* update send api models to support new `email` field
* normalize authentication field evaluation order
* document send response converters
* add FIXME to remove unused constructor argument
* add FIXME to remove unused constructor argument
* introduce `tools-send-email-otp-listing` feature flag
* add `ISendOwnerQuery` to dependency graph
* fix broken tests
* added AuthType prop to send related models with test coverage and debt cleanup
* dotnet format
* add migrations
* dotnet format
* make SendsController null safe (tech debt)
* add AuthType col to Sends table, change Emails col length to 4000, and run migrations
* dotnet format
* update SPs to expect AuthType
* include SP updates in migrations
* remove migrations not intended for merge
* Revert "remove migrations not intended for merge"
This reverts commit 7df56e346a.
undo migrations removal
* extract AuthType inference to util method and remove SQLite file
* fix lints
* address review comments
* fix incorrect assignment and adopt SQL conventions
* fix column assignment order in Send_Update.sql
* remove space added to email list
* assign SQL default value of NULL to AuthType
* update SPs to match migration changes
* remove FF, update SendAuthQuery, and update tests
* new endpoints added but lack test coverage
* dotnet format
* add PutRemoveAuth endpoint with test coverage and tests for new non-anon endpoints
* update RequireFeatureFlag comment for clarity
* respond to Claude's findings
* add additional validation logic to new auth endpoints
* enforce auth policies on individual action methods
* remove JsonConverter directive for AuthType
* remove tools-send-email-otp-listing feature flag
---------
Co-authored-by: ✨ Audrey ✨ <audrey@audreyality.com>
Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
We want to reduce the amount of business critical test data in the company. One way of doing that is to generate test data on demand prior to client side testing.
Clients will request a scene to be set up with a JSON body set of options, specific to a given scene. Successful seed requests will be responded to with a mangleMap which maps magic strings present in the request to the mangled, non-colliding versions inserted into the database. This way, the server is solely responsible for understanding uniqueness requirements in the database. scenes also are able to return custom data, depending on the scene. For example, user creation would benefit from a return value of the userId for further test setup on the client side.
Clients will indicate they are running tests by including a unique header, x-play-id which specifies a unique testing context. The server uses this PlayId as the seed for any mangling that occurs. This allows the client to decide it will reuse a given PlayId if the test context builds on top of previously executed tests. When a given context is no longer needed, the API user will delete all test data associated with the PlayId by calling a delete endpoint.
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Add the ticket implementation
* Add the unit test
* Fix the lint and test issues
* resolve pr comments
* Fix the error on the test file
* Review suggestion and fixes
* resolve the api access comments
* Gte the key from the client
* Add the gateway type as stripe
* Address the legacy plans issues
* Resolve the misunderstanding
* Add additional storage that we will need if they revert
* Add the previous premium UserId
* V2 prep, rename existing SSO JIT MP command to V1
* set initial master password for account registraton V2
* later removel docs
* TDE MP onboarding split
* revert separate TDE onboarding controller api
* Server side hash of the user master password hash
* use `ValidationResult` instead for validation errors
* unit test coverage
* integration test coverage
* update sql migration script date
* revert validate password change
* better requests validation
* explicit error message when org sso identifier invalid
* more unit test coverage
* renamed onboarding to set, hash naming clarifications
* update db sql script, formatting
* use raw json as request instead of request models for integration test
* v1 integration test coverage
* change of name
* Add OrganizationUser_SelfRevoked event type to EventType enum
* Add SelfRevokeOrganizationUserCommand implementation and interface for user self-revocation from organizations
* Add unit tests for SelfRevokeOrganizationUserCommand to validate user self-revocation logic, including success scenarios and various failure conditions.
* Add ISelfRevokeOrganizationUserCommand registration to OrganizationServiceCollectionExtensions for user self-revocation functionality
* Add self-revoke user functionality to OrganizationUsersController with new endpoint for user-initiated revocation
* Add integration tests for self-revoke functionality in OrganizationUsersController, covering scenarios for eligible users, non-members, and users with owner/admin roles.
* Add unit test for SelfRevokeOrganizationUserCommand to validate behavior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message.
* Add MemberRequirement class for organization membership authorization
- Implemented MemberRequirement to check if a user is a member of the organization.
- Added unit tests for MemberRequirement to validate authorization logic for different user types.
* Update authorization requirement for self-revoke endpoint and add integration test for provider users
- Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method.
- Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves.
* Add EligibleForSelfRevoke method to OrganizationDataOwnershipPolicyRequirement
- Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state.
- Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs.
* Refactor self-revoke user command to enhance eligibility checks
- Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation.
- Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity.
- Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins.
- Removed deprecated policy checks and streamlined the command's dependencies.
* Use CommandResult pattern in self-revoke command
* Clearer documentation
* update account storage endpoint
* Fix the failing test
* Added flag and refactor base on pr comments
* fix the lint error
* Resolve the pr comments
* Fix the failing test
* Fix the failing test
* Return none
* Resolve the lint error
* Fix the failing test
* Add the missing test
* Formatting issues fixed
* update send api models to support new `email` field
* normalize authentication field evaluation order
* document send response converters
* add FIXME to remove unused constructor argument
* add FIXME to remove unused constructor argument
* introduce `tools-send-email-otp-listing` feature flag
* add `ISendOwnerQuery` to dependency graph
* fix broken tests
* added AuthType prop to send related models with test coverage and debt cleanup
* dotnet format
* add migrations
* dotnet format
* make SendsController null safe (tech debt)
* add AuthType col to Sends table, change Emails col length to 4000, and run migrations
* dotnet format
* update SPs to expect AuthType
* include SP updates in migrations
* remove migrations not intended for merge
* Revert "remove migrations not intended for merge"
This reverts commit 7df56e346a.
undo migrations removal
* extract AuthType inference to util method and remove SQLite file
* fix lints
* address review comments
* fix incorrect assignment and adopt SQL conventions
* fix column assignment order in Send_Update.sql
* remove space added to email list
* assign SQL default value of NULL to AuthType
* update SPs to match migration changes
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
* implement the ticket request
* resolve the build lint error
* Resolve the build lint error
* Address review comments
* Fixt the lint and failing unit test
* Fix NSubstitute mock - use concrete ClaimsPrincipal instead of Arg.Any in Returns()
* resolve InjectUser issues
* Fix the failing testing
* Fix the failing unit test
* feat(global-settings) [PM-20109]: Add WebAuthN global settings.
* feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings.
* test(webauthn) [PM-20109]: Update command tests to use global configs.
* feat(global-settings) [PM-20109]: Set defaults for maximum allowed credentials.
* feat(two-factor-request-model) [PM-20109]: Remove hard-coded 5 limit on ID validation.
* Revert "test(webauthn) [PM-20109]: Update command tests to use global configs."
This reverts commit ba9f0d5fb6.
* Revert "feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings."
This reverts commit d2faef0c13.
* feat(global-settings) [PM-20109]: Add WebAuthNSettings to interface for User Service consumption.
* feat(user-service) [PM-20109]: Add boundary and persistence-time validation for maximum allowed WebAuthN 2FA credentials.
* test(user-service) [PM-20109]: Update tests for WebAuthN limit scenarios.
* refactor(user-service) [PM-20109]: Typo in variable name.
* refactor(user-service) [PM-20109]: Remove unnecessary pending check.
* refactor(user-service) [PM-20109]: Pending check is necessary.
* refactor(webauthn) [PM-20109]: Re-spell WebAuthN => WebAuthn.
* refactor(user-service) [PM-20109]: Re-format pending checks for consistency.
* refactor(user-service) [PM-20109]: Fix type spelling in comments.
* test(user-service) [PM-20109]: Combine premium and non-premium test cases with AutoData.
* refactor(user-service) [PM-20109]: Swap HasPremiumAccessQuery in for CanAccessPremium.
* refactor(user-service) [PM-20109]: Convert limit check to positive, edit comments.
Main fix: only assign new key value where old keys are not set
and new keys have been provided.
Refactors:
- use consistent DTO model for keypairs
- delete duplicate property assignment for new orgs
* account v2 registration for key connector
* use new user repository functions
* test coverage
* integration test coverage
* documentation
* code review
* missing test coverage
* fix failing test
* failing test
* incorrect ticket number
* moved back request model to Api, created dedicated data class in Core
* sql stored procedure type mismatch, simplification
* key connector authorization handler
* Integration test around getting and saving collection with group/user permissions
* This adds groups to the collections returned.
* Added new stored procedures so we don't accidentally wipe out access due to null parameters.
* wrapping all calls in transaction in the event that there is an error.
* move billing services+tests to billing namespaces
* reorganized methods in file and added comment headers
* renamed StripeAdapter methods for better clarity
* clean up redundant qualifiers
* Upgrade Stripe.net to v48.4.0
* Update PreviewTaxAmountCommand
* Remove unused UpcomingInvoiceOptionExtensions
* Added SubscriptionExtensions with GetCurrentPeriodEnd
* Update PremiumUserBillingService
* Update OrganizationBillingService
* Update GetOrganizationWarningsQuery
* Update BillingHistoryInfo
* Update SubscriptionInfo
* Remove unused Sql Billing folder
* Update StripeAdapter
* Update StripePaymentService
* Update InvoiceCreatedHandler
* Update PaymentFailedHandler
* Update PaymentSucceededHandler
* Update ProviderEventService
* Update StripeEventUtilityService
* Update SubscriptionDeletedHandler
* Update SubscriptionUpdatedHandler
* Update UpcomingInvoiceHandler
* Update ProviderSubscriptionResponse
* Remove unused Stripe Subscriptions Admin Tool
* Update RemoveOrganizationFromProviderCommand
* Update ProviderBillingService
* Update RemoveOrganizatinoFromProviderCommandTests
* Update PreviewTaxAmountCommandTests
* Update GetCloudOrganizationLicenseQueryTests
* Update GetOrganizationWarningsQueryTests
* Update StripePaymentServiceTests
* Update ProviderBillingControllerTests
* Update ProviderEventServiceTests
* Update SubscriptionDeletedHandlerTests
* Update SubscriptionUpdatedHandlerTests
* Resolve Billing test failures
I completely removed tests for the StripeEventService as they were using a system I setup a while back that read JSON files of the Stripe event structure. I did not anticipate how frequently these structures would change with each API version and the cost of trying to update these specific JSON files to test a very static data retrieval service far outweigh the benefit.
* Resolve Core test failures
* Run dotnet format
* Remove unused provider migration
* Fixed failing tests
* Run dotnet format
* Replace the old webhook secret key with new one (#6223)
* Fix compilation failures in additions
* Run dotnet format
* Bump Stripe API version
* Fix recent addition: CreatePremiumCloudHostedSubscriptionCommand
* Fix new code in main according to Stripe update
* Fix InvoiceExtensions
* Bump SDK version to match API Version
* cleanup
* fixing items missed after the merge
* use expression body for all simple returns
* forgot fixes, format, and pr feedback
* claude pr feedback
* pr feedback and cleanup
* more claude feedback
---------
Co-authored-by: Alex Morask <amorask@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* add folders and favorites when sharing a cipher
* refactor folders and favorites assignment to consider existing folders/favorite assignments on a cipher
* remove unneeded string manipulation
* remove comment
* add unit test for folder/favorite sharing
* add migration for sharing a cipher to org and collect reprompt, favorite and folders
* update date timestamp of migration
* fix(two-factor-controller) [PM-24211]: Update send email validation to use auth request's IsValidForAuthentication.
* refactor(login-features) [PM-24211]: Remove Core.LoginFeatures as no longer used; AuthRequest.IsValidForAuthentication should be used for any applicable use cases.
* feat(auth-request) [PM-24211]: Add tests for AuthRequest.IsValidForAuthentication.
* fix(two-factor-controller) [PM-24211]: Branching logic should return on successful send.
* chore(auth-request) [PM-24211]: Remove some old comments (solved-for).
* fix(two-factor-controller) [PM-24211]: Update some comments (clarification/naming).
* fix(two-factor-controller) [PM-24211]: Rephrase a comment (accuracy).
* Add CQRS and caching support for OrganizationIntegrations
* Use primary constructor for Delete command, per Claude suggestion
* Fix namespace
* Add XMLDoc for new commands / queries
* Remove unnecessary extra call to AddExtendedCache in Startup (call in EventIntegrationsServiceCollectionExtensions handles this instead)
* Alter strategy to use one cache / database call to retrieve all configurations for an event (including wildcards)
* Updated README documentation to reflect updated Caching doc and updated CQRS approach
* Implement optimized bulk invite resend command
- Added IBulkResendOrganizationInvitesCommand interface to define the bulk resend operation.
- Created BulkResendOrganizationInvitesCommand class to handle the logic for resending invites to multiple organization users.
- Integrated logging and validation to ensure only valid users receive invites.
- Included error handling for non-existent organizations and invalid user statuses.
* Add unit tests for BulkResendOrganizationInvitesCommand
- Implemented comprehensive test cases for the BulkResendOrganizationInvitesCommand class.
- Validated user statuses and ensured correct handling of valid and invalid users during bulk invite resends.
- Included tests for scenarios such as organization not found and empty user lists.
- Utilized Xunit and NSubstitute for effective testing and mocking of dependencies.
* Add IBulkResendOrganizationInvitesCommand to service collection
- Registered IBulkResendOrganizationInvitesCommand in the service collection for dependency injection.
* Update OrganizationUsersController to utilize IBulkResendOrganizationInvitesCommand
- Added IBulkResendOrganizationInvitesCommand to the OrganizationUsersController for handling bulk invite resends based on feature flag.
- Updated BulkReinvite method to conditionally use the new command or the legacy service based on the feature flag status.
- Enhanced unit tests to verify correct command usage depending on feature flag state, ensuring robust testing for both scenarios.
* Fix the license validation bug
* resolve the failing test
* fix the failing test
* Revert changes and Add the ui display fix
* remove empty spaces
* revert the changes on licensing file
* revert changes to the test signup
* Revert the org license file changes
* revert the empty spaces
* revert the empty spaces changes
* remove the empty spaces
* revert
* Remove the duplicate code
* Add the expire date fix for premium
* Fix the failing test
* Fix the lint error
* Adding SecretVersion table to server
* making the names singular not plural for new table
* removing migration
* fixing migration
* Adding indexes for serviceacct and orguserId
* indexes for sqllite
* fixing migrations
* adding indexes to secretVeriosn.sql
* tests
* removing tests
* adding GO
* api repository and controller additions for SecretVersion table, as well as tests
* test fix sqllite
* improvements
* removing comments
* making files nullable safe
* Justin Baurs suggested changes
* claude suggestions
* Claude fixes
* test fixes
