* fix(billing): replace per-change IsStructural with changeset-level ChargeImmediately flag
* fix(billing): set seat quantity when upgrading from non-seat-based to seat-based plan
* Send better error message when token is expired
* Add comment indicating frontend usage
* Add testcase for Invalid Token scenario
* Update comment in test-case
* Fix merge issue
* Fix method name
* Consolidate token validation error calculation, apply to new area
* Move away from magic strings, fix tests
* Adjust class name
* Clean up old method name references
* Change errors to fields for singleton behavior
* Formatting
* Implement the portal session url
* Remove comment
* formatting issues have been resolved
* Allow deep linking url
* remove thr return url request
* Resolve review comments around comments
* Fix the failing test after removing _globalSettings
* Fix the failing unit test
* changes for the premium push notification
* Fix the lint build
* implement the hub-helper
* Resolve the pr comments
* fix the lint error
* move PremiumStatusPushNotification to billing
* secure SSRP protection for internal requests
* remove nullable enable
* explicitly handle redirect requests for SSRF
* track current uri in SsrfProtectionHandler. add followRedirects option in AddSsrfProtection
* preserve request method for 301 and 302 requests
This was being used to combine policies before sending them
to the client. Instead, the server just send the policies and
the client should process/combine them. Revert this to save
unnecessary QA (etc) and we will refactor this away in the
future.
* Add more efficient sproc to retrieve PolicyDetails
for a single user. This closely matches the existing sproc
used by PolicyService and should be performant enough
to be used in the login flow
* Maintain feature flag for this critical path
* check permissions when uploading attachment for self hosted users to remove possibility of overwriting an existing attachment.
* expose `ValidateCipherEditForAttachmentAsync`
* add additional logic to support admin users
* add unit tests for new edit checks
* feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Initial implementation
* fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Changes in a good place. Need to write tests.
* test(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Service tests have been added.
* fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Fixed comment.
* create short-lived signed attachment URL for self-hosted instances
* move local attachment logic to service
* remove comment
* remove unusued var. add happy-path test for file download
* chore: add CLAUDE.local.md and .worktrees to gitignore
* feat(billing): add Stripe interval and payment behavior constants and feature flag
* feat(billing): add OrganizationSubscriptionChangeSet model and unit tests
* refactor(billing): rename UpdateOrganizationSubscriptionCommand to BulkUpdateOrganizationSubscriptionsCommand
* feat(billing): add UpdateOrganizationSubscriptionCommand with tests
* feat(billing): use UpdateOrganizationSubscriptionCommand in BulkUpdateOrganizationSubscriptions behind feature flag
* feat(billing): use UpdateOrganizationSubscriptionCommand in SetUpSponsorshipCommand behind feature flag
* feat(billing): add UpgradeOrganizationPlanVNextCommand with tests and feature flag gate
* feat(billing): use UpdateOrganizationSubscriptionCommand in OrganizationService.AdjustSeatsAsync behind feature flag
* feat(billing): use UpdateOrganizationSubscriptionCommand in UpdateSecretsManagerSubscriptionCommand behind feature flag
* feat(billing): use UpdateOrganizationSubscriptionCommand in BillingHelpers.AdjustStorageAsync behind feature flag
* chore: run dotnet format
* fix(billing): missed optional owner in OrganizationBillingService.Finalize after merge
* refactor(billing): address PR feedback on UpdateOrganizationSubscription
* refactor(billing): change billing address request type
* feat(billing): add tax id support for international business plans
* feat(billing): add billing address tax id handling
* test: add tests for tax id handling during upgrade
* fix(billing): run dotnet format
* fix(billing): remove extra line
* fix(billing): modify return type of HandleAsync
* test(billing): update tests to reflect updated command signature
* fix(billing): run dotnet format
* tests(billing): fix tests
* test(billing): format
* Added new methods and ff for single org req
* Changed req messages and added new method for creating orgs
* Updated Requirement and Tests.
* Updated commands and requirement to take a list of org users
* Updated xml docs and renamed to be consistent
* Changes from Code Review
* Removed feature flag check for policy requirements around single org. Aligned error message with what other commands were returning.
* Fixed test names. Updated error messages to be specific for each caller.
* Updated tests to clean up details consturction
* Added test for confirmed accepted user in another org.
* fixed tests to use new factory
* Update test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Fixed tests by adding no op for req.
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Rid of bulk delete error
* Fix test
* Fix for test
* Update src/Core/Dirt/Services/Implementations/EventService.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Fix formatting issues in DeleteCollectionCommandTests.cs by removing hidden characters and ensuring proper using directives.
* Update src/Core/Dirt/Services/Implementations/EventService.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Update src/Core/Dirt/Services/Implementations/EventService.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Refactor DeleteCollectionCommandTests.cs to remove hidden characters and improve argument matching for GetManyByManyIdsAsync method.
* Fix deletion error happening in Postgres by utilizing OrganizationId which is always populated by the table row
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Add coupon support to invoice preview and subscription creation
* Fix the build lint error
* Resolve the initial review comments
* fix the failing test
* fix the build lint error
* Fix the failing test
* Resolve the unaddressed issues
* Fixed the deconstruction error
* Fix the lint issue
* Fix the lint error
* Fix the lint error
* Fix the build lint error
* lint error resolved
* remove the setting file
* rename the variable name validatedCoupon
* Remove the owner property
* Update OrganizationBillingService tests to align with recent refactoring
- Remove GetMetadata tests as method no longer exists
- Remove Owner property references from OrganizationSale (removed in d7613365ed)
- Update coupon validation to use SubscriptionDiscountRepository instead of SubscriptionDiscountService
- Add missing imports for SubscriptionDiscount entities
- Rename test for clarity: Finalize_WithNullOwner_SkipsValidation → Finalize_WithCouponOutsideDateRange_IgnoresCouponAndProceeds
All tests passing (14/14)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix the lint error
* Making the owner non nullable
* fix the failing unit test
* Make the owner nullable
* Fix the bug for coupon in Stripe with no audience restrictions(PM-32756)
* Return validation message for invalid coupon
* Update the valid token message
* Fix the failing unit test
* Remove the duplicate method
* Fix the failing build and test
* Resolve the failing test
* Add delete of invalid coupon
* Add the expired error message
* Delete on invalid coupon in stripe
* Fix the lint errors
* return null if we get exception from stripe
* remove the auto-delete change
* fix the failing test
* Fix the lint build error
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Remove emergency access from all organization users on policy enable, or when accepted/restored
* Use correct policy save system
* Add additional tests
* Implement both PreUpsert and OnSave side effects
* PM-32517 initial migration commit
* pm-32517 fixing integration unit test
* PM-32517 removing .claude changes
* PM-32517 changing implementation of migration test
* PM-32517 adding type for ReportFile
* PM-32517 adding report file type
* PM-32517 changing unit tests
* PM-32517 adding new statement in migration script
The IApplicationCacheService implementation is defective and
does not synchronise between instances. Switch to using
the repository directly to ensure that the organization is always
available. This will be reverted when the cache is fixed.
---------
Co-authored-by: Jared McCannon <jmccannon@bitwarden.com>
* Add integration tests for AcceptInit endpoint in OrganizationUsersController
* Add new feature flag for organization acceptance initialization refactor
* Add InitPendingOrganizationVNextAsync for consolidated organization initialization
Introduces a new method that consolidates organization initialization,
user confirmation, email verification, and collection creation into a
single operation with upfront validation.
Key improvements:
- All validation performed before any state changes
- Returns typed errors via CommandResult instead of throwing exceptions
- Reduces three separate command calls into one unified flow
- Maintains backward compatibility via feature flag
The existing InitPendingOrganizationAsync is marked obsolete and will be
removed after feature flag rollout completes.
* Add unit tests for InitPendingOrganizationVNextAsync method
Introduces comprehensive unit tests for the InitPendingOrganizationVNextAsync method, covering various scenarios including valid data initialization, error handling for invalid tokens, organization status checks, and user confirmation requirements.
Key additions:
- Tests for successful organization initialization and user confirmation.
- Error handling tests for invalid tokens, already enabled organizations, and mismatched organization IDs.
- Validation for existing keys and email mismatches.
- Support for creating default collections during initialization.
These tests enhance the reliability and robustness of the organization initialization process.
* Refactor AcceptInit method to support feature flag for organization initialization
Updated the AcceptInit method in OrganizationUsersController to return an IResult type and handle organization initialization based on a feature flag. If the feature is enabled, it utilizes the new InitPendingOrganizationVNextAsync method for atomic organization setup and user confirmation. Integration tests were added to verify the behavior under both feature flag states, ensuring proper initialization and error handling.
* Enhance InitPendingOrganizationCommand with policy validation and feature flag support
Updated the ValidatePoliciesAsync method to enforce the Automatic User Confirmation Policy when the feature flag is enabled. Added new unit tests to cover scenarios for automatic user confirmation and single organization policy violations, ensuring comprehensive validation during organization initialization. This improves error handling and maintains compliance with organizational policies.
* Add InitializePendingOrganizationAsync method for atomic organization initialization
Implemented the InitializePendingOrganizationAsync method in both Dapper and Entity Framework repositories to streamline the initialization of pending organizations. This method enables the organization, confirms the first owner, updates user details, and optionally creates a default collection, all within a single atomic transaction. Enhanced error handling ensures robustness during the initialization process.
* Add unit tests for InitializePendingOrganizationAsync method
Introduced several unit tests for the InitializePendingOrganizationAsync method, covering scenarios such as successful organization initialization with and without collections, exception handling for invalid organization IDs, and rollback behavior on errors. These tests enhance the reliability of the organization initialization process and ensure proper handling of various edge cases.
* Refactor InitPendingOrganizationCommand to use consolidated InitializePendingOrganizationAsync method
Replaced multiple asynchronous calls for organization initialization with a single call to the new InitializePendingOrganizationAsync method. This change streamlines the process by encapsulating organization setup, user confirmation, and collection creation into one atomic operation, enhancing maintainability and reducing complexity in the command logic.
* Enhance InitPendingOrganizationCommandTests with new test cases and refactor existing ones
Added a new test case for InitPendingOrganizationVNextAsync to validate organization initialization with a collection name. Refactored existing tests to improve clarity and maintainability, including the removal of redundant assertions and the consolidation of organization setup logic. This update strengthens the test coverage for the organization initialization process and ensures proper handling of various scenarios.
* Refactor IOrganizationRepository and OrganizationRepository to remove nullable collectionName parameter
Updated the IOrganizationRepository and OrganizationRepository interfaces to change the collectionName parameter from nullable to non-nullable. This change enforces stricter parameter requirements and improves data integrity during organization initialization processes.
* Improve error handling in OrganizationRepository by logging exceptions during transaction rollback
Updated the OrganizationRepository in both Dapper and Entity Framework implementations to log detailed error messages when exceptions occur during the initialization of pending organizations. This enhancement improves traceability and debugging capabilities by providing context on failures, ensuring better maintainability of the organization initialization process.
* Refactor OrganizationRepository to consolidate SaveChangesAsync calls
Updated the OrganizationRepository to reduce multiple SaveChangesAsync calls into a single call at the end of the transaction. This change enhances performance and ensures that all changes are committed atomically, improving the overall maintainability of the organization initialization process.
* refactor: Introduce InitPendingOrganizationRequest model and update InitPendingOrganizationVNextAsync method
- Created InitPendingOrganizationRequest to encapsulate parameters for initializing a pending organization.
- Refactored InitPendingOrganizationVNextAsync method to accept the new request model instead of multiple parameters.
- Updated OrganizationUsersController to use the new request model for improved readability and maintainability.
- Adjusted related tests to accommodate the new request structure.
* Create database update action delegate for organization initialization.
* Add BuildVerifyUserEmailAction method to IUserRepository and implementations in UserRepository classes
- Introduced a new method in IUserRepository to create an action for verifying user emails.
- Implemented the method in both Dapper and Entity Framework UserRepository classes to update the email verification status of users.
- Ensured that the method checks if the user's email is already verified before updating.
* Add BuildCreateDefaultCollectionAction method to ICollectionRepository and implementations in CollectionRepository classes
- Introduced a new method in ICollectionRepository to build an action for creating a default collection with user access.
- Implemented the method in both Dapper and Entity Framework CollectionRepository classes to handle collection creation and user access assignments.
- Enhanced the functionality to support transaction execution for database operations.
* Add BuildConfirmOrganizationUserAction method to IOrganizationUserRepository and implementations in OrganizationUserRepository classes
- Introduced a new method in IOrganizationUserRepository to build an action for confirming an organization user.
- Implemented the method in both Dapper and Entity Framework OrganizationUserRepository classes to handle user confirmation and status updates.
- Enhanced the functionality to support transaction execution for database operations.
* Refactor organization initialization methods in IOrganizationRepository and implementations
- Introduced BuildUpdateOrganizationAction method to create an action for updating organization properties during initialization.
- Replaced the InitializePendingOrganizationAsync method with ExecuteOrganizationInitializationUpdatesAsync to handle multiple update actions in a single transaction.
- Updated Dapper and Entity Framework implementations to support the new action-based approach for organization initialization, enhancing transaction management and code clarity.
* Add integration tests for ExecuteOrganizationInitializationUpdatesAsync
* Refactor InitPendingOrganizationCommand to streamline organization initialization process
- Introduced methods for preparing organization and organization user for initialization.
- Replaced direct calls to repository methods with a new action-based approach for executing multiple database updates in a single transaction.
- Enhanced test cases to validate the new initialization logic and ensure proper handling of organization states.
* Refactor organization user acceptance tests to utilize feature flags
- Converted existing tests to use [Theory] with [InlineData] for feature flag variations.
- Updated assertions to reflect expected status codes based on feature flag state.
- Enhanced user confirmation checks to ensure proper linking and email verification after acceptance.
- Improved test coverage for organization initialization scenarios with and without collections.
* Refactor BuildVerifyUserEmailAction to accept User entity instead of user ID
- Updated IUserRepository and its implementations to change the parameter of BuildVerifyUserEmailAction from Guid userId to User user.
- Modified related repository methods in Dapper and Entity Framework to utilize the User entity for email verification.
- Adjusted tests to reflect the new method signature, ensuring proper functionality and integration with the updated user verification process.
* Revert "Refactor BuildVerifyUserEmailAction to accept User entity instead of user ID"
This reverts commit 71047bee2a.
* Enhance InitPendingOrganizationCommand for null safety and error handling
- Removed nullable disable directive to enable null safety checks.
- Added a null check for the organization retrieval, throwing a BadRequestException if not found.
- Updated validation methods to return nullable Error types, improving error handling in the organization initialization process.
* Add remarks to IInitPendingOrganizationCommand for clarity on organization initialization
- Enhanced the documentation for the InitPendingOrganizationCommand interface by adding remarks to clarify the role of the user initializing the organization.
- Explained the default state assumptions during validation, emphasizing that no policies are enforced at this stage.
* Implement InitPendingOrganizationValidator for improved organization initialization validation
- Introduced IInitPendingOrganizationValidator interface and its implementation to encapsulate validation logic for organization initialization.
- Refactored InitPendingOrganizationCommand to utilize the new validator for token validation, user email matching, organization state checks, and policy enforcement.
- Enhanced dependency injection in OrganizationServiceCollectionExtensions to include the new validator.
- Added comprehensive unit tests for the validator to ensure robust validation logic and error handling.
* Update documentation in IInitPendingOrganizationCommand to clarify organization initialization process
- Revised the summary comment to specify that the method initializes a pending organization created via the Bitwarden Portal on behalf of a Reseller.
- Added a reference to the ResellerClientOrganizationSignUpCommand for better context.
- Emphasized the confirmation of the first owner during the initialization process.
* Update InitPendingOrganizationRequest to allow optional collection name
- Modified the CollectionName property to be nullable, allowing for no collection to be created if the value is null or empty.
- Enhanced documentation to clarify the optional nature of the CollectionName parameter.
* Fix nullability issue in InitPendingOrganizationCommand by enforcing non-null collection name assignment
* Refactor organization key handling in InitPendingOrganization features. Updated OrganizationUsersController to use new key pair data structure. Adjusted InitPendingOrganizationCommand and InitPendingOrganizationRequest to reflect changes in key management.
* Update organization key handling to use the name EncryptedOrganizationSymmetricKey. Refactor OrganizationUsersController, InitPendingOrganizationCommand, and InitPendingOrganizationRequest for consistency in key management.
* Refactor InitPendingOrganizationCommand to utilize TimeProvider for date handling. Updated methods to replace direct DateTime calls with _timeProvider.GetUtcNow().
* Refactor InitPendingOrganization validation methods to rename ValidateBusinessRulesAsync to ValidateFreeOrganizationLimitAsync for clarity and consistency. Updated related command and test files accordingly.
* Refactor InitPendingOrganizationCommand and related classes to streamline validation logic. Introduced InitPendingOrganizationValidationRequest for enriched validation context and updated methods to improve clarity and consistency in error handling. Adjusted tests to reflect changes in validation flow.
* Remove unused dependencies from InitPendingOrganizationCommand
* Refactor InitPendingOrganizationCommand to streamline organization initialization process. Replaced multiple update actions with a single atomic operation for organization and owner confirmation. Updated related repository interfaces and methods for improved clarity and consistency in transaction handling.
* Remove commented-out regions and clean up whitespace in InitPendingOrganizationCommandTests for improved readability.
* Remove unnecessary null check for organization in InitPendingOrganizationCommand
* Revert "Remove unnecessary null check for organization in InitPendingOrganizationCommand"
This reverts commit 1ad7148fc9.
* Refactor organization initialization actions to use DbConnection and DbTransaction instead of SqlConnection and SqlTransaction. Update related interfaces and implementations across repositories for improved database transaction handling.
* Refactor organization and organization user update logic to use null checks for entity existence. Throw exceptions for not found entities to improve error handling during initialization.
* Update InitPendingOrganizationCommandTests to use SendConfirmationAsync for email notifications and added missing using directive for OrganizationConfirmation.
* Remove unnecessary blank lines from CollectionRepository and UserRepository classes for improved code readability.
* Remove redundant test cases from OrganizationUsersControllerAcceptInitTests
* Enhance InitPendingOrganizationCommandTests to validate organization and user properties in repository interactions
* Update RefactorOrgAcceptInit feature flag key to new identifier pm-33082-refactor-org-accept-init
* Remove usage of policy requirements retrieval by org
* Simplify result model
* Return early if no restored confirmed users exist to create default collections for
* fix merge conflict flog
* Fix test mocks
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* Cleaning up code around feature flag. removing old implementation. will remove flag in subsequent pr.
* Remove unused feature flag
* Fixing test from merge
* PM-32035 - EmergencyAccessService - fix interface docs, method docs, and tests to cover grantee / grantor deletion which is supported today.
* PM-32035 - EmergencyAccessService - mark existing delete as deprecated
* PM-32035 - EmergencyAccess readme docs - fix deletion docs
* PM-32035 - Add new EmergencyAccessDetails_ReadByUserIds stored proc
* PM-32035 - Add migration script for EmergencyAccessDetails_ReadByUserIds
* PM-32035 - Build out GetManyDetailsByUserIdsAsync in repository layer plus add tests
* PM-32035 - EmergencyAccessRepo - DeleteManyAsync - remove grantee revision bump as not necessary since no EA sync data exists + update tests
* PM-32035 - Fix incorrect nullability annotation on EmergencyAccessDetails.GrantorEmail. Both the SQL view and EF projection use a LEFT JOIN to the User table, meaning the value can be null if the grantor's account no longer exists. Changed to string? and removed the required modifier since the class is only ever materialized from database queries, never directly instantiated.
* PM-32035 - Refactor DeleteEmergencyAccess command to offer new DeleteAllByUserIdAsync and DeleteAllByUserIdsAsync methods. Need to build out DeleteByIdAndUserIdAsync with a new stored proc.
* PM-32035 - Build out IEmergencyAccessRepository.GetDetailsByIdAsync because we need such a method in order to meet the product requirements to send grantor email notifications for normal deletions in the future.
* PM-32035 - Wire up DeleteEmergencyAccessCommand.DeleteByIdAndUserIdAsync to use new repository method emergencyAccessRepository.GetDetailsByIdAsync so we can send notifications. Now, it is full replacement for the existing emergency access service deletion method + has the new notification functionaliy requested.
* PM-32035 - Add more test coverage for DeleteByIdAndUserIdAsync
* PM-32035 - Fix missing GranteeAvatarColor and GrantorAvatarColor projections in EmergencyAccessDetailsViewQuery. The EF view query omitted both avatar color fields from its Select projection, causing the integration tests to fail on all non-SqlServer databases (MySql, Postgres, Sqlite) where EF is used instead of Dapper.
* PM-32035 - Rename migration after main merge revealed collision
* PM-32035 - Rename migration script
* PM-32035 - PR feedback - add ticket + todos to deprecated delete async method.
* PM-32035 - DeleteEmergencyAccessCommand - add logs if we don't have user data required to send email notifications.
* PM-32035 - PR Feedback - rename EmergencyAccessDetails_ReadByUserIds to EmergencyAccessDetails_ReadManyByUserIds
Thomas Avery
Alex Morask
sven-bitwarden
cyprain-okeke
Jimmy Vo
Shane Melton
Jordan Aasen
Kyle Denney
Thomas Rittson
Jared Snider
Stephon Brown
John Harrington
Nick Krantz
Patrick-Pimentel-Bitwarden
cd-bitwarden
Jared
Bernd Schoolmann
Brandon Treston
Jared McCannon
Isaiah Inuwa
Vijay Oommen
Graham Walker
Rui Tomé
Jason Ng