Branch:
main
2026-01-29/revert-persistent-grants
AC-1527-refactor-the-stripe-webhook-logic
AC-1601-require-sso-for-tde
AC-1833-2FA-Check-mark-still-visible
AC-2035-when-a-subscription-is-cancelled,-the-customer-cannot-self-server
ActivityDecorator
Add-MsSqlMigratorUtility-run-configuration-for-VS-Code
ApiKeyAuthInTheCli
Auth/PM-52-add-rbac-for-providers
Auth/pm-6333/remove-security-validation-exception
BRE-1037/update-rc-deploy-trigger
BRE-193-demo
BRE-193-test
BRE-247-create-test-env
BRE-292-sync-ephemeral-env-on-build-test
BRE-443-get-major-repos-to-bwwl-lint-passing-stage
BRE-demo-ee-01
DEVOPS-1039-update-release-flow-dry-run-step-names
DEVOPS-1215-Build-Migrator-project-artifact
DEVOPS-1537-Update-dbo.Migrations-table-to-support-repeatable-migrations
DEVOPS-1551-test-branch-for-server3
DEVOPS-1594-pin-all-uses-of-bitwarden-gh-actions-to-master
EC-502-cherry-pick
MergePlanAndPriceUpdates
PM-11525-Estimated-tax-shown-to-customers-potentially-incorrect
PM-13128
PM-13446-Database-Add-IsMultiOrgEnterprise-column-to-Provider-table
PM-14163-Sales-Tax-Compliance
PM-14891-Sales-Tax-Estimation-For-Organizations
PM-14892-Sales-Tax-Estimation-For-Accounts
PM-14894-Drop-Sales-Tax-Database-Tables
PM-15404-Provider-portal-contains-incorrect-styling-for-the-table-filters
PM-15536-Unsupported-Provider-Type-Reseller-on-Create-New-Org-under-Reseller
PM-16196
PM-16682
PM-16921
PM-17132
PM-17732
PM-18018
PM-18881
PM-19147
PM-19147_2
PM-19147_3
PM-19562-remove-desktop-flag
PM-19643
PM-2014-passkey-registration
PM-2032-troubleshoot-actions
PM-22372
PM-2448
PM-25697
PM-27886
PM-2844-beeep-add-custom-error-codes-for-server-api-exceptions
PM-30751
PM-31787-Defect-Users-can-access-the-sends-after-the-limit-was-reached
PM-3263-Fix-EF-tests-for-passkey-registration-and-test-EF-repository-implementation
PM-33144-fix-send-password-on-edit
PM-33500
PM-33889-Innovation-sprint-Bitwarden-Receive
PM-3807-store-all-passkeys-as-login-cipher-type
PM-4128-Tools-Remove-nullability-of-Send.Data-and-Send.Keys
POC/cipher-versioning
PS-590
QA
Remove-Return-ValidateSponsorshipCommand.cs
SG-497/Health-checks
SG-660
SG-701
SM-1301-get-by-id-changes-events
SM-1548-SecretViewSlow
SM-1588-secret-versioning
SM-1588-small-controller-changes
SM-1743-featureflag
SM-1805-OrgLic
SM-1878-feature-flag-versioning
SM-2-Organization
SM-249-Delete-Secrets
SM-381]-Access-Policy-Secrets
SM-73
SM-73-signed
SM-910-BasedOn923
SM-923-Issues
SM-prototype-for-manage-permissions
SRE-3019-using-claude-implement-the-azure-mail-queue-retry-feature
Secrets-Access
ac-1409/secrets_manager_subscription_stripe
ac-1427/add_new_organisation_properties
ac-1427/add_new_organisation_properties_update_db_objects_and_create_migration
ac-1753-automatically-assign-providers-pricing-to-new-organizations
ac-1779/fix-validation-for-expirationWithoutGracePeriod-in-organizationLicense
ac-2266-two-email-notifications-is-sent-when-creating-org-from-sm-Trial-page
ac-2306-Self-serve-upgrade-automatically-updates-subscription
ac-2310-dont-reset-billing-cycle-if-upcoming-invoice-exceeds-dollar-threshold
ac-2385-as-a-billing-system-I-need-to-handle-attempting-to-pay-an-invoice-with-braintree-for-a-provider
ac-2570-existing-providers-see-new-cb-experience-on-admin-console
ac-2957-delete-the-feature-flag-PM-5864-dollar-threshold
ac/ac-1174/master-bulk-collection-management
ac/ac-1174/testing-unidirectional-dataflow
ac/addison/pm-10863/turn-on-for-self-host
ac/addison/pw-10314/auto-enable-policy
ac/jmccannon/pm-12479-changing-groups-model
ac/jmccannon/pm-12488-pt2-refactor
ac/pm-15621/add-commandresultvalidator
ac/pm-17217/add-use-policy-check-for-accept-endpoint
ac/pm-20633/rename-remove-individual
ac/pm-21031/get-members-performance-optimization
ac/pm-21411/refactor-interface-for-determining-premium-status-and-features
ac/pm-21742/update-confirmed-to-org-family-free
ac/pm-22102/metadata-prototype
ac/pm-22108/add-bulk-interfaces-for-checking-policies
ac/pm-22450/collection-revision-date-is-not-updated
ac/pm-22525-log-provider-accessing-org-vault
ac/pm-23845/fix-concurrent-access-feature-flag
ac/pm-24278/add-ipostsavepolicysideeffect
ac/pm-24278/prototype
ac/pm-24279/add-new-policy-endpoint
ac/pm-24279/vnext-policy-endpoint
ac/pm-26714/seat-count-increase-email-not-being-sent
ac/pm-28555/add-semaphore-table
ac/pm-29129/add-policy-update-event-readme
ac/pm-29129/add-the-policy-readme
ac/pm-29152/rename-vnextsavepolicycommand-to-savepolicycommand
ac/pm-31153-add-email-updates-to-rc
ac/pm-31193/cache-migration-4
ac/pm-31193/cache-migration-5
ac/pm-31475-remove-decline-org-transfer-event-log-being-blank
ac/pm-32159-provider-userids-endpoint
ac/pm-32741/add-organization-data-owner-ship-policy-data
ac/pm-32741/add-organizationdataownershippolicydata
ac/pm-33213/remove-resetpassword-feature-flag
ac/pm-5966/fix-entity-framework-query
ac1191-tde-approval-email
ac1454-2fa-directory
acostarj-patch-1-cs-server
add-2017-to-db-test-script
add-backport-workflow
add-captcha-logging
add-encrypted-key-column
add-gitlens-settings
add-linux-cert-helper
add-needs-qa-label
add-notification-channels
add-notification-hub-logging
add-peer-dependency
additional-load-tests
aesgcm
agalles/add-SeederApi-to-GHCR
ai/exercise-claude-code-review-do-not-merge
akd
anders/add-devcontainer-docs
anders/increase-passkey-limit
api-integration-tests
arch/PM-33142/add-sync-metric
arch/add-basic-auth-to-seeder-api
arch/add-hosted-service-to-clear-old-play-data
arch/emailers-razor
arch/mailer-enqueue
arch/qa-automation-freeaccount-preset
arch/simplify-install
architecture/api-versioning
auth/add-cosmos-persisted-grant-to-sso
auth/context-rules
auth/logging-admin-new-device-verification
auth/pm-11537/increase-passkey-limit
auth/pm-17129/login-with-2fa-recovery-code-bugfix
auth/pm-18612
auth/pm-18720/change-password-component-non-dialog
auth/pm-18720/change-password-component-non-dialog-v3
auth/pm-18720/change-password-component-non-dialog-v4
auth/pm-19209/revert-to-original-message
auth/pm-19685/remove-email-delay-flag
auth/pm-20377/token-add-user-details
auth/pm-20532/tech-breakdown-poc-token-based-send-authn-and-authz
auth/pm-21926/add-salt-to-dtos
auth/pm-24207
auth/pm-24281/enhance-email
auth/pm-24579/prevent-existing-sso-rejected-users-nullish-fix
auth/pm-24617/throttling-report
auth/pm-24662/tech-breakdown-comments
auth/pm-26578/http-redirect-cloud
auth/pm-27062/prelogin-new-data-types
auth/pm-27084/register-accepts-new-data-types
auth/pm-27510/prevent-existing-sso-rejected-users-nullish-fix
auth/pm-31327/emergency-access-deletion-use-new-command
auth/pm-32526/salt-in-change-set-rotate-flows
auth/pm-32626/standardize-unlock-authentication-validation
auth/pm-33011/salt-endpoint-update
auth/pm-33788/ef-emergency-access
auth/pm-34246/rename-set-password-to-finalize-onboarding
auth/pm-3797/key-rotation-upgrades
auth/pm-4142/remove-old-invite-token-validation
auth/pm-4517/devices-add-last-activity-date
auth/pm-5947/self-host-duo-redirect
auth/pm-6631/handle-webauthn-creation-exception
auth/pm-8882/add-logging-feature-flag
auth/pm-9826/2fa-get-remove-validation
auth/poc/master-password-service-example
auth/poc/query-command-password-solution
auth/poc/set-update-password-changes
auth/proto/webauthn-limit-increase
auth/refactor-sso-jit-provision-finish-process
auth/remove-captcha
auth/remove-feature-flags
auth/tools/unlock-authentication-migration-tool
authreq
autofill-feature-flag-cleanup
autofill/idp-auto-submit
autofill/pm-10418-expiration-date-on-cards-does-not-autofill-the-correct-format
azure-table-tests
beeep-lazy-user-currentcontext
beeep/recipe-seeding
billing/AC-2379/webhook-update-provider-status
billing/AC-2515/stripe-upgrade
billing/PM-11516/license-stuff
billing/PM-27702/cant-purchase-subscription-with-PayPal
billing/PM-29956/add-sponsorship-redeem-logging
billing/PM-31909/remove-m3-flagged-logic-server
billing/PM-31911/remove-m3-flag-definition-server
billing/aspire
billing/codeowner-changes
billing/env-based-dev-container
billing/license-claims-data-type-expansion
billing/license-refactor
billing/mjml-template-migration
billing/pm-21643-create-stripe-webhook-endpoints-for-api-version-2025-04-30-basil
billing/pm-27603/initial-migration-for-storage-increase
billing/pm-28662-fix-duplicate-premium-subscriptions
billing/pm-28662/individual-Premium-automatically-disabled-due-to-duplicate-subscription-leftover
billing/pm-29090/step-2-remove-feature-flag-from-server
billing/pm-29595/user-that-upgraded-from-premium-reverts-an-organization-upgrade-during-the-trial-period
billing/pm-31771/default-payment-method-not-updated-within-subscription
billing/pm-33301/upgrade-using-paypal-account
billing/pm-34570/expired-claimed-user-throws-exception-on-subscription-cancel
blazor
brant/move-organization-connection-to-integrations
brant/move-organization-connection-to-integrations-step-2
bre-1241-ephemeral-environment-test
bre-1685/nginx-configuration-for-seeder-api-service
bre/fix-repository-management-perms
bre/th/dev
bsephem
bug/PS-2120-purge-vault-not-refreshing-items
build-tvp-arrays-outside-connection
bump-server-sdk-1.5
collectiongroupsapi
community-pm-3309-fixes-for-kerberos-auth
community/pm-2242/add-kerberos-auth-to-docker
context-rules
copilot/add-sdk-key-rotation-flag
copilot/install-sql-2022-arm
copilot/review-draft-pr-6748
cosmosevents
create-mailers
database-seeder
db-migration
dbops/dbops-31/csv-import
debug-self-hosted-passwordless
debug/push-notifications
demo/flexible-collections-v1
devcontainer-updates
dirt/PM-23358/move-phishing-code-to-dirt-team
dirt/PM-25576/change-member-access-query-to-use-views
dirt/PM-29828/modify-dbseeder-to-make-test-data-quickly
dirt/access-intelligence-db-seeder
dirt/pm-20112_member_access_report_503error
dirt/pm-20577/report-summary-for-db
dirt/pm-20577/risk-insight-server-endpoints
dirt/pm-23030/add_report_key_for_key_rotation
dirt/pm-23044/organization-application-server-implementation
dirt/pm-23754/alter-org-report-table
dirt/pm-23754/organization-report-summary-table
dirt/pm-28531/organization-report-view-metrics
dirt/pm-30542/remove-m11-flag
dirt/pm-31747/download-risk-insights-report
dirt/pm-31923-azure-blob-access-intelligence
dirt/pm-31923-whole-report-data-v2-endpoints-access-intelligence
dirt/pm-32517-migration-access-intelligence-blob-storage
dirt/pm-32518-summary-data-endpoints-v2-access-intelligence
dirt/pm-32519-application-data-v2-endpoints-access-intelligence
dirt/pm-33194/single-integration-of-a-given-type
disable-claude-attribution
dn/wp-poc
duo-sdk-upgrade
ec-598
ee-db-seeder
ee-patch-01
ee-test-image-updater
ee/test/branch
enable-xunit-diagnostic-messages
ephem-test-01
ephemeral-environment-api-env
ephemeral-environment-hello-world
ephemeral-test-01
external-dns-test
feat/SG-651-activate-org-with-stripe-activation
feat/passwordless
feature/decouple-icon-service
feature/dev-migrator-script-rerun-option
feature/org-admin-refresh-v3
feature/refactor-organization-service-to-feature-services
feature/seeder-crypto-abstraction
feature/self-hosted-F4E-sync
feature/self-hosted-f4e-orgsponsorship-migration
fedemkr-patch-1
fix-build
fix-identity-resource
fix-rc
fix-tde-provider-user
formatjan2023csp
hosting-env-change
hotfix-EC-529
hotfix-rc
hotfix-sendgrid
idphost
iinuwa/mobile-device-login-passkey
iinuwa/store-prf-secrets
iinuwa/webauthn-credential-limit-error
innovation-sprint-2026-send-folder
innovation-sprint/autotriage/report-issue
innovation/2026/magnify
innovation/autofill-triage
innovation/bw-receive-add-table-entity
innovation/opaque
innovation/seeded-csprng-fake-user
innovation/sync-user-preferences
introduce-server-sdk-everywhere
is/pm-34456/innovation-sprint-enable-automated-release-notes
jim-test
jmccannon/ac/pm-12474-org-user-auth-handlers
jmccannon/ac/pm-12487-restore-user-command
jmccannon/ac/pm-15547-revoke-user-remove-2fa
jmccannon/ac/pm-24462-seat-limit-ignored
jmccannon/ac/pm-28627/restore-create-default-collection
jmccannon/ac/pm-3175-send-invite-async
jmccannon/ac/transaction-attempt
jmccannon/ac/transaction-attempt-2
jmccannon/ac/validation-result-poc
jmccannon/inno/passkey-directory-report
jmccannon/testing-improvements
justindbaur-patch-1
justindbaur-patch-2
k8-alpine-test-bre-917
k8s/use-mounted-secrets
keyedcache
km/auto-enroll-name
km/auto-kdf-qa
km/beeep/qr-login
km/key-rotation-signing
km/km-10648/remove-reference-to-feature-flag
km/pm-27278/register-password-based-account-v2
km/pm-30483/remove-passkey-ff-logic
km/poc-user-key-rotation-composition
km/remove-old-ssh-flags
km/remove-unused-file
km/sdk-key-rotation
km/signing-keys
km/tde-offboarding-fix
linting-again
main
make-roles-change-at-runtime
metadata/badges
minimal-codespace
misc/use-host-environment
mobile/PM-18936-key-connector-ephemeral
move-azurite-scaffolding
move_old_DbScripts_future_to_DbScripts
mtmorgdomains
named-http-clients
notfoundcheck
notification-hub-debug-logging
null-operator-on-fido2keys
nullable-entities
orgapikeys
passwordless/add_fingerprintphrase_reponse
passwordless/getUserAuthRequests
passwordless/notifications
passwordless/signalR
patch/ee-bot-test
perfindexes
platform/addison/PM-11129/codeownership-assignments
platform/addison/PM-11129/implemetation
platform/pm-2182/harden-captcha-bypass-conditions
platform/pm-23123/test-cookie-endpoint
platform/pm-2944/make-entities-nullable
platform/pm-3626/write-collections-tests
platform/remove-storage-reseed-flag
pm-12071-only-verified-org-domain-sso
pm-13345-Add-Remove-Bitwarden-Families-policy-in-Admin-Console
pm-13347-web-app-impacts
pm-13429-Seat-Count-Increase-Email-Only-Sending-For-First-Auto-Scale-But-Not-Subsequent
pm-14496-non-root-self-hosted-images
pm-15625-disable-trial-send-verification-email-endpoint-for-self-host
pm-15808-Show-suspended-org-modals-for-orgs-in-unpaid-and-canceled-status
pm-15814-alert-owners-of-reseller-managed-orgs-to-renewal-events
pm-17592-remove-feature-flag-disable-free-families-sponsorship
pm-20084-add-trial-length-parameter-to-trial-send-verification-email-endpoint
pm-2023-fido2-authentication
pm-21106-remove-button-not-responsive
pm-22968-ui-when-MSP/BUP-is-suspended-feature-flag
pm-28727-dotnet-10
pm-28727-net10-dockerfiles
pm-28973
pm-34171-card-scanner-feature-flag
pm-3891-implement-time-based-threshold
pm-3892-implement-dollar-threshold-for-monthly-sub
pm-6768-error-autoscaling-when-organisation-is-subscription-is-still-trialing
pm-6774-reduce-the-dollar-threshold-from-500-to-300-dollars
pm-9162
poc/structurizr
pre-tde-self-host
proxy-project
ps/explore-required
ps/include-flag-context-in-config-response
ps/pm-21571/implement-smtp-oauth
ps/pm-2944/make-entities-nullable-auth
ps/pm-336/nullable-unowned-services
quexten-patch-1
rc
rebase-demo-ex-2
receive-request-response-models-empty-controller
receive-storage-service
receive-validation-service
remove-accept-org-user-method
renovate/actions-create-github-app-token-3.x
renovate/azure-azure-sdk-for-net-monorepo
renovate/braintree-5.x
renovate/crazy-max-ghaction-import-gpg-7.x
renovate/dbup-sqlserver-7.x
renovate/docker-compose-minor
renovate/docker-login-action-4.x
renovate/docker-setup-buildx-action-4.x
renovate/docker-setup-qemu-action-4.x
renovate/dotnet-monorepo
renovate/dtolnay-rust-toolchain-digest
renovate/fido2.aspnet-4.x
renovate/fusioncache-monorepo
renovate/github-action-minor
renovate/jquery-4.x
renovate/kenchan0130-simplesamlphp-1.x
renovate/kralizek.autofixture.extensions.mockhttp-2.x
renovate/linq2db-6.x
renovate/linq2db.entityframeworkcore-10.x
renovate/linq2db.entityframeworkcore-8.x
renovate/lock-file-maintenance
renovate/major-aspnet-health-checks-monorepo
renovate/major-dotnet-monorepo
renovate/major-entityframeworkcore
renovate/major-github-artifact-actions
renovate/major-vstest-monorepo
renovate/mcr.microsoft.com-devcontainers-dotnet-10.x
renovate/mcr.microsoft.com-mssql-server-2025.x
renovate/microsoft.azure.cosmos-3.x
renovate/microsoft.build.sql-2.x
renovate/microsoft.data.sqlclient-7.x
renovate/mini-css-extract-plugin-2.x
renovate/mjml-4.x
renovate/mjml-core-4.x
renovate/npgsql.entityframeworkcore.postgresql-10.x
renovate/npgsql.entityframeworkcore.postgresql-8.x
renovate/pin-dependencies
renovate/pomelo.entityframeworkcore.mysql-9.x
renovate/postgres-18.x
renovate/prettier-3.x
renovate/rabbitmq.client-7.x
renovate/stripe.net-46.x
renovate/swashbuckle-aspnetcore-monorepo
renovate/vstest-monorepo
renovate/webpack-5.x
renovate/webpack-cli-7.x
renovate/yamldotnet-16.x
repository-management-workflow-fix
return-non-zero-exit-code-on-failure
revert-2346-SG-698
revert-2992-PM-2448
revert-3891-ac-2293-Two-email-notifications-is-sent-when-creating-org-from-SM-Trial-page
revert-6582-revert-6577-auth/pm-27062/prelogin-new-data-types
sdk-decrypt
server-PM-33964/cache-rsa-material
setup-integration-tests
sg/SG-58
sm-10995-removefeatureflag
sm-910-923
sm-923
sm-add-bulk-move-to-project
sm/sm-873
sm/sm-904
sns
snyk-fix-261dbaccec3d4355caadddbd8dc44b4b
snyk-fix-6d56d7b220780f29826f4338d1631736
snyk-fix-8b823cd3ec0299ef141df1252a243e9b
snyk-fix-9a25996054355dc90914c1d4e62b99fc
snyk-fix-9ab4f8e979d891859939b5e19e825a45
snyk-fix-afde10973a7206485a89218280e291d8
snyk-fix-d0b5c3ca960136a116ca02dbf1b0b2b4
sre
sso-default-logging
sso-device-key-callback-poc
ssoconfig
strongly-typed-orgusers
sven/drafts/revocation-reason-active-status-example
sven/drafts/revocation-reason-policy-details-example
sven/examples/org-user-status-type-extension-logic
task/BRE-128
task/BRE-342
test
test-docker-stuff
test-email-subject-automation
test-ephemeral-env-key-connector
test-image-updater-ee
test-new-trigger-ee
testing
th-ee-test
tools/AC-2496/graphql-experiment
tools/AC-2496/odata-init
tools/AC-2496/odata-test
tools/PM-31884-send-access-policies
tools/PM-31885-SendControls-Policy-eliykat
tools/generator-modernization
tools/pm-16085/increase-import-limitations
tools/pm-26732/remove-chromium-importer-abe-flag
tools/pm-31066/add-sends-sdk-feature-flag
tools/pm-31884/send-access-controls-policy
tools/pm-8895/groups-controller-decouple
tools/pm-9709/group-details-query
tools/tech-debt/remove-unused-response-parameters
true-unified
trustmssql
tt-test-branch
update-renovate-for-auth
upgrade-npgsql-version
use-pr-for-release-version
util/support-dev-env-installations
vault/PM-32686-bank-account-type
vault/ac-2106/fix-provider-creating-collection
vault/delete-only-can-manage
vault/feature/cipher-versioning
vault/pm-20379/security-task-hidden-password
vault/pm-28190/sdk-sharing-feature-flag
vault/pm-31019/add-feature-flag
vault/pm-31671/attachment-checks
vault/pm-31671/ssrf-change-password
vault/pm-31825/attachment-checks
vault/pm-32463/disabled-org-cipher-access
vault/pm-4185/regression-testing
vault/pm-5072/update-minimum-server-version-for-cipher-key-encryption
verifypasswordhashonenrollment
vgrassia/test
vgrassia/test-warfields
vuln-252-check-run-least-priv
xunit-v3-full-upgrade
xunit-v3-migration
yubikey-logging
1.22.0
1.4.0
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.10.0
v1.11.0
v1.11.1
v1.12.0
v1.12.1
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.30.0
v1.30.1
v1.30.2
v1.30.3
v1.30.4
v1.31.0
v1.31.1
v1.32.0
v1.33.0
v1.33.1
v1.34.0
v1.35.0
v1.35.1
v1.36.0
v1.36.1
v1.37.0
v1.37.1
v1.37.2
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.4.1
v1.40.0
v1.41.0
v1.41.1
v1.41.2
v1.41.3
v1.41.4
v1.41.5
v1.41.6
v1.42.0
v1.42.1
v1.42.2
v1.42.3
v1.43.0
v1.43.1
v1.44.0
v1.44.1
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.45.4
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.47.0
v1.47.1
v1.48.0
v1.48.1
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v2022.05.0
v2022.10.0
v2022.11.0
v2022.11.1
v2022.12.0
v2022.5.1
v2022.5.2
v2022.6.0
v2022.6.1
v2022.6.2
v2022.8.0
v2022.8.2
v2022.8.3
v2022.8.4
v2022.9.0
v2022.9.1
v2022.9.2
v2022.9.4
v2022.9.5
v2023.1.0
v2023.10.0
v2023.10.1
v2023.10.2
v2023.10.3
v2023.12.0
v2023.12.1
v2023.2.0
v2023.2.1
v2023.3.0
v2023.4.0
v2023.4.1
v2023.4.2
v2023.4.3
v2023.5.0
v2023.5.1
v2023.7.0
v2023.7.1
v2023.7.2
v2023.8.0
v2023.8.1
v2023.8.2
v2023.8.3
v2023.9.0
v2023.9.1
v2024.1.0
v2024.1.1
v2024.1.2
v2024.10.0
v2024.10.1
v2024.10.2
v2024.11.0
v2024.12.0
v2024.12.1
v2024.2.0
v2024.2.1
v2024.2.2
v2024.2.3
v2024.3.0
v2024.3.1
v2024.4.0
v2024.4.1
v2024.4.2
v2024.5.0
v2024.6.0
v2024.6.1
v2024.6.2
v2024.7.0
v2024.7.1
v2024.7.2
v2024.7.3
v2024.7.4
v2024.8.0
v2024.8.1
v2024.9.0
v2024.9.1
v2024.9.2
v2025.1.0
v2025.1.1
v2025.1.2
v2025.1.3
v2025.1.4
v2025.10.0
v2025.10.1
v2025.10.2
v2025.11.0
v2025.11.1
v2025.12.0
v2025.12.1
v2025.12.2
v2025.2.0
v2025.2.1
v2025.2.2
v2025.2.3
v2025.2.4
v2025.3.0
v2025.3.3
v2025.4.0
v2025.4.1
v2025.4.2
v2025.4.3
v2025.5.0
v2025.5.1
v2025.5.2
v2025.5.3
v2025.6.0
v2025.6.1
v2025.6.2
v2025.7.0
v2025.7.1
v2025.7.2
v2025.7.3
v2025.8.0
v2025.8.1
v2025.9.0
v2025.9.1
v2025.9.2
v2026.1.0
v2026.1.1
v2026.2.0
v2026.2.1
v2026.3.0
v2026.3.1
v2026.3.2
${ noResults }
11 Commits (main)
| Author | SHA1 | Message | Date |
|---|---|---|---|
sven-bitwarden
|
4cb60ac37d
|
[PM-332124] Finalize PolicyRequirement + 2FA Feature Flag (#7209)
* Remove 2FA feature flag * Remove unused using |
2 days ago |
|
sven-bitwarden
|
081bbe66d0
|
[PM-30993] Better Error Message for Expired Invitation Tokens (#6971)
* Send better error message when token is expired * Add comment indicating frontend usage * Add testcase for Invalid Token scenario * Update comment in test-case * Fix merge issue * Fix method name * Consolidate token validation error calculation, apply to new area * Move away from magic strings, fix tests * Adjust class name * Clean up old method name references * Change errors to fields for singleton behavior * Formatting |
2 weeks ago |
Jared McCannon
|
f820b7ec87
|
[PM-18236] - Use Single Org Requirement (#6999)
* Added new methods and ff for single org req * Changed req messages and added new method for creating orgs * Updated Requirement and Tests. * Updated commands and requirement to take a list of org users * Updated xml docs and renamed to be consistent * Changes from Code Review * Removed feature flag check for policy requirements around single org. Aligned error message with what other commands were returning. * Fixed test names. Updated error messages to be specific for each caller. * Updated tests to clean up details consturction * Added test for confirmed accepted user in another org. * fixed tests to use new factory * Update test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Fixed tests by adding no op for req. --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> |
3 weeks ago |
|
sven-bitwarden
|
43d3c414cc
|
[PM-28519] Remove Emergency Access Contacts for AutoConfirm Org Flows (#7123)
* Remove emergency access from all organization users on policy enable, or when accepted/restored * Use correct policy save system * Add additional tests * Implement both PreUpsert and OnSave side effects |
4 weeks ago |
|
sven-bitwarden
|
b412826951
|
[PM-4142] Clean Up Pre-Tokenable Token Validation (#6972)
* Remove old pre-tokenable code * Clean up dead code * Remove unused imports |
1 month ago |
Brandon Treston
|
bf9cc01459
|
[PM-26379] Implement auto confirm push notification (#6980)
* implement auto confirm push notification * fix test * fix test * simplify LINQ |
2 months ago |
|
Jared McCannon
|
e646b91a50
|
[PM-27131] Auto confirm policy requirement (#6649)
* Added Auto confirm policy enforcement requirement. Includes strict single org enforcement along with blocking provider users from joining orgs with auto confirm enabled. |
4 months ago |
Rui Tomé
|
829ce86066
|
[PM-18238] Add RequireTwoFactorPolicyRequirement (#5840)
* Add RequireTwoFactorPolicyRequirement and its factory with unit tests * Implemented RequireTwoFactorPolicyRequirement to enforce two-factor authentication policies. * Created RequireTwoFactorPolicyRequirementFactory to generate policy requirements based on user status. * Added unit tests for the factory to validate behavior with various user statuses and policy details. * Enhance AcceptOrgUserCommand to use IPolicyRequirementQuery for two-factor authentication validation * Update ConfirmOrganizationUserCommand to use RequireTwoFactorPolicyRequirement to check for 2FA requirement * Implement CanAcceptInvitation and CanBeConfirmed methods in RequireTwoFactorPolicyRequirement; update tests to reflect new logic for two-factor authentication policy handling. * Refactor AcceptOrgUserCommand to enforce two-factor authentication policy based on feature flag; update validation logic and tests accordingly. * Enhance ConfirmOrganizationUserCommand to validate two-factor authentication policy based on feature flag; refactor validation logic and update related tests for improved policy handling. * Remove unused method and its dependencies from OrganizationService. * Implement CanBeRestored method in RequireTwoFactorPolicyRequirement to determine user restoration eligibility based on two-factor authentication status; add corresponding unit tests for various scenarios. * Update RestoreOrganizationUserCommand to use IPolicyRequirementQuery for two-factor authentication policies checks * Remove redundant vNext tests * Add TwoFactorPoliciesForActiveMemberships property to RequireTwoFactorPolicyRequirement and corresponding unit tests for policy retrieval based on user status * Refactor UserService to integrate IPolicyRequirementQuery for two-factor authentication policy checks * Add XML documentation for TwoFactorPoliciesForActiveMemberships property in RequireTwoFactorPolicyRequirement to clarify its purpose and return value. * Add exception documentation for ValidateTwoFactorAuthenticationPolicyAsync method in ConfirmOrganizationUserCommand to clarify error handling for users without two-step login enabled. * Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify handling of two-step login and 2FA policy checks. * Add RequireTwoFactorPolicyRequirementFactory to PolicyServiceCollectionExtensions * Refactor two-factor authentication policy checks in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline validation logic and improve clarity. Update RequireTwoFactorPolicyRequirement to provide a method for checking if two-factor authentication is required for an organization. Adjust related unit tests accordingly. * Add PolicyRequirements namespace * Update comments in AcceptOrgUserCommand and ConfirmOrganizationUserCommand to clarify two-factor authentication policy requirements and exception handling. * Refactor RequireTwoFactorPolicyRequirement to return tuples of (OrganizationId, OrganizationUserId) for active memberships requiring two-factor authentication. Update UserService and related tests to reflect this change. * Refactor AcceptOrgUserCommand: delegate feature flag check to the ValidateTwoFactorAuthenticationPolicyAsync method * Skip policy check if two-step login is enabled for the user * Refactor ConfirmOrganizationUserCommand to streamline two-factor authentication policy validation logic * Refactor AcceptOrgUserCommand to simplify two-factor authentication check by removing intermediate variable * Update documentation in RequireTwoFactorPolicyRequirement to clarify the purpose of the IsTwoFactorRequiredForOrganization * Refactor AcceptOrgUserCommandTests to remove redundant two-factor authentication checks and simplify test setup * Refactor AcceptOrgUserCommand and ConfirmOrganizationUserCommand to streamline two-factor authentication checks by removing redundant conditions and simplifying logic flow. * Rename removeOrgUserTasks variable in UserService * Refactor RestoreOrganizationUserCommand to simplify two-factor authentication compliance checks by consolidating logic into a new method, IsTwoFactorRequiredForOrganizationAsync. * Remove outdated two-factor authentication validation documentation from AcceptOrgUserCommand * Invert two-factor compliance check in RestoreOrganizationUserCommand to ensure correct validation of organization user policies. * Refactor UserService to enhance two-factor compliance checks by optimizing organization retrieval and logging when no organizations require two-factor authentication. |
10 months ago |
Ike
|
3f95513d11
|
[PM-19029][PM-19203] Addressing `UserService` tech debt around `ITwoFactorIsEnabledQuery` (#5754)
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file. * fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery * fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery. * fix: return two factor provider enabled on CanGenerate() method. * tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled. * tech debt: removed unused service from AuthenticatorTokenProvider * doc: added documentation to ITwoFactorProviderUsers * doc: updated comments for TwoFactorIsEnabled impl * test: fixing tests for ITwoFactorIsEnabledQuery * test: updating tests to have correct DI and removing test for automatic email of TOTP. * test: adding better test coverage |
11 months ago |
|
Rui Tomé
|
edb74add50
|
[PM-14243] Free organization limit is not enforced when editing user (#5155)
* Enforce free organization limit when updating user * Add test for throwing error on accepting admin user joining multiple free organizations * Add test for throwing BadRequest when free organization admin attempts to sign up for another free organization * Fix user ID handling in UpdateOrganizationUserCommand for free organizations * Rename parameter 'user' to 'organizationUser' in UpdateUserAsync method for clarity |
1 year ago |
Thomas Rittson
|
09d07d864e
|
[AC-1751] AC Team code ownership moves: OrganizationUser (part 1) (#3487)
* Move OrganizationUser domain to AC Team ownership * Namespaces will be updated in a separate commit |
2 years ago |
|
Thomas Rittson
|
9021236d61
|
AC Team code ownership moves: Organization pt. 1 (#3472)
* move Organization.cs files to AC Team code ownership |
2 years ago |
|
Thomas Rittson
|
42cec31d07
|
[AC-1287] AC Team code ownership moves: Policies (1/2) (#3383)
* note: IPolicyData and EntityFramework Policy.cs are moved without any changes to namespace or content in order to preserve git history. |
2 years ago |
Jared Snider
|
ee618328c0
|
Auth/PM-3275 - Changes to support TDE User without MP being able to Set a Password + misc refactoring (#3242)
* PM-3275 - Add new GetMasterPasswordPolicy endpoint which will allow authenticated clients to get an enabled MP org policy if it exists for the purposes of enforcing those policy requirements when setting a password. * PM-3275 - AccountsController.cs - PostSetPasswordAsync - (1) Convert UserService.setPasswordAsync into new SetInitialMasterPasswordCommand (2) Refactor SetInitialMasterPasswordCommand to only accept post SSO users who are in the invited state (3) Add TODOs for more cleanup work and more commands * PM-3275 - Update AccountsControllerTests.cs to add new SetInitialMasterPasswordCommand * PM-3275 - UserService.cs - Remove non implemented ChangePasswordAsync method * PM-3275 - The new SetInitialMasterPasswordCommand leveraged the OrganizationService.cs AcceptUserAsync method so while I was in here I converted the AcceptUserAsync methods into a new AcceptOrgUserCommand.cs and turned the private method which accepted an existing org user public for use in the SetInitialMasterPasswordCommand * PM-3275 - Dotnet format * PM-3275 - Test SetInitialMasterPasswordCommand * Dotnet format * PM-3275 - In process AcceptOrgUserCommandTests.cs * PM-3275 - Migrate changes from AC-244 / #3199 over into new AcceptOrgUserCommand * PM-3275 - AcceptOrgUserCommand.cs - create data protector specifically for this command * PM-3275 - Add TODO for renaming / removing overloading of methods to improve readability / clarity * PM-3275 - AcceptOrgUserCommand.cs - refactor AcceptOrgUserAsync by OrgId to retrieve orgUser with _organizationUserRepository.GetByOrganizationAsync which gets a single user instead of a collection * PM-3275 - AcceptOrgUserCommand.cs - update name in TODO for evaluation later * PM-3275 / PM-1196 - (1) Slightly refactor SsoEmail2faSessionTokenable to provide public static GetTokenLifeTime() method for testing (2) Add missed tests to SsoEmail2faSessionTokenable in preparation for building tests for new OrgUserInviteTokenable.cs * PM-3275 / PM-1196 - Removing SsoEmail2faSessionTokenable.cs changes + tests as I've handled that separately in a new PR (#3270) for newly created task PM-3925 * PM-3275 - ExpiringTokenable.cs - add clarifying comments to help distinguish between the Valid property and the TokenIsValid method. * PM-3275 - Create OrgUserInviteTokenable.cs and add tests in OrgUserInviteTokenableTests.cs * PM-3275 - OrganizationService.cs - Refactor Org User Invite methods to use new OrgUserInviteTokenable instead of manual creation of a token * PM-3275 - OrgUserInviteTokenable.cs - clarify backwards compat note * PM-3275 - AcceptOrgUserCommand.cs - Add TODOs + minor name refactor * PM-3275 - AcceptOrgUserCommand.cs - replace method overloading with more easily readable names. * PM-3275 - AcceptOrgUserCommand.cs - Update ValidateOrgUserInviteToken to add new token validation while maintaining backwards compatibility for 1 release. * dotnet format * PM-3275 - AcceptOrgUserCommand.cs - Move private method below where it is used * PM-3275 - ServiceCollectionExtensions.cs - Must register IDataProtectorTokenFactory<OrgUserInviteTokenable> for new tokenable * PM-3275 - OrgUserInviteTokenable needed access to global settings to set its token lifetime to the _globalSettings.OrganizationInviteExpirationHours value. Creating a factory seemed the most straightforward way to encapsulate the desired creation logic. Unsure if in the correct location in ServiceCollectionExtensions.cs but will figure that out later. * PM-3275 - In process work of creating AcceptOrgUserCommandTests.cs * PM-3275 - Remove no longer relevant AcceptOrgUser tests from OrganizationServiceTests.cs * PM-3275 - Register OrgUserInviteTokenableFactory alongside tokenizer * PM-3275 - AcceptOrgUserCommandTests.cs - AcceptOrgUserAsync basic test suite completed. * PM-3275 - AcceptOrgUserCommandTests.cs - tweak test names * PM-3275 - AcceptOrgUserCommandTests.cs - (1) Remove old tests from OrganizationServiceTests as no longer needed to reference (2) Add summary for SetupCommonAcceptOrgUserMocks (3) Get AcceptOrgUserByToken_OldToken_AcceptsUserAndVerifiesEmail passing * PM-3275 - Create interface for OrgUserInviteTokenableFactory b/c that's the right thing to do + enables test substitution * PM-3275 - AcceptOrgUserCommandTests.cs - (1) Start work on AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail (2) Create and use SetupCommonAcceptOrgUserByTokenMocks() (3) Create generic FakeDataProtectorTokenFactory for tokenable testing * PM-3275 - (1) Get AcceptOrgUserByToken_NewToken_AcceptsUserAndVerifiesEmail test passing (2) Move FakeDataProtectorTokenFactory to own file * PM-3275 - AcceptOrgUserCommandTests.cs - Finish up tests for AcceptOrgUserByTokenAsync * PM-3275 - Add pseudo section comments * PM-3275 - Clean up unused params on AcceptOrgUserByToken_EmailMismatch_ThrowsBadRequest test * PM-3275 - (1) Tests written for AcceptOrgUserByOrgSsoIdAsync (2) Refactor happy path assertions into helper function AssertValidAcceptedOrgUser to reduce code duplication * PM-3275 - Finish up testing AcceptOrgUserCommandTests.cs by adding tests for AcceptOrgUserByOrgIdAsync * PM-3275 - Tweaking test naming to ensure consistency. * PM-3275 - Bugfix - OrgUserInviteTokenableFactory implementation required when declaring singleton service in ServiceCollectionExtensions.cs * PM-3275 - Resolve failing OrganizationServiceTests.cs * dotnet format * PM-3275 - PoliciesController.cs - GetMasterPasswordPolicy bugfix - for orgs without a MP policy, policy comes back as null and we should return notFound in that case. * PM-3275 - Add PoliciesControllerTests.cs specifically for new GetMasterPasswordPolicy(...) endpoint. * PM-3275 - dotnet format PoliciesControllerTests.cs * PM-3275 - PoliciesController.cs - (1) Add tech debt task number (2) Properly flag endpoint as deprecated * PM-3275 - Add new hasManageResetPasswordPermission property to ProfileResponseModel.cs primarily for sync so that we can condition client side if TDE user obtains elevated permissions * PM-3275 - Fix AccountsControllerTests.cs * PM-3275 - OrgUserInviteTokenable.cs - clarify TODO * PM-3275 - AcceptOrgUserCommand.cs - Refactor token validation to use short circuiting to only run old token validation if new token validation fails. * PM-3275 - OrgUserInviteTokenable.cs - (1) Add new static methods to centralize validation logic to avoid repetition (2) Add new token validation method so we can avoid having to pass in a full org user (and hitting the db to do so) * PM-3275 - Realized that the old token validation was used in the PoliciesController.cs (existing user clicks invite link in email and goes to log in) and UserService.cs (user clicks invite link in email and registers for a new acct). Added tech debt item for cleaning up backwards compatibility in future. * dotnet format * PM-3275 - (1) AccountsController.cs - Update PostSetPasswordAsync SetPasswordRequestModel to allow null keys for the case where we have a TDE user who obtains elevated permissions - they already have a user public and user encrypted private key saved in the db. (2) AccountsControllerTests.cs - test PostSetPasswordAsync scenarios to ensure changes will work as expected. * PM-3275 - PR review feedback - (1) set CurrentContext to private (2) Refactor GetProfile to use variables to improve clarity and simplify debugging. * PM-3275 - SyncController.cs - PR Review Feedback - Set current context as private instead of protected. * PM-3275 - CurrentContextExtensions.cs - PR Feedback - move parenthesis up from own line. * PM-3275 - SetInitialMasterPasswordCommandTests.cs - Replace unnecessary variable * PM-3275 - SetInitialMasterPasswordCommandTests.cs - PR Feedback - Add expected outcome statement to test name * PM-3275 - Set Initial Password command and tests - PR Feedback changes - (1) Rename orgIdentifier --> OrgSsoIdentifier for clarity (2) Update SetInitialMasterPasswordAsync to not allow null orgSsoId with explicit message saying this vs letting null org trigger invalid organization (3) Add test to cover this new scenario. * PM-3275 - SetInitialMasterPasswordCommand.cs - Move summary from implementation to interface to better respect standards and the fact that the interface is the more seen piece of code. * PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, rename AcceptOrgUserByTokenAsync -> AcceptOrgUserByEmailTokenAsync + replace generic name token with emailToken * PM-3275 - OrganizationService.cs - Per PR feedback, remove dupe line * PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove new lines in error messages for consistency. * PM-3275 - SetInitialMasterPasswordCommand.cs - Per PR feedback, adjust formatting of constructor for improved readability. * PM-3275 - CurrentContextExtensions.cs - Refactor AnyOrgUserHasManageResetPasswordPermission per PR feedback to remove unnecessary var. * PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, remove completed TODO * PM-3275 - PoliciesController.cs - Per PR feedback, update GetByInvitedUser param to be guid instead of string. * PM-3275 - OrgUserInviteTokenable.cs - per PR feedback, add tech debt item info. * PM-3275 - AcceptOrgUserCommand.cs - Per PR feedback, use const purpose from tokenable instead of magic string. * PM-3275 - Restore non duplicate line to fix tests * PM-3275 - Per PR feedback, revert all sync controller changes as the ProfileResponseModel.organizations array has org objects which have permissions which have the ManageResetPassword permission. So, I have the information that I need clientside already to determine if the user has the ManageResetPassword in any org. * PM-3275 - PoliciesControllerTests.cs - Update imports as the PoliciesController was moved under the admin console team's domain. * PM-3275 - Resolve issues from merge conflict resolutions to get solution building. * PM-3275 / PM-4633 - PoliciesController.cs - use orgUserId to look up user instead of orgId. Oops. * Fix user service tests * Resolve merge conflict |
2 years ago |