* remove validation from 2fa GET and mask sensitive data
* skip verification check on put email
* disable verification on send-email and reenable on put email
* validate authenticator on set instead of get
* Revert "validate authenticator on set instead of get"
This reverts commit 7bf2084531.
* fix tests
* fix more tests
* Narrow scope of verify bypass
* Defaulted to false on VerifySecretAsync
* fix default param value
---------
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
These sprocs were used to remove AccessAll from
cipher access logic. Now the original sprocs have been
updated with the new logic, these v2 sprocs are unused
and are being dropped to complete the EDD cycle.
These updated sprocs removed AccessAll from cipher access logic.
The non-versioned sprocs have been updated with the new logic and
these v2 copies are now unused. They are being dropped to complete
the EDD cycle.
* Added missing authorization validation to OrganizationBillingController endpoints
* Moved authorization validation to top of each method
* Resolved broken unit tests and added some new ones
* Resovled issue where free families line item isn't removed from the Stripe subscription when the sponsorship isn't in the database
* Moved SponsorOrganizationSubscriptionUpdate to Billing namespace
* chore: remove fc refs in CreateGroup and UpdateGroup commands, refs AC-2646
* chore: remove fc refs and update interface to represent usage/get rid of double enumeration warnings, refs AC-2646
* chore: remove org/provider service fc callers, refs AC-2646
* chore: remove collection service fc callers, refs AC-2646
* chore: remove cipher service import ciphers fc callers, refs AC-2646
* fix: UpdateOrganizationUserCommandTests collections to list, refs AC-2646
* fix: update CreateGroupCommandTests, refs AC-2646
* fix: adjust UpdateGroupCommandTests, refs AC-2646
* fix: adjust UpdateOrganizationUserCommandTests for FC always true, refs AC-2646
* fix: update CollectionServiceTests, refs AC-2646
* fix: remove unnecessary test with fc disabled, refs AC-2646
* fix: update tests to account for AccessAll removal and Manager removal, refs AC-2646
* chore: remove dependence on FC flag for tests, refs AC-2646
* Add Explicit Reference to Microsoft.AspNetCore.DataProtection
* Use Version That Doesn't Cause Downgrade
* Update src/Core/Core.csproj
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Getting the fresh invoice if the subscription was updated when validation the families sponsorship
* Getting fresh invoice after validation families sponsorship fails
* Also updating invoice line items
* [deps] Tools: Update MailKit to v4.7.0
* Add explicit reference to System.Formats.Asn1 to address Microsoft Security Advisory CVE-2024-38095
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add AccessToSecretsAsync to the repository
* Add BulkSecretAuthorizationHandler
* Update controller to use the new authz handler
* Add integration test coverage
Final removal of AccessAll logic in CollectionCipher sprocs. We had v2 sprocs already
containing this updated logic that were never used; copy the v2 logic back to the
original sprocs so that we start using it. v2 sprocs will be dropped later.
