* convert `AdminOwnerEmails` to List rather than IEnumerable
* check for JSON array in `formatAdminOwnerEmails`
* remove trailing comma for admin/owners
* Use display block on tables to enforce padding
* update padding around review at-risk passwords
* make "Review at-risk passwords" bold
* add owner and admin email address to the bottom of the security notification email
* fix plurality of text email
* Example of how a partial success/failure command result would look.
* Fixed code.
* Added Validator and ValidationResult
* Moved errors into their own files.
* Fixing tests
* fixed import.
* Forgot mock error.
* initial commit of `CipherOrganizationPermission_GetManyByUserId`
* create queries to get all of the security tasks that are actionable by a user
- A task is "actionable" when the user has manage permissions for that cipher
* rename query
* return the user's email from the query as well
* Add email notification for at-risk passwords
- Added email layouts for security tasks
* add push notification for security tasks
* update entity framework to match stored procedure plus testing
* update date of migration and remove orderby
* add push service to security task controller
* rename `SyncSecurityTasksCreated` to `SyncNotification`
* remove duplicate return
* remove unused directive
* remove unneeded new notification type
* use `createNotificationCommand` to alert all platforms
* return the cipher id that is associated with the security task and store the security task id on the notification entry
* Add `TaskId` to the output model of `GetUserSecurityTasksByCipherIdsAsync`
* move notification logic to command
* use TaskId from `_getSecurityTasksNotificationDetailsQuery`
* add service
* only push last notification for each user
* formatting
* refactor `CreateNotificationCommand` parameter to `sendPush`
* flip boolean in test
* update interface to match usage
* do not push any of the security related notifications to the user
* add `PendingSecurityTasks` push type
* add push notification for pending security tasks
* Remove gRPC and convert PricingClient to HttpClient wrapper
* Add PlanType.GetProductTier extension
Many instances of StaticStore use are just to get the ProductTierType of a PlanType, but this can be derived from the PlanType itself without having to fetch the entire plan.
* Remove invocations of the StaticStore in non-Test code
* Deprecate StaticStore entry points
* Run dotnet format
* Matt's feedback
* Run dotnet format
* Rui's feedback
* Run dotnet format
* Replacements since approval
* Run dotnet format
* feat(newDeviceVerification) : Initial update to email
* fix : email copying over extra whitespace when using keyboard short cuts
* test : Fixing tests for new device verificaiton email format
* PM-10600: Notification push notification
* PM-10600: Sending to specific client types for relay push notifications
* PM-10600: Sending to specific client types for other clients
* PM-10600: Send push notification on notification creation
* PM-10600: Explicit group names
* PM-10600: Id typos
* PM-10600: Revert global push notifications
* PM-10600: Added DeviceType claim
* PM-10600: Sent to organization typo
* PM-10600: UT coverage
* PM-10600: Small refactor, UTs coverage
* PM-10600: UTs coverage
* PM-10600: Startup fix
* PM-10600: Test fix
* PM-10600: Required attribute, organization group for push notification fix
* PM-10600: UT coverage
* PM-10600: Fix Mobile devices not registering to organization push notifications
We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.
* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService
Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.
* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict
* PM-10600: Organization push notifications not sending to mobile device from self-hosted.
Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.
* PM-10600: Fix self-hosted organization notification not being received by mobile device.
When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.
* PM-10600: Broken NotificationsController integration test
Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.
* PM-10600: Merge conflicts fix
* merge conflict fix
* PM-10600: Push notification with full notification center content.
Notification Center push notification now includes all the fields.
* PM-10564: Push notification updates to other clients
Cherry-picked and squashed commits:
d9711b60316e69c8a0ce01c814595e3885885d5f1285a7e994fcf346985f28ff53c29357804ae27c1c9339b686
* PM-15084: Push global notification creation to affected clients
Cherry-picked and squashed commits:
ed5051e0eb181f3e4ae649fe7c93fda8efb45a637b4122c837d21d4a67b3186a09bb921531f564b5
* PM-15084: Log warning when invalid notification push notification sent
* explicit Guid default value
* push notification tests in wrong namespace
* Installation push notification not received for on global notification center message
* wrong merge conflict
* wrong merge conflict
* installation id type Guid in push registration request
* PM-10600: Notification push notification
* PM-10600: Sending to specific client types for relay push notifications
* PM-10600: Sending to specific client types for other clients
* PM-10600: Send push notification on notification creation
* PM-10600: Explicit group names
* PM-10600: Id typos
* PM-10600: Revert global push notifications
* PM-10600: Added DeviceType claim
* PM-10600: Sent to organization typo
* PM-10600: UT coverage
* PM-10600: Small refactor, UTs coverage
* PM-10600: UTs coverage
* PM-10600: Startup fix
* PM-10600: Test fix
* PM-10600: Required attribute, organization group for push notification fix
* PM-10600: UT coverage
* PM-10600: Fix Mobile devices not registering to organization push notifications
We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.
* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService
Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.
* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict
* PM-10600: Organization push notifications not sending to mobile device from self-hosted.
Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.
* PM-10600: Fix self-hosted organization notification not being received by mobile device.
When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.
* PM-10600: Broken NotificationsController integration test
Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.
* PM-10600: Merge conflicts fix
* merge conflict fix
* PM-10600: Push notification with full notification center content.
Notification Center push notification now includes all the fields.
* PM-10564: Push notification updates to other clients
Cherry-picked and squashed commits:
d9711b60316e69c8a0ce01c814595e3885885d5f1285a7e994fcf346985f28ff53c29357804ae27c1c9339b686
* null check fix
* logging using template formatting
* PM-10600: Notification push notification
* PM-10600: Sending to specific client types for relay push notifications
* PM-10600: Sending to specific client types for other clients
* PM-10600: Send push notification on notification creation
* PM-10600: Explicit group names
* PM-10600: Id typos
* PM-10600: Revert global push notifications
* PM-10600: Added DeviceType claim
* PM-10600: Sent to organization typo
* PM-10600: UT coverage
* PM-10600: Small refactor, UTs coverage
* PM-10600: UTs coverage
* PM-10600: Startup fix
* PM-10600: Test fix
* PM-10600: Required attribute, organization group for push notification fix
* PM-10600: UT coverage
* PM-10600: Fix Mobile devices not registering to organization push notifications
We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.
* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService
Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.
* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict
* PM-10600: Organization push notifications not sending to mobile device from self-hosted.
Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.
* PM-10600: Fix self-hosted organization notification not being received by mobile device.
When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.
* PM-10600: Broken NotificationsController integration test
Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.
* PM-10600: Merge conflicts fix
* merge conflict fix
* PM-10600: Push notification with full notification center content.
Notification Center push notification now includes all the fields.
* PM-10600: Notification push notification
* PM-10600: Sending to specific client types for relay push notifications
* PM-10600: Sending to specific client types for other clients
* PM-10600: Send push notification on notification creation
* PM-10600: Explicit group names
* PM-10600: Id typos
* PM-10600: Revert global push notifications
* PM-10600: Added DeviceType claim
* PM-10600: Sent to organization typo
* PM-10600: UT coverage
* PM-10600: Small refactor, UTs coverage
* PM-10600: UTs coverage
* PM-10600: Startup fix
* PM-10600: Test fix
* PM-10600: Required attribute, organization group for push notification fix
* PM-10600: UT coverage
* PM-10600: Fix Mobile devices not registering to organization push notifications
We only register devices for organization push notifications when the organization is being created. This does not work, since we have a use case (Notification Center) of delivering notifications to all users of organization. This fixes it, by adding the organization id tag when device registers for push notifications.
* PM-10600: Unit Test coverage for NotificationHubPushRegistrationService
Fixed IFeatureService substitute mocking for Android tests.
Added user part of organization test with organizationId tags expectation.
* PM-10600: Unit Tests fix to NotificationHubPushRegistrationService after merge conflict
* PM-10600: Organization push notifications not sending to mobile device from self-hosted.
Self-hosted instance uses relay to register the mobile device against Bitwarden Cloud Api. Only the self-hosted server knows client's organization membership, which means it needs to pass in the organization id's information to the relay. Similarly, for Bitwarden Cloud, the organizaton id will come directly from the server.
* PM-10600: Fix self-hosted organization notification not being received by mobile device.
When mobile device registers on self-hosted through the relay, every single id, like user id, device id and now organization id needs to be prefixed with the installation id. This have been missing in the PushController that handles this for organization id.
* PM-10600: Broken NotificationsController integration test
Device type is now part of JWT access token, so the notification center results in the integration test are now scoped to client type web and all.
* PM-10600: Merge conflicts fix
* merge conflict fix
* Revoking users when enabling single org and 2fa policies. Fixing tests.
* Added migration.
* Wrote tests and fixed bugs found.
* Patch build process
* Fixing tests.
* Added unit test around disabling the feature flag.
* Updated error message to be public and added test for validating the request.
* formatting
* Added some tests for single org policy validator.
* Fix issues from merge.
* Added sending emails to revoked non-compliant users.
* Fixing name. Adding two factor policy email.
* Send email when user has been revoked.
* Correcting migration name.
* Fixing templates and logic issue in Revoke command.
* Moving interface into its own file.
* Correcting namespaces for email templates.
* correcting logic that would not allow normal users to revoke non owners.
* Actually correcting the test and logic.
* dotnet format. Added exec to bottom of bulk sproc
* Update src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeNonCompliantOrganizationUserCommand.cs
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Updated OrgIds to be a json string
* Fixing errors.
* Updating test
* Moving command result.
* Formatting and request rename
* Realized this would throw a null error from the system domain verification. Adding unknown type to event system user. Adding optional parameter to SaveAsync in policy service in order to pass in event system user.
* Code review changes
* Removing todos
* Corrected test name.
* Syncing filename to record name.
* Fixing up the tests.
* Added happy path test
* Naming corrections. And corrected EF query.
* added check against event service
* Code review changes.
* Fixing tests.
* splitting up tests
* Added templates and email side effect for claiming a domain.
* bringing changes from nc user changes.
* Switched to enqueue mail message.
* Filled in DomainClaimedByOrganization.html.hbs
* Added text document for domain claiming
* Fixing migration script.
* Remove old sproc
* Limiting sending of the email down to users who are a part of the domain being claimed.
* Added test for change
* Renames and fixed up email.
* Fixing up CSS
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* Added the ability to create a JWT on an organization license that contains all license properties as claims
* Added the ability to create a JWT on a user license that contains all license properties as claims
* Added ability to consume JWT licenses
* Resolved generic type issues when getting claim value
* Now validating the jwt signature, exp, and iat
* Moved creation of ClaimsPrincipal outside of licenses given dependecy on cert
* Ran dotnet format. Resolved identity error
* Updated claim types to use string constants
* Updated jwt expires to be one year
* Fixed bug requiring email verification to be on the token
* dotnet format
* Patch build process
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
- Revoking users when enabling single org and 2fa policies.
- Updated emails sent when users are revoked via 2FA or Single Organization policy enablement
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Allow for binning of comb IDs by date and value
* Introduce notification hub pool
* Replace device type sharding with comb + range sharding
* Fix proxy interface
* Use enumerable services for multiServiceNotificationHub
* Fix push interface usage
* Fix push notification service dependencies
* Fix push notification keys
* Fixup documentation
* Remove deprecated settings
* Fix tests
* PascalCase method names
* Remove unused request model properties
* Remove unused setting
* Improve DateFromComb precision
* Prefer readonly service enumerable
* Pascal case template holes
* Name TryParse methods TryParse
* Apply suggestions from code review
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* AllClients is a set of clients and must be deduplicated
* Fix registration start time
* Add logging to initialization of a notification hub
* more logging
* Add lower level logging for hub settings
* Log when connection is resolved
* Improve log message
* Log pushes to notification hub
* temporarily elevate log messages for visibility
* Log in multi-service when relaying to another push service
* Revert to more reasonable logging free of user information
* Fixup merge
Deleting user was extracted to a command in #4803, this updates that work to use just the device ids as I did elsewhere in abd67e8ec
* Do not use bouncy castle exception types
* Add required services for logging
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* Added /domain/sso/verified to organization controller
* Restricting sproc to only return verified domains if the org has sso. Adding name. corrected route. removed not found exception. Adding the sproc definition to the SQL project
* Refactor: Update metadata in OrganizationSignup and OrganizationUpgrade
This commit moves the IsFromSecretsManagerTrial flag from the OrganizationUpgrade to the OrganizationSignup because it will only be passed in on organization creation. Additionally, it removes the nullable boolean 'provider' flag passed to OrganizationService.SignUpAsync and instead adds that boolean flag to the OrganizationSignup which seems more appropriate.
* Introduce OrganizationSale
While I'm trying to ingrain a singular model that can be used to purchase or upgrade organizations, I disliked my previously implemented OrganizationSubscriptionPurchase for being a little too wordy and specific. This sale class aligns more closely with the work we need to complete against Stripe and also uses a private constructor so that it can only be created and utilized via an Organiztion and either OrganizationSignup or OrganizationUpgrade object.
* Use OrganizationSale in OrganizationBillingService
This commit renames the OrganizationBillingService.PurchaseSubscription to Finalize and passes it the OrganizationSale object. It also updates the method so that, if the organization already has a customer, it retrieves that customer instead of automatically trying to create one which we'll need for upgraded free organizations.
* Add functionality for free organization upgrade
This commit adds an UpdatePaymentMethod to the OrganizationBillingService that will check if a customer exists for the organization and if not, creates one with the updated payment source and tax information. Then, in the UpgradeOrganizationPlanCommand, we can use the OrganizationUpgrade to get an OrganizationSale and finalize it, which will create a subscription using the customer created as part of the payment method update that takes place right before it on the client-side. Additionally, it adds some tax ID backfill logic to SubscriberService.UpdateTaxInformation
* (No Logic) Re-order OrganizationBillingService methods alphabetically
* (No Logic) Run dotnet format
* Add PurchaseSubscription to OrganizationBillingService and call from OrganizationService.SignUpAsync when FF is on
* Run dotnet format
* Missed billing service DI for SCIM which uses the OrganizationService
* Resolve the unclear error messages
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Refactor to return the errormessage from userLicense
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the pr comments
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* resolve the error returned message
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add period at the end of error messages
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* feat: Add stored procedure for reading organization user details with premium access by organization ID
The code changes include:
- Addition of a new stored procedure [dbo].[OrganizationUserUserDetailsWithPremiumAccess_ReadByOrganizationId] to read organization user details with premium access by organization ID
- Modification of the IUserService interface to include an optional parameter for checking two-factor authentication with premium access
- Modification of the UserService class to handle the new optional parameter in the TwoFactorIsEnabledAsync method
- Addition of a new method GetManyDetailsWithPremiumAccessByOrganizationAsync in the IOrganizationUserRepository interface to retrieve organization user details with premium access by organization ID
- Addition of a new view [dbo].[OrganizationUserUserDetailsWithPremiumAccessView] to retrieve organization user details with premium access
* Add IUserRepository.SearchDetailsAsync that includes the field HasPremiumAccess
* Check the feature flag on Admin.UsersController to see if the optimization runs
* Modify PolicyService to run query optimization if the feature flag is enabled
* Refactor the parameter check on UserService.TwoFactorIsEnabledAsync
* Run query optimization on public MembersController if feature flag is enabled
* Restore refactor
* Reverted change used for development
* Add unit tests for OrganizationService.RestoreUser
* Separate new CheckPoliciesBeforeRestoreAsync optimization into new method
* Add more unit tests
* Apply refactor to bulk restore
* Add GetManyDetailsAsync method to IUserRepository. Add ConfirmUsersAsync_vNext method to IOrganizationService
* Add unit tests for ConfirmUser_vNext
* Refactor the optimization to use the new TwoFactorIsEnabledAsync method instead of changing the existing one
* Removed unused sql scripts and added migration script
* Remove unnecessary view
* chore: Remove unused SearchDetailsAsync method from IUserRepository and UserRepository
* refactor: Use UserDetails constructor in UserRepository
* Add summary to IUserRepository.GetManyDetailsAsync
* Add summary descriptions to IUserService.TwoFactorIsEnabledAsync
* Remove obsolete annotation from IUserRepository.UpdateUserKeyAndEncryptedDataAsync
* refactor: Rename UserDetails to UserWithCalculatedPremium across the codebase
* Extract IUserService.TwoFactorIsEnabledAsync into a new TwoFactorIsEnabledQuery class
* Add unit tests for TwoFactorIsEnabledQuery
* Update TwoFactorIsEnabledQueryTests to include additional provider types
* Refactor TwoFactorIsEnabledQuery
* Refactor TwoFactorIsEnabledQuery and update tests
* refactor: Update TwoFactorIsEnabledQueryTests to include test for null TwoFactorProviders
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* refactor: Improve TwoFactorIsEnabledQuery and update tests
* Remove empty <returns> from summary
* Update User_ReadByIdsWithCalculatedPremium stored procedure to accept JSON array of IDs
* Fix error handling in provider setup process
This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state
* Refactor the way BillingException is thrown
Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client
* Handle all Stripe exceptions in exception handling middleware
* Fixed error response output for billing's provider controllers
* Cleaned up billing owned provider controllers
Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.
* Reafctored get invoices
Removed unnecssarily bloated method from SubscriberService
* Updated error handling for generating the client invoice report
* Moved get provider subscription to controller
This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval
* Handled bad request for update tax information
* Split out Stripe configuration from unauthorization
* Run dotnet format
* Addison's feedback
* Resovled issue where free families line item isn't removed from the Stripe subscription when the sponsorship isn't in the database
* Moved SponsorOrganizationSubscriptionUpdate to Billing namespace
* Expanded Teams and Enterprise plan with provider seat data
* Updated provider setup process with new plan information
* Updated provider subscription retrieval and update with new plan information
* Updated client invoice report with new plan information
* Fixed tests
* Fix broken test
* Renamed ProductType to ProductTierType
* Renamed Product properties to ProductTier
* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums
* Moved PlanType enum to Bit.Core.Billing.Enums
* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace
* Added ProductType enum
* dotnet format
* Moved AccountsBilling controller to be owned by Billing
* Added org billing history endpoint
* Updated GetBillingInvoicesAsync to only retrieve paid, open, and uncollectible invoices, and added option to limit results
* Removed invoices and transactions from GetBillingAsync
* Limiting the number of invoices and transactions returned
* Moved Billing models to Billing namespace
* Split billing info and billing history objects
* Removed billing method GetBillingBalanceAndSourceAsync
* Removed unused using
* Cleaned up BillingInfo a bit
* Update migration scripts to use `CREATE OR ALTER` instead of checking for the `OBJECT_ID`
* Applying limit to aggregated invoices after they return from Stripe
* Removed prorationDate as it wasn't used, and wasn't needed
* Fixed logic to detect if a subscription was sponsored
* Moved OrganizationSponsorshipsController.cs to Billing folder
