy details based on user status and organization.
- Added tests for scenarios with multiple organizations and non-existing policy types.
- Included checks for provider users and custom user permissions.
These tests enhance coverage and ensure the correctness of policy retrieval logic.
* Add UserProviderAccessView to identify which organizations a user can access as a provider
* Refactor PolicyDetails_ReadByUserId stored procedure to improve user access logic
- Introduced a Common Table Expression (CTE) for organization users to streamline the selection process based on user status and email.
- Added a CTE for providers to enhance clarity and maintainability.
- Updated the main query to utilize the new CTEs, improving readability and performance.
- Ensured that the procedure correctly identifies provider access based on user permissions.
* Refactor OrganizationUser_ReadByUserIdWithPolicyDetails stored procedure to enhance user access logic
- Introduced a Common Table Expression (CTE) for organization users to improve selection based on user status and email.
- Updated the main query to utilize the new CTEs, enhancing readability and performance.
- Adjusted the logic for identifying provider access to ensure accurate policy retrieval based on user permissions.
* Add new SQL migration script to refactor policy details queries
- Created a new view, UserProviderAccessView, to streamline user access to provider organizations.
- Introduced two stored procedures: PolicyDetails_ReadByUserId and OrganizationUser_ReadByUserIdWithPolicyDetails, enhancing the logic for retrieving policy details based on user ID and policy type.
- Utilized Common Table Expressions (CTEs) to improve query readability and performance, ensuring accurate policy retrieval based on user permissions and organization status.
* Remove GetPolicyDetailsByUserIdTests
* Refactor PolicyRequirementQuery to use GetPolicyDetailsByUserIdsAndPolicyType and update unit tests
* Remove GetPolicyDetailsByUserId method from IPolicyRepository and its implementations in PolicyRepository classes
* Revert changes to PolicyDetails_ReadByUserId stored procedure
* Refactor OrganizationUser_ReadByUserIdWithPolicyDetails stored procedure to use UNION instead of OR
* Reduce UserEmail variable size from NVARCHAR(320) to NVARCHAR(256) for consistency in stored procedures
* Bump date on migration script
* Implement IOnPolicyPreUpdateEvent for FreeFamiliesForEnterprisePolicyValidator and add corresponding unit tests
* Implement IEnforceDependentPoliciesEvent in MaximumVaultTimeoutPolicyValidator
* Rename test methods in FreeFamiliesForEnterprisePolicyValidatorTests for consistency
* Implement IPolicyValidationEvent and IEnforceDependentPoliciesEvent in RequireSsoPolicyValidator and enhance unit tests
* Implement IPolicyValidationEvent and IEnforceDependentPoliciesEvent in ResetPasswordPolicyValidator and add unit tests
* Implement IOnPolicyPreUpdateEvent in TwoFactorAuthenticationPolicyValidator and add unit tests
* Implement IPolicyValidationEvent and IOnPolicyPreUpdateEvent in SingleOrgPolicyValidator with corresponding unit tests
* Implement IOnPolicyPostUpdateEvent in OrganizationDataOwnershipPolicyValidator and add unit tests for ExecutePostUpsertSideEffectAsync
* Refactor policy validation logic in VNextSavePolicyCommand to simplify enabling and disabling requirements checks
* Refactor VNextSavePolicyCommand to replace IEnforceDependentPoliciesEvent with IPolicyUpdateEvent and update related tests
* Add AddPolicyUpdateEvents method and update service registration for policy update events
* Update the OrganizationUserController integration Confirm tests to handle the Owner type
* Refactor ConfirmOrganizationUserCommand to simplify side-effect handling in organization user confirmation.
Update IPolicyRequirementQuery to return eligible org user IDs for policy enforcement.
Update tests for method signature changes and default collection creation logic.
* Implement GetByOrganizationAsync method in PolicyRequirementQuery and add corresponding unit tests
* Refactor ConfirmOrganizationUserCommand for clarity and add bulk support
* Update ConfirmOrganizationUserCommandTests to use GetByOrganizationAsync for policy requirement queries
* Add DefaultUserCollectionName property to OrganizationUserBulkConfirmRequestModel with encryption attributes
* Update ConfirmUsersAsync method to include DefaultUserCollectionName parameter in OrganizationUsersController
* Add EnableOrganizationDataOwnershipPolicyAsync method to OrganizationTestHelpers
* Add integration tests for confirming organization users in OrganizationUserControllerTests
- Implemented Confirm_WithValidUser test to verify successful confirmation of a single user.
- Added BulkConfirm_WithValidUsers test to ensure multiple users can be confirmed successfully.
* Refactor organization user confirmation integration tests to also test when the organization data ownership policy is disabled
* Refactor ConfirmOrganizationUserCommand to consolidate confirmation side effects handling
- Replaced single and bulk confirmation side effect methods with a unified HandleConfirmationSideEffectsAsync method.
- Updated related logic to handle confirmed organization users more efficiently.
- Adjusted unit tests to reflect changes in the collection creation process for confirmed users.
* Refactor OrganizationUserControllerTests to simplify feature flag handling and consolidate test logic
- Removed redundant feature flag checks in Confirm and BulkConfirm tests.
- Updated tests to directly enable the Organization Data Ownership policy without conditional checks.
- Ensured verification of DefaultUserCollection for confirmed users remains intact.
* Refactor OrganizationUserControllerTests to enhance clarity and reduce redundancy
- Simplified user creation and confirmation logic in tests by introducing helper methods.
- Consolidated verification of confirmed users and their associated collections.
- Removed unnecessary comments and streamlined test flow for better readability.
* Add RequiresDefaultCollection method to PersonalOwnershipPolicyRequirement
* Add CreateDefaultLocation feature flag to Constants.cs
* Add DefaultUserCollectionName property to OrganizationUserConfirmRequestModel with encryption attributes
* Update PersonalOwnershipPolicyRequirement instantiation in tests to use constructor with parameters instead of property assignment
* Enhance ConfirmOrganizationUserCommand to support default user collection creation. Added logic to check if a default collection is required based on organization policies and feature flags. Updated ConfirmUserAsync method signature to include an optional defaultUserCollectionName parameter. Added corresponding tests to validate the new functionality.
* Refactor Confirm method in OrganizationUsersController to use Guid parameters directly, simplifying the code. Updated ConfirmUserAsync call to include DefaultUserCollectionName from the input model.
* Move logic for handling confirmation side effects into a separate method
* Refactor PersonalOwnershipPolicyRequirement to use enum for ownership state
- Introduced PersonalOwnershipState enum to represent allowed and restricted states.
- Updated PersonalOwnershipPolicyRequirement constructor and properties to utilize the new enum.
- Modified related classes and tests to reflect changes in ownership state handling.
* Add RequireTwoFactorPolicyRequirement and its factory with unit tests
* Implemented RequireTwoFactorPolicyRequirement to enforce two-factor authentication policies.
* Created RequireTwoFactorPolicyRequirementFactory to generate policy requirements based on user status.
* Added unit tests for the factory to validate behavior with various user statuses and policy details.
* Enhance AcceptOrgUserCommand to use IPolicyRequirementQuery for two-factor authentication validation
* Update ConfirmOrganizationUserCommand to use RequireTwoFactorPolicyRequirement to check for 2FA requirement
* Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling.
* Refactor AcceptOrgUserCommand to enforce two-factor authentication policy based on feature flag; update validation logic and tests accordingly.
* Enhance ConfirmOrganizationUserCommand to validate two-factor authentication policy based on feature flag; refactor validation logic and update related tests for improved policy handling.
* Remove unused method and its dependencies from OrganizationService.
* Implement CanBeRestored method in RequireTwoFactorPolicyRequirement to determine user restoration eligibility based on two-factor authentication status; add corresponding unit tests for various scenarios.
* Update RestoreOrganizationUserCommand to use IPolicyRequirementQuery for two-factor authentication policies checks
* Remove redundant vNext tests
* Add TwoFactorPoliciesForActiveMemberships property to RequireTwoFactorPolicyRequirement and corresponding unit tests for policy retrieval based on user status
* Refactor UserService to integrate IPolicyRequirementQuery for two-factor authentication policy checks
* Add XML documentation for TwoFactorPoliciesForActiveMemberships property in RequireTwoFactorPolicyRequirement to clarify its purpose and return value.
* Add exception documentation for ValidateTwoFactorAuthenticationPolicyAsync method in ConfirmOrganizationUserCommand to clarify error handling for users without two-step login enabled.
* Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify handling of two-step login and 2FA policy checks.
* Add RequireTwoFactorPolicyRequirementFactory to PolicyServiceCollectionExtensions
* Refactor two-factor authentication policy checks in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline validation logic and improve clarity. Update RequireTwoFactorPolicyRequirement to provide a method for checking if two-factor authentication is required for an organization. Adjust related unit tests accordingly.
* Add PolicyRequirements namespace
* Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify two-factor authentication policy requirements and exception handling.
* Refactor RequireTwoFactorPolicyRequirement to return tuples of (OrganizationId, OrganizationUserId) for active memberships requiring two-factor authentication. Update UserService and related tests to reflect this change.
* Refactor AcceptOrgUserCommand: delegate feature flag check to the ValidateTwoFactorAuthenticationPolicyAsync method
* Skip policy check if two-step login is enabled for the user
* Refactor ConfirmOrganizationUserCommand to streamline two-factor authentication policy validation logic
* Refactor AcceptOrgUserCommand to simplify two-factor authentication check by removing intermediate variable
* Update documentation in RequireTwoFactorPolicyRequirement to clarify the purpose of the IsTwoFactorRequiredForOrganization
* Refactor AcceptOrgUserCommandTests to remove redundant two-factor authentication checks and simplify test setup
* Refactor AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline two-factor authentication checks by removing redundant conditions and simplifying logic flow.
* Rename removeOrgUserTasks variable in UserService
* Refactor RestoreOrganizationUserCommand to simplify two-factor authentication compliance checks by consolidating logic into a new method, IsTwoFactorRequiredForOrganizationAsync.
* Remove outdated two-factor authentication validation documentation from AcceptOrgUserCommand
* Invert two-factor compliance check in RestoreOrganizationUserCommand to ensure correct validation of organization user policies.
* Refactor UserService to enhance two-factor compliance checks by optimizing organization retrieval and logging when no organizations require two-factor authentication.
* Simplify and align CommandResult and ValidationResult.
In particular, 1 error per Failure/Invalid.
* Move these files to a common namespace
* Remove unused code
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies
* Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable.
* Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag.
* Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods.
* Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory
* Restore ValidateRequireSsoPolicyDisabledOrNotApplicable
* Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters
* Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity
* Refactor BaseRequestValidatorTests to improve test clarity
* Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check
* Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check
* Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks
* Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required
* Refactor RequireSsoPolicyRequirement initialization
* Refactor SSO requirement check for improved readability
* Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions
* Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements
* Add PersonalOwnershipPolicyRequirement for managing personal ownership policy
* Add tests for PersonalOwnershipPolicyRequirement
* Register PersonalOwnershipPolicyRequirement in policy requirement factory
* Update ImportCiphersCommand to check PersonalOwnershipPolicyRequirement if the PolicyRequirements flag is enabled
Update unit tests
* Update CipherService to support PersonalOwnershipPolicyRequirement with feature flag
- Add support for checking personal ownership policy using PolicyRequirementQuery when feature flag is enabled
- Update CipherService constructor to inject new dependencies
- Add tests for personal vault restrictions with and without feature flag
* Clean up redundant "Arrange", "Act", and "Assert" comments in test methods
* Refactor PersonalOwnershipPolicyRequirementTests method names for clarity
- Improve test method names to better describe their purpose and behavior
- Rename methods to follow a more descriptive naming convention
- No functional changes to the test logic
* Remove commented code explaining policy check
* Refactor PersonalOwnership Policy Requirement implementation
- Add PersonalOwnershipPolicyRequirementFactory to replace static Create method
- Simplify policy requirement creation logic
- Update PolicyServiceCollectionExtensions to register new factory
- Update ImportCiphersCommand to use correct user ID parameter
- Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove unnecessary tests from PersonalOwnershipPolicyRequirementFactoryTests
* Add JSON-based stored procedure for updating account revision dates and modify existing procedure to use it
* Refactor SingleOrgPolicyValidator to revoke only non-compliant organization users and update related tests
- Revoking users when enabling single org and 2fa policies.
- Updated emails sent when users are revoked via 2FA or Single Organization policy enablement
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
