* use ToCipher instead of casting
* return ListResponseModel
* fix test
* remove ToArray
* have ShareManyAsync return CipherDetails
* fix test
* fix tests
* fix test
* fix test
* Remove gathering and reporting of ReferenceEvents
* Fix test that relied on reference events throwing
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* [NO LOGIC] [PM-21104] Organize Core.Billing tax code
* Add PreviewTaxAmountCommand and expose through TaxController
* Add PreviewTaxAmountCommandTests
* Run dotnet format
* Changes to resolve sponsorship showing in individual vault
* Resolve the failing unit test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the failing test
* Resolve the failing test
* Resolve the failing test
* fix make IsAdminInitiated nullable
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the isAdminInitiated property
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the database error
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the failing unit test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the scan error
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the database issue
* resolve the database build error
* Resolve the database build error
* Resolve the synchronization issue
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file.
* fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery
* fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery.
* fix: return two factor provider enabled on CanGenerate() method.
* tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled.
* tech debt: removed unused service from AuthenticatorTokenProvider
* doc: added documentation to ITwoFactorProviderUsers
* doc: updated comments for TwoFactorIsEnabled impl
* test: fixing tests for ITwoFactorIsEnabledQuery
* test: updating tests to have correct DI and removing test for automatic email of TOTP.
* test: adding better test coverage
* Simplify and align CommandResult and ValidationResult.
In particular, 1 error per Failure/Invalid.
* Move these files to a common namespace
* Remove unused code
* [PM-17562] Slack Event Investigation
* Refactored Slack and Webhook integrations to pull configurations dynamically from a new Repository
* Added new TemplateProcessor and added/updated unit tests
* SlackService improvements, testing, integration configurations
* Refactor SlackService to use a dedicated model to parse responses
* Refactored SlackOAuthController to use SlackService as an injected dependency; added tests for SlackService
* Remove unnecessary methods from the IOrganizationIntegrationConfigurationRepository
* Moved Slack OAuth to take into account the Organization it's being stored for. Added methods to store the top level integration for Slack
* Organization integrations and configuration database schemas
* Format EF files
* Initial buildout of basic repositories
* [PM-17562] Add Dapper Repositories For Organization Integrations and Configurations
* Update Slack and Webhook handlers to use new Repositories
* Update SlackOAuth tests to new signatures
* Added EF Repositories
* Update handlers to use latest repositories
* [PM-17562] Add Dapper and EF Repositories For Ogranization Integrations and Configurations
* Updated with changes from PR comments
* Adjusted Handlers to new repository method names; updated tests to naming convention
* Adjust URL structure; add delete for Slack, add tests
* Added Webhook Integration Controller
* Add tests for WebhookIntegrationController
* Added Create/Delete for OrganizationIntegrationConfigurations
* Prepend ConnectionTypes into IntegrationType so we don't run into issues later
* Added Update to OrganizationIntegrationConfigurtionController
* Moved Webhook-specific integration code to being a generic controller for everything but Slack
* Removed delete from SlackController - Deletes should happen through the normal Integration controller
* Fixed SlackController, reworked OIC Controller to use ids from URL and update the returned object
* Added parse/type checking for integration and integration configuration JSONs, Cleaned up GlobalSettings to remove old values
* Cleanup and fixes for Azure Service Bus support
* Clean up naming on TemplateProcessorTests
* Address SonarQube warnings/suggestions
* Expanded test coverage; Cleaned up tests
* Respond to PR Feedback
* Rename TemplateProcessor to IntegrationTemplateProcessor
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies
* Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable.
* Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag.
* Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods.
* Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory
* Restore ValidateRequireSsoPolicyDisabledOrNotApplicable
* Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters
* Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity
* Refactor BaseRequestValidatorTests to improve test clarity
* Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check
* Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check
* Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks
* Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required
* Refactor RequireSsoPolicyRequirement initialization
* Refactor SSO requirement check for improved readability
* Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions
* Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements
* Add OrganizationUpdateKeysCommand
* Add unit tests for OrganizationUpdateKeysCommand to validate permission checks and key updates
* Register OrganizationUpdateKeysCommand for dependency injection
* Refactor OrganizationsController to use IOrganizationUpdateKeysCommand for updating organization keys
* Remove outdated unit tests for UpdateOrganizationKeysAsync in OrganizationServiceTests
* Remove UpdateOrganizationKeysAsync method from IOrganizationService and OrganizationService implementations
* Add IOrganizationUpdateKeysCommand dependency mock to OrganizationsControllerTests
* Renamed ManagedUserDomainClaimedEmails to ClaimedUserDomainClaimedEmails
* Renamed method to improve clarity and consistency.
Replaced `ValidateManagedUserDomainAsync` with `ValidateClaimedUserDomainAsync`.
* Rename `GetOrganizationsManagingUserAsync` to `GetOrganizationsClaimingUserAsync`.
This renaming clarifies the function's purpose, aligning its name with the concept of "claiming" rather than "managing" user associations.
* Refactor variable naming in ValidateClaimedUserDomainAsync
* Managed to claimed
* Managed to claimed
* Managed to claimed
* Managing to Claiming
* Managing to Claiming
* Managing to Claiming
* Managing to Claiming
* Renamed DeleteManagedOrganizationUserAccountCommand to DeleteClaimedOrganizationUserAccountCommand
* Renamed IDeleteManagedOrganizationUserAccountCommand to IDeleteClaimedOrganizationUserAccountCommand
* Updated variable name
* IsManagedBy to IsClaimedBy
* Created new property. obsoleted old property and wired up for backward compatibility.
* More Managed to Claimed renames.
* Managed to Claimed
* Fixing tests... 🤦
* Got the rest of em
* missed the test 🤦
* fixed test.
* [PM-17563] Add case for PushType.PendingSecurityTasks
* [PM-17563] Add missing TaskId property to NotificationStatusDetails and NotificationResponseModel
* [PM-17563] Add migration script to re-create NotificationStatusDetailsView to include TaskId column
* [PM-17563] Select explicit columns for NotificationStatusDetailsView and fix migration script
* Implement enhanced cipher deletion and restore permissions with feature flag support
- Add new method `CanDeleteOrRestoreCipherAsAdminAsync` in CiphersController
- Update NormalCipherPermissions to support more flexible cipher type checking
- Modify CipherService to use new permission checks with feature flag
- Refactor test methods to support new permission logic
- Improve authorization checks for organization cipher management
* Refactor cipher methods to use CipherDetails and simplify type handling
- Update CiphersController to use GetByIdAsync with userId
- Modify NormalCipherPermissions to remove unnecessary type casting
- Update ICipherService and CipherService method signatures to use CipherDetails
- Remove redundant type checking in CipherService methods
- Improve type consistency in cipher-related operations
* Enhance CiphersControllerTests with detailed permission and feature flag scenarios
- Add test methods for DeleteAdmin with edit and manage permission checks
- Implement tests for LimitItemDeletion feature flag scenarios
- Update test method names to reflect more precise permission conditions
- Improve test coverage for admin cipher deletion with granular permission handling
* Add comprehensive test coverage for admin cipher restore operations
- Implement test methods for PutRestoreAdmin and PutRestoreManyAdmin
- Add scenarios for owner and admin roles with LimitItemDeletion feature flag
- Cover permission checks for manage and edit permissions
- Enhance test coverage for single and bulk cipher restore admin operations
- Verify correct invocation of RestoreAsync and RestoreManyAsync methods
* Refactor CiphersControllerTests to remove redundant assertions and mocking
- Remove unnecessary assertions for null checks
- Simplify mocking setup for cipher repository and service methods
- Clean up redundant type and data setup in test methods
- Improve test method clarity by removing extraneous code
* Add comprehensive test coverage for cipher restore, delete, and soft delete operations
- Implement test methods for RestoreAsync with org admin override and LimitItemDeletion feature flag
- Add scenarios for checking manage and edit permissions during restore operations
- Extend test coverage for DeleteAsync with similar permission and feature flag checks
- Enhance SoftDeleteAsync tests with org admin override and permission validation
- Improve test method names to reflect precise permission conditions
* Add comprehensive test coverage for cipher restore, delete, and soft delete operations
- Extend test methods for RestoreManyAsync with various permission scenarios
- Add test coverage for personal and organization ciphers in restore operations
- Implement tests for RestoreManyAsync with LimitItemDeletion feature flag
- Add detailed test scenarios for delete and soft delete operations
- Improve test method names to reflect precise permission and feature flag conditions
* Refactor authorization checks in CiphersController to use All() method for improved readability
* Refactor filtering of ciphers in CipherService to streamline organization ability checks and improve readability
* Add comprehensive test coverage for CipherService restore, delete, and soft delete methods
* Add comprehensive admin cipher management tests for CiphersController
* Enhance CiphersController admin methods with comprehensive test coverage
- Add tests for provider user scenarios in admin cipher management methods
- Implement tests for custom user with edit any collection permissions
- Add test coverage for RestrictProviderAccess feature flag
- Improve test scenarios for delete, soft delete, and restore operations
* Refactor CiphersControllerTests to simplify and optimize test methods
* Optimize CiphersControllerTests with code cleanup and test method improvements
* Extend CiphersControllerTests to support Admin and Owner roles
* Add test cases for custom user cipher admin operations with EditAnyCollection permission checks
- Extend CiphersControllerTests with scenarios for custom users without EditAnyCollection permission
- Add test methods to verify NotFoundException is thrown when EditAnyCollection is false
- Cover delete, soft delete, and restore operations for single and bulk cipher admin actions
* Enhance CiphersControllerTests with granular access permission scenarios
- Add test methods for admin and owner roles with specific cipher access scenarios
- Implement tests for accessing specific and unassigned ciphers
- Extend test coverage for delete, soft delete, and restore operations
- Improve test method naming for clarity and precision
* Add bulk admin cipher delete and soft delete tests for specific and unassigned ciphers
- Implement test methods for DeleteManyAdmin and PutDeleteManyAdmin
- Cover scenarios for owner and admin roles with access to specific and unassigned ciphers
- Verify correct invocation of DeleteManyAsync and SoftDeleteManyAsync methods
- Enhance test coverage for bulk cipher admin operations
* Add Manage permission to UserCipherDetails and CipherDetails_ReadByIdUserId
* Add Manage property to CipherDetails and UserCipherDetailsQuery
* Add integration test for CipherRepository Manage permission rules
* Update CipherDetails_ReadWithoutOrganizationsByUserId to include Manage permission
* Refactor UserCipherDetailsQuery to include detailed permission and organization properties
* Refactor CipherRepositoryTests to improve test organization and readability
- Split large test method into smaller, focused methods
- Added helper methods for creating test data and performing assertions
- Improved test coverage for cipher permissions in different scenarios
- Maintained existing test logic while enhancing code structure
* Refactor CipherRepositoryTests to consolidate cipher permission tests
- Removed redundant helper methods for permission assertions
- Simplified test methods for GetCipherPermissionsForOrganizationAsync, GetManyByUserIdAsync, and GetByIdAsync
- Maintained existing test coverage for cipher manage permissions
- Improved code readability and reduced code duplication
* Add integration test for CipherRepository group collection manage permissions
- Added new test method GetCipherPermissionsForOrganizationAsync_ManageProperty_RespectsCollectionGroupRules
- Implemented helper method CreateCipherInOrganizationCollectionWithGroup to support group-based collection permission testing
- Verified manage permissions are correctly applied based on group collection access settings
* Add @Manage parameter to Cipher stored procedures
- Updated CipherDetails_Create, CipherDetails_CreateWithCollections, and CipherDetails_Update stored procedures
- Added @Manage parameter with comment "-- not used"
- Included new stored procedure implementations in migration script
- Consistent with previous work on adding Manage property to cipher details
* Update UserCipherDetails functions to reorder Manage and ViewPassword columns
* [PM-18086] Add CanRestore and CanDelete authorization methods.
* [PM-18086] Address code review feedback.
* [PM-18086] Add missing part.
* [PM-18087] Add CipherPermissionsResponseModel for cipher permissions
* Add GetManyOrganizationAbilityAsync method to application cache service
* Add organization ability context to cipher response models
This change introduces organization ability context to various cipher response models across multiple controllers. The modifications include:
- Updating CipherResponseModel to include permissions based on user and organization ability
- Modifying CiphersController methods to fetch and pass organization abilities
- Updating SyncController to include organization abilities in sync response
- Adding organization ability context to EmergencyAccessController response generation
* Remove organization ability context from EmergencyAccessController
This change simplifies the EmergencyAccessController by removing unnecessary organization ability fetching and passing. Since emergency access only retrieves personal ciphers, the organization ability context is no longer needed in the response generation.
* Remove unused IApplicationCacheService from EmergencyAccessController
* Refactor EmergencyAccessViewResponseModel constructor
Remove unnecessary JsonConstructor attribute and simplify constructor initialization for EmergencyAccessViewResponseModel
* Refactor organization ability retrieval in CiphersController
Extract methods to simplify organization ability fetching for ciphers, reducing code duplication and improving readability. Added two private helper methods:
- GetOrganizationAbilityAsync: Retrieves organization ability for a single cipher
- GetManyOrganizationAbilitiesAsync: Retrieves organization abilities for multiple ciphers
* Update CiphersControllerTests to use GetUserByPrincipalAsync
Modify test methods to:
- Replace GetProperUserId with GetUserByPrincipalAsync
- Use User object instead of separate userId
- Update mocking to return User object
- Ensure user ID is correctly set in test scenarios
* Refactor CipherPermissionsResponseModel to use constructor-based initialization
* Refactor CipherPermissionsResponseModel to use record type and init-only properties
* [PM-18086] Undo files
* [PM-18086] Undo files
* Refactor organization abilities retrieval in cipher-related controllers and models
- Update CiphersController to use GetOrganizationAbilitiesAsync instead of individual methods
- Modify CipherResponseModel and CipherDetailsResponseModel to accept organization abilities dictionary
- Update CipherPermissionsResponseModel to handle organization abilities lookup
- Remove deprecated organization ability retrieval methods
- Simplify sync and emergency access response model handling of organization abilities
* Remove GetManyOrganizationAbilityAsync method
- Delete unused method from IApplicationCacheService interface
- Remove corresponding implementation in InMemoryApplicationCacheService
- Continues cleanup of organization ability retrieval methods
* Update CiphersControllerTests to include organization abilities retrieval
- Add organization abilities retrieval in test setup for PutCollections_vNext method
- Ensure consistent mocking of IApplicationCacheService in test scenarios
* Update error message for missing organization ability
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Pass in the current userId instead of trying to infer it from the folders or ciphers passed into the ImportCiphersCommand
Kudos go to @MJebran who pointed this out on https://github.com/bitwarden/server/pull/4896
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Remove gRPC and convert PricingClient to HttpClient wrapper
* Add PlanType.GetProductTier extension
Many instances of StaticStore use are just to get the ProductTierType of a PlanType, but this can be derived from the PlanType itself without having to fetch the entire plan.
* Remove invocations of the StaticStore in non-Test code
* Deprecate StaticStore entry points
* Run dotnet format
* Matt's feedback
* Run dotnet format
* Rui's feedback
* Run dotnet format
* Replacements since approval
* Run dotnet format
* Allow for binning of comb IDs by date and value
* Introduce notification hub pool
* Replace device type sharding with comb + range sharding
* Fix proxy interface
* Use enumerable services for multiServiceNotificationHub
* Fix push interface usage
* Fix push notification service dependencies
* Fix push notification keys
* Fixup documentation
* Remove deprecated settings
* Fix tests
* PascalCase method names
* Remove unused request model properties
* Remove unused setting
* Improve DateFromComb precision
* Prefer readonly service enumerable
* Pascal case template holes
* Name TryParse methods TryParse
* Apply suggestions from code review
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Include preferred push technology in config response
SignalR will be the fallback, but clients should attempt web push first if offered and available to the client.
* Register web push devices
* Working signing and content encrypting
* update to RFC-8291 and RFC-8188
* Notification hub is now working, no need to create our own
* Fix body
* Flip Success Check
* use nifty json attribute
* Remove vapid private key
This is only needed to encrypt data for transmission along webpush -- it's handled by NotificationHub for us
* Add web push feature flag to control config response
* Update src/Core/NotificationHub/NotificationHubConnection.cs
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Update src/Core/NotificationHub/NotificationHubConnection.cs
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* fixup! Update src/Core/NotificationHub/NotificationHubConnection.cs
* Move to platform ownership
* Remove debugging extension
* Remove unused dependencies
* Set json content directly
* Name web push registration data
* Fix FCM type typo
* Determine specific feature flag from set of flags
* Fixup merged tests
* Fixup tests
* Code quality suggestions
* Fix merged tests
* Fix test
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
