Tree:
dbce45291c
2026-01-29/revert-persistent-grants
AC-1527-refactor-the-stripe-webhook-logic
AC-1601-require-sso-for-tde
AC-1833-2FA-Check-mark-still-visible
AC-2035-when-a-subscription-is-cancelled,-the-customer-cannot-self-server
ActivityDecorator
Add-MsSqlMigratorUtility-run-configuration-for-VS-Code
ApiKeyAuthInTheCli
Auth/PM-52-add-rbac-for-providers
Auth/pm-6333/remove-security-validation-exception
BEEEP/pm-26016/cache-authenticator-failures
BRE-1037/update-rc-deploy-trigger
BRE-193-demo
BRE-193-test
BRE-247-create-test-env
BRE-292-sync-ephemeral-env-on-build-test
BRE-443-get-major-repos-to-bwwl-lint-passing-stage
BRE-demo-ee-01
DEVOPS-1039-update-release-flow-dry-run-step-names
DEVOPS-1215-Build-Migrator-project-artifact
DEVOPS-1537-Update-dbo.Migrations-table-to-support-repeatable-migrations
DEVOPS-1551-test-branch-for-server3
DEVOPS-1594-pin-all-uses-of-bitwarden-gh-actions-to-master
EC-502-cherry-pick
Hinton-patch-1
MergePlanAndPriceUpdates
PM-11525-Estimated-tax-shown-to-customers-potentially-incorrect
PM-13128
PM-13446-Database-Add-IsMultiOrgEnterprise-column-to-Provider-table
PM-14163-Sales-Tax-Compliance
PM-14891-Sales-Tax-Estimation-For-Organizations
PM-14892-Sales-Tax-Estimation-For-Accounts
PM-14894-Drop-Sales-Tax-Database-Tables
PM-15404-Provider-portal-contains-incorrect-styling-for-the-table-filters
PM-15536-Unsupported-Provider-Type-Reseller-on-Create-New-Org-under-Reseller
PM-16196
PM-16682
PM-16921
PM-17132
PM-17732
PM-18018
PM-18881
PM-19147
PM-19147_2
PM-19147_3
PM-19562-remove-desktop-flag
PM-19643
PM-2014-passkey-registration
PM-2032-troubleshoot-actions
PM-22372
PM-2448
PM-25697
PM-27886
PM-2844-beeep-add-custom-error-codes-for-server-api-exceptions
PM-29660-continuationtokens
PM-31745-unassigned-items-delete
PM-31787-Defect-Users-can-access-the-sends-after-the-limit-was-reached
PM-3203-update-environment-file-builder-variable-name-to-cloud-region
PM-3263-Fix-EF-tests-for-passkey-registration-and-test-EF-repository-implementation
PM-3807-store-all-passkeys-as-login-cipher-type
POC/cipher-versioning
PS-590
QA
Remove-Return-ValidateSponsorshipCommand.cs
SG-497/Health-checks
SG-660
SG-701
SM-1301-get-by-id-changes-events
SM-1548-SecretViewSlow
SM-1743-featureflag
SM-1800
SM-1805-OrgLic
SM-2-Organization
SM-249-Delete-Secrets
SM-381]-Access-Policy-Secrets
SM-73
SM-73-signed
SM-910-BasedOn923
SM-923-Issues
SRE-3019-using-claude-implement-the-azure-mail-queue-retry-feature
Secrets-Access
ac-1409/secrets_manager_subscription_stripe
ac-1427/add_new_organisation_properties
ac-1427/add_new_organisation_properties_update_db_objects_and_create_migration
ac-1753-automatically-assign-providers-pricing-to-new-organizations
ac-1779/fix-validation-for-expirationWithoutGracePeriod-in-organizationLicense
ac-2266-two-email-notifications-is-sent-when-creating-org-from-sm-Trial-page
ac-2306-Self-serve-upgrade-automatically-updates-subscription
ac-2310-dont-reset-billing-cycle-if-upcoming-invoice-exceeds-dollar-threshold
ac-2385-as-a-billing-system-I-need-to-handle-attempting-to-pay-an-invoice-with-braintree-for-a-provider
ac-2570-existing-providers-see-new-cb-experience-on-admin-console
ac-2957-delete-the-feature-flag-PM-5864-dollar-threshold
ac/ac-1174/master-bulk-collection-management
ac/ac-1174/testing-unidirectional-dataflow
ac/addison/pm-10863/turn-on-for-self-host
ac/addison/pw-10314/auto-enable-policy
ac/jmccannon/pm-12479-changing-groups-model
ac/jmccannon/pm-12488-pt2-refactor
ac/pm-15621/add-commandresultvalidator
ac/pm-15621/refactor-delete-command
ac/pm-17217/add-use-policy-check-for-accept-endpoint
ac/pm-20633/rename-remove-individual
ac/pm-21031/get-members-performance-optimization
ac/pm-21411/refactor-interface-for-determining-premium-status-and-features
ac/pm-21740/update-join-organization-email-templates
ac/pm-21742/update-confirmed-to-org-family-free
ac/pm-22102/metadata-prototype
ac/pm-22108/add-bulk-interfaces-for-checking-policies
ac/pm-23845/fix-concurrent-access-feature-flag
ac/pm-24192/recover-account-command
ac/pm-24278/add-ipostsavepolicysideeffect
ac/pm-24278/prototype
ac/pm-24279/add-new-policy-endpoint
ac/pm-24279/vnext-policy-endpoint
ac/pm-24759/policy-requirements-collection-queries
ac/pm-25106/refactor-misleading-sproc-filters
ac/pm-25860-bulk-collection-delete-succeeds-but-returns-error
ac/pm-26714/seat-count-increase-email-not-being-sent
ac/pm-28300/remove-flag
ac/pm-28555/add-semaphore-table
ac/pm-28555/server-create-idempotent-sproc-for-creating-a-single-my-items-collection
ac/pm-28795/refactor-org-acceptinit
ac/pm-29045/collection-item-deletion-workflow-issue
ac/pm-29129/add-the-policy-readme
ac/pm-30610/fix-formatting
ac/pm-31153-email-updates-for-domain-claim-pt-2
ac/pm-5966/fix-entity-framework-query
ac1191-tde-approval-email
ac1454-2fa-directory
acostarj-patch-1-cs-server
add-2017-to-db-test-script
add-backport-workflow
add-captcha-logging
add-encrypted-key-column
add-gitlens-settings
add-linux-cert-helper
add-needs-qa-label
add-notification-channels
add-notification-hub-logging
add-peer-dependency
additional-load-tests
aesgcm
ai/exercise-claude-code-review-do-not-merge
akd
anders/add-devcontainer-docs
anders/increase-passkey-limit
api-integration-tests
arch/emailers-razor
arch/simplify-install
architecture/api-versioning
auth/add-cosmos-persisted-grant-to-sso
auth/context-rules
auth/deps/identity-7.1.0
auth/logging-admin-new-device-verification
auth/mjml-workflow
auth/pm-11537/increase-passkey-limit
auth/pm-17129/login-with-2fa-recovery-code-bugfix
auth/pm-18612
auth/pm-18720/change-password-component-non-dialog
auth/pm-18720/change-password-component-non-dialog-v3
auth/pm-18720/change-password-component-non-dialog-v4
auth/pm-19209/revert-to-original-message
auth/pm-19685/remove-email-delay-flag
auth/pm-20377/token-add-user-details
auth/pm-20532/tech-breakdown-poc-token-based-send-authn-and-authz
auth/pm-21925/add-password-salt-column
auth/pm-22975/client-version-validator
auth/pm-24207
auth/pm-24281/enhance-email
auth/pm-24579/prevent-existing-sso-rejected-users-nullish-fix
auth/pm-24617/throttling-report
auth/pm-24662/tech-breakdown-comments
auth/pm-26578/http-redirect-cloud
auth/pm-27062/prelogin-new-data-types
auth/pm-27084/register-accepts-new-data-types
auth/pm-27510/prevent-existing-sso-rejected-users-nullish-fix
auth/pm-28768/bug-welcome-email-for-families
auth/pm-29585/prevent-new-emergency-access
auth/pm-29890/refactor-webauthn-2fa-methods-out-of-userservice
auth/pm-30613/remove-mjml-based-email-feature-flag
auth/pm-30810/http-redirect-cloud
auth/pm-3797/key-rotation-upgrades
auth/pm-4142/remove-old-invite-token-validation
auth/pm-5947/self-host-duo-redirect
auth/pm-6631/handle-webauthn-creation-exception
auth/pm-8882/add-logging-feature-flag
auth/pm-9826/2fa-get-remove-validation
auth/proto/webauthn-limit-increase
auth/remove-captcha
auth/remove-feature-flags
authreq
autoconfirm-single-org
autofill-feature-flag-cleanup
autofill/idp-auto-submit
autofill/pm-10418-expiration-date-on-cards-does-not-autofill-the-correct-format
azure-table-tests
beeep-autofixture-detect-param
beeep-lazy-user-currentcontext
beeep/recipe-seeding
billing/AC-2379/webhook-update-provider-status
billing/AC-2515/stripe-upgrade
billing/PM-11516/license-stuff
billing/PM-27702/cant-purchase-subscription-with-PayPal
billing/PM-31040/replace-setup-intent-cache
billing/PM-31140/consolidate-unpaid-subscription-handling
billing/aspire
billing/codeowner-changes
billing/env-based-dev-container
billing/license-claims-data-type-expansion
billing/license-refactor
billing/pm-21643-create-stripe-webhook-endpoints-for-api-version-2025-04-30-basil
billing/pm-27603/initial-migration-for-storage-increase
billing/pm-28662-fix-duplicate-premium-subscriptions
billing/pm-28662/individual-Premium-automatically-disabled-due-to-duplicate-subscription-leftover
billing/pm-29595/user-that-upgraded-from-premium-reverts-an-organization-upgrade-during-the-trial-period
billing/pm-30908/correct-premium-subscription-status-handling
blazor
brant/move-organization-connection-to-integrations
brant/move-organization-connection-to-integrations-step-2
bre-1004_update-workflows-for-ghcr
bre-1241-ephemeral-environment-test
bre/th/dev
bsephem
bug/PS-2120-purge-vault-not-refreshing-items
build-tvp-arrays-outside-connection
collectiongroupsapi
community-pm-3309-fixes-for-kerberos-auth
community/pm-2242/add-kerberos-auth-to-docker
context-rules
copilot/add-sdk-key-rotation-flag
copilot/install-sql-2022-arm
copilot/review-draft-pr-6748
cosmosevents
create-mailers
database-seeder
db-migration
dbops/dbops-31/csv-import
dbops/dbops-80/fix-invalid-sql-syntax
dbops/dbops-81/update-sql-cu
debug-self-hosted-passwordless
debug/push-notifications
demo/flexible-collections-v1
devcontainer-updates
dirt/PM-23358/move-phishing-code-to-dirt-team
dirt/PM-25576/change-member-access-query-to-use-views
dirt/PM-29828/modify-dbseeder-to-make-test-data-quickly
dirt/access-intelligence-db-seeder
dirt/pm-20112_member_access_report_503error
dirt/pm-20577/report-summary-for-db
dirt/pm-20577/risk-insight-server-endpoints
dirt/pm-23030/add_report_key_for_key_rotation
dirt/pm-23044/organization-application-server-implementation
dirt/pm-23754/alter-org-report-table
dirt/pm-23754/organization-report-summary-table
dirt/pm-31725/datadog-report-compatibility
dirt/pm-31747/download-risk-insights-report
duo-sdk-upgrade
ec-598
ee-db-seeder
ee-patch-01
ee-test-image-updater
ee/test/branch
enable-xunit-diagnostic-messages
ephem-test-01
ephemeral-environment-api-env
ephemeral-environment-hello-world
ephemeral-test-01
experiment/cipher-auth
external-dns-test
feat/SG-651-activate-org-with-stripe-activation
feat/passwordless
feature/additional-item-types
feature/decouple-icon-service
feature/dev-migrator-script-rerun-option
feature/org-admin-refresh-v3
feature/refactor-organization-service-to-feature-services
feature/seeder-crypto-abstraction
feature/self-hosted-F4E-sync
feature/self-hosted-f4e-orgsponsorship-migration
fedemkr-patch-1
fix-build
fix-identity-resource
fix-rc
fix-tde-provider-user
formatjan2023csp
hosting-env-change
hotfix-EC-529
hotfix-sendgrid
idphost
iinuwa/mobile-device-login-passkey
iinuwa/store-prf-secrets
innovation/opaque
innovation/seeded-csprng-fake-user
introduce-server-sdk-everywhere
jim-test
jmccannon/ac/pm-12474-org-user-auth-handlers
jmccannon/ac/pm-12487-restore-user-command
jmccannon/ac/pm-15547-revoke-user-remove-2fa
jmccannon/ac/pm-24462-seat-limit-ignored
jmccannon/ac/pm-27705-notify-auto-confirm-enable
jmccannon/ac/pm-28627/restore-create-default-collection
jmccannon/ac/pm-3175-send-invite-async
jmccannon/ac/pm-31806-fix-bulk-restore-my-items
jmccannon/ac/transaction-attempt
jmccannon/ac/transaction-attempt-2
jmccannon/ac/validation-result-poc
jmccannon/testing-improvements
justindbaur-patch-1
justindbaur-patch-2
k8-alpine-test-bre-917
k8s/use-mounted-secrets
keyedcache
km/auto-enroll-name
km/auto-kdf-qa
km/beeep/qr-login
km/key-rotation-signing
km/km-10648/remove-reference-to-feature-flag
km/low-kdf-testing
km/main-broken-build
km/pm-10600-part2
km/pm-10600-part3
km/pm-24051-user-decryption-response-sdk-wasm-extension
km/pm-27278/register-password-based-account-v2
km/remove-old-ssh-flags
km/remove-unused-file
km/sdk-key-rotation
km/signing-keys
km/tde-offboarding-fix
linting-again
main
make-roles-change-at-runtime
metadata/badges
minimal-codespace
misc/use-host-environment
mobile/PM-18936-key-connector-ephemeral
move-azurite-scaffolding
move_old_DbScripts_future_to_DbScripts
mtmorgdomains
named-http-clients
ned/add-organization-scenes
notfoundcheck
notification-hub-debug-logging
null-operator-on-fido2keys
nullable-entities
orgapikeys
passwordless/add_fingerprintphrase_reponse
passwordless/getUserAuthRequests
passwordless/notifications
passwordless/signalR
patch/ee-bot-test
perfindexes
platform/add-messagepack
platform/addison/PM-11129/codeownership-assignments
platform/addison/PM-11129/implemetation
platform/pm-2182/harden-captcha-bypass-conditions
platform/pm-23123/test-cookie-endpoint
platform/pm-2944/make-entities-nullable
platform/pm-3626/write-collections-tests
platform/remove-storage-reseed-flag
pm-12071-only-verified-org-domain-sso
pm-13345-Add-Remove-Bitwarden-Families-policy-in-Admin-Console
pm-13347-web-app-impacts
pm-13429-Seat-Count-Increase-Email-Only-Sending-For-First-Auto-Scale-But-Not-Subsequent
pm-14496-non-root-self-hosted-images
pm-15625-disable-trial-send-verification-email-endpoint-for-self-host
pm-15808-Show-suspended-org-modals-for-orgs-in-unpaid-and-canceled-status
pm-15814-alert-owners-of-reseller-managed-orgs-to-renewal-events
pm-17592-remove-feature-flag-disable-free-families-sponsorship
pm-20084-add-trial-length-parameter-to-trial-send-verification-email-endpoint
pm-2023-fido2-authentication
pm-21106-remove-button-not-responsive
pm-22968-ui-when-MSP/BUP-is-suspended-feature-flag
pm-28973
pm-3891-implement-time-based-threshold
pm-3892-implement-dollar-threshold-for-monthly-sub
pm-6768-error-autoscaling-when-organisation-is-subscription-is-still-trialing
pm-6774-reduce-the-dollar-threshold-from-500-to-300-dollars
pm-9162
pm/pm-30609/make-redis-required-for-local-cloud-development
poc/structurizr
policy-definition-save
policy-requirements
policy-requirements-redux
pre-tde-self-host
proxy-project
ps/TDL-136
ps/explore-required
ps/include-flag-context-in-config-response
ps/pm-11612/quartz-qa-branch
ps/pm-19659/add-notifications-readmes
ps/pm-21571/implement-smtp-oauth
ps/pm-2944/make-entities-nullable-auth
ps/pm-336/nullable-unowned-services
quexten-patch-1
rebase-demo-ex-2
remove-accept-org-user-method
renovate/actions-checkout-6.x
renovate/azure-azure-sdk-for-net-monorepo
renovate/braintree-5.x
renovate/docker-compose-minor
renovate/dotnet-monorepo
renovate/duende.identityserver-7.x
renovate/fido2.aspnet-4.x
renovate/fusioncache-monorepo
renovate/jquery-4.x
renovate/kenchan0130-simplesamlphp-1.x
renovate/kralizek.autofixture.extensions.mockhttp-2.x
renovate/linq2db-6.x
renovate/linq2db.entityframeworkcore-10.x
renovate/linq2db.entityframeworkcore-8.x
renovate/lock-file-maintenance
renovate/major-aspnet-health-checks-monorepo
renovate/major-dotnet-monorepo
renovate/major-entityframeworkcore
renovate/major-swashbuckle-aspnetcore-monorepo
renovate/major-vstest-monorepo
renovate/mariadb-12.x
renovate/mcr.microsoft.com-devcontainers-dotnet-10.x
renovate/mcr.microsoft.com-mssql-server-2025.x
renovate/messagepack-3.x
renovate/microsoft.azure.cosmos-3.x
renovate/microsoft.build.sql-2.x
renovate/microsoft.data.sqlclient-6.x
renovate/mini-css-extract-plugin-2.x
renovate/mjml-4.x
renovate/mjml-core-4.x
renovate/npgsql.entityframeworkcore.postgresql-10.x
renovate/npgsql.entityframeworkcore.postgresql-8.x
renovate/pin-dependencies
renovate/pomelo.entityframeworkcore.mysql-9.x
renovate/postgres-18.x
renovate/prettier-3.x
renovate/rabbitmq.client-7.x
renovate/stripe.net-46.x
renovate/stripe.net-50.x
renovate/vstest-monorepo
renovate/webpack-cli-6.x
renovate/yamldotnet-16.x
repository-management-workflow-fix
return-non-zero-exit-code-on-failure
revert-2346-SG-698
revert-2992-PM-2448
revert-3891-ac-2293-Two-email-notifications-is-sent-when-creating-org-from-SM-Trial-page
revert-6582-revert-6577-auth/pm-27062/prelogin-new-data-types
revert-6755-revert-6676-auth/pm-3287/tde-cleanup-remove-reset-master-password-from-token-response
sdk-decrypt
sg/SG-58
single-user-scene-api
sm-10995-removefeatureflag
sm-910-923
sm-923
sm-add-bulk-move-to-project
sm/SM-518
sm/sm-873
sm/sm-904
sns
snyk-fix-261dbaccec3d4355caadddbd8dc44b4b
snyk-fix-6d56d7b220780f29826f4338d1631736
snyk-fix-8b823cd3ec0299ef141df1252a243e9b
snyk-fix-9a25996054355dc90914c1d4e62b99fc
snyk-fix-9ab4f8e979d891859939b5e19e825a45
snyk-fix-afde10973a7206485a89218280e291d8
snyk-fix-d0b5c3ca960136a116ca02dbf1b0b2b4
sre
sso-default-logging
sso-device-key-callback-poc
ssoconfig
strongly-typed-orgusers
task/BRE-128
task/BRE-342
test
test-docker-stuff
test-email-subject-automation
test-ephemeral-env-key-connector
test-image-updater-ee
test-new-trigger-ee
testing
th-ee-test
tools/AC-2496/graphql-experiment
tools/AC-2496/odata-init
tools/AC-2496/odata-test
tools/generator-modernization
tools/pm-16085/increase-import-limitations
tools/pm-30596/fix-year-in-mail-templates
tools/pm-31483/no-send-access-when-ff-is-off
tools/pm-31497/use-central-remove-send-auth-logic
tools/pm-31684/remove-email-hashing
tools/pm-8895/groups-controller-decouple
tools/pm-9709/group-details-query
tools/tech-debt/remove-unused-response-parameters
true-unified
trustmssql
tt-test-branch
update-renovate-for-auth
update-server-program
upgrade-npgsql-version
use-pr-for-release-version
util/support-dev-env-installations
vault/ac-2106/fix-provider-creating-collection
vault/delete-only-can-manage
vault/feature/cipher-versioning
vault/pm-20379/security-task-hidden-password
vault/pm-28190/sdk-sharing-feature-flag
vault/pm-4185/regression-testing
vault/pm-5072/update-minimum-server-version-for-cipher-key-encryption
verifypasswordhashonenrollment
vuln-252-check-run-least-priv
xunit-v3-full-upgrade
xunit-v3-migration
yubikey-logging
1.22.0
1.4.0
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.10.0
v1.11.0
v1.11.1
v1.12.0
v1.12.1
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.30.0
v1.30.1
v1.30.2
v1.30.3
v1.30.4
v1.31.0
v1.31.1
v1.32.0
v1.33.0
v1.33.1
v1.34.0
v1.35.0
v1.35.1
v1.36.0
v1.36.1
v1.37.0
v1.37.1
v1.37.2
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.4.1
v1.40.0
v1.41.0
v1.41.1
v1.41.2
v1.41.3
v1.41.4
v1.41.5
v1.41.6
v1.42.0
v1.42.1
v1.42.2
v1.42.3
v1.43.0
v1.43.1
v1.44.0
v1.44.1
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.45.4
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.47.0
v1.47.1
v1.48.0
v1.48.1
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v2022.05.0
v2022.10.0
v2022.11.0
v2022.11.1
v2022.12.0
v2022.5.1
v2022.5.2
v2022.6.0
v2022.6.1
v2022.6.2
v2022.8.0
v2022.8.2
v2022.8.3
v2022.8.4
v2022.9.0
v2022.9.1
v2022.9.2
v2022.9.4
v2022.9.5
v2023.1.0
v2023.10.0
v2023.10.1
v2023.10.2
v2023.10.3
v2023.12.0
v2023.12.1
v2023.2.0
v2023.2.1
v2023.3.0
v2023.4.0
v2023.4.1
v2023.4.2
v2023.4.3
v2023.5.0
v2023.5.1
v2023.7.0
v2023.7.1
v2023.7.2
v2023.8.0
v2023.8.1
v2023.8.2
v2023.8.3
v2023.9.0
v2023.9.1
v2024.1.0
v2024.1.1
v2024.1.2
v2024.10.0
v2024.10.1
v2024.10.2
v2024.11.0
v2024.12.0
v2024.12.1
v2024.2.0
v2024.2.1
v2024.2.2
v2024.2.3
v2024.3.0
v2024.3.1
v2024.4.0
v2024.4.1
v2024.4.2
v2024.5.0
v2024.6.0
v2024.6.1
v2024.6.2
v2024.7.0
v2024.7.1
v2024.7.2
v2024.7.3
v2024.7.4
v2024.8.0
v2024.8.1
v2024.9.0
v2024.9.1
v2024.9.2
v2025.1.0
v2025.1.1
v2025.1.2
v2025.1.3
v2025.1.4
v2025.10.0
v2025.10.1
v2025.10.2
v2025.11.0
v2025.11.1
v2025.12.0
v2025.12.1
v2025.12.2
v2025.2.0
v2025.2.1
v2025.2.2
v2025.2.3
v2025.2.4
v2025.3.0
v2025.3.3
v2025.4.0
v2025.4.1
v2025.4.2
v2025.4.3
v2025.5.0
v2025.5.1
v2025.5.2
v2025.5.3
v2025.6.0
v2025.6.1
v2025.6.2
v2025.7.0
v2025.7.1
v2025.7.2
v2025.7.3
v2025.8.0
v2025.8.1
v2025.9.0
v2025.9.1
v2025.9.2
v2026.1.0
v2026.1.1
${ noResults }
43 Commits (dbce45291ce0a2e96f35009f2bc8a0815bcbcfbc)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Bernd Schoolmann
|
4bf7cf956b
|
[PM-21034] Feature Branch - "User Crypto V2" (#5982)
* [PM-21034] Database changes for signature keypairs (#5906) * Add signing key repositories, models, and sql migration scripts * Rename UserSigningKeys table to UserSigningKey * Rename signedpublickeyownershipclaim to signedpublickey * Move signedPublicKey to last parameter * Add newline at end of file * Rename to signature key pair * Further rename to signaturekeypair * Rename to UserSignatureKeyPairRepository * Add newline * Rename more instances to UserSignatureKeyPair * Update parameter order * Fix order * Add more renames * Cleanup * Fix sql * Add ef migrations * Fix difference in SQL SP compared to migration SP * Fix difference in SQL SP vs migration * Fix difference in SQL SP vs migration * Attempt to fix sql * Rename migration to start later * Address feedback * Move UserSignatureKeyPair to KM codeownership * Fix build * Fix build * Fix build * Move out entitytypeconfiguration * Use view for reading usersignaturekeypairs * Fix migration script * Fix migration script * Drop view if exists * Enable nullable * Replace with create or alter view * Switch go generatecomb * Switch to generatecomb * Move signature algorithm * Move useresignaturekeypairentitytypeconfiguration to km ownership * Move userSignatureKeyPair model * Unswap file names * Move sql files to km ownership * Add index on userid for signature keys * Fix wrong filename * Remove string length limit * Regenerate EF migrations * Undo changes to program.cs * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Rename dbset to plural * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * [PM-21034] Implement api changes to retreive signing keys (#5932) * Add signing key repositories, models, and sql migration scripts * Rename UserSigningKeys table to UserSigningKey * Rename signedpublickeyownershipclaim to signedpublickey * Move signedPublicKey to last parameter * Add newline at end of file * Rename to signature key pair * Further rename to signaturekeypair * Rename to UserSignatureKeyPairRepository * Add newline * Rename more instances to UserSignatureKeyPair * Update parameter order * Fix order * Add more renames * Cleanup * Fix sql * Add ef migrations * Fix difference in SQL SP compared to migration SP * Fix difference in SQL SP vs migration * Fix difference in SQL SP vs migration * Attempt to fix sql * Rename migration to start later * Address feedback * Move UserSignatureKeyPair to KM codeownership * Fix build * Fix build * Fix build * Move out entitytypeconfiguration * Use view for reading usersignaturekeypairs * Fix migration script * Fix migration script * Add initial get keys endpoint * Add sync response * Cleanup * Add query and fix types * Add tests and cleanup * Fix test * Drop view if exists * Add km queries * Cleanup * Enable nullable * Cleanup * Cleanup * Enable nullable * Fix incorrect namespace * Remove unused using * Fix test build * Fix build error * Fix build * Attempt to fix tests * Attempt to fix tests * Replace with create or alter view * Attempt to fix tests * Attempt to fix build * Rename to include async suffix * Fix test * Rename repo * Attempt to fix tests * Cleanup * Test * Undo test * Fix tests * Fix test * Switch go generatecomb * Switch to generatecomb * Move signature algorithm * Move useresignaturekeypairentitytypeconfiguration to km ownership * Move userSignatureKeyPair model * Unswap file names * Move sql files to km ownership * Add index on userid for signature keys * Fix wrong filename * Fix build * Remove string length limit * Regenerate EF migrations * Undo changes to program.cs * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Rename dbset to plural * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Controllers/UsersController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Cleanup and move query to core * Fix test * Fix build * Fix tests * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Switch away from primary constructor * Use argumentNullException * Add test * Pass user account keys directly to profileresponsemodel * Move registration to core * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Remove empty line * Apply suggestions * Fix tests * Fix tests --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * [PM-22384] Implement key-rotation based enrollment to user-crypto v2 (#5934) * Add signing key repositories, models, and sql migration scripts * Rename UserSigningKeys table to UserSigningKey * Rename signedpublickeyownershipclaim to signedpublickey * Move signedPublicKey to last parameter * Add newline at end of file * Rename to signature key pair * Further rename to signaturekeypair * Rename to UserSignatureKeyPairRepository * Add newline * Rename more instances to UserSignatureKeyPair * Update parameter order * Fix order * Add more renames * Cleanup * Fix sql * Add ef migrations * Fix difference in SQL SP compared to migration SP * Fix difference in SQL SP vs migration * Fix difference in SQL SP vs migration * Attempt to fix sql * Rename migration to start later * Address feedback * Move UserSignatureKeyPair to KM codeownership * Fix build * Fix build * Fix build * Move out entitytypeconfiguration * Use view for reading usersignaturekeypairs * Fix migration script * Fix migration script * Add initial get keys endpoint * Add sync response * Cleanup * Add query and fix types * Add tests and cleanup * Fix test * Drop view if exists * Add km queries * Cleanup * Enable nullable * Cleanup * Cleanup * Enable nullable * Fix incorrect namespace * Remove unused using * Fix test build * Fix build error * Fix build * Attempt to fix tests * Attempt to fix tests * Replace with create or alter view * Attempt to fix tests * Attempt to fix build * Rename to include async suffix * Fix test * Rename repo * Attempt to fix tests * Cleanup * Test * Undo test * Fix tests * Fix test * Switch go generatecomb * Switch to generatecomb * Move signature algorithm * Move useresignaturekeypairentitytypeconfiguration to km ownership * Move userSignatureKeyPair model * Unswap file names * Move sql files to km ownership * Add index on userid for signature keys * Fix wrong filename * Fix build * Remove string length limit * Regenerate EF migrations * Undo changes to program.cs * Cleanup * Add migration to user encryption v2 * Fix build * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Rename dbset to plural * Cleanup * Cleanup * Fix build * Fix test * Add validation * Fix test * Apply fixes * Fix tests * Improve tests * Add tests * Add error message validation * Fix tests * Fix tests * Fix test * Add test * Fix tests and errors * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Controllers/UsersController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Cleanup and move query to core * Fix test * Fix build * Fix tests * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Switch away from primary constructor * Use argumentNullException * Add test * Pass user account keys directly to profileresponsemodel * Fix build * Fix namespace * Make signedpublickey optional * Remove unused file * Fix cases for request data conversion * Revert constructor change * Undo comments change * Apply fixes * Move registration to core * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Remove empty line * Apply suggestions * Fix tests * Fix tests * Fix build of integration tests * Attempt to fix tests * Add test * Move v2 encryption user async below public functions * Add todo * Rename to have async suffix * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Address feedback * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test coverage * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Split up validation from rotation * Fix tests * Increase test coverage * Rename tests * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test for no signature keypair data * Fix build * Enable nullable * Fix build * Clean up data model * Fix tests * Cleanup --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Fix build * [PM-22862] Account security version (#5995) * Add signing key repositories, models, and sql migration scripts * Rename UserSigningKeys table to UserSigningKey * Rename signedpublickeyownershipclaim to signedpublickey * Move signedPublicKey to last parameter * Add newline at end of file * Rename to signature key pair * Further rename to signaturekeypair * Rename to UserSignatureKeyPairRepository * Add newline * Rename more instances to UserSignatureKeyPair * Update parameter order * Fix order * Add more renames * Cleanup * Fix sql * Add ef migrations * Fix difference in SQL SP compared to migration SP * Fix difference in SQL SP vs migration * Fix difference in SQL SP vs migration * Attempt to fix sql * Rename migration to start later * Address feedback * Move UserSignatureKeyPair to KM codeownership * Fix build * Fix build * Fix build * Move out entitytypeconfiguration * Use view for reading usersignaturekeypairs * Fix migration script * Fix migration script * Add initial get keys endpoint * Add sync response * Cleanup * Add query and fix types * Add tests and cleanup * Fix test * Drop view if exists * Add km queries * Cleanup * Enable nullable * Cleanup * Cleanup * Enable nullable * Fix incorrect namespace * Remove unused using * Fix test build * Fix build error * Fix build * Attempt to fix tests * Attempt to fix tests * Replace with create or alter view * Attempt to fix tests * Attempt to fix build * Rename to include async suffix * Fix test * Rename repo * Attempt to fix tests * Cleanup * Test * Undo test * Fix tests * Fix test * Switch go generatecomb * Switch to generatecomb * Move signature algorithm * Move useresignaturekeypairentitytypeconfiguration to km ownership * Move userSignatureKeyPair model * Unswap file names * Move sql files to km ownership * Add index on userid for signature keys * Fix wrong filename * Fix build * Remove string length limit * Regenerate EF migrations * Undo changes to program.cs * Cleanup * Add migration to user encryption v2 * Fix build * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Rename dbset to plural * Cleanup * Cleanup * Fix build * Fix test * Add validation * Fix test * Apply fixes * Fix tests * Improve tests * Add tests * Add error message validation * Fix tests * Fix tests * Fix test * Add test * Fix tests and errors * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Controllers/UsersController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Cleanup and move query to core * Fix test * Fix build * Fix tests * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Switch away from primary constructor * Use argumentNullException * Add test * Pass user account keys directly to profileresponsemodel * Fix build * Fix namespace * Make signedpublickey optional * Remove unused file * Fix cases for request data conversion * Revert constructor change * Undo comments change * Apply fixes * Move registration to core * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Remove empty line * Apply suggestions * Fix tests * Fix tests * Fix build of integration tests * Attempt to fix tests * Add test * Move v2 encryption user async below public functions * Add todo * Rename to have async suffix * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Address feedback * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test coverage * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Split up validation from rotation * Fix tests * Increase test coverage * Rename tests * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test for no signature keypair data * Fix build * Enable nullable * Fix build * Clean up data model * Fix tests * Merge branch 'km/signing-upgrade-rotation' into km/account-security-version * Add security state to rotation * Update tests * Update tests and check for security state in v2 model * Cleanup * Add tests * Add security state data to integration test * Re-sort and remove limit * Update migrations * Fix sql * Fix sql * Fix sql * Fix fixture * Fix test * Fix test * Fix test --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * [PM-22853] Add feature flag (#6090) * Add signing key repositories, models, and sql migration scripts * Rename UserSigningKeys table to UserSigningKey * Rename signedpublickeyownershipclaim to signedpublickey * Move signedPublicKey to last parameter * Add newline at end of file * Rename to signature key pair * Further rename to signaturekeypair * Rename to UserSignatureKeyPairRepository * Add newline * Rename more instances to UserSignatureKeyPair * Update parameter order * Fix order * Add more renames * Cleanup * Fix sql * Add ef migrations * Fix difference in SQL SP compared to migration SP * Fix difference in SQL SP vs migration * Fix difference in SQL SP vs migration * Attempt to fix sql * Rename migration to start later * Address feedback * Move UserSignatureKeyPair to KM codeownership * Fix build * Fix build * Fix build * Move out entitytypeconfiguration * Use view for reading usersignaturekeypairs * Fix migration script * Fix migration script * Add initial get keys endpoint * Add sync response * Cleanup * Add query and fix types * Add tests and cleanup * Fix test * Drop view if exists * Add km queries * Cleanup * Enable nullable * Cleanup * Cleanup * Enable nullable * Fix incorrect namespace * Remove unused using * Fix test build * Fix build error * Fix build * Attempt to fix tests * Attempt to fix tests * Replace with create or alter view * Attempt to fix tests * Attempt to fix build * Rename to include async suffix * Fix test * Rename repo * Attempt to fix tests * Cleanup * Test * Undo test * Fix tests * Fix test * Switch go generatecomb * Switch to generatecomb * Move signature algorithm * Move useresignaturekeypairentitytypeconfiguration to km ownership * Move userSignatureKeyPair model * Unswap file names * Move sql files to km ownership * Add index on userid for signature keys * Fix wrong filename * Fix build * Remove string length limit * Regenerate EF migrations * Undo changes to program.cs * Cleanup * Add migration to user encryption v2 * Fix build * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Rename dbset to plural * Cleanup * Cleanup * Fix build * Fix test * Add validation * Fix test * Apply fixes * Fix tests * Improve tests * Add tests * Add error message validation * Fix tests * Fix tests * Fix test * Add test * Fix tests and errors * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Controllers/UsersController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Cleanup and move query to core * Fix test * Fix build * Fix tests * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Switch away from primary constructor * Use argumentNullException * Add test * Pass user account keys directly to profileresponsemodel * Fix build * Fix namespace * Make signedpublickey optional * Remove unused file * Fix cases for request data conversion * Revert constructor change * Undo comments change * Apply fixes * Move registration to core * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Remove empty line * Apply suggestions * Fix tests * Fix tests * Fix build of integration tests * Attempt to fix tests * Add test * Move v2 encryption user async below public functions * Add todo * Rename to have async suffix * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Address feedback * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test coverage * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Split up validation from rotation * Fix tests * Increase test coverage * Rename tests * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test for no signature keypair data * Fix build * Enable nullable * Fix build * Clean up data model * Fix tests * Merge branch 'km/signing-upgrade-rotation' into km/account-security-version * Add security state to rotation * Update tests * Add feature flag * Update tests and check for security state in v2 model * Cleanup * Add tests * Add security state data to integration test * Re-sort and remove limit * Update migrations * Fix sql * Fix sql * Fix sql * Fix fixture * Fix test * Fix test * Fix test --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * [PM-23222] Update revision date on key rotation (#6038) * Add signing key repositories, models, and sql migration scripts * Rename UserSigningKeys table to UserSigningKey * Rename signedpublickeyownershipclaim to signedpublickey * Move signedPublicKey to last parameter * Add newline at end of file * Rename to signature key pair * Further rename to signaturekeypair * Rename to UserSignatureKeyPairRepository * Add newline * Rename more instances to UserSignatureKeyPair * Update parameter order * Fix order * Add more renames * Cleanup * Fix sql * Add ef migrations * Fix difference in SQL SP compared to migration SP * Fix difference in SQL SP vs migration * Fix difference in SQL SP vs migration * Attempt to fix sql * Rename migration to start later * Address feedback * Move UserSignatureKeyPair to KM codeownership * Fix build * Fix build * Fix build * Move out entitytypeconfiguration * Use view for reading usersignaturekeypairs * Fix migration script * Fix migration script * Add initial get keys endpoint * Add sync response * Cleanup * Add query and fix types * Add tests and cleanup * Fix test * Drop view if exists * Add km queries * Cleanup * Enable nullable * Cleanup * Cleanup * Enable nullable * Fix incorrect namespace * Remove unused using * Fix test build * Fix build error * Fix build * Attempt to fix tests * Attempt to fix tests * Replace with create or alter view * Attempt to fix tests * Attempt to fix build * Rename to include async suffix * Fix test * Rename repo * Attempt to fix tests * Cleanup * Test * Undo test * Fix tests * Fix test * Switch go generatecomb * Switch to generatecomb * Move signature algorithm * Move useresignaturekeypairentitytypeconfiguration to km ownership * Move userSignatureKeyPair model * Unswap file names * Move sql files to km ownership * Add index on userid for signature keys * Fix wrong filename * Fix build * Remove string length limit * Regenerate EF migrations * Undo changes to program.cs * Cleanup * Add migration to user encryption v2 * Fix build * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update util/Migrator/DbScripts/2025-06-01_00_AddSignatureKeyPairTable.sql Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Rename dbset to plural * Cleanup * Cleanup * Fix build * Fix test * Add validation * Fix test * Apply fixes * Fix tests * Improve tests * Add tests * Add error message validation * Fix tests * Fix tests * Fix test * Add test * Fix tests and errors * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Controllers/UsersController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Cleanup and move query to core * Fix test * Fix build * Fix tests * Update src/Api/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Switch away from primary constructor * Use argumentNullException * Add test * Pass user account keys directly to profileresponsemodel * Fix build * Fix namespace * Make signedpublickey optional * Remove unused file * Fix cases for request data conversion * Revert constructor change * Undo comments change * Apply fixes * Move registration to core * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/Startup.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Remove empty line * Apply suggestions * Fix tests * Fix tests * Fix build of integration tests * Attempt to fix tests * Add test * Move v2 encryption user async below public functions * Add todo * Rename to have async suffix * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Address feedback * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test coverage * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Split up validation from rotation * Fix tests * Increase test coverage * Rename tests * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update src/Core/KeyManagement/UserKey/Implementations/RotateUserAccountkeysCommand.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Add test for no signature keypair data * Fix build * Enable nullable * Fix build * Clean up data model * Fix tests * Merge branch 'km/signing-upgrade-rotation' into km/account-security-version * Add security state to rotation * Update tests * Update revision date on key rotation * Update tests and check for security state in v2 model * Cleanup * Add tests * Add security state data to integration test * Re-sort and remove limit * Update migrations * Fix sql * Fix sql * Fix sql * Fix fixture * Fix test * Fix test * Fix test * Add test for change date --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Fix signing keys * Update sql migrations * Fix tests * Add keys to identity token response * Fix tests * Fix tests * Fix formatting * Update src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Infrastructure.Dapper/KeyManagement/Repositories/UserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Controllers/UsersController.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Requests/SignatureKeyPairRequestModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Api/KeyManagement/Models/Requests/PublicKeyEncryptionKeyPairRequestModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Entities/UserSignatureKeyPair.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Repositories/IUserSignatureKeyPairRepository.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Queries/UserAccountKeysQuery.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Data/PublicKeyEncryptionKeyPairData.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Entities/UserSignatureKeyPair.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Data/RotateUserAccountKeysData.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Data/SignatureKeyPairData.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Data/SecurityStateData.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Data/UserAccountKeysData.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Request/SecurityStateModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Response/PrivateKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Response/PublicKeysResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Response/PublicKeyEncryptionKeyPairResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Queries/Interfaces/IUserAcountKeysQuery.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update src/Core/KeyManagement/Models/Response/SignatureKeyPairResponseModel.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Remove unnecessary file * Add eof spacing * Move models * Fix build * Move models to API subdirectory * Rename model * Remove migrations * Add new ef migrations * Remove empty line * Only query account keys if the user has keys * Dotnet format * Fix test * Update test/Identity.Test/IdentityServer/BaseRequestValidatorTests.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Apply suggestion * Fix whitespace * Force camel case on response models * Address feedback for sql files * Fix build * Make index unique * Add contstraints * Fix sql * Fix order * Cleanup * Fix build * Update migrations * Update EF migrations * Change parameters to nvarchar * Update to Varchar * Apply feedback * Move refresh view * Attempt to fix build * Undo sql changes * Apply feedback about varchar * Apply feedback about refresh view * Apply feedback about new lines * Address SQL feedback * Re-sort columns * Fix build * Fix order * Fix build --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> |
4 months ago |
|
Bernd Schoolmann
|
ff092a031e
|
[PM-23229] Add extra validation to kdf changes + authentication data + unlock data (#6121)
* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response * Implement support for authentication data and unlock data in kdf change * Extract to kdf command and add tests * Fix namespace * Delete empty file * Fix build * Clean up tests * Fix tests * Add comments * Cleanup * Cleanup * Cleanup * Clean-up and fix build * Address feedback; force new parameters on KDF change request * Clean-up and add tests * Re-add logger * Update logger to interface * Clean up, remove Kdf Request Model * Remove kdf request model tests * Fix types in test * Address feedback to rename request model and re-add tests * Fix namespace * Move comments * Rename InnerKdfRequestModel to KdfRequestModel --------- Co-authored-by: Maciej Zieniuk <mzieniuk@bitwarden.com> |
5 months ago |
rr-bw
|
d2c2ae5b4d
|
fix(invalid-auth-request-approvals): Auth/[PM-3387] Better Error Handling for Invalid Auth Request Approval (#6264)
If a user approves an invalid auth request, on the Requesting Device they currently they get stuck on the `LoginViaAuthRequestComponent` with a spinning wheel. This PR makes it so that when an Approving Device attempts to approve an invalid auth request, the Approving Device receives an error toast and the `UpdateAuthRequestAsync()` operation is blocked. |
5 months ago |
Daniel García
|
a180317509
|
[PM-25182] Improve swagger OperationIDs: Part 1 (#6229)
* Improve swagger OperationIDs: Part 1 * Fix tests and fmt * Improve docs and add more tests * Fmt * Improve Swagger OperationIDs for Auth * Fix review feedback * Use generic getcustomattributes * Format * replace swaggerexclude by split+obsolete * Format * Some remaining excludes |
5 months ago |
Todd Martin
|
79ad1dbda0
|
fix(2fa): [PM-22323] Do not show 2FA warning for 2FA setup and login emails
* Added configuration to not display 2FA setup instruction * Refactored to new service. * Linting. * Dependency injection * Changed to scoped to have access to ICurrentContext. * Inverted logic for EmailTotpAction * Fixed tests. * Fixed tests. * More tests. * Fixed tests. * Linting. * Added tests at controller level. * Linting * Fixed error in test. * Review updates. * Accidentally deleted imports. |
7 months ago |
Ike
|
20bf1455cf
|
[PM-20348] Add pending auth request endpoint (#5957)
* Feat(pm-20348): * Add migration scripts for Read Pending Auth Requests by UserId stored procedure and new `view` for pending AuthRequest. * View only returns the most recent pending authRequest, or none at all if the most recent is answered. * Implement stored procedure in AuthRequestRepository for both Dapper and Entity Framework. * Update AuthRequestController to query the new View to get a user's most recent pending auth requests response includes the requesting deviceId. * Doc: * Move summary xml comments to interface. * Added comments for the AuthRequestService. * Test: * Added testing for AuthRequestsController. * Added testing for repositories. * Added integration tests for multiple auth requests but only returning the most recent. |
7 months ago |
|
Bernd Schoolmann
|
34580f0472
|
Remove key rotation v1 (#5939)
|
8 months ago |
Thomas Rittson
|
a1b22e66e5
|
[PM-14613] Remove account deprovisioning feature flag (#5676)
* Remove flag * Remove old tests * Remove old xmldoc referencing the flag * Remove old emails |
9 months ago |
|
Ike
|
3f95513d11
|
[PM-19029][PM-19203] Addressing `UserService` tech debt around `ITwoFactorIsEnabledQuery` (#5754)
* fix : split out the interface from the TwoFactorAuthenticationValidator into separate file. * fix: replacing IUserService.TwoFactorEnabled with ITwoFactorEnabledQuery * fix: combined logic for both bulk and single user look ups for TwoFactorIsEnabledQuery. * fix: return two factor provider enabled on CanGenerate() method. * tech debt: modfifying MFA providers to call the database less to validate if two factor is enabled. * tech debt: removed unused service from AuthenticatorTokenProvider * doc: added documentation to ITwoFactorProviderUsers * doc: updated comments for TwoFactorIsEnabled impl * test: fixing tests for ITwoFactorIsEnabledQuery * test: updating tests to have correct DI and removing test for automatic email of TOTP. * test: adding better test coverage |
9 months ago |
Justin Baur
|
1228fe51c8
|
Resolve auth warnings (#5784)
|
9 months ago |
Rui Tomé
|
722fae81b3
|
[PM-18237] Add RequireSsoPolicyRequirement (#5655)
* Add RequireSsoPolicyRequirement and its factory to enforce SSO policies * Enhance WebAuthnController to support RequireSsoPolicyRequirement with feature flag integration. Update tests to validate behavior when SSO policies are applicable. * Integrate IPolicyRequirementQuery into request validators to support RequireSsoPolicyRequirement. Update validation logic to check SSO policies based on feature flag. * Refactor RequireSsoPolicyRequirementFactoryTests to improve test coverage for SSO policies. Add tests for handling both valid and invalid policies in CanUsePasskeyLogin and SsoRequired methods. * Remove ExemptStatuses property from RequireSsoPolicyRequirementFactory to use default values from BasePolicyRequirementFactory * Restore ValidateRequireSsoPolicyDisabledOrNotApplicable * Refactor RequireSsoPolicyRequirement to update CanUsePasskeyLogin and SsoRequired properties to use init-only setters * Refactor RequireSsoPolicyRequirementFactoryTests to enhance test clarity * Refactor BaseRequestValidatorTests to improve test clarity * Refactor WebAuthnController to replace SSO policy validation with PolicyRequirement check * Refactor BaseRequestValidator to replace SSO policy validation with PolicyRequirement check * Refactor WebAuthnControllerTests to update test method names and adjust policy requirement checks * Add tests for AttestationOptions and Post methods in WebAuthnControllerTests to validate scenario where SSO is not required * Refactor RequireSsoPolicyRequirement initialization * Refactor SSO requirement check for improved readability * Rename test methods in RequireSsoPolicyRequirementFactoryTests for clarity on exempt status conditions * Update RequireSsoPolicyRequirement to refine user status checks for SSO policy requirements |
10 months ago |
|
Bernd Schoolmann
|
c195f83402
|
[PM-19728] Add keys on devices list and get responses (#5633)
* Add keys on devices list and get responses * Mark retrieve device keys endpoint as deprecated |
10 months ago |
|
Bernd Schoolmann
|
0a4f97b50e
|
[PM-19883] Add untrust devices endpoint (#5619)
* Add untrust devices endpoint * Fix tests * Update src/Core/Auth/UserFeatures/DeviceTrust/UntrustDevicesCommand.cs Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> * Fix whitespace --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> |
10 months ago |
Jared McCannon
|
dcd62f00ba
|
[PM-15420] Managed to Claimed (#5594)
* Renamed ManagedUserDomainClaimedEmails to ClaimedUserDomainClaimedEmails * Renamed method to improve clarity and consistency. Replaced `ValidateManagedUserDomainAsync` with `ValidateClaimedUserDomainAsync`. * Rename `GetOrganizationsManagingUserAsync` to `GetOrganizationsClaimingUserAsync`. This renaming clarifies the function's purpose, aligning its name with the concept of "claiming" rather than "managing" user associations. * Refactor variable naming in ValidateClaimedUserDomainAsync * Managed to claimed * Managed to claimed * Managed to claimed * Managing to Claiming * Managing to Claiming * Managing to Claiming * Managing to Claiming * Renamed DeleteManagedOrganizationUserAccountCommand to DeleteClaimedOrganizationUserAccountCommand * Renamed IDeleteManagedOrganizationUserAccountCommand to IDeleteClaimedOrganizationUserAccountCommand * Updated variable name * IsManagedBy to IsClaimedBy * Created new property. obsoleted old property and wired up for backward compatibility. * More Managed to Claimed renames. * Managed to Claimed * Fixing tests... 🤦 * Got the rest of em * missed the test 🤦 * fixed test. |
10 months ago |
Jonas Hendrickx
|
ac25ec4519
|
[PM-19002] Extract billing code from AccountsController (#5477)
|
11 months ago |
Jimmy Vo
|
6ca98df721
|
Ac/pm 17449/add managed user validation to email token (#5437)
|
12 months ago |
|
Jimmy Vo
|
06c96a96c5
|
[PM-17449] Add logic to handle email updates for managed users. (#5422)
|
12 months ago |
|
Bernd Schoolmann
|
58d2a7ddaa
|
[PM-17210] Prevent unintentionally corrupting private keys (#5285)
* Prevent unintentionally corrupting private keys * Deny key update only when replacing existing keys * Fix incorrect use of existing user public/encrypted private key * Fix test * Fix tests * Re-add test * Pass through error for set-password * Fix test * Increase test coverage and simplify checks |
1 year ago |
|
Ike
|
a84ef0724c
|
[PM-15614] Allow Users to opt out of new device verification (#5176)
feat(NewDeviceVerification) : * Created database migration scripts for VerifyDevices column in [dbo].[User]. * Updated DeviceValidator to check if user has opted out of device verification. * Added endpoint to AccountsController.cs to allow editing of new User.VerifyDevices property. * Added tests for new methods and endpoint. * Updating queries to track [dbo].[User].[VerifyDevices]. * Updated DeviceValidator to set `User.EmailVerified` property during the New Device Verification flow. |
1 year ago |
Patrick-Pimentel-Bitwarden
|
cc96e35072
|
Auth/pm 2996/add auth request data to devices response model (#5152)
fix(auth): [PM-2996] Add Pending Auth Request Data to Devices Response - New stored procedure to fetch the appropriate data. - Updated devices controller to respond with the new data. - Tests written at the controller and repository level. Resolves PM-2996 |
1 year ago |
|
Bernd Schoolmann
|
fae8692d2a
|
[PM-12607] Move key rotation & validators to km ownership (#4941)
* Move key rotation & validators to km ownership * Fix build errors * Fix build errors * Fix import ordering * Update validator namespace * Move key rotation data to km ownership * Fix linting * Fix namespaces * Fix namespace * Fix namespaces * Move rotateuserkeycommandtests to km ownership |
1 year ago |
|
Ike
|
ab5d4738d6
|
[PM-8107] Remove Duo v2 from server (#4934)
refactor(TwoFactorAuthentication): Remove references to old Duo SDK version 2 code and replace them with the Duo SDK version 4 supported library DuoUniversal code. Increased unit test coverage in the Two Factor Authentication code space. We opted to use DI instead of Inheritance for the Duo and OrganizaitonDuo two factor tokens to increase testability, since creating a testing mock of the Duo.Client was non-trivial. Reviewed-by: @JaredSnider-Bitwarden |
1 year ago |
|
Rui Tomé
|
4b76008245
|
[PM-11406] Account Management: Prevent a verified user from deleting their account (#4878)
* Add check for managed user before purging account * Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel * Rename the property ManagesActiveUser to UserIsManagedByOrganization * Remove whole class #nullable enable and add it to specific places * [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address * Remove unnecessary .ToList() * Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable * Prevent deletion of accounts managed by an organization when Account Deprovisioning is enabled * Add CannotDeleteManagedAccountViewModel and email templates - Added CannotDeleteManagedAccountViewModel class to handle emails related to preventing deletion of accounts managed by an organization. - Added HTML and text email templates for sending notifications about the inability to delete an account owned by an organization. - Updated IMailService interface with a new method to send the cannot delete managed account email. - Implemented the SendCannotDeleteManagedAccountEmailAsync method in HandlebarsMailService. - Added a check in UserService to send the cannot delete managed account email if the user is managed by any organization. - Added a no-op implementation for SendCannotDeleteManagedAccountEmailAsync in NoopMailService. * Update error message when unable to purge vault for managed account * Update error message when unable to change email for managed account * Update error message when unable to delete account when managed by organization * Update error message in test for deleting organization-owned accounts |
1 year ago |
|
Rui Tomé
|
c126fee296
|
[PM-11405] Account Management: Prevent a verified user from changing their email address (#4875)
* Add check for managed user before purging account * Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel * Rename the property ManagesActiveUser to UserIsManagedByOrganization * Remove whole class #nullable enable and add it to specific places * [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address * Remove unnecessary .ToList() * Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable * Update error message when unable to purge vault for managed account * Update error message when unable to change email for managed account * Update expected error messages on unit tests * Add TestFeatureService to Api.IntegrationTest.Helpers and use it on ApiApplicationFactory to be able to enable specific features for each test * Add CreateVerifiedDomainAsync method to OrganizationTestHelpers * Add tests to AccountsControllerTest to prevent changing email for managed accounts * Remove setting the feature flag value in ApiApplicationFactory and set it on AccountsControllerTest * Remove TestFeatureService class from Api.IntegrationTest.Helpers |
1 year ago |
|
Bernd Schoolmann
|
ce185eb3df
|
[PM-5963] Fix tde offboarding vault corruption (#4144)
* Attempt to fix tde to mp flow * Move tde offboarding to dedicated flag * Add tde offboarding password request * Validate tde offboarding input * Correctly check whether tde is active when building trusted device options * Refactor Tde offboarding into a separate command * Add unit tests for tde offboarding * Update tde offboarding request model * Fix tests * Fix further tests * Fix documentation * Add validation for updatetdepasswordasync key/newmasterpassword * Add comment explaining test * Remove unrelated changes |
2 years ago |
Jared Snider
|
29b47f72ca
|
Auth/PM-3833 - Remove Deprecated Register and Prelogin endpoints from API (#4206)
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints. * PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity. * PM-3833 - FIX LINT * PM-3833 - Fix issues after merge conflict fixes. * PM-3833 - Another test fix |
2 years ago |
|
Bernd Schoolmann
|
3ad4bc1cab
|
[PM-4371] Implement PRF key rotation (#4157)
* Send rotateable keyset on list webauthn keys * Implement basic prf key rotation * Add validator for webauthn rotation * Fix accounts controller tests * Add webauthn rotation validator tests * Introduce separate request model * Fix tests * Remove extra empty line * Remove filtering in validator * Don't send encrypted private key * Fix tests * Implement delegated webauthn db transactions * Add backward compatibility * Fix query not working * Update migration sql * Update dapper query * Remove unused helper * Rename webauthn to WebAuthnLogin * Fix linter errors * Fix tests * Fix tests |
2 years ago |
Alex Morask
|
06910175e2
|
[AC-2576] Replace Billing commands and queries with services (#4070)
* Replace SubscriberQueries with SubscriberService * Replace OrganizationBillingQueries with OrganizationBillingService * Replace ProviderBillingQueries with ProviderBillingService, move to Commercial * Replace AssignSeatsToClientOrganizationCommand with ProviderBillingService, move to commercial * Replace ScaleSeatsCommand with ProviderBillingService and move to Commercial * Replace CancelSubscriptionCommand with SubscriberService * Replace CreateCustomerCommand with ProviderBillingService and move to Commercial * Replace StartSubscriptionCommand with ProviderBillingService and moved to Commercial * Replaced RemovePaymentMethodCommand with SubscriberService * Formatting * Used dotnet format this time * Changing ProviderBillingService to scoped * Found circular dependency' * One more time with feeling * Formatting * Fix error in remove org from provider * Missed test fix in conflit * [AC-1937] Server: Implement endpoint to retrieve provider payment information (#4107) * Move the gettax and paymentmethod from stripepayment class Signed-off-by: Cy Okeke <cokeke@bitwarden.com> * Add the method to retrieve the tax and payment details Signed-off-by: Cy Okeke <cokeke@bitwarden.com> * Add unit tests for the paymentInformation method Signed-off-by: Cy Okeke <cokeke@bitwarden.com> * Add the endpoint to retrieve paymentinformation Signed-off-by: Cy Okeke <cokeke@bitwarden.com> * Add unit tests to the SubscriberService Signed-off-by: Cy Okeke <cokeke@bitwarden.com> * Remove the getTaxInfoAsync update reference Signed-off-by: Cy Okeke <cokeke@bitwarden.com> --------- Signed-off-by: Cy Okeke <cokeke@bitwarden.com> --------- Signed-off-by: Cy Okeke <cokeke@bitwarden.com> Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com> |
2 years ago |
|
Alex Morask
|
ffd988eeda
|
[AC-1904] Implement endpoint to retrieve Provider subscription (#3921)
* Refactor Core.Billing prior to adding new logic * Add ProviderBillingQueries.GetSubscriptionData * Add ProviderBillingController.GetSubscriptionAsync |
2 years ago |
|
Alex Morask
|
59fa6935b4
|
[AC-1608] Send offboarding survey response to Stripe on subscription cancellation (#3734)
* Added offboarding survey response to cancellation when FF is on. * Removed service methods to prevent unnecessary upstream registrations * Forgot to actually remove the injected command in the services * Rui's feedback * Add missing summary * Missed [FromBody] |
2 years ago |
|
Todd Martin
|
2763345e9e
|
[PM-3777[PM-3633] Update minimum KDF iterations when creating new User record (#3687)
* Updated minimum iterations on new Users to the default. * Fixed test I missed. |
2 years ago |
Matt Bishop
|
974d23efdd
|
Establish IFeatureService as scoped (#3679)
* Establish IFeatureService as scoped * Lint * Feedback around injection |
2 years ago |
|
Ike
|
767c58466c
|
[PM-4168] update keys for WebAuthnLoginCredential (#3506)
* allow update of webauthnlogincredential * Added Tests * fixed tests to use commands * addressing various feedback items |
2 years ago |
Jake Fink
|
b77ee017e3
|
[PM-3797 Part 5] Add reset password keys to key rotation (#3445)
* Add reset password validator with tests * add organization user rotation methods to repository - move organization user TVP helper to admin console ownership * rename account recovery to reset password * formatting * move registration of RotateUserKeyCommand to Core and make internal * add admin console ValidatorServiceCollectionExtensions |
2 years ago |
Andreas Coroiu
|
d63c917c95
|
[PM-4619] Rewrite `UserService` methods as commands (#3432)
* [PM-4619] feat: scaffold new create options command * [PM-4169] feat: implement credential create options command * [PM-4619] feat: create command for credential creation * [PM-4619] feat: create assertion options command * [PM-4619] chore: clean-up unused argument * [PM-4619] feat: implement assertion command * [PM-4619] feat: migrate to commands * [PM-4619] fix: lint * [PM-4169] fix: use constant * [PM-4619] fix: lint I have no idea what this commit acutally changes, but the file seems to have some character encoding issues. This fix was generated by `dotnet format` |
2 years ago |
|
Jake Fink
|
ca8e3f496e
|
[PM-3797 Part 4] Add Sends to new Key Rotation (#3442)
* add send validation * add send repo methods * add send rotation to delegate list * add success test |
2 years ago |
|
Jake Fink
|
4b2bd6cee6
|
[PM-3797 Part 3] Add vault domains to key rotation (#3436)
## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> Previous PR: #3434 Adds ciphers and folders to the new key rotation. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team |
2 years ago |
|
Jake Fink
|
989603ddd3
|
[Pm 3797 Part 2] Add emergency access rotations (#3434)
## Type of change <!-- (mark with an `X`) --> ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> See #3425 for part 1 and background. This PR adds emergency access to the rotation. All new code is hidden behind a feature flag. The Accounts controller has also been moved to Auth ownership. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> * **file.ext:** Description of what was changed and why * **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors). * **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys. * **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains. ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - If making database changes - make sure you also update Entity Framework queries and/or migrations - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team |
2 years ago |
|
Thomas Rittson
|
42cec31d07
|
[AC-1287] AC Team code ownership moves: Policies (1/2) (#3383)
* note: IPolicyData and EntityFramework Policy.cs are moved without any changes to namespace or content in order to preserve git history. |
2 years ago |
|
Andreas Coroiu
|
35500b197d
|
fix: broken webauthn controller tests (#3421)
|
2 years ago |
|
Andreas Coroiu
|
e401fc0983
|
[PM-4167] Add PRF attestation flow during passkey registration (#3339)
* [PM-4167] feat: add support for `SupportsPrf` * [PM-4167] feat: add `prfStatus` property * [PM-4167] feat: add support for storing PRF keys * [PM-4167] fix: allow credentials to be created without encryption support * [PM-4167] fix: broken test * [PM-4167] chore: remove whitespace * [PM-4167] fix: controller test * [PM-4167] chore: improve readability of `GetPrfStatus` * [PM-4167] fix: make prf optional * [PM-4167] fix: commit missing controller change * [PM-4167] fix: tests |
2 years ago |
|
Jared Snider
|
f5f64059c5
|
Auth/PM-3659 - Disable Passkey registration if Require SSO Policy Enabled (#3399)
* PM-3659 - WebAuthnController.cs - Passkey Creation - Add RequireSSO login policy validation to prevent users from creating passkeys if require SSO applies to them. * PM-3659 - per PR feedback, apply new require SSO validation to options call * PM-3659 - Remove unneeded comment * PM-3659 - Per PR feedback, add unit tests for new require SSO scenarios on both Post and Options endpoints on the WebAuthnController * Remove duplicated line * Remove extra whitespace |
2 years ago |
Kyle Spearrin
|
44c559c723
|
Support for passkey registration (#2885)
* support for fido2 auth * stub out registration implementations * stub out assertion steps and token issuance * verify token * webauthn tokenable * remove duplicate expiration set * revert sqlproj changes * update sqlproj target framework * update new validator signature * [PM-2014] Passkey registration (#2915) * [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository` * [PM-2014] fix: add missing service registration * [PM-2014] feat: add user verification when fetching options * [PM-2014] feat: create migration script for mssql * [PM-2014] chore: append to todo comment * [PM-2014] feat: add support for creation token * [PM-2014] feat: implement credential saving * [PM-2014] chore: add resident key TODO comment * [PM-2014] feat: implement passkey listing * [PM-2014] feat: implement deletion without user verification * [PM-2014] feat: add user verification to delete * [PM-2014] feat: implement passkey limit * [PM-2014] chore: clean up todo comments * [PM-2014] fix: add missing sql scripts Missed staging them when commiting * [PM-2014] feat: include options response model in swagger docs * [PM-2014] chore: move properties after ctor * [PM-2014] feat: use `Guid` directly as input paramter * [PM-2014] feat: use nullable guid in token * [PM-2014] chore: add new-line * [PM-2014] feat: add support for feature flag * [PM-2014] feat: start adding controller tests * [PM-2014] feat: add user verification test * [PM-2014] feat: add controller tests for token interaction * [PM-2014] feat: add tokenable tests * [PM-2014] chore: clean up commented premium check * [PM-2014] feat: add user service test for credential limit * [PM-2014] fix: run `dotnet format` * [PM-2014] chore: remove trailing comma * [PM-2014] chore: add `Async` suffix * [PM-2014] chore: move delay to constant * [PM-2014] chore: change `default` to `null` * [PM-2014] chore: remove autogenerated weirdness * [PM-2014] fix: lint * Added check for PasswordlessLogin feature flag on new controller and methods. (#3284) * Added check for PasswordlessLogin feature flag on new controller and methods. * fix: build error from missing constructor argument --------- Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> * [PM-4171] Update DB to support PRF (#3321) * [PM-4171] feat: update database to support PRF * [PM-4171] feat: rename `DescriptorId` to `CredentialId` * [PM-4171] feat: add PRF felds to domain object * [PM-4171] feat: add `SupportsPrf` column * [PM-4171] fix: add missing comma * [PM-4171] fix: add comma * [PM-3263] fix identity server tests for passkey registration (#3331) * Added WebAuthnRepo to EF DI * updated config to match current grant types * Remove ExtensionGrantValidator (#3363) * Linting --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com> |
2 years ago |