* User V2UpgradeToken for key rotation without logout
* reset old v2 upgrade token on manual key rotation
* sql migration fix
* missing table column
* missing view update
* tests for V2UpgradeToken clearing on manual key rotation
* V2 to V2 rotation causes logout. Updated wrapped key 1 to be a valid V2 encrypted string in tests.
* integration tests failures - increase assert recent for date time type from 2 to 5 seconds (usually for UpdatedAt assertions)
* repository test coverage
* migration script update
* new EF migration scripts
* broken EF migration scripts fixed
* refresh views due to User table alternation
* add folders and favorites when sharing a cipher
* refactor folders and favorites assignment to consider existing folders/favorite assignments on a cipher
* remove unneeded string manipulation
* remove comment
* add unit test for folder/favorite sharing
* add migration for sharing a cipher to org and collect reprompt, favorite and folders
* update date timestamp of migration
* Remove feature flag and move StaticStore plans to MockPlans for tests
* Remove old plan models / move sponsored plans out of StaticStore
* Run dotnet format
* Add pricing URI to Development appsettings for local development and integration tests
* Updated Api Integration tests to get current plan type
* Run dotnet format
* Fix failing tests
* Update ProviderUserOrganizationDetailsView to include SSO configuration data
* Updated the ProviderUserOrganizationDetailsViewQuery to join with SsoConfigs and select SSO-related fields.
* Modified the SQL view to reflect the inclusion of SSO configuration data.
* Added a new migration script for the updated view structure.
* Add SSO configuration properties to ProviderUserOrganizationDetails model
* Add SSO configuration handling to ProfileProviderOrganizationResponseModel
* Introduced properties for SSO configuration, including SSO enabled status and KeyConnector details.
* Implemented deserialization of SSO configuration data to populate new fields in the response model.
* Add integration tests for ProviderUserRepository.GetManyOrganizationDetailsByUserAsync
* Add BaseUserOrganizationDetails model to encapsulate common properties
* Introduced a new abstract class to define shared properties for organization users and provider organization users
* Add BaseProfileOrganizationResponseModel to encapsulate organization response properties
* Introduced a new abstract class that ensures all properties are fully populated for profile organization responses.
* Update ProviderUserOrganizationDetailsViewQuery to include missing ProviderUserId
* Refactor OrganizationUserOrganizationDetails and ProviderUserOrganizationDetails to inherit from BaseUserOrganizationDetails
* Updated both models to extend BaseUserOrganizationDetails, promoting code reuse and ensure they have the same base properties
* Refactor ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel to inherit from BaseProfileOrganizationResponseModel
* Refactor ProviderUserRepositoryTests to improve organization detail assertions
* Consolidated assertions for organization details into a new method, AssertProviderOrganizationDetails, enhancing code readability and maintainability.
* Updated test cases to verify all relevant properties for organizations with and without SSO configurations.
* Add integration test for GetManyDetailsByUserAsync to verify SSO properties
* Implemented a new test case to ensure that the SSO properties are correctly populated for organizations with and without SSO configurations.
* The test verifies the expected behavior of the method when interacting with the user and organization repositories, including cleanup of created entities after the test execution.
* Add unit tests for ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel
* Introduced tests to validate the constructors of ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel, ensuring that all properties are populated correctly based on the provided organization details.
* Verified expected behavior for both organization and provider models, including SSO configurations and relevant properties.
* Update SyncControllerTests.Get_ProviderPlanTypeProperlyPopulated to nullify SSO configurations in provider user organization details
* Refactor BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel for null safety
Updated properties in BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel to support null safety by introducing nullable types where appropriate.
* Enhance null safety in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails
Updated properties in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails to support null safety by introducing nullable types where appropriate, ensuring better handling of potential null values.
* Move common properties from ProfileOrganizationResponseModel to BaseProfileOrganizationResponseModel
* Refactor organization details: Remove BaseUserOrganizationDetails and introduce IProfileMemberOrganizationDetails interface for improved structure and clarity in organization user data management.
* Enhance OrganizationUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface
* Refactor ProviderUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface
* Refactor ProfileOrganizationResponseModelTests and ProfileProviderOrganizationResponseModelTests: Update constructors to utilize Organization and ProviderUserOrganizationDetails, enhancing property population and test coverage.
* Enhance ProviderUserOrganizationDetails: Add UseResetPassword, UseSecretsManager, and UsePasswordManager properties to the query and SQL views
* Update BaseProfileOrganizationResponseModel documentation: Clarify purpose and usage of organization properties for OrganizationUsers and ProviderUsers.
* Rename ProfileOrganizationResponseModel to ProfileMemberOrganizationResponseModel, update references and update related test names
* Add XML documentation for ProfileMemberOrganizationResponseModel and ProfileProviderOrganizationResponseModel to clarify their purpose and relationships
* Remove unnecessary cleanup code from OrganizationUserRepositoryTests
* Remove unnecessary cleanup code from ProviderUserRepositoryTests
* Rename test method in ProviderUserRepositoryTests to improve clarity on property population
* Add CreateFullOrganization method to ProviderUserRepositoryTests for improved organization setup in tests
* Refactor organization creation in tests to use CreateTestOrganizationAsync for consistency and improved setup
* Rename IProfileMemberOrganizationDetails to IProfileOrganizationDetails
* Rename ProfileMemberOrganizationResponseModel back to ProfileOrganizationResponseModel
* Refactor organization response models to remove Family Sponsorship properties from BaseProfileOrganizationResponseModel and reintroduce them in ProfileOrganizationResponseModel. Update related interfaces and tests accordingly.
* Bump date on migration script
* Update OrganizationUserOrganizationDetailsViewQuery to include UseAutomaticUserConfirmation property
* prevent users from sharing an archived cipher
* move check outside of encrypted check
* add check for cipher stored in the DB does not have an archive date
* Implement unit tests for PostPurge method in CiphersController to handle various scenarios
* Refactor PostPurge method in CiphersController to use Guid for organizationId parameter and update related unit tests
* Refactor PostPurge method in CiphersController to skip checking if user is claimed if its purging the org vault
* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response
* Added UserDecryption with MasterPasswordUnlock as part of /sync response
* Refactor CiphersController and related tests by removing unused IFeatureService dependency and associated feature flag checks. Cleaned up tests to reflect these changes, ensuring they focus on manage permissions without reliance on feature flags.
* Refactor CipherService and related tests by removing feature flag checks for item deletion permissions. Updated tests to focus on user manage permissions without reliance on feature flags, ensuring cleaner and more maintainable code.
* Enhance CiphersControllerTests by adding user retrieval and organization ability checks. Updated test cases to ensure proper handling of item deletion permissions based on user roles and organization settings, improving test coverage and reliability.
* use ToCipher instead of casting
* return ListResponseModel
* fix test
* remove ToArray
* have ShareManyAsync return CipherDetails
* fix test
* fix tests
* fix test
* fix test
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file.
* fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery
* fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery.
* fix: return two factor provider enabled on CanGenerate() method.
* tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled.
* tech debt: removed unused service from AuthenticatorTokenProvider
* doc: added documentation to ITwoFactorProviderUsers
* doc: updated comments for TwoFactorIsEnabled impl
* test: fixing tests for ITwoFactorIsEnabledQuery
* test: updating tests to have correct DI and removing test for automatic email of TOTP.
* test: adding better test coverage
* Implement enhanced cipher deletion and restore permissions with feature flag support
- Add new method `CanDeleteOrRestoreCipherAsAdminAsync` in CiphersController
- Update NormalCipherPermissions to support more flexible cipher type checking
- Modify CipherService to use new permission checks with feature flag
- Refactor test methods to support new permission logic
- Improve authorization checks for organization cipher management
* Refactor cipher methods to use CipherDetails and simplify type handling
- Update CiphersController to use GetByIdAsync with userId
- Modify NormalCipherPermissions to remove unnecessary type casting
- Update ICipherService and CipherService method signatures to use CipherDetails
- Remove redundant type checking in CipherService methods
- Improve type consistency in cipher-related operations
* Enhance CiphersControllerTests with detailed permission and feature flag scenarios
- Add test methods for DeleteAdmin with edit and manage permission checks
- Implement tests for LimitItemDeletion feature flag scenarios
- Update test method names to reflect more precise permission conditions
- Improve test coverage for admin cipher deletion with granular permission handling
* Add comprehensive test coverage for admin cipher restore operations
- Implement test methods for PutRestoreAdmin and PutRestoreManyAdmin
- Add scenarios for owner and admin roles with LimitItemDeletion feature flag
- Cover permission checks for manage and edit permissions
- Enhance test coverage for single and bulk cipher restore admin operations
- Verify correct invocation of RestoreAsync and RestoreManyAsync methods
* Refactor CiphersControllerTests to remove redundant assertions and mocking
- Remove unnecessary assertions for null checks
- Simplify mocking setup for cipher repository and service methods
- Clean up redundant type and data setup in test methods
- Improve test method clarity by removing extraneous code
* Add comprehensive test coverage for cipher restore, delete, and soft delete operations
- Implement test methods for RestoreAsync with org admin override and LimitItemDeletion feature flag
- Add scenarios for checking manage and edit permissions during restore operations
- Extend test coverage for DeleteAsync with similar permission and feature flag checks
- Enhance SoftDeleteAsync tests with org admin override and permission validation
- Improve test method names to reflect precise permission conditions
* Add comprehensive test coverage for cipher restore, delete, and soft delete operations
- Extend test methods for RestoreManyAsync with various permission scenarios
- Add test coverage for personal and organization ciphers in restore operations
- Implement tests for RestoreManyAsync with LimitItemDeletion feature flag
- Add detailed test scenarios for delete and soft delete operations
- Improve test method names to reflect precise permission and feature flag conditions
* Refactor authorization checks in CiphersController to use All() method for improved readability
* Refactor filtering of ciphers in CipherService to streamline organization ability checks and improve readability
* Add comprehensive test coverage for CipherService restore, delete, and soft delete methods
* Add comprehensive admin cipher management tests for CiphersController
* Enhance CiphersController admin methods with comprehensive test coverage
- Add tests for provider user scenarios in admin cipher management methods
- Implement tests for custom user with edit any collection permissions
- Add test coverage for RestrictProviderAccess feature flag
- Improve test scenarios for delete, soft delete, and restore operations
* Refactor CiphersControllerTests to simplify and optimize test methods
* Optimize CiphersControllerTests with code cleanup and test method improvements
* Extend CiphersControllerTests to support Admin and Owner roles
* Add test cases for custom user cipher admin operations with EditAnyCollection permission checks
- Extend CiphersControllerTests with scenarios for custom users without EditAnyCollection permission
- Add test methods to verify NotFoundException is thrown when EditAnyCollection is false
- Cover delete, soft delete, and restore operations for single and bulk cipher admin actions
* Enhance CiphersControllerTests with granular access permission scenarios
- Add test methods for admin and owner roles with specific cipher access scenarios
- Implement tests for accessing specific and unassigned ciphers
- Extend test coverage for delete, soft delete, and restore operations
- Improve test method naming for clarity and precision
* Add bulk admin cipher delete and soft delete tests for specific and unassigned ciphers
- Implement test methods for DeleteManyAdmin and PutDeleteManyAdmin
- Cover scenarios for owner and admin roles with access to specific and unassigned ciphers
- Verify correct invocation of DeleteManyAsync and SoftDeleteManyAsync methods
- Enhance test coverage for bulk cipher admin operations
* Add Manage permission to UserCipherDetails and CipherDetails_ReadByIdUserId
* Add Manage property to CipherDetails and UserCipherDetailsQuery
* Add integration test for CipherRepository Manage permission rules
* Update CipherDetails_ReadWithoutOrganizationsByUserId to include Manage permission
* Refactor UserCipherDetailsQuery to include detailed permission and organization properties
* Refactor CipherRepositoryTests to improve test organization and readability
- Split large test method into smaller, focused methods
- Added helper methods for creating test data and performing assertions
- Improved test coverage for cipher permissions in different scenarios
- Maintained existing test logic while enhancing code structure
* Refactor CipherRepositoryTests to consolidate cipher permission tests
- Removed redundant helper methods for permission assertions
- Simplified test methods for GetCipherPermissionsForOrganizationAsync, GetManyByUserIdAsync, and GetByIdAsync
- Maintained existing test coverage for cipher manage permissions
- Improved code readability and reduced code duplication
* Add integration test for CipherRepository group collection manage permissions
- Added new test method GetCipherPermissionsForOrganizationAsync_ManageProperty_RespectsCollectionGroupRules
- Implemented helper method CreateCipherInOrganizationCollectionWithGroup to support group-based collection permission testing
- Verified manage permissions are correctly applied based on group collection access settings
* Add @Manage parameter to Cipher stored procedures
- Updated CipherDetails_Create, CipherDetails_CreateWithCollections, and CipherDetails_Update stored procedures
- Added @Manage parameter with comment "-- not used"
- Included new stored procedure implementations in migration script
- Consistent with previous work on adding Manage property to cipher details
* Update UserCipherDetails functions to reorder Manage and ViewPassword columns
* [PM-18086] Add CanRestore and CanDelete authorization methods.
* [PM-18086] Address code review feedback.
* [PM-18086] Add missing part.
* [PM-18087] Add CipherPermissionsResponseModel for cipher permissions
* Add GetManyOrganizationAbilityAsync method to application cache service
* Add organization ability context to cipher response models
This change introduces organization ability context to various cipher response models across multiple controllers. The modifications include:
- Updating CipherResponseModel to include permissions based on user and organization ability
- Modifying CiphersController methods to fetch and pass organization abilities
- Updating SyncController to include organization abilities in sync response
- Adding organization ability context to EmergencyAccessController response generation
* Remove organization ability context from EmergencyAccessController
This change simplifies the EmergencyAccessController by removing unnecessary organization ability fetching and passing. Since emergency access only retrieves personal ciphers, the organization ability context is no longer needed in the response generation.
* Remove unused IApplicationCacheService from EmergencyAccessController
* Refactor EmergencyAccessViewResponseModel constructor
Remove unnecessary JsonConstructor attribute and simplify constructor initialization for EmergencyAccessViewResponseModel
* Refactor organization ability retrieval in CiphersController
Extract methods to simplify organization ability fetching for ciphers, reducing code duplication and improving readability. Added two private helper methods:
- GetOrganizationAbilityAsync: Retrieves organization ability for a single cipher
- GetManyOrganizationAbilitiesAsync: Retrieves organization abilities for multiple ciphers
* Update CiphersControllerTests to use GetUserByPrincipalAsync
Modify test methods to:
- Replace GetProperUserId with GetUserByPrincipalAsync
- Use User object instead of separate userId
- Update mocking to return User object
- Ensure user ID is correctly set in test scenarios
* Refactor CipherPermissionsResponseModel to use constructor-based initialization
* Refactor CipherPermissionsResponseModel to use record type and init-only properties
* [PM-18086] Undo files
* [PM-18086] Undo files
* Refactor organization abilities retrieval in cipher-related controllers and models
- Update CiphersController to use GetOrganizationAbilitiesAsync instead of individual methods
- Modify CipherResponseModel and CipherDetailsResponseModel to accept organization abilities dictionary
- Update CipherPermissionsResponseModel to handle organization abilities lookup
- Remove deprecated organization ability retrieval methods
- Simplify sync and emergency access response model handling of organization abilities
* Remove GetManyOrganizationAbilityAsync method
- Delete unused method from IApplicationCacheService interface
- Remove corresponding implementation in InMemoryApplicationCacheService
- Continues cleanup of organization ability retrieval methods
* Update CiphersControllerTests to include organization abilities retrieval
- Add organization abilities retrieval in test setup for PutCollections_vNext method
- Ensure consistent mocking of IApplicationCacheService in test scenarios
* Update error message for missing organization ability
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Only users with Manage/Edit permissions will be allowed to Assign To Collections. If the user has Can Edit Except Password the collections dropdown will be disabled.
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
* Add OrganizationUserMiniDetails endpoint, models and authorization
* Restrict access to current OrganizationUserUserDetails endpoint
Both are behind feature flags
* Add Collections Tests
* Update CollectionRepository Implementation
* Test Adding And Deleting Through Replace
* Format
* Fix Most Test Warnings
* Format
* chore: remove fc v1 from groups controller, refs PM-10291
* chore: remove fc v1 from organization users controller, refs PM-10291
* chore: remove fc v1 from organizations controller and clean up unsused imports, refs PM-10291
* chore: remove fc v1 from BulkCollectionAuthorizationHandler, refs PM-10291
* chore: remove fc v1 from CiphersCollections, refs PM-10291
* fix: unit tests related to fc v1 flag removal, refs PM-10291
* chore: update AllowAdminAccessToAllCollectionItems to take optional params, increase usage, refs PM-10291
* fix: format files, refs PM-10291
* chore: revert change to helper method, ignore double cache call, refs PM-10291
* feat: Add stored procedure for reading organization user details with premium access by organization ID
The code changes include:
- Addition of a new stored procedure [dbo].[OrganizationUserUserDetailsWithPremiumAccess_ReadByOrganizationId] to read organization user details with premium access by organization ID
- Modification of the IUserService interface to include an optional parameter for checking two-factor authentication with premium access
- Modification of the UserService class to handle the new optional parameter in the TwoFactorIsEnabledAsync method
- Addition of a new method GetManyDetailsWithPremiumAccessByOrganizationAsync in the IOrganizationUserRepository interface to retrieve organization user details with premium access by organization ID
- Addition of a new view [dbo].[OrganizationUserUserDetailsWithPremiumAccessView] to retrieve organization user details with premium access
* Add IUserRepository.SearchDetailsAsync that includes the field HasPremiumAccess
* Check the feature flag on Admin.UsersController to see if the optimization runs
* Modify PolicyService to run query optimization if the feature flag is enabled
* Refactor the parameter check on UserService.TwoFactorIsEnabledAsync
* Run query optimization on public MembersController if feature flag is enabled
* Restore refactor
* Reverted change used for development
* Add unit tests for OrganizationService.RestoreUser
* Separate new CheckPoliciesBeforeRestoreAsync optimization into new method
* Add more unit tests
* Apply refactor to bulk restore
* Add GetManyDetailsAsync method to IUserRepository. Add ConfirmUsersAsync_vNext method to IOrganizationService
* Add unit tests for ConfirmUser_vNext
* Refactor the optimization to use the new TwoFactorIsEnabledAsync method instead of changing the existing one
* Removed unused sql scripts and added migration script
* Remove unnecessary view
* chore: Remove unused SearchDetailsAsync method from IUserRepository and UserRepository
* refactor: Use UserDetails constructor in UserRepository
* Add summary to IUserRepository.GetManyDetailsAsync
* Add summary descriptions to IUserService.TwoFactorIsEnabledAsync
* Remove obsolete annotation from IUserRepository.UpdateUserKeyAndEncryptedDataAsync
* refactor: Rename UserDetails to UserWithCalculatedPremium across the codebase
* Extract IUserService.TwoFactorIsEnabledAsync into a new TwoFactorIsEnabledQuery class
* Add unit tests for TwoFactorIsEnabledQuery
* Update TwoFactorIsEnabledQueryTests to include additional provider types
* Refactor TwoFactorIsEnabledQuery
* Refactor TwoFactorIsEnabledQuery and update tests
* refactor: Update TwoFactorIsEnabledQueryTests to include test for null TwoFactorProviders
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* Remove empty <returns> from summary
* Update User_ReadByIdsWithCalculatedPremium stored procedure to accept JSON array of IDs
Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
* Renamed ProductType to ProductTierType
* Renamed Product properties to ProductTier
* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums
* Moved PlanType enum to Bit.Core.Billing.Enums
* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace
* Added ProductType enum
* dotnet format
* Add check to verify the vault state for rotation is not obviously desynced (empty)
* Add unit test for key rotation guardrail
* Move de-synced vault detection to validators
* Add tests
* [AC-2274] Introduce CanEditAnyCiphersAsAdminAsync helper to replace EditAnyCollection usage
* [AC-2274] Add unit tests for CanEditAnyCiphersAsAdmin helper
* [AC-2274] Add Jira ticket
* [AC-1707] Add feature flag
* [AC-1707] Update CanEditAnyCiphersAsAdmin to fail for providers when the feature flag is enabled
* [AC-2274] Undo change to purge endpoint
* [AC-2274] Update admin checks to account for unassigned ciphers
* [AC-1707] Fix provider auth checks after merge with main
* [AC-1707] Fix tests after merge
* [AC-1707] Adjust CanEditCipherAsAdmin method to properly account for admin user types
- Fix associated unit tests
* [AC-1707] Formatting
* Fix issue where ManageUsers custom permission could not
grant access to collections
* Split ModifyAccess operation to ModifyUserAccess and
ModifyGroupAccess to reflect more granular operations
* update OrganizationUsersController PUT and POST
* enforces new collection access checks when updating members
* refactor BulkCollectionAuthorizationHandler to avoid repeated db calls
* [AC-2068] Allow any member of an org to read all users for that organization with flexible collections
* [AC-2068] Allow any member of an org to read all groups for that organization with flexible collections
* [AC-2068] Formatting
* Update optionality to use org.FlexibleCollections
Also break old feature flag key to ensure it's never enabled
* Add logic to set defaults for collection management setting
* Update optionality logic to use org property
* Add comments
* Add helper method for getting individual orgAbility
* Fix validate user update permissions interface
* Fix tests
* dotnet format
* Fix more tests
* Simplify self-hosted update logic
* Fix mapping
* Use new getOrganizationAbility method
* Refactor invite and save orgUser methods
Pass in whole organization object instead of using OrganizationAbility
* fix CipherService tests
* dotnet format
* Remove manager check to simplify this set of changes
* Misc cleanup before review
* Fix undefined variable
* Refactor bulk-access endpoint to avoid early repo call
* Restore manager check
* Add tests for UpdateOrganizationLicenseCommand
* Add nullable regions
* Delete unused dependency
* dotnet format
* Fix test
