server

mirror of https://github.com/bitwarden/server.git synced 2026-06-04 19:26:24 -05:00

Author	SHA1	Message	Date
Dave	25e78ceba3	[PM-35393] MasterPasswordService auth integration (#7575 ) * feat(mp-service) Wire commands to MasterPasswordService. * feat(self-service) Add logout-and-log to self-service command. * feat(mp-service) Add dual-path request models and wire controller routing. Add structured cryptographic data support to all Auth password endpoints, routing new payloads to MasterPasswordService-backed commands while preserving legacy paths for backward compatibility (PM-33141 removal). * refactor(mp-service) Mark legacy password entry points [Obsolete]. * test(mp-service) Add testing. * refactor(mp-service) Rename ReplaceTemporaryPasswordAsync to be more descriptive. * refactor(mp-service) Add variant validator and tests. * fix(mp-service) Adjust payload variance validation. * test(mp-service) Update integration tests to support payload variants and model validation returns. * fix(password-request): Restore KDF regression guard. * refactor(data-models): Collapse RequestHasNewDataTypes into local check. * test(emergency-access): Update Emergency Access tests. * refactor(mp-payload-variant-validator): Move to Auth utilities. * test(self-service): Combine side-effects and password change into single test. * feat(validation): Add kdf-salt agreement-only validation. * refactor(password-request-model): consolidate onto ValidateKdfAndSaltAgreement. * test(auth): Cover ValidateKdfAndSaltAgreement and enshrine legacy KDF acceptance. * feat(validate-exclusivity): Throw on both payload variants present. * test(accounts-controller): Update tests for exclusivity validation at the boundary. * fix(request-models): Request models must accept both payload variants. * PM-35393 - Add V2 dual-payload integration tests for password-modification flows End-to-end coverage for the new AuthenticationData / UnlockData payload across every endpoint that mutates a master password: - POST /accounts/password — legacy-KDF acceptance, mismatch rejection, auth, current-password check. - PUT /accounts/update-temp-password — legacy-KDF acceptance, mismatch rejection, auth, ForcePasswordReset precondition. - PUT /accounts/update-tde-offboarding-password — sub-minimum KDF rejection (this flow intentionally enforces range), mismatch rejection, auth. - POST /emergency-access/{id}/password — legacy-KDF acceptance, mismatch rejection, no-payload rejection, non-RecoveryApproved precondition. Also extracts BuildAuthData / BuildUnlockData / BuildMismatchedAuthAndUnlock helpers in AccountsControllerTest and rewrites the existing PostKdf_* tests to use them (no behavior change). 15 new test methods, 41 cases. 155/155 controller-suite tests pass. --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>	2026-05-20 12:28:30 -04:00
Bernd Schoolmann	a714278b9a	[PM-35306] Fix password change not working when using the unlock and authentication data models (#7505 ) * Fix password change not working when using the unlock and authentication data models * Cleanup test * Cleanup test * Clean up test comment * Address feedback * Fix tests * Fix tests * Update src/Core/KeyManagement/Models/Api/Request/MasterPasswordAuthenticationDataRequestModel.cs Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>	2026-04-21 12:07:50 -04:00
Patrick-Pimentel-Bitwarden	e113dbd263	feat: [PM-32626] standardize unlock and authentication validation - Standardize validation on `RegisterFinishRequestModel` so Auth and Unlock data are both required and consistently validated - Add salt validation to both unlock and authentication data - Enforce that Auth and Unlock data contain matching values - Keep validation backwards compatible with older clients - Add and update unit tests covering the new validation rules and error messages Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>	2026-04-17 10:47:09 -04:00
Patrick-Pimentel-Bitwarden	c52f2e0d09	feat(register): [PM-27084] Account Register Uses New Data Types - Repush (#6855 ) * feat(register): [PM-27084] Account Register Uses New Data Types - Changes. * test(register): [PM-27084] Account Register Uses New Data Types - Added tests. * fix(register): [PM-27084] Account Register Uses New Data Types - Added constant for feature flag.	2026-02-04 10:03:55 -05:00
Patrick-Pimentel-Bitwarden	029a5f6a2d	Revert "feat(register): [PM-27084] Account Register Uses New Data Types (#6715 )" (#6854 ) This reverts commit `8cb8030534`.	2026-01-15 21:19:16 +00:00
Patrick-Pimentel-Bitwarden	8cb8030534	feat(register): [PM-27084] Account Register Uses New Data Types (#6715 ) * feat(register): [PM-27084] Account Register Uses New Data Types - Implementation * test(register): [PM-27084] Account Register Uses New Data Types - Added tests	2026-01-15 15:55:27 -05:00
Maciej Zieniuk	2e92a53f11	[PM-27281] Support v2 account encryption on JIT master password signups (#6777 ) * V2 prep, rename existing SSO JIT MP command to V1 * set initial master password for account registraton V2 * later removel docs * TDE MP onboarding split * revert separate TDE onboarding controller api * Server side hash of the user master password hash * use `ValidationResult` instead for validation errors * unit test coverage * integration test coverage * update sql migration script date * revert validate password change * better requests validation * explicit error message when org sso identifier invalid * more unit test coverage * renamed onboarding to set, hash naming clarifications * update db sql script, formatting * use raw json as request instead of request models for integration test * v1 integration test coverage * change of name	2026-01-09 09:17:45 +01:00

7 Commits