* Add validation for reset password key and account recovery enrollment in OrganizationUser
* Update admin approval logic to check account recovery enrollment and add tests for reset password key validation
* Enhance UserService validation to include account recovery enrollment and add unit test for empty or whitespace reset password key handling
* Refactor OrganizationUserUserDetailsQuery to validate reset password keys and add unit tests for filtering out invalid keys
* Update AdminRecoverAccountCommand to validate account recovery enrollment and adjust tests for whitespace reset password keys
* Enhance OrganizationUserRotationValidator to validate reset password keys, including filtering out whitespace-only keys, and add corresponding unit tests for validation logic.
* Refactor OrganizationUserUserDetailsQueryTests to remove unnecessary whitespace-only test cases for account recovery key validation.
* Refactor MemberResponseModel to use OrganizationUser's validation method for ResetPasswordEnrolled status and update corresponding unit test for clarity.
* Refactor OrganizationUsersController and response models to utilize OrganizationUser's validation method for ResetPasswordKey, ensuring consistent validation across the application. Add unit tests for OrganizationUser to verify key validation logic.
* Update OrganizationUserRotationValidator to handle null reset password keys and adjust tests for client-side bug. Add comments for future migration after resolving PM-31001.
* Fix whitespace issue in UserServiceTests.cs by removing BOM character from the file header.
* docs(billing): add design document for replacing SetupIntent cache
* docs(billing): add implementation plan for replacing SetupIntent cache
* feat(db): add gateway lookup stored procedures for Organization, Provider, and User
* feat(db): add gateway lookup indexes to Organization, Provider, and User table definitions
* chore(db): add SQL Server migration for gateway lookup indexes and stored procedures
* feat(repos): add gateway lookup methods to IOrganizationRepository and Dapper implementation
* feat(repos): add gateway lookup methods to IProviderRepository and Dapper implementation
* feat(repos): add gateway lookup methods to IUserRepository and Dapper implementation
* feat(repos): add EF OrganizationRepository gateway lookup methods and index configuration
* feat(repos): add EF ProviderRepository gateway lookup methods and index configuration
* feat(repos): add EF UserRepository gateway lookup methods and index configuration
* chore(db): add EF migrations for gateway lookup indexes
* refactor(billing): update SetupIntentSucceededHandler to use repository instead of cache
* refactor(billing): simplify StripeEventService by expanding customer on SetupIntent
* refactor(billing): query Stripe for SetupIntents by customer ID in GetPaymentMethodQuery
* refactor(billing): query Stripe for SetupIntents by customer ID in HasPaymentMethodQuery
* refactor(billing): update OrganizationBillingService to set customer on SetupIntent
* refactor(billing): update ProviderBillingService to set customer on SetupIntent and query by customer
* refactor(billing): update UpdatePaymentMethodCommand to set customer on SetupIntent
* refactor(billing): remove bank account support from CreatePremiumCloudHostedSubscriptionCommand
* refactor(billing): remove OrganizationBillingService.UpdatePaymentMethod dead code
* refactor(billing): remove ProviderBillingService.UpdatePaymentMethod
* refactor(billing): remove PremiumUserBillingService.UpdatePaymentMethod and UserService.ReplacePaymentMethodAsync
* refactor(billing): remove SubscriberService.UpdatePaymentSource and related dead code
* refactor(billing): update SubscriberService.GetPaymentSourceAsync to query Stripe by customer ID
Add Task 15a to plan - this was a missed requirement for updating
GetPaymentSourceAsync which still used the cache.
* refactor(billing): complete removal of PremiumUserBillingService.Finalize and UserService.SignUpPremiumAsync
* refactor(billing): remove ISetupIntentCache and SetupIntentDistributedCache
* chore: remove temporary planning documents
* chore: run dotnet format
* fix(billing): add MaxLength(50) to Provider gateway ID properties
* chore(db): add EF migrations for Provider gateway column lengths
* chore: run dotnet format
* chore: rename SQL migration for chronological order
* Initial implementation of new policy query
* Remove unused using
* Adjusts method name to better match repository method
* Correct namespace
* Initial refactor of policy loading
* Add xml doc, incorporate shim data model
* Updates usages to reflect new shim model
* Prune extranneous data from policy detail response model, format code
* Fix broken test, delete inapplicable test
* Adds test cases covering query
* Adjust codebase to use new PolicyQueryçˆ
* Format code
* Fix incorrect mock on test
* Fix formatting
* Adjust method name
* More naming adjustments
* Add PolicyData constructor, update test usages
* Rename PolicyData -> PolicyStatus
* Remove unused using
* Updated organization licenses to save the correct values from the token
* Added additional test cases around licenses
* Added missing properties from Organization to UpdateOrganizationLicenseCommand.UpdateLicenseAsync()
* Add tests to validate license property synchronization pipeline
* `dotnet format`
* feat(global-settings) [PM-20109]: Add WebAuthN global settings.
* feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings.
* test(webauthn) [PM-20109]: Update command tests to use global configs.
* feat(global-settings) [PM-20109]: Set defaults for maximum allowed credentials.
* feat(two-factor-request-model) [PM-20109]: Remove hard-coded 5 limit on ID validation.
* Revert "test(webauthn) [PM-20109]: Update command tests to use global configs."
This reverts commit ba9f0d5fb6.
* Revert "feat(webauthn) [PM-20109]: Update maximum allowed WebAuthN credentials to use new settings."
This reverts commit d2faef0c13.
* feat(global-settings) [PM-20109]: Add WebAuthNSettings to interface for User Service consumption.
* feat(user-service) [PM-20109]: Add boundary and persistence-time validation for maximum allowed WebAuthN 2FA credentials.
* test(user-service) [PM-20109]: Update tests for WebAuthN limit scenarios.
* refactor(user-service) [PM-20109]: Typo in variable name.
* refactor(user-service) [PM-20109]: Remove unnecessary pending check.
* refactor(user-service) [PM-20109]: Pending check is necessary.
* refactor(webauthn) [PM-20109]: Re-spell WebAuthN => WebAuthn.
* refactor(user-service) [PM-20109]: Re-format pending checks for consistency.
* refactor(user-service) [PM-20109]: Fix type spelling in comments.
* test(user-service) [PM-20109]: Combine premium and non-premium test cases with AutoData.
* refactor(user-service) [PM-20109]: Swap HasPremiumAccessQuery in for CanAccessPremium.
* refactor(user-service) [PM-20109]: Convert limit check to positive, edit comments.
* account v2 registration for key connector
* use new user repository functions
* test coverage
* integration test coverage
* documentation
* code review
* missing test coverage
* fix failing test
* failing test
* incorrect ticket number
* moved back request model to Api, created dedicated data class in Core
* sql stored procedure type mismatch, simplification
* key connector authorization handler
* Removed 2FA user interface from premium method signatures
* Added some more comments for clarity and small touchups.
* Add PremiumAccessCacheCheck feature flag to Constants.cs
* Add IPremiumAccessQuery interface and PremiumAccessQuery implementation for checking user premium access status
* Add unit tests for PremiumAccessQuery to validate user premium access logic
* Add XML documentation to Premium in OrganizationUserUserDetails and User classes
* Add PremiumAccessQueries to UserServiceCollectionExtensions
* Refactor TwoFactorIsEnabledQuery to incorporate PremiumAccessQuery and feature flag for premium access checks. Enhanced user premium status retrieval logic and improved handling of user details based on feature flag state.
* Mark methods in IUserRepository and IUserService as obsolete, directing users to new methods in IPremiumAccessQuery for premium access checks.
* Rename CanAccessPremiumBulkAsync to CanAccessPremiumAsync in IPremiumAccessQuery
* Update TwoFactorIsEnabledQuery to use CanAccessPremiumAsync for premium status checks
* Refactor TwoFactorIsEnabledQuery to introduce VNextAsync methods for improved premium access checks and user detail handling. Removed obsolete feature service dependency and enhanced test coverage for new functionality.
* Refactor IPremiumAccessQuery and PremiumAccessQuery to remove the overloaded CanAccessPremiumAsync method. Update related methods to streamline premium access checks using the User object directly. Enhance test coverage by removing obsolete tests and ensuring proper functionality with the new method signatures.
* Add new sync static method to determine if TwoFactor is enabled
* Enhance XML documentation for Premium property in OrganizationUserUserDetails and User classes to clarify its usage and limitations regarding personal and organizational premium access.
* Refactor IPremiumAccessQuery and PremiumAccessQuery to replace User parameter with Guid for user ID in CanAccessPremiumAsync methods. Update related methods and tests to streamline premium access checks and improve clarity in method signatures.
* Update feature flag references in IUserRepository and IUserService to use 'PremiumAccessQuery' instead of 'PremiumAccessCacheCheck'. Adjust related XML documentation for clarity on premium access methods.
* Rename IPremiumAccessQuery to IHasPremiumAccessQuery and move to Billing owned folder
* Remove unnecessary whitespace from IHasPremiumAccessQuery interface.
* Refactor HasPremiumAccessQuery to throw NotFoundException for null users
* Add NotFoundException handling in HasPremiumAccessQuery for mismatched user counts
* Refactor TwoFactorIsEnabledQuery to optimize premium access checks and improve two-factor provider handling. Introduced bulk fetching of premium status for users with only premium providers and streamlined the logic for determining if two-factor authentication is enabled.
* Refactor TwoFactorIsEnabledQueryTests to enhance clarity and optimize test scenarios. Consolidated test cases for two-factor authentication, improved naming conventions, and ensured premium access checks are only performed when necessary.
* Add UserPremiumAccess model to represent user premium access status from personal subscriptions and memberships
* Add User_ReadPremiumAccessByIds stored procedure and UserPremiumAccessView view to enhance premium access retrieval. Updated Organization table index to include UsersGetPremium for optimized queries.
* Add SQL migration script
* Add premium access retrieval methods to IUserRepository and implementations in UserRepository classes. Introduced GetPremiumAccessByIdsAsync and GetPremiumAccessAsync methods to fetch premium status for multiple users and a single user, respectively. Updated using directives to include necessary models.
* Refactor HasPremiumAccessQuery and IHasPremiumAccessQuery to streamline premium access checks. Updated method names for clarity and improved documentation. Adjusted test cases to reflect changes in user premium access retrieval logic.
* Update IUserRepository to reflect new method names for premium access retrieval. Changed obsolete method messages to point to GetPremiumAccessByIdsAsync and GetPremiumAccessAsync. Added internal use notes for IHasPremiumAccessQuery. Improved documentation for clarity.
* Refactor TwoFactorIsEnabledQuery to utilize IFeatureService for premium access checks.
* Enhance EF UserRepository to improve premium access retrieval by including related organization data.
* Add unit tests for premium access retrieval in UserRepositoryTests.
* Optimize HasPremiumAccessQuery to eliminate duplicate user IDs before checking premium access. Updated logic to ensure accurate comparison of premium users against distinct user IDs.
* Refactor TwoFactorIsEnabledQuery to improve handling of users without two-factor providers. Added early exit for users lacking providers and streamlined premium status checks for enabled two-factor authentication.
* Update HasPremiumAccessQueryTests to use simplified exception handling and improve test clarity
* Replaced fully qualified exception references with simplified ones.
* Refactored test setup to use individual user variables for better readability.
* Ensured assertions reflect the updated user variable structure.
* Enhance TwoFactorIsEnabledQuery to throw NotFoundException for non-existent users
* Updated TwoFactorIsEnabledQuery to throw NotFoundException when a user is not found instead of returning false.
* Added a new unit test to verify that the NotFoundException is thrown when a user is not found while premium access query is enabled.
* Move premium access query to Billing owned ServiceCollectionExtensions
* Refactor IUserService to enhance premium access checks
* Updated CanAccessPremium and HasPremiumFromOrganization methods to clarify usage with the new premium access query.
* Integrated IHasPremiumAccessQuery into UserService for improved premium access handling based on feature flag.
* Adjusted method documentation to reflect changes in premium access logic.
* Update IUserRepository to clarify usage of premium access methods
* Modified Obsolete attribute messages for GetManyWithCalculatedPremiumAsync and GetCalculatedPremiumAsync to indicate that callers should use the new methods when the 'PremiumAccessQuery' feature flag is enabled.
* Enhanced documentation to improve clarity regarding premium access handling.
* Update IUserRepository and IUserService to clarify deprecation of premium access methods
* Modified Obsolete attribute messages for GetManyWithCalculatedPremiumAsync and GetCalculatedPremiumAsync in IUserRepository to indicate these methods will be removed in a future version.
* Updated Obsolete attribute message for HasPremiumFromOrganization in IUserService to reflect the same deprecation notice.
* Refactor TwoFactorIsEnabledQuery to streamline user ID retrieval
* Consolidated user ID retrieval logic to avoid redundancy.
* Ensured consistent handling of user ID checks for premium access queries.
* Improved code readability by reducing duplicate code blocks.
* Rename migration script to fix the date
* Update migration script to create the index with DROP_EXISTING = ON
* Refactor UserPremiumAccessView to use LEFT JOINs and GROUP BY for improved performance and clarity
* Update HasPremiumAccessQueryTests to return null for GetPremiumAccessAsync instead of throwing NotFoundException
* Add unit tests for premium access scenarios in UserRepositoryTests
- Implement tests for GetPremiumAccessAsync to cover various user and organization premium access combinations.
- Validate behavior when users belong to multiple organizations, including cases with and without premium access.
- Update email generation for user creation to ensure uniqueness without specific prefixes.
- Enhance assertions to verify expected premium access results across different test cases.
* Bump date on migration script
* Update OrganizationEntityTypeConfiguration to include UsersGetPremium in index properties
* Add migration scripts for OrganizationUsersGetPremiumIndex across MySQL, PostgreSQL, and SQLite
- Introduced new migration files to create the OrganizationUsersGetPremiumIndex.
- Updated the DatabaseContextModelSnapshot to include UsersGetPremium in index properties for all database types.
- Ensured consistency in index creation across different database implementations.
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* move billing services+tests to billing namespaces
* reorganized methods in file and added comment headers
* renamed StripeAdapter methods for better clarity
* clean up redundant qualifiers
* Upgrade Stripe.net to v48.4.0
* Update PreviewTaxAmountCommand
* Remove unused UpcomingInvoiceOptionExtensions
* Added SubscriptionExtensions with GetCurrentPeriodEnd
* Update PremiumUserBillingService
* Update OrganizationBillingService
* Update GetOrganizationWarningsQuery
* Update BillingHistoryInfo
* Update SubscriptionInfo
* Remove unused Sql Billing folder
* Update StripeAdapter
* Update StripePaymentService
* Update InvoiceCreatedHandler
* Update PaymentFailedHandler
* Update PaymentSucceededHandler
* Update ProviderEventService
* Update StripeEventUtilityService
* Update SubscriptionDeletedHandler
* Update SubscriptionUpdatedHandler
* Update UpcomingInvoiceHandler
* Update ProviderSubscriptionResponse
* Remove unused Stripe Subscriptions Admin Tool
* Update RemoveOrganizationFromProviderCommand
* Update ProviderBillingService
* Update RemoveOrganizatinoFromProviderCommandTests
* Update PreviewTaxAmountCommandTests
* Update GetCloudOrganizationLicenseQueryTests
* Update GetOrganizationWarningsQueryTests
* Update StripePaymentServiceTests
* Update ProviderBillingControllerTests
* Update ProviderEventServiceTests
* Update SubscriptionDeletedHandlerTests
* Update SubscriptionUpdatedHandlerTests
* Resolve Billing test failures
I completely removed tests for the StripeEventService as they were using a system I setup a while back that read JSON files of the Stripe event structure. I did not anticipate how frequently these structures would change with each API version and the cost of trying to update these specific JSON files to test a very static data retrieval service far outweigh the benefit.
* Resolve Core test failures
* Run dotnet format
* Remove unused provider migration
* Fixed failing tests
* Run dotnet format
* Replace the old webhook secret key with new one (#6223)
* Fix compilation failures in additions
* Run dotnet format
* Bump Stripe API version
* Fix recent addition: CreatePremiumCloudHostedSubscriptionCommand
* Fix new code in main according to Stripe update
* Fix InvoiceExtensions
* Bump SDK version to match API Version
* cleanup
* fixing items missed after the merge
* use expression body for all simple returns
* forgot fixes, format, and pr feedback
* claude pr feedback
* pr feedback and cleanup
* more claude feedback
---------
Co-authored-by: Alex Morask <amorask@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Removed 2FA user interface from premium method signatures
* Added some more comments for clarity and small touchups.
* Suggested documentation updates.
---------
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response
* Implement support for authentication data and unlock data in kdf change
* Extract to kdf command and add tests
* Fix namespace
* Delete empty file
* Fix build
* Clean up tests
* Fix tests
* Add comments
* Cleanup
* Cleanup
* Cleanup
* Clean-up and fix build
* Address feedback; force new parameters on KDF change request
* Clean-up and add tests
* Re-add logger
* Update logger to interface
* Clean up, remove Kdf Request Model
* Remove kdf request model tests
* Fix types in test
* Address feedback to rename request model and re-add tests
* Fix namespace
* Move comments
* Rename InnerKdfRequestModel to KdfRequestModel
---------
Co-authored-by: Maciej Zieniuk <mzieniuk@bitwarden.com>
* [PM-25088] add feature flag for new premium subscription flow
* [PM-25088] refactor premium endpoint
* forgot the punctuation change in the test
* [PM-25088] - pr feedback
* [PM-25088] - pr feedback round two
* Moved license models to billing
* Moved LicensingService to billing
* Moved license command and queries to billing
* Moved LicenseController to billing
* Avoid multiple lookups in dictionaries
* Consistency in fallback to empty CollectionIds
* Readability at the cost of lines changed
* Readability
* Changes after running dotnet format
* Remove gathering and reporting of ReferenceEvents
* Fix test that relied on reference events throwing
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add RequireTwoFactorPolicyRequirement and its factory with unit tests
* Implemented RequireTwoFactorPolicyRequirement to enforce two-factor authentication policies.
* Created RequireTwoFactorPolicyRequirementFactory to generate policy requirements based on user status.
* Added unit tests for the factory to validate behavior with various user statuses and policy details.
* Enhance AcceptOrgUserCommand to use IPolicyRequirementQuery for two-factor authentication validation
* Update ConfirmOrganizationUserCommand to use RequireTwoFactorPolicyRequirement to check for 2FA requirement
* Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling.
* Refactor AcceptOrgUserCommand to enforce two-factor authentication policy based on feature flag; update validation logic and tests accordingly.
* Enhance ConfirmOrganizationUserCommand to validate two-factor authentication policy based on feature flag; refactor validation logic and update related tests for improved policy handling.
* Remove unused method and its dependencies from OrganizationService.
* Implement CanBeRestored method in RequireTwoFactorPolicyRequirement to determine user restoration eligibility based on two-factor authentication status; add corresponding unit tests for various scenarios.
* Update RestoreOrganizationUserCommand to use IPolicyRequirementQuery for two-factor authentication policies checks
* Remove redundant vNext tests
* Add TwoFactorPoliciesForActiveMemberships property to RequireTwoFactorPolicyRequirement and corresponding unit tests for policy retrieval based on user status
* Refactor UserService to integrate IPolicyRequirementQuery for two-factor authentication policy checks
* Add XML documentation for TwoFactorPoliciesForActiveMemberships property in RequireTwoFactorPolicyRequirement to clarify its purpose and return value.
* Add exception documentation for ValidateTwoFactorAuthenticationPolicyAsync method in ConfirmOrganizationUserCommand to clarify error handling for users without two-step login enabled.
* Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify handling of two-step login and 2FA policy checks.
* Add RequireTwoFactorPolicyRequirementFactory to PolicyServiceCollectionExtensions
* Refactor two-factor authentication policy checks in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline validation logic and improve clarity. Update RequireTwoFactorPolicyRequirement to provide a method for checking if two-factor authentication is required for an organization. Adjust related unit tests accordingly.
* Add PolicyRequirements namespace
* Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify two-factor authentication policy requirements and exception handling.
* Refactor RequireTwoFactorPolicyRequirement to return tuples of (OrganizationId, OrganizationUserId) for active memberships requiring two-factor authentication. Update UserService and related tests to reflect this change.
* Refactor AcceptOrgUserCommand: delegate feature flag check to the ValidateTwoFactorAuthenticationPolicyAsync method
* Skip policy check if two-step login is enabled for the user
* Refactor ConfirmOrganizationUserCommand to streamline two-factor authentication policy validation logic
* Refactor AcceptOrgUserCommand to simplify two-factor authentication check by removing intermediate variable
* Update documentation in RequireTwoFactorPolicyRequirement to clarify the purpose of the IsTwoFactorRequiredForOrganization
* Refactor AcceptOrgUserCommandTests to remove redundant two-factor authentication checks and simplify test setup
* Refactor AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline two-factor authentication checks by removing redundant conditions and simplifying logic flow.
* Rename removeOrgUserTasks variable in UserService
* Refactor RestoreOrganizationUserCommand to simplify two-factor authentication compliance checks by consolidating logic into a new method, IsTwoFactorRequiredForOrganizationAsync.
* Remove outdated two-factor authentication validation documentation from AcceptOrgUserCommand
* Invert two-factor compliance check in RestoreOrganizationUserCommand to ensure correct validation of organization user policies.
* Refactor UserService to enhance two-factor compliance checks by optimizing organization retrieval and logging when no organizations require two-factor authentication.
* [NO LOGIC] [PM-21104] Organize Core.Billing tax code
* Add PreviewTaxAmountCommand and expose through TaxController
* Add PreviewTaxAmountCommandTests
* Run dotnet format
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file.
* fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery
* fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery.
* fix: return two factor provider enabled on CanGenerate() method.
* tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled.
* tech debt: removed unused service from AuthenticatorTokenProvider
* doc: added documentation to ITwoFactorProviderUsers
* doc: updated comments for TwoFactorIsEnabled impl
* test: fixing tests for ITwoFactorIsEnabledQuery
* test: updating tests to have correct DI and removing test for automatic email of TOTP.
* test: adding better test coverage
* Renamed ManagedUserDomainClaimedEmails to ClaimedUserDomainClaimedEmails
* Renamed method to improve clarity and consistency.
Replaced `ValidateManagedUserDomainAsync` with `ValidateClaimedUserDomainAsync`.
* Rename `GetOrganizationsManagingUserAsync` to `GetOrganizationsClaimingUserAsync`.
This renaming clarifies the function's purpose, aligning its name with the concept of "claiming" rather than "managing" user associations.
* Refactor variable naming in ValidateClaimedUserDomainAsync
* Managed to claimed
* Managed to claimed
* Managed to claimed
* Managing to Claiming
* Managing to Claiming
* Managing to Claiming
* Managing to Claiming
* Renamed DeleteManagedOrganizationUserAccountCommand to DeleteClaimedOrganizationUserAccountCommand
* Renamed IDeleteManagedOrganizationUserAccountCommand to IDeleteClaimedOrganizationUserAccountCommand
* Updated variable name
* IsManagedBy to IsClaimedBy
* Created new property. obsoleted old property and wired up for backward compatibility.
* More Managed to Claimed renames.
* Managed to Claimed
* Fixing tests... 🤦
* Got the rest of em
* missed the test 🤦
* fixed test.
* feat(newDeviceVerification) : Initial update to email
* fix : email copying over extra whitespace when using keyboard short cuts
* test : Fixing tests for new device verificaiton email format
* Fix two-factor authentication revocation logic and update related tests
* Refine test for RevokeNonCompliantOrganizationUserCommand to assert single user revocation
* feat(NewDeviceVerification) :
- Added constant to constants in Bit.Core because the cache key format needs to be shared between the Identity Server and the MVC project Admin.
- Updated DeviceValidator class to handle checking cache for user information to allow pass through.
- Updated and Added tests to handle new flow.
- Adding exception flow to admin project. Added tests for new methods in UserService.
* chore: set up a `CODEOWNERS` space for platform
* chore: move sql objects for `Installation` to platform's domain
* chore: move `Installation` and `PushRelay` code to platform's domain
feat(NewDeviceVerification): Added a resend new device OTP endpoint and method for the IUserService as well as wrote test for new methods for the user service.
* Added the ability to create a JWT on an organization license that contains all license properties as claims
* Added the ability to create a JWT on a user license that contains all license properties as claims
* Added ability to consume JWT licenses
* Resolved generic type issues when getting claim value
* Now validating the jwt signature, exp, and iat
* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert
* Ran dotnet format. Resolved identity error
* Updated claim types to use string constants
* Updated jwt expires to be one year
* Fixed bug requiring email verification to be on the token
* dotnet format
* Patch build process
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Add check for managed user before purging account
* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel
* Rename the property ManagesActiveUser to UserIsManagedByOrganization
* Remove whole class #nullable enable and add it to specific places
* [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address
* Remove unnecessary .ToList()
* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable
* Prevent deletion of accounts managed by an organization when Account Deprovisioning is enabled
* Add CannotDeleteManagedAccountViewModel and email templates
- Added CannotDeleteManagedAccountViewModel class to handle emails related to preventing deletion of accounts managed by an organization.
- Added HTML and text email templates for sending notifications about the inability to delete an account owned by an organization.
- Updated IMailService interface with a new method to send the cannot delete managed account email.
- Implemented the SendCannotDeleteManagedAccountEmailAsync method in HandlebarsMailService.
- Added a check in UserService to send the cannot delete managed account email if the user is managed by any organization.
- Added a no-op implementation for SendCannotDeleteManagedAccountEmailAsync in NoopMailService.
* Update error message when unable to purge vault for managed account
* Update error message when unable to change email for managed account
* Update error message when unable to delete account when managed by organization
* Update error message in test for deleting organization-owned accounts
* Add check for managed user before purging account
* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel
* Rename the property ManagesActiveUser to UserIsManagedByOrganization
* Remove whole class #nullable enable and add it to specific places
* Remove unnecessary .ToList()
* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable
* Update error message when unable to purge vault for managed account
* Add HasConfirmedOwnersExceptQuery class, interface and unit tests
* Register IHasConfirmedOwnersExceptQuery for dependency injection
* Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery
* Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery
* Fix unit tests
* Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests
* Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests
* Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser
* Refactor RemoveOrganizationUserCommandTests to use more descriptive method names
* Refactor controller actions to accept Guid directly instead of parsing strings
* Add unit tests for removing OrganizationUser by UserId
* Refactor remove OrganizationUser by UserId method
* Add summary to IHasConfirmedOwnersExceptQuery
