* Add Manage permission to UserCipherDetails and CipherDetails_ReadByIdUserId
* Add Manage property to CipherDetails and UserCipherDetailsQuery
* Add integration test for CipherRepository Manage permission rules
* Update CipherDetails_ReadWithoutOrganizationsByUserId to include Manage permission
* Refactor UserCipherDetailsQuery to include detailed permission and organization properties
* Refactor CipherRepositoryTests to improve test organization and readability
- Split large test method into smaller, focused methods
- Added helper methods for creating test data and performing assertions
- Improved test coverage for cipher permissions in different scenarios
- Maintained existing test logic while enhancing code structure
* Refactor CipherRepositoryTests to consolidate cipher permission tests
- Removed redundant helper methods for permission assertions
- Simplified test methods for GetCipherPermissionsForOrganizationAsync, GetManyByUserIdAsync, and GetByIdAsync
- Maintained existing test coverage for cipher manage permissions
- Improved code readability and reduced code duplication
* Add integration test for CipherRepository group collection manage permissions
- Added new test method GetCipherPermissionsForOrganizationAsync_ManageProperty_RespectsCollectionGroupRules
- Implemented helper method CreateCipherInOrganizationCollectionWithGroup to support group-based collection permission testing
- Verified manage permissions are correctly applied based on group collection access settings
* Add @Manage parameter to Cipher stored procedures
- Updated CipherDetails_Create, CipherDetails_CreateWithCollections, and CipherDetails_Update stored procedures
- Added @Manage parameter with comment "-- not used"
- Included new stored procedure implementations in migration script
- Consistent with previous work on adding Manage property to cipher details
* Update UserCipherDetails functions to reorder Manage and ViewPassword columns
* [PM-18086] Add CanRestore and CanDelete authorization methods.
* [PM-18086] Address code review feedback.
* [PM-18086] Add missing part.
* [PM-18087] Add CipherPermissionsResponseModel for cipher permissions
* Add GetManyOrganizationAbilityAsync method to application cache service
* Add organization ability context to cipher response models
This change introduces organization ability context to various cipher response models across multiple controllers. The modifications include:
- Updating CipherResponseModel to include permissions based on user and organization ability
- Modifying CiphersController methods to fetch and pass organization abilities
- Updating SyncController to include organization abilities in sync response
- Adding organization ability context to EmergencyAccessController response generation
* Remove organization ability context from EmergencyAccessController
This change simplifies the EmergencyAccessController by removing unnecessary organization ability fetching and passing. Since emergency access only retrieves personal ciphers, the organization ability context is no longer needed in the response generation.
* Remove unused IApplicationCacheService from EmergencyAccessController
* Refactor EmergencyAccessViewResponseModel constructor
Remove unnecessary JsonConstructor attribute and simplify constructor initialization for EmergencyAccessViewResponseModel
* Refactor organization ability retrieval in CiphersController
Extract methods to simplify organization ability fetching for ciphers, reducing code duplication and improving readability. Added two private helper methods:
- GetOrganizationAbilityAsync: Retrieves organization ability for a single cipher
- GetManyOrganizationAbilitiesAsync: Retrieves organization abilities for multiple ciphers
* Update CiphersControllerTests to use GetUserByPrincipalAsync
Modify test methods to:
- Replace GetProperUserId with GetUserByPrincipalAsync
- Use User object instead of separate userId
- Update mocking to return User object
- Ensure user ID is correctly set in test scenarios
* Refactor CipherPermissionsResponseModel to use constructor-based initialization
* Refactor CipherPermissionsResponseModel to use record type and init-only properties
* [PM-18086] Undo files
* [PM-18086] Undo files
* Refactor organization abilities retrieval in cipher-related controllers and models
- Update CiphersController to use GetOrganizationAbilitiesAsync instead of individual methods
- Modify CipherResponseModel and CipherDetailsResponseModel to accept organization abilities dictionary
- Update CipherPermissionsResponseModel to handle organization abilities lookup
- Remove deprecated organization ability retrieval methods
- Simplify sync and emergency access response model handling of organization abilities
* Remove GetManyOrganizationAbilityAsync method
- Delete unused method from IApplicationCacheService interface
- Remove corresponding implementation in InMemoryApplicationCacheService
- Continues cleanup of organization ability retrieval methods
* Update CiphersControllerTests to include organization abilities retrieval
- Add organization abilities retrieval in test setup for PutCollections_vNext method
- Ensure consistent mocking of IApplicationCacheService in test scenarios
* Update error message for missing organization ability
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Only users with Manage/Edit permissions will be allowed to Assign To Collections. If the user has Can Edit Except Password the collections dropdown will be disabled.
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
* update the cipher revision date when an attachment is added or deleted
* store the updated cipher in the DB when an attachment is altered
* return cipher from delete attachment endpoint
* add collectionIds to the response of `{id}/admin`
- They're now needed in the admin console when add/editing a cipher.
- Prior to this there was no way to edit collection when editing a cipher. Assigning collections was a separate workflow
* return cipher from collections endpoint
* Add check for managed user before purging account
* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel
* Rename the property ManagesActiveUser to UserIsManagedByOrganization
* Remove whole class #nullable enable and add it to specific places
* Remove unnecessary .ToList()
* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable
* Update error message when unable to purge vault for managed account
* chore: remove fc v1 from groups controller, refs PM-10291
* chore: remove fc v1 from organization users controller, refs PM-10291
* chore: remove fc v1 from organizations controller and clean up unsused imports, refs PM-10291
* chore: remove fc v1 from BulkCollectionAuthorizationHandler, refs PM-10291
* chore: remove fc v1 from CiphersCollections, refs PM-10291
* fix: unit tests related to fc v1 flag removal, refs PM-10291
* chore: update AllowAdminAccessToAllCollectionItems to take optional params, increase usage, refs PM-10291
* fix: format files, refs PM-10291
* chore: revert change to helper method, ignore double cache call, refs PM-10291
Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
* [AC-2274] Introduce CanEditAnyCiphersAsAdminAsync helper to replace EditAnyCollection usage
* [AC-2274] Add unit tests for CanEditAnyCiphersAsAdmin helper
* [AC-2274] Add Jira ticket
* [AC-1707] Add feature flag
* [AC-1707] Update CanEditAnyCiphersAsAdmin to fail for providers when the feature flag is enabled
* [AC-2274] Undo change to purge endpoint
* [AC-2274] Update admin checks to account for unassigned ciphers
* [AC-1707] Fix provider auth checks after merge with main
* [AC-1707] Fix tests after merge
* [AC-1707] Adjust CanEditCipherAsAdmin method to properly account for admin user types
- Fix associated unit tests
* [AC-1707] Formatting
* [PM-2383] Add bulk add/remove collection cipher repository methods
* [PM-2383] Add additional authorization helpers for CiphersControlle
* [PM-2383] Add /bulk-collections endpoint to CiphersController.cs
* [PM-2383] Add EF implementation for new CollectionCipherRepository methods
* [PM-2383] Ensure V1 logic only applies when the flag is enabled for new bulk functionality
* [AC-2195] Ensure Custom users with EditAnyCollection can always access all ciphers
* [AC-2195] Ensure FC V1 logic is not used for non-migrated organizations
* [AC-1124] Add GetManyUnassignedOrganizationDetailsByOrganizationIdAsync to the CipherRepository
* [AC-1124] Introduce IOrganizationCiphersQuery.cs to replace some CipherService queries
* [AC-1124] Add additional CipherDetails model that includes CollectionIds
* [AC-1124] Update CiphersController and response models
- Add new endpoint for assigned ciphers
- Update existing endpoint to only return all ciphers when feature flag is enabled the user has access
* [AC-1124] Add migration script
* [AC-1124] Add follow up ticket for Todos
* [AC-1124] Fix feature service usage after merge with main
* [AC-1124] Optimize unassigned ciphers query
* [AC-1124] Update migration script date
* [AC-1124] Update migration script date
* [AC-1124] Formatting
* Create UserCipherDetails_v2 and update logic to remove AccessAll
* Create v2 variants of all sprocs that rely on it
* Add feature flag logic to call old or new sproc
* Make equivalent changes to EF queries
* [EC-598] feat: add support for saving fido2 keys
* [EC-598] feat: add additional data
* [EC-598] feat: add counter, nonDiscoverableId; remove origin
* [EC-598] fix: previous incomplete commit
* [EC-598] fix: previous incomplete commit.. again
* [EC-598] fix: failed merge
* [EC-598] fix: move files around to match new structure
* [EC-598] feat: add implementation for non-discoverable credentials
* [EC-598] chore: remove some changes introduced by vs
* [EC-598] fix: linting issues
* [PM-1500] Add feature flag to enable pass keys (#2916)
* Added feature flag to enable pass keys
* Renamed enable pass keys to fido2 vault credentials
* only sync fido2key ciphers on clients >=2023.9.0 (#3244)
* Renamed fido2key property username to userDisplayName (#3172)
* [PM-1859] Renamed NonDiscoverableId to credentialId (#3198)
* PM-1859 Refactor to credentialId
* PM-1859 Removed unnecessary import
---------
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
* [PM-3807] Store all passkeys as login cipher type (#3261)
* [PM-3807] feat: add discoverable property to fido2key
* [PM-3807] feat: remove standalone Fido2Key
* [PM-3807] chore: clean up unusued constant
* [PM-3807] fix: remove standadlone Fido2Key property that I missed
* [PM-3807] Store passkeys in array (#3268)
* [PM-3807] feat: store passkeys in array
* [PM-3807] amazing adventures with the c# linter
* [PM-3980] Added creationDate property to the Fido2Key object (#3279)
* Added creationDate property to the Fido2Key object
* Fixed lint issues
* fixed comments
* made createionDate required
* [PM-3808] [Storage v2] Add old client/new server backward compatibility (#3262)
* [PM-3807] feat: add discoverable property to fido2key
* [PM-3807] feat: remove standalone Fido2Key
* [PM-3807] chore: clean up unusued constant
* [PM-3808] feat: add fido2 compatibility check before saving ciphers
* Resolved merge conflicts.
* Setting minimum version for QA.
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* [PM-4054] Rename Fido2Key to Fido2Credential (#3306)
* Add server version compatibility check for Fido2Credentials on sharing with org (#3328)
* Added compatibility checks.
* Refactored into separate methods for easier removal.
* Added check on ShareMany
* Updated method order to be consistent.
* Linting
* Updated minimum server version for release, as well as defaulting the feature on for self-hosted.
* Added trailing space.
* Removed extra assignment
---------
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Carlos Gonçalves <carlosmaccam@gmail.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [SG-966] [SG-967] Add new cipher properties, update DB objects and create migrations (#2681)
* Updated cipher entity with two new columns
* Added sqlserver mifgration and updated applicable stored procedures and table
* Added EF Migrations
* Made changes to response model to include new column properties
* Fixed formatting
* Modified scripts to reflect suggestions made on PR
* Added column to cipher table using default
* Include constraint in create cipher table script
* Added key and forcerotatekey property to request model (#2716)
* Added key update on the Cipher_UpdateWithCollection stored procedure, ef (#2855)
* Added key and forceKeyRotation to BuildCiphersTable method (#2893)
* [PM-2211] Remove forceKeyRotation column (#2921)
* Removed forceKeyRotation column
* Adjusted date for migrtaion file
* Passed key column to update cipher script to update cipher key when it is rotated (#2967)
* [PM-2448] Update CipherDetails_Update SP to update attachment column (#2992)
* Updated the cipherdetails_update stored procedure to update the attachement column when encrypted with the cipher key
* Moved migration and renamed old migration file
* Fixed lint issues
* Fixed lint issues
* renamed sqlserver migration to have a more recent date
* [PM-2548] Added validation to edit and add attachments methods (#3130)
* PM-2548 Added validation to edit and add attachments methods
* PM-2548 Moved the validation to a private method
* PM-2548 Minor refactor
* Bumped up minimum version
* Bumped up minimum version
* Changed version for tests purposes
* Bumped up minimum version
* Updated encryption minimum version to match clients for QA.
* PM-3976 Passed Key column to update cipher on bulk edit (#3299)
* Updated minimum client version in preparation for release.
* Renamed migration with current date. (#3303)
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com>
Co-authored-by: Carlos Gonçalves <carlosmaccam@gmail.com>
* [AC-1344] Added method PutRestoreManyAdmin to CiphersController and refactored PutRestoreMany
* [AC-1344] Fixed unit test
* [AC-1344] Removed comment
* [AC-1344] Fixed sql.csproj
* [AC-1344] Added check for empty or null array; added more unit tests
* Extract Import-Api endpoints into separate controller
Moved ciphers/import and ciphers/import-organization into new ImportController
Paths have been kept intact for now (no changes on clients needed)
Moved request-models used for import into tools-subfolder
* Update CODEOWNERS for team-tools-dev
* Move HibpController (reports) to tools
* Moving files related to Send
* Moving files related to ReferenceEvent
* Removed unneeded newline
