* Add policy for blocking account creation from claimed domains.
* dotnet format
* check as part of email verification
* add feature flag
* fix tests
* try to fix dates on database integration tests
* PR feedback from claude
* remove claude local settings
* pr feedback
* format
* fix test
* create or alter
* PR feedback
* PR feedback
* Update src/Core/Constants.cs
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* fix merge issues
* fix tests
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Adding auto confirm endpoint and initial command work.
* Adding validator
* Finished command implementation.
* Enabled the feature renomved used method. Enabled the policy in the tests.
* Added extension functions to allow for railroad programming.
* Removed guid from route template. Added xml docs
* Added validation for command.
* Added default collection creation to command.
* formatting.
* Added additional error types and mapped to appropriate results.
* Added tests for auto confirm validator
* Adding tests
* fixing file name
* Cleaned up OrgUserController. Added integration tests.
* Consolidated CommandResult and validation result stuff into a v2 directory.
* changing result to match handle method.
* Moves validation thenasync method.
* Added brackets.
* Updated XML comment
* Adding idempotency comment.
* Fixed up merge problems. Fixed return types for handle.
* Renamed to ValidationRequest
* I added some methods for CommandResult to cover some future use cases. Added ApplyAsync method to execute multiple functions against CommandResult without an error stopping the workflow for side-effects.
* Fixed up logic around should create default colleciton. Added more methods for chaining ValidationResult together. Added logic for user type.
* Clearing nullable enable.
* Fixed up validator tests.
* Tests for auto confirm command
* Fixed up command result and AutoConfirmCommand.
* Removed some unused methods.
* Moved autoconfirm tests to their own class.
* Moved some stuff around. Need to clean up creation of accepted org user yet.
* Moved some more code around. Folded Key into accepted constructor. removed unneeded tests since key and accepted are now a part of AcceptedOrgUser Creation.
* Clean up clean up everybody everywhere. Clean up clean up everybody do your share.
* Another quick one
* Removed aggregate Errors.cs
* Cleaned up validator and fixed up tests.
* Fixed auto confirm repo
* Cleaned up command tests.
* Unused method.
* Restoring Bulk command back to what it was. deleted handle method for bulk.
* Remove unused method.
* removed unnecssary lines and comments
* fixed layout.
* Fixed test.
* fixed spelling mistake. removed unused import.
* Update test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmUsersCommandTests.cs
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Ensuring collection is created before full sync. Cleaning up tests and added a few more. Added check that the policy is enabled.
* Added org cleanup
* Lowering to 5 to see if that helps the runner.
* 🤷
* Trying this
* Maybe this time will be different.
* seeing if awaiting and checking independently will work in ci
* I figured it out. Locally, it would be fast enough to all return NoContent, however in CI, its slow enough for it to return 400 due to the user already being confirmed via validation.
* Updated tests and validator
* Fixed name
---------
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* First pass at adding Automatic User Confirmation Policy.
* Adding edge case tests. Adding side effect of updating organization feature. Removing account recovery restriction from validation.
* Added implementation for the vnext save
* Added documentation to different event types with remarks. Updated IPolicyValidator xml docs.
* Add PolicyValidatorsRefactor constant to FeatureFlagKeys in Constants.cs
* Add Metadata property and ToSavePolicyModel method to PolicyUpdateRequestModel
* Refactor PoliciesController to utilize IVNextSavePolicyCommand based on feature flag
- Added IFeatureService and IVNextSavePolicyCommand dependencies to PoliciesController.
- Updated PutVNext method to conditionally use VNextSavePolicyCommand or SavePolicyCommand based on the PolicyValidatorsRefactor feature flag.
- Enhanced unit tests to verify behavior for both enabled and disabled states of the feature flag.
* Update public PoliciesController to to utilize IVNextSavePolicyCommand based on feature flag
- Introduced IFeatureService and IVNextSavePolicyCommand to manage policy saving based on the PolicyValidatorsRefactor feature flag.
- Updated the Put method to conditionally use the new VNextSavePolicyCommand or the legacy SavePolicyCommand.
- Added unit tests to validate the behavior of the Put method for both enabled and disabled states of the feature flag.
* Refactor VerifyOrganizationDomainCommand to utilize IVNextSavePolicyCommand based on feature flag
- Added IFeatureService and IVNextSavePolicyCommand dependencies to VerifyOrganizationDomainCommand.
- Updated EnableSingleOrganizationPolicyAsync method to conditionally use VNextSavePolicyCommand or SavePolicyCommand based on the PolicyValidatorsRefactor feature flag.
- Enhanced unit tests to validate the behavior when the feature flag is enabled.
* Enhance SsoConfigService to utilize IVNextSavePolicyCommand based on feature flag
- Added IFeatureService and IVNextSavePolicyCommand dependencies to SsoConfigService.
- Updated SaveAsync method to conditionally use VNextSavePolicyCommand or SavePolicyCommand based on the PolicyValidatorsRefactor feature flag.
- Added unit tests to validate the behavior when the feature flag is enabled.
* Refactor SavePolicyModel to simplify constructor usage by removing EmptyMetadataModel parameter. Update related usages across the codebase to reflect the new constructor overloads.
* Update PolicyUpdateRequestModel to make Metadata property nullable for improved null safety
* Add validation to URI Match Default Policy for Single Org prerequisite
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove nullable enable; Replace Task.FromResult(0) with Task.CompletedTask
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add unit test for our new validator
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Improve comments and whitespace for unit test
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove unnecessary whitespace in unit test
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove unneccessary unit tets
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Re-add using NSubstitute
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Revert unintended changes to AccountControllerTest.cs
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Revert unintended changes to AccountControllerTest.cs
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Revert unintended changes to HubHelpersTest.cs
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add IEnforceDependentPoliciesEvent interface to UriMatchDefaultPolicyValidator
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add integration tests for GetByUserIdWithPolicyDetailsAsync in OrganizationUserRepository
- Implemented multiple test cases to verify the behavior of GetByUserIdWithPolicyDetailsAsync for different user statuses (Confirmed, Accepted, Invited, Revoked).
- Ensured that the method returns correct policy details based on user status and organization.
- Added tests for scenarios with multiple organizations and non-existing policy types.
- Included checks for provider users and custom user permissions.
These tests enhance coverage and ensure the correctness of policy retrieval logic.
* Add UserProviderAccessView to identify which organizations a user can access as a provider
* Refactor PolicyDetails_ReadByUserId stored procedure to improve user access logic
- Introduced a Common Table Expression (CTE) for organization users to streamline the selection process based on user status and email.
- Added a CTE for providers to enhance clarity and maintainability.
- Updated the main query to utilize the new CTEs, improving readability and performance.
- Ensured that the procedure correctly identifies provider access based on user permissions.
* Refactor OrganizationUser_ReadByUserIdWithPolicyDetails stored procedure to enhance user access logic
- Introduced a Common Table Expression (CTE) for organization users to improve selection based on user status and email.
- Updated the main query to utilize the new CTEs, enhancing readability and performance.
- Adjusted the logic for identifying provider access to ensure accurate policy retrieval based on user permissions.
* Add new SQL migration script to refactor policy details queries
- Created a new view, UserProviderAccessView, to streamline user access to provider organizations.
- Introduced two stored procedures: PolicyDetails_ReadByUserId and OrganizationUser_ReadByUserIdWithPolicyDetails, enhancing the logic for retrieving policy details based on user ID and policy type.
- Utilized Common Table Expressions (CTEs) to improve query readability and performance, ensuring accurate policy retrieval based on user permissions and organization status.
* Remove GetPolicyDetailsByUserIdTests
* Refactor PolicyRequirementQuery to use GetPolicyDetailsByUserIdsAndPolicyType and update unit tests
* Remove GetPolicyDetailsByUserId method from IPolicyRepository and its implementations in PolicyRepository classes
* Revert changes to PolicyDetails_ReadByUserId stored procedure
* Refactor OrganizationUser_ReadByUserIdWithPolicyDetails stored procedure to use UNION instead of OR
* Reduce UserEmail variable size from NVARCHAR(320) to NVARCHAR(256) for consistency in stored procedures
* Bump date on migration script
* Implement IOnPolicyPreUpdateEvent for FreeFamiliesForEnterprisePolicyValidator and add corresponding unit tests
* Implement IEnforceDependentPoliciesEvent in MaximumVaultTimeoutPolicyValidator
* Rename test methods in FreeFamiliesForEnterprisePolicyValidatorTests for consistency
* Implement IPolicyValidationEvent and IEnforceDependentPoliciesEvent in RequireSsoPolicyValidator and enhance unit tests
* Implement IPolicyValidationEvent and IEnforceDependentPoliciesEvent in ResetPasswordPolicyValidator and add unit tests
* Implement IOnPolicyPreUpdateEvent in TwoFactorAuthenticationPolicyValidator and add unit tests
* Implement IPolicyValidationEvent and IOnPolicyPreUpdateEvent in SingleOrgPolicyValidator with corresponding unit tests
* Implement IOnPolicyPostUpdateEvent in OrganizationDataOwnershipPolicyValidator and add unit tests for ExecutePostUpsertSideEffectAsync
* Refactor policy validation logic in VNextSavePolicyCommand to simplify enabling and disabling requirements checks
* Refactor VNextSavePolicyCommand to replace IEnforceDependentPoliciesEvent with IPolicyUpdateEvent and update related tests
* Add AddPolicyUpdateEvents method and update service registration for policy update events
* Use single method for default collection creation
* Use GenerateComb to create sequential guids
* Pre-sort data for SqlBulkCopy
* Add SqlBulkCopy options per dbops recommendations
* Update the OrganizationUserController integration Confirm tests to handle the Owner type
* Refactor ConfirmOrganizationUserCommand to simplify side-effect handling in organization user confirmation.
Update IPolicyRequirementQuery to return eligible org user IDs for policy enforcement.
Update tests for method signature changes and default collection creation logic.
* Implement GetByOrganizationAsync method in PolicyRequirementQuery and add corresponding unit tests
* Refactor ConfirmOrganizationUserCommand for clarity and add bulk support
* Update ConfirmOrganizationUserCommandTests to use GetByOrganizationAsync for policy requirement queries
* Add DefaultUserCollectionName property to OrganizationUserBulkConfirmRequestModel with encryption attributes
* Update ConfirmUsersAsync method to include DefaultUserCollectionName parameter in OrganizationUsersController
* Add EnableOrganizationDataOwnershipPolicyAsync method to OrganizationTestHelpers
* Add integration tests for confirming organization users in OrganizationUserControllerTests
- Implemented Confirm_WithValidUser test to verify successful confirmation of a single user.
- Added BulkConfirm_WithValidUsers test to ensure multiple users can be confirmed successfully.
* Refactor organization user confirmation integration tests to also test when the organization data ownership policy is disabled
* Refactor ConfirmOrganizationUserCommand to consolidate confirmation side effects handling
- Replaced single and bulk confirmation side effect methods with a unified HandleConfirmationSideEffectsAsync method.
- Updated related logic to handle confirmed organization users more efficiently.
- Adjusted unit tests to reflect changes in the collection creation process for confirmed users.
* Refactor OrganizationUserControllerTests to simplify feature flag handling and consolidate test logic
- Removed redundant feature flag checks in Confirm and BulkConfirm tests.
- Updated tests to directly enable the Organization Data Ownership policy without conditional checks.
- Ensured verification of DefaultUserCollection for confirmed users remains intact.
* Refactor OrganizationUserControllerTests to enhance clarity and reduce redundancy
- Simplified user creation and confirmation logic in tests by introducing helper methods.
- Consolidated verification of confirmed users and their associated collections.
- Removed unnecessary comments and streamlined test flow for better readability.
* Add RequiresDefaultCollection method to PersonalOwnershipPolicyRequirement
* Add CreateDefaultLocation feature flag to Constants.cs
* Add DefaultUserCollectionName property to OrganizationUserConfirmRequestModel with encryption attributes
* Update PersonalOwnershipPolicyRequirement instantiation in tests to use constructor with parameters instead of property assignment
* Enhance ConfirmOrganizationUserCommand to support default user collection creation. Added logic to check if a default collection is required based on organization policies and feature flags. Updated ConfirmUserAsync method signature to include an optional defaultUserCollectionName parameter. Added corresponding tests to validate the new functionality.
* Refactor Confirm method in OrganizationUsersController to use Guid parameters directly, simplifying the code. Updated ConfirmUserAsync call to include DefaultUserCollectionName from the input model.
* Move logic for handling confirmation side effects into a separate method
* Refactor PersonalOwnershipPolicyRequirement to use enum for ownership state
- Introduced PersonalOwnershipState enum to represent allowed and restricted states.
- Updated PersonalOwnershipPolicyRequirement constructor and properties to utilize the new enum.
- Modified related classes and tests to reflect changes in ownership state handling.
* Avoid multiple lookups in dictionaries
* Consistency in fallback to empty CollectionIds
* Readability at the cost of lines changed
* Readability
* Changes after running dotnet format
* Add RequireTwoFactorPolicyRequirement and its factory with unit tests
* Implemented RequireTwoFactorPolicyRequirement to enforce two-factor authentication policies.
* Created RequireTwoFactorPolicyRequirementFactory to generate policy requirements based on user status.
* Added unit tests for the factory to validate behavior with various user statuses and policy details.
* Enhance AcceptOrgUserCommand to use IPolicyRequirementQuery for two-factor authentication validation
* Update ConfirmOrganizationUserCommand to use RequireTwoFactorPolicyRequirement to check for 2FA requirement
* Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling.
* Refactor AcceptOrgUserCommand to enforce two-factor authentication policy based on feature flag; update validation logic and tests accordingly.
* Enhance ConfirmOrganizationUserCommand to validate two-factor authentication policy based on feature flag; refactor validation logic and update related tests for improved policy handling.
* Remove unused method and its dependencies from OrganizationService.
* Implement CanBeRestored method in RequireTwoFactorPolicyRequirement to determine user restoration eligibility based on two-factor authentication status; add corresponding unit tests for various scenarios.
* Update RestoreOrganizationUserCommand to use IPolicyRequirementQuery for two-factor authentication policies checks
* Remove redundant vNext tests
* Add TwoFactorPoliciesForActiveMemberships property to RequireTwoFactorPolicyRequirement and corresponding unit tests for policy retrieval based on user status
* Refactor UserService to integrate IPolicyRequirementQuery for two-factor authentication policy checks
* Add XML documentation for TwoFactorPoliciesForActiveMemberships property in RequireTwoFactorPolicyRequirement to clarify its purpose and return value.
* Add exception documentation for ValidateTwoFactorAuthenticationPolicyAsync method in ConfirmOrganizationUserCommand to clarify error handling for users without two-step login enabled.
* Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify handling of two-step login and 2FA policy checks.
* Add RequireTwoFactorPolicyRequirementFactory to PolicyServiceCollectionExtensions
* Refactor two-factor authentication policy checks in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline validation logic and improve clarity. Update RequireTwoFactorPolicyRequirement to provide a method for checking if two-factor authentication is required for an organization. Adjust related unit tests accordingly.
* Add PolicyRequirements namespace
* Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify two-factor authentication policy requirements and exception handling.
* Refactor RequireTwoFactorPolicyRequirement to return tuples of (OrganizationId, OrganizationUserId) for active memberships requiring two-factor authentication. Update UserService and related tests to reflect this change.
* Refactor AcceptOrgUserCommand: delegate feature flag check to the ValidateTwoFactorAuthenticationPolicyAsync method
* Skip policy check if two-step login is enabled for the user
* Refactor ConfirmOrganizationUserCommand to streamline two-factor authentication policy validation logic
* Refactor AcceptOrgUserCommand to simplify two-factor authentication check by removing intermediate variable
* Update documentation in RequireTwoFactorPolicyRequirement to clarify the purpose of the IsTwoFactorRequiredForOrganization
* Refactor AcceptOrgUserCommandTests to remove redundant two-factor authentication checks and simplify test setup
* Refactor AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline two-factor authentication checks by removing redundant conditions and simplifying logic flow.
* Rename removeOrgUserTasks variable in UserService
* Refactor RestoreOrganizationUserCommand to simplify two-factor authentication compliance checks by consolidating logic into a new method, IsTwoFactorRequiredForOrganizationAsync.
* Remove outdated two-factor authentication validation documentation from AcceptOrgUserCommand
* Invert two-factor compliance check in RestoreOrganizationUserCommand to ensure correct validation of organization user policies.
* Refactor UserService to enhance two-factor compliance checks by optimizing organization retrieval and logging when no organizations require two-factor authentication.
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies
* Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable.
* Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag.
* Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods.
* Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory
* Restore ValidateRequireSsoPolicyDisabledOrNotApplicable
* Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters
* Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity
* Refactor BaseRequestValidatorTests to improve test clarity
* Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check
* Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check
* Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks
* Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required
* Refactor RequireSsoPolicyRequirement initialization
* Refactor SSO requirement check for improved readability
* Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions
* Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements
* Add PersonalOwnershipPolicyRequirement for managing personal ownership policy
* Add tests for PersonalOwnershipPolicyRequirement
* Register PersonalOwnershipPolicyRequirement in policy requirement factory
* Update ImportCiphersCommand to check PersonalOwnershipPolicyRequirement if the PolicyRequirements flag is enabled
Update unit tests
* Update CipherService to support PersonalOwnershipPolicyRequirement with feature flag
- Add support for checking personal ownership policy using PolicyRequirementQuery when feature flag is enabled
- Update CipherService constructor to inject new dependencies
- Add tests for personal vault restrictions with and without feature flag
* Clean up redundant "Arrange", "Act", and "Assert" comments in test methods
* Refactor PersonalOwnershipPolicyRequirementTests method names for clarity
- Improve test method names to better describe their purpose and behavior
- Rename methods to follow a more descriptive naming convention
- No functional changes to the test logic
* Remove commented code explaining policy check
* Refactor PersonalOwnership Policy Requirement implementation
- Add PersonalOwnershipPolicyRequirementFactory to replace static Create method
- Simplify policy requirement creation logic
- Update PolicyServiceCollectionExtensions to register new factory
- Update ImportCiphersCommand to use correct user ID parameter
- Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove unnecessary tests from PersonalOwnershipPolicyRequirementFactoryTests
* Add JSON-based stored procedure for updating account revision dates and modify existing procedure to use it
* Refactor SingleOrgPolicyValidator to revoke only non-compliant organization users and update related tests
- Revoking users when enabling single org and 2fa policies.
- Updated emails sent when users are revoked via 2FA or Single Organization policy enablement
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Adding CanToggleState to PoliciesControllers (api/public) endpoints. Added mappings wrapped in feature flag.
* Updated logic for determining CanToggle. Removed setting of toggle from List endpoint. Added new details model for single policy response. Validator now returns after first error.
