* Upgrade ExtendedCache to support non-Redis distributed cache
* Update CACHING.md to use UseSharedDistributedCache setting
Updated documentation to reflect the setting rename from UseSharedRedisCache
to UseSharedDistributedCache in the ExtendedCache configuration examples.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-authored-by: Matt Bishop <withinfocus@users.noreply.github.com>
* Upgrade ExtendedCache with support for named caches
* Addressed Claude PR suggestions - defensive mux creation, defend empty cache name, added tests
* Addressed PR suggestions; Fixed issue where IDistributedCache was missing when using the shared route; Added more unit tests
* Revert to TryAdd, document expectation that AddDistributedCache is called first
* Add FusionCache to service collection
* Refactored to it's own service collection extension, added full unit tests, added TryAdd style support
* Move to ExtendedCache instead of FusionCache, re-use exsting DistributedCache if present, expose backplane to DI
* Reworked builders to reuse multiplexer if present
* Add Microsoft Teams integration
* Fix method naming error
* Expand and clean up unit test coverage
* Update with PR feedback
* Add documentation, add In Progress logic/tests for Teams
* Fixed lowercase Slack
* Added docs; Updated PR suggestions;
* Fix broken tests
* Add support for configuring multiple allowed origins
* Use if/else instead of union
* Add conditionals
* Added Chromium based extension ID's
* format
* Update src/Core/Constants.cs
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* remove chromedevelopmentid
* format
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* feat: add static enumeration helper class
* test: add enumeration helper class unit tests
* feat: implement NeverAuthenticateValidator
* test: unit and integration tests SendNeverAuthenticateValidator
* test: use static class for common integration test setup for Send Access unit and integration tests
* test: update tests to use static helper
* Event integration updates and cleanups
* Add Datadog integration
* Update README to include link to Datadog PR
* Move doc update into the Datadog PR; Fix empty message on ArgumentException
* Adjust exception message
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Removed unnecessary nullable enable; Moved Docs link to PR into this PR
* Remove unnecessary nullable enable calls
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
**feat**: create `SendGrantValidator` and initial `SendPasswordValidator` for Send access grants
**feat**: add feature flag to toggle Send grant validation logic
**feat**: add Send client to Identity and update `ApiClient` to generic `Client`
**feat**: register Send services in DI pipeline
**feat**: add claims management support to `ProfileService`
**feat**: distinguish between invalid grant and invalid request in `SendAccessGrantValidator`
**fix**: update parsing of `send_id` from request
**fix**: add early return when feature flag is disabled
**fix**: rename and organize Send access scope and grant type
**fix**: dotnet format
**test**: add unit and integration tests for `SendGrantValidator`
**test**: update OpenID configuration and API resource claims
**doc**: move documentation to interfaces and update inline comments
**chore**: add TODO for future support of `CustomGrantTypes`
* [PM-17562] Refactor event integration methods / declarations in ServiceCollectionExtensions
* Refactored ServiceCollectionExtensions to use TryAdd and still launch unique listeneer services
* Updated unit tests to match new generic format for Listeners
* Fix method spacing
* Update README to reflect new integration setup in ServiceCollectionExtensions
* Move interfaces to I prefix; fix typo in subscription
* Fix reference to IIntegrationListenerConfiguration
* [PM-17562] Add HEC integration support
* Re-ordered parameters per PR suggestion
* Apply suggestions from code review
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Refactored webhook request model validation to be more clear
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* [PM-17562] Add strict delay support for RabbitMQ
* fix lint error
* Added more robust FailureReason handling and some additional tests
* Fix two issues noted by SonarQube
* Fix typo; Add alternate handling if MessageId is null or empty
* Set MessageId on all message publishers
* [PM-17562] Add Azure Service Bus support for event integration retries
* Cleanup AzureServiceBusIntegrationListenerService.cs; add nullable
* Removed IntegrationHandlerBase* since it is no longer used (We removed the subclasses previously)
* Changed strategy to assume ApplyRetry always gives us a non-null DelayUntilDate; Added test to confirm as well
* Initial stubbing out of the phishing service
* Add the phishing domain controller
* Add changes for the phishing domain get
* Add distributed cache to the phishing domain
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Rename the variable name
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Removed IPhishingDomainService
* Feature/phishing detection cronjob (#5512)
* Added caching to EF implementation. Added error handling and logging
* Refactored update method to use sqlbulkcopy instead of performing a round trip for each new insert
* Initial implementation for quartz job to get list of phishing domains
* Updated phishing domain settings to be its own interface
* Add phishing domain detection with checksum-based updates
* Updated auth for phishing domain endpoints to either require api, or licensing claims to support both web and browser clients, and selfhost api clients
* [Innovation Sprint] Updated Phishing domains to rely on blob storage (#5517)
* Updated phishing detection data layer to rely on azure blob storage instead of sql server
* dotnet format
* Took rider refactors
* Ensuring phishing.testcategory.com exists to test against
* Added redis to dev's docker-compose
* Removed redis from cloud profile
* Remove the Authorize attribute
* error whitespace fix whitespace formatting
* error WHITESPACE: Fix whitespace formatting
* Wrapped phishing detection feature behind feature flag (#5532)
* Increased timeout for fetching source list a bunch
* Removed PhishingDomains policy
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: Cy Okeke <cokeke@bitwarden.com>
* [PM-17562] Slack Event Investigation
* Refactored Slack and Webhook integrations to pull configurations dynamically from a new Repository
* Added new TemplateProcessor and added/updated unit tests
* SlackService improvements, testing, integration configurations
* Refactor SlackService to use a dedicated model to parse responses
* Refactored SlackOAuthController to use SlackService as an injected dependency; added tests for SlackService
* Remove unnecessary methods from the IOrganizationIntegrationConfigurationRepository
* Moved Slack OAuth to take into account the Organization it's being stored for. Added methods to store the top level integration for Slack
* Organization integrations and configuration database schemas
* Format EF files
* Initial buildout of basic repositories
* [PM-17562] Add Dapper Repositories For Organization Integrations and Configurations
* Update Slack and Webhook handlers to use new Repositories
* Update SlackOAuth tests to new signatures
* Added EF Repositories
* Update handlers to use latest repositories
* [PM-17562] Add Dapper and EF Repositories For Ogranization Integrations and Configurations
* Updated with changes from PR comments
* Adjusted Handlers to new repository method names; updated tests to naming convention
* Adjust URL structure; add delete for Slack, add tests
* Added Webhook Integration Controller
* Add tests for WebhookIntegrationController
* Added Create/Delete for OrganizationIntegrationConfigurations
* Prepend ConnectionTypes into IntegrationType so we don't run into issues later
* Added Update to OrganizationIntegrationConfigurtionController
* Moved Webhook-specific integration code to being a generic controller for everything but Slack
* Removed delete from SlackController - Deletes should happen through the normal Integration controller
* Fixed SlackController, reworked OIC Controller to use ids from URL and update the returned object
* Added parse/type checking for integration and integration configuration JSONs, Cleaned up GlobalSettings to remove old values
* Cleanup and fixes for Azure Service Bus support
* Clean up naming on TemplateProcessorTests
* Address SonarQube warnings/suggestions
* Expanded test coverage; Cleaned up tests
* Respond to PR Feedback
* Rename TemplateProcessor to IntegrationTemplateProcessor
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Allow for binning of comb IDs by date and value
* Introduce notification hub pool
* Replace device type sharding with comb + range sharding
* Fix proxy interface
* Use enumerable services for multiServiceNotificationHub
* Fix push interface usage
* Fix push notification service dependencies
* Fix push notification keys
* Fixup documentation
* Remove deprecated settings
* Fix tests
* PascalCase method names
* Remove unused request model properties
* Remove unused setting
* Improve DateFromComb precision
* Prefer readonly service enumerable
* Pascal case template holes
* Name TryParse methods TryParse
* Apply suggestions from code review
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Include preferred push technology in config response
SignalR will be the fallback, but clients should attempt web push first if offered and available to the client.
* Register web push devices
* Working signing and content encrypting
* update to RFC-8291 and RFC-8188
* Notification hub is now working, no need to create our own
* Fix body
* Flip Success Check
* use nifty json attribute
* Remove vapid private key
This is only needed to encrypt data for transmission along webpush -- it's handled by NotificationHub for us
* Add web push feature flag to control config response
* Update src/Core/NotificationHub/NotificationHubConnection.cs
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Update src/Core/NotificationHub/NotificationHubConnection.cs
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* fixup! Update src/Core/NotificationHub/NotificationHubConnection.cs
* Move to platform ownership
* Remove debugging extension
* Remove unused dependencies
* Set json content directly
* Name web push registration data
* Fix FCM type typo
* Determine specific feature flag from set of flags
* Fixup merged tests
* Fixup tests
* Code quality suggestions
* Fix merged tests
* Fix test
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* [PM-17562] Add Azure Service Bus for Distributed Events
* Fix failing test
* Addressed issues mentioned in SonarQube
* Respond to PR feedback
* Respond to PR feedback - make webhook opt-in, remove message body from log
* PM-16261 move ImportCiphersAsync to the tools team and create services using CQRS design pattern
* PM-16261 fix renaming methods and add unit tests for succes and bad request exception
* PM-16261 clean up old code from test
* make import limits configurable via appsettings
* PM-16085 fix issue with appSettings converting to globalSettings for new cipher import limits
* Initial POC of Distributed Events
* Apply suggestions from code review
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Clean up files to support accepted changes. Address PR Feedback
* Removed unneeded using to fix lint warning
* Moved config into a common EventLogging top-level item. Fixed issues from PR review
* Optimized per suggestion from justinbaur
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Updated to add IAsyncDisposable as suggested in PR review
* Updated with suggestion to use KeyedSingleton for the IEventWriteService
* Changed key case to lowercase
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* kdf defaults on null map to email hash
* cleanup code. add some randomness as well
* remove null check
* fix test
* move to private method
* remove random options
* tests for random defaults
* SetDefaultKdfHmacKey for old test
* Add a Pricing Client and mapping layer back to StaticStore.Plan
* Run dotnet format
* Temporarily remove service registration to forego any unforseen side effects
* Run dotnet format
* feat(BaseRequestValidator):
Add global setting for new device verification.
Refactor BaseRequestValidator enabling better self-documenting code and better single responsibility principle for validators.
Updated DeviceValidator to handle new device verification, behind a feature flag.
Moved IDeviceValidator interface to separate file.
Updated CustomRequestValidator to act as the conduit by which *Validators communicate authentication context between themselves and the RequestValidators.
Adding new test for DeviceValidator class.
Updated tests for BaseRequestValidator as some functionality was moved to the DeviceValidator class.
* Allow for binning of comb IDs by date and value
* Introduce notification hub pool
* Replace device type sharding with comb + range sharding
* Fix proxy interface
* Use enumerable services for multiServiceNotificationHub
* Fix push interface usage
* Fix push notification service dependencies
* Fix push notification keys
* Fixup documentation
* Remove deprecated settings
* Fix tests
* PascalCase method names
* Remove unused request model properties
* Remove unused setting
* Improve DateFromComb precision
* Prefer readonly service enumerable
* Pascal case template holes
* Name TryParse methods TryParse
* Apply suggestions from code review
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* AllClients is a set of clients and must be deduplicated
* Fix registration start time
* Add logging to initialization of a notification hub
* more logging
* Add lower level logging for hub settings
* Log when connection is resolved
* Improve log message
* Log pushes to notification hub
* temporarily elevate log messages for visibility
* Log in multi-service when relaying to another push service
* Revert to more reasonable logging free of user information
* Fixup merge
Deleting user was extracted to a command in #4803, this updates that work to use just the device ids as I did elsewhere in abd67e8ec
* Do not use bouncy castle exception types
* Add required services for logging
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* PM-5092 - Add new EnableEmailVerification global setting.
* PM-5092 - WIP - AccountsController.cs - create stub for new PostRegisterSendEmailVerification
* PM-5092 - RegisterSendEmailVerificationRequestModel
* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).
* PM-5092 - EmailVerificationTokenable.cs finished + tests working.
* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.
* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.
* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.
* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.
* PM-5092 - Add new registration verify email method on mail service.
* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.
* PM-5092 - NoopMailService.cs needs to implement all interface methods.
* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.
* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP
* PM-5092 - SendVerificationEmailForRegistrationCommandTests
* PM-5092 - Add integration tests for new acct controller method
* PM-5092 - Cleanup unit tests
* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.
* PM-5092 - Rename to read better - send verification email > send email verification
* PM-5092 - Revert primary constructor approach so DI works.
* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.
* PM-5092 - Fix email text
* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests
* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.
* PM-5092 - Per PR feedback, cleanup used dict.
* PM-5092 - formatting pass (manual + dotnet format)
* PM-5092 - Per PR feedback, log reference event after core business logic executes
* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.
* PM-5092 - Per PR feedback, add constructor validation for required tokenable data
* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.
* PM-5092 - Add fromEmail flag + some docs
* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable
* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback
* PM-5092 - Per PR feedback, use default constructor and manually create reference event.
* PM-5092 - Per PR feedback, add more docs!
* Centralize database migration logic
* Clean up unused usings
* Prizatize
* Remove verbose flag from Docker invocation
* Allow certain database operations to be skipped
* Readonly
* table storage grants
* simple shard on storage accounts
* use is not
* cosmos grant repo
* remove single storage connection string
* some fixes to dapper grant repo
* pattern matching
* add fallback to base PersistedGrantStore
* service collection extension cleanup
* cleanup
* remove unused Id
* empty string rowkey
* fix sharding method logic
* ttl for cosmos
* make ttl an int
* fixes to cosmos implementation
* fix partition key values
* catch notfound exceptions
* indenting
* update grantitem with custom serialization
* use new transform helpers
* grantloader perf test tool
* ref
* remove grant loader project
* remove table storage implementation
* remove table storage stuff
* all redis fallback to build to null
* revert sln file change
* EOF new line
* remove trailing comma
* lint fixes
* add grant to names
* move cosmos serilaizer to utils
* add some .net 8 keyed service comments
* EnableContentResponseOnWrite
* Fix type in EF grant repository
