* PM-31923 adding the whole report endpoints v2
* PM-31923 changing approach to match others in codebase
* 31923 updating code to now use the ReportFile field
* add feature flag for welcome dialog no ext prompt (#7144)
* [PM-32249] Allow custom desktop protocol in CORS (#7080)
* Disabling Claude attribution (#7146)
* [PM-33140] Correct Non-Seat Plan Intial Seat Setting for Upgrade (#7140)
* refactor(billing): update seat logic
* test(billing): update tests for seat logic
* [PM-28531] Remove old proc and use new one (#7110)
* Update PoliciesController.Put to forward all behavior to VNext (#7130)
* PM-31923 adding request size attributes
* [deps]: Update actions/checkout action to v6.0.2 (#6904)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Return WebAuthn credential record in create response (#7145)
* Return WebAuthn credential record in create response
* Make CreateWebAuthnLoginCredentialCommand null-safe
* [PM-32594] Add authorization to admin-initiated sponsorship endpoints (#7095)
* [PM-28519] Remove Emergency Access Contacts for AutoConfirm Org Flows (#7123)
* Remove emergency access from all organization users on policy enable, or when accepted/restored
* Use correct policy save system
* Add additional tests
* Implement both PreUpsert and OnSave side effects
* Add coupon support to invoice preview and subscription creation (#6994)
* Add coupon support to invoice preview and subscription creation
* Fix the build lint error
* Resolve the initial review comments
* fix the failing test
* fix the build lint error
* Fix the failing test
* Resolve the unaddressed issues
* Fixed the deconstruction error
* Fix the lint issue
* Fix the lint error
* Fix the lint error
* Fix the build lint error
* lint error resolved
* remove the setting file
* rename the variable name validatedCoupon
* Remove the owner property
* Update OrganizationBillingService tests to align with recent refactoring
- Remove GetMetadata tests as method no longer exists
- Remove Owner property references from OrganizationSale (removed in d7613365ed)
- Update coupon validation to use SubscriptionDiscountRepository instead of SubscriptionDiscountService
- Add missing imports for SubscriptionDiscount entities
- Rename test for clarity: Finalize_WithNullOwner_SkipsValidation → Finalize_WithCouponOutsideDateRange_IgnoresCouponAndProceeds
All tests passing (14/14)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix the lint error
* Making the owner non nullable
* fix the failing unit test
* Make the owner nullable
* Fix the bug for coupon in Stripe with no audience restrictions(PM-32756)
* Return validation message for invalid coupon
* Update the valid token message
* Fix the failing unit test
* Remove the duplicate method
* Fix the failing build and test
* Resolve the failing test
* Add delete of invalid coupon
* Add the expired error message
* Delete on invalid coupon in stripe
* Fix the lint errors
* return null if we get exception from stripe
* remove the auto-delete change
* fix the failing test
* Fix the lint build error
---------
Co-authored-by: Claude <noreply@anthropic.com>
* [PM-21925] Add MasterPasswordSalt Column to User Table (#6950)
feat: add MasterPasswordSalt column to User table
- Add MasterPasswordSalt column to User table in both Dapper and EF implementations
- Update User stored procedures (Create, Update, UpdateMasterPassword) to handle salt column
- Add EF migrations and update UserView with dependent views
- Set MaxLength constraint on MasterPasswordSalt column
- Update UserRepository implementations to manage salt field
- Add comprehensive test coverage for salt handling and normalization
* PM-31923 fixing all the endpoints
* PM-31923 remove claude change
* PM-31923 fixing feature flag name
* PM-21720 - RegisterFinishResponseModel - clean up deprecated CaptchaBypassToken (#7098)
* chore(deps): Add Renovate ownership of MessagePack pinned transitive dependency
* PM-31923 fixing path traversal vuln and cleaned up null references
* PM-31923 fixing unit test
* PM-31923 fixing issues found by reviewer
* PM-31923 addressing pr comments
* [PM-33219] Resolve silent auth removal on Sends (#7160)
* remove null assignment to auth props and update tests
* update PutRemoveAuth comment for clarity and assign null to empty email list allowing future client side changes to remove ALL emails
* update test to match email removal expectation
* implement expected behavior and update tests
---------
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
* PM-31923 fixing issues based on review
* PM-31923 removing settings.json
* Bumped version to 2026.3.0
* [PM-33091] Add optional Targeting Rules data resource configuration (#7137)
* add fillAssistRules to environment URIs in config
* add tests
* do not include json file specification in path
* fix warnings
* fix(feature-flag): [PM-27085] Account Register Uses New Data Types - Removed unnneded feature flag. (#7127)
* PM-31923 fixing unit tests
* Auth/PM-32416 - Add MultiClientPasswordManagement feature flag (#7169)
* chore(flags): [PM-32554] Remove pm-24579-prevent-sso-on-existing-non-compliant-users feature flag
* Remove flag.
* Removed unneccessary dependency
* Remove unnecessary dependency.
* Removed additional temporary test fixtures.
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* [PM-25860] Rid of bulk delete error (#6925)
* Rid of bulk delete error
* Fix test
* Fix for test
* Update src/Core/Dirt/Services/Implementations/EventService.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Fix formatting issues in DeleteCollectionCommandTests.cs by removing hidden characters and ensuring proper using directives.
* Update src/Core/Dirt/Services/Implementations/EventService.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Update src/Core/Dirt/Services/Implementations/EventService.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Refactor DeleteCollectionCommandTests.cs to remove hidden characters and improve argument matching for GetManyByManyIdsAsync method.
* Fix deletion error happening in Postgres by utilizing OrganizationId which is always populated by the table row
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* [deps]: Update MarkDig to 0.45.0 (#7117)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* [PM-18236] - Use Single Org Requirement (#6999)
* Added new methods and ff for single org req
* Changed req messages and added new method for creating orgs
* Updated Requirement and Tests.
* Updated commands and requirement to take a list of org users
* Updated xml docs and renamed to be consistent
* Changes from Code Review
* Removed feature flag check for policy requirements around single org. Aligned error message with what other commands were returning.
* Fixed test names. Updated error messages to be specific for each caller.
* Updated tests to clean up details consturction
* Added test for confirmed accepted user in another org.
* fixed tests to use new factory
* Update test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Fixed tests by adding no op for req.
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Auth/PM-32487 - Emergency Access - invite or update - require min value of 1 for wait time in days. (#7168)
* Auth/PM-32821 - Finish cleaning up old registration endpoint (#7097)
* Revert "Revert "refactor(IdentityTokenResponse): [Auth/PM-3287] Remove deprec…" (#7152)
This reverts commit e6c97bd850.
* [PM-32424] Send Access Enumeration protection (#7166)
feat: add enumeration protection to email protected sends
- Implement enumeration protection for email-based protected sends
- Update SendAccess validator with new protection logic
- Change OTP generation failure logging from warning to error level
- Remove unused constants and update validator tests
* [PM-27864] Add PQC TLS Support (#6547)
* Add PQC TLS Support
* Update util/Setup/NginxConfigBuilder.cs
Co-authored-by: Addison Beck <github@addisonbeck.com>
* Update util/Setup/NginxConfigBuilder.cs
Co-authored-by: Addison Beck <github@addisonbeck.com>
* Update util/Setup/NginxConfigBuilder.cs
Co-authored-by: Addison Beck <github@addisonbeck.com>
* Update util/Setup/NginxConfigBuilder.cs
Co-authored-by: Addison Beck <github@addisonbeck.com>
* Update util/Setup/Templates/NginxConfig.hbs
Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
---------
Co-authored-by: Addison Beck <github@addisonbeck.com>
Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
* [PM-33061] Tax Id Should Be Added When Upgrading to Teams or Enterprise (#7131)
* refactor(billing): change billing address request type
* feat(billing): add tax id support for international business plans
* feat(billing): add billing address tax id handling
* test: add tests for tax id handling during upgrade
* fix(billing): run dotnet format
* fix(billing): remove extra line
* fix(billing): modify return type of HandleAsync
* test(billing): update tests to reflect updated command signature
* fix(billing): run dotnet format
* tests(billing): fix tests
* test(billing): format
* [PM-32581] Refactor organization subscription update process (#7132)
* chore: add CLAUDE.local.md and .worktrees to gitignore
* feat(billing): add Stripe interval and payment behavior constants and feature flag
* feat(billing): add OrganizationSubscriptionChangeSet model and unit tests
* refactor(billing): rename UpdateOrganizationSubscriptionCommand to BulkUpdateOrganizationSubscriptionsCommand
* feat(billing): add UpdateOrganizationSubscriptionCommand with tests
* feat(billing): use UpdateOrganizationSubscriptionCommand in BulkUpdateOrganizationSubscriptions behind feature flag
* feat(billing): use UpdateOrganizationSubscriptionCommand in SetUpSponsorshipCommand behind feature flag
* feat(billing): add UpgradeOrganizationPlanVNextCommand with tests and feature flag gate
* feat(billing): use UpdateOrganizationSubscriptionCommand in OrganizationService.AdjustSeatsAsync behind feature flag
* feat(billing): use UpdateOrganizationSubscriptionCommand in UpdateSecretsManagerSubscriptionCommand behind feature flag
* feat(billing): use UpdateOrganizationSubscriptionCommand in BillingHelpers.AdjustStorageAsync behind feature flag
* chore: run dotnet format
* fix(billing): missed optional owner in OrganizationBillingService.Finalize after merge
* refactor(billing): address PR feedback on UpdateOrganizationSubscription
* remove flagged logic (#7179)
* Update UseMyItems to use dedicated plan feature (#7101)
* Reorganize seeder presets into purpose-based folders and remove obsolete presets (#7176)
* PM-31923 fixing architecture to make it clean
* PM-31923 adding XML docs to controllers
* Existing device scene (#7155)
* Existing device scene
* Prefer usings
* Require namespaces
* Return the device id that is created
* [deps]: Update MarkDig to v1 (#7120)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* remove feature flag (#7180)
* [PM-32666] Fixes endpoint issue where you can update another by providing a valid org ID (#7185)
* fix(controller): add null check for provider organization ID in ProviderClientsController
* feat(tests): add test for updating provider organization with different provider ID
* fix(OrganizationsController): Remove unused GetPlanType method to streamline organization management (#7177)
* added pm-31697-premium-upgrade-path feature flag (#7162)
* Seeder - Adding density distributions (#7191)
* chore(flags): Remove pm-19394-send-access-control feature flag
* Remove feature flag.
* Fixed import statements.
* Fixed constructor.
* [deps] Billing: Update coverlet.collector to v8 (#7118)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* [PM-32597] - create short-lived signed attachment URL for self-hosted instances (#7100)
* create short-lived signed attachment URL for self-hosted instances
* move local attachment logic to service
* remove comment
* remove unusued var. add happy-path test for file download
* [PM-30584] Add support for key-connector-migration setting key (#7136)
* Add key-connector enrollment
* Fix tests
* Update src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Move validation to request model
* Add tests
* Fix build
* Attempt to fix build
* Attempt to fix remaining tests
* Fix tests
* Format
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* [PM-33040] Add new interface methods to IApplicationCacheService (#7187)
* Refactor email confirmation logic to remove legacy mail service usage and streamline organization confirmation process (#7192)
* Fixes swagger authentication (#7197)
* Add 9 scale presets and consolidated seeder docs (#7193)
* Add 9 scale presets and consolidated seeder docs
* PM-31923 updated property names for metrics
* Restrict users from sending altered project name/value and it being saved to the database as an invalid encrypted value. (#6853)
* chore(flags): Remove obsolete client flags
* Add density profiles to Seeder CLI (#7205)
* feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance (#6940)
* feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Initial implementation
* fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Changes in a good place. Need to write tests.
* test(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Service tests have been added.
* fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Fixed comment.
* [PM-31820] added a null check to the id/partial route (#7066)
* PM-31923 removed the file size validation check
* Fixed invalid syntax in OrganizationUser_UpdateMany (#6923)
* [PM-32665] Fix Cross-Organization IDOR in Bulk User Revoke (#7206)
* Decouple seeder cipher encryption from internal vault crates (#7211)
* [deps] BRE: Update mariadb Docker tag to v12 (#7119)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* [PM-19143] Refactor public API MembersController POST to use CommandResult pattern (#7182)
* Add CommandResultRefactor constant to FeatureFlagKeys in Constants.cs
* Add method to convert MemberCreateRequestModel to InviteOrganizationUsersRequest
- Introduced ToInviteRequest method for transforming MemberCreateRequestModel into InviteOrganizationUsersRequest.
- Enhanced model with additional using directives for improved functionality.
* Update GetInviterEmailAsync method to include a check for Guid.Empty to prevent unnecessary DB lookups
* Feature flag MembersController POST to use InviteOrganizationUsersCommand
Add a new code path behind the CommandResultRefactor feature flag that
replaces the legacy InviteUserAsync call with the InviteOrganizationUsersCommand.
Integration tests verify both paths produce identical results.
* Refactor feature flag for member invites from CommandResultRefactor to PublicMembersInviteRefactor in MembersController and update related tests.
* [PM-31657] Address Overwriting Attachments (#7053)
* check permissions when uploading attachment for self hosted users to remove possibility of overwriting an existing attachment.
* expose `ValidateCipherEditForAttachmentAsync`
* add additional logic to support admin users
* add unit tests for new edit checks
* SHOT-71: Migrate self-host ownership over to SHOT (#7213)
* Migrate self-host ownership over to SHOT
* Set devcontainers to multi owner
* Update CODEOWNERS for docker-compose.yml
* We already have a multiple owner section
* create new dockerfile for SeederApi (#7072)
* create new dockerfile for SeederApi
* troubleshoot cargo issues
* troubleshoot cargo issues
* Ensure Rustup run on build env for appropriate target
* Musl targets do not support cdylibs
* Ensure default triple set to target
* Set target triple rather than update default host
* Change build platforms per project
* Switch to debian since we can't use musl
* Debian build for seeder should work with arm targets
* Move app stage to distroless
* remove SeederApi from server publish section
* suppress unrelated warnings"
* ruling out builds as error source
* override platforms for SeederApi
* troubleshoot matrix
* add extra step for evaluating platforms
* fix syntax error
* exclude unrelated error
* exclude unrelated error
* exclude unrelated error
* exclude unrelated error
* exclude unrelated error
* temporarily reduce number of builds
* exclude unrelated error
* remove temporary block on other builds
* remove unused builds from dockerfile
* add nginx location for seeder, wrap it behind an if check defaulting to false. This was discuss with Matt G, as this will enable QA usage of it without repetitive intervention with config files and reloading the nginx service etc. Handlebars will continously overwrite the nginx conf file on update
* opted to remove conditional location to seederApi, instead include additional conf files in the same directory allowing for extensibility and not directly placing the non-prod seeder location in the config builder
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: AJ Mabry <81774843+aj-bw@users.noreply.github.com>
* introduce feature flag pm-31885-send-controls (#7134)
* chore(flags:): [PM-30245] Remove locked and inactive notifications feature flags from server
* pin image to sha (#7215)
* PM-33591 - Parallelize CreateUsersStep and GeneratePersonalCiphersStep (#7226)
* [PM-31923] Remove Unused Sprocs (#7060)
* Remove old/unused sprocs
* Consistency
* PM-31923 fixing fileData validation check
* PM-31923 fixing summaryData by date range to include all data points
* PM-31923 adding download report route for organization report self-hosted verison
* PM-31923 fixing security issues from pr review
* PM-31923 updating GET methods to fit migration logic on front end
* PM-31923 fixing unit test
* 31923 fixing redudnant code, unit tests, and creating documentation
* 31923 remove unused endpoints, fix unit tests, and create documentation
* PM-31923 adding renew and delete endpoints
* PM-31923 fixing code based on PR comments
* PM-31923 fixing delete scenario with orphaned db record
* PM-31923 fixing IDOR issue, adding unit tests, and making code more DRY
* PM-31923 making update endpoint required
* PM-31923 add FileUploadType to GET endpoints
* PM-31923 fixing dead code
---------
Co-authored-by: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
Co-authored-by: Mick Letofsky <mletofsky@bitwarden.com>
Co-authored-by: Stephon Brown <sbrown@livefront.com>
Co-authored-by: Vijay Oommen <voommen@livefront.com>
Co-authored-by: sven-bitwarden <svernyi@bitwarden.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Isaiah Inuwa <iinuwa@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
Co-authored-by: Github Actions <actions@github.com>
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
Co-authored-by: Patrick-Pimentel-Bitwarden <ppimentel@bitwarden.com>
Co-authored-by: Jared <TheWolfBadger@gmail.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Jared McCannon <jmccannon@bitwarden.com>
Co-authored-by: Samuel Warfield <samuel.warfield2@gmail.com>
Co-authored-by: Addison Beck <github@addisonbeck.com>
Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Co-authored-by: Alex Morask <144709477+amorask-bitwarden@users.noreply.github.com>
Co-authored-by: Brandon Treston <btreston@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: mpbw2 <59324545+mpbw2@users.noreply.github.com>
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>
Co-authored-by: Jason Ng <jcory.ng@gmail.com>
Co-authored-by: mkincaid-bw <mkincaid@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Nick Krantz <125900171+nick-livefront@users.noreply.github.com>
Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com>
Co-authored-by: Amy Galles <9685081+AmyLGalles@users.noreply.github.com>
Co-authored-by: AJ Mabry <81774843+aj-bw@users.noreply.github.com>
* Implement UpdateUserResetPasswordEnrollment command and interface for managing user password reset enrollment in organizations
* Add unit tests for UpdateUserResetPasswordEnrollmentCommand to validate user enrollment and error handling
* Add IUpdateUserResetPasswordEnrollmentCommand to service collection for user password reset enrollment management
* Add integration tests for OrganizationUsersController reset password enrollment functionality
* Refactor OrganizationUsersController to use IUpdateUserResetPasswordEnrollmentCommand for password reset enrollment updates
* Remove UpdateUserResetPasswordEnrollmentAsync method and related dependencies from IOrganizationService and OrganizationService implementations
* Update IUpdateUserResetPasswordEnrollmentCommand and UpdateUserResetPasswordEnrollmentCommand to support nullable resetPasswordKey
* Refactor unit tests for UpdateUserResetPasswordEnrollmentCommand to improve naming conventions and enhance clarity in test cases
* [PM-34389] Add RefreshOrganizationInviteLinkRequestModel for handling invite link refresh requests
* [PM-34389] Add RefreshOrganizationInviteLinkRequest and IRefreshOrganizationInviteLinkCommand interface for invite link refresh functionality
* [PM-34389] Refactor IRefreshOrganizationInviteLinkCommand interface documentation for clarity and conciseness
* [PM-34389] Add InviteLinkEncryptedKeyRequired error for handling missing encrypted invite keys in invite link requests.
* [PM-34389] Remove InviteLinkEncryptedKeyRequired error from InviteLinks error handling.
* [PM-34389] Remove redundant key check in RefreshOrganizationInviteLinkCommand
* [PM-34389] Add IRefreshOrganizationInviteLinkCommand registration to service collection
* [PM-34389] Add unit tests for RefreshOrganizationInviteLinkCommand to validate invite link refresh functionality, including scenarios for valid input, missing links, and insufficient permissions.
* [PM-34389] Implement Refresh endpoint in OrganizationInviteLinksController to handle invite link refresh requests
* [PM-34389] Add integration tests for Refresh endpoint in OrganizationInviteLinksController, validating link replacement and domain consistency.
* [PM-34389] Implement RefreshAsync method in OrganizationInviteLinkRepository for atomic link replacement, ensuring transactional integrity during updates.
* [PM-34389] Add integration tests for RefreshAsync method in OrganizationInviteLinkRepository, verifying link replacement and rollback behavior on unique constraint violations.
* [PM-34389] Refactor RefreshOrganizationInviteLinkCommand to use RefreshAsync method for atomic link updates, simplifying invite link management.
* chore: [PM-33473] remove pm-29594-update-individual-subscription-page feature flag
* chore: dotnet format — add UTF-8 BOM to new response model files
* Enhance AdminRecoverAccountValidator to include Accepted status for organization users
- Updated validation logic to allow organization users with Accepted status to reset their passwords or two-factor authentication.
- Added unit tests to cover scenarios for Accepted users, ensuring correct validation behavior for account recovery requests.
* Refactor AdminRecoverAccountValidatorTests to include NSubstitute and Xunit
- Removed unused AutoFixture import and added NSubstitute and Xunit for improved testing capabilities.
- Prepared the test file for enhanced unit testing of account recovery validation logic.
* Added AutoFixture import to AdminRecoverAccountValidatorTests for enhanced test data generation
* [deps] Tools: Pin dependencies
* [PM-24840] updated dependencies that are required with Net 10 switch
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Dragovich <adragovich@bitwarden.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Add IDeleteOrganizationInviteLinkCommand interface for managing organization invite links
* Add DeleteOrganizationInviteLinkCommand and corresponding unit tests for invite link deletion functionality
* Add IDeleteOrganizationInviteLinkCommand to service collection for invite link deletion
* Add Delete endpoint to OrganizationInviteLinksController and corresponding integration test
feat: add salt to password pre-login response
- Include salt in GetDefaultKdf so clients receive the correct algorithm and salt for password authentication
- Normalize email when looking up the salt to ensure consistent matching
- Add startup warning for self-hosted users about the new salt requirement
- Use CoreHelpers to check for the salt value in the accounts controller
- Enforce nullable reference types and add explanatory comments in the accounts controller
- Add unit and integration test coverage for the new salt property
* Add InviteLinkDomainSanitizer utility for domain normalization
- Introduced InviteLinkDomainSanitizer class to normalize invite link domains by converting them to lowercase and removing blank entries.
- The SanitizeDomains method processes a list of domains, ensuring clean and valid entries for further use.
* Refactor CreateOrganizationInviteLinkCommand to use InviteLinkDomainSanitizer
* Add UpdateOrganizationInviteLinkRequest record for managing invite link updates
- Introduced a new record, UpdateOrganizationInviteLinkRequest, to encapsulate the data required for updating organization invite links.
- The record includes properties for OrganizationId and AllowedDomains, ensuring structured data handling for invite link modifications.
* Add UpdateOrganizationInviteLinkRequestModel for invite link updates
- Introduced UpdateOrganizationInviteLinkRequestModel class to facilitate the update of organization invite links.
- The model includes a required property for AllowedDomains, ensuring validation and structured data handling for invite link modifications.
* Add tests for UpdateOrganizationInviteLinkRequestModel validation
* Add unit tests for UpdateOrganizationInviteLinkCommand
- Introduced comprehensive tests for the UpdateOrganizationInviteLinkCommand, covering scenarios such as successful updates, handling of non-existing links, and validation of allowed domains.
- Ensured that the command behaves correctly under various conditions, including ability checks and input validation.
* Add UpdateOrganizationInviteLinkCommand and IUpdateOrganizationInviteLinkCommand interface
- Implemented UpdateOrganizationInviteLinkCommand to handle updates for organization invite links, including validation of allowed domains and organization abilities.
- Created IUpdateOrganizationInviteLinkCommand interface to define the contract for updating invite links, ensuring structured handling of update requests.
* Add IUpdateOrganizationInviteLinkCommand registration to service collection
- Registered the IUpdateOrganizationInviteLinkCommand interface with the service collection, enabling dependency injection for the UpdateOrganizationInviteLinkCommand functionality.
* Add Update endpoint to OrganizationInviteLinksController
- Implemented the Update method in OrganizationInviteLinksController to handle updates for organization invite links.
- The method utilizes the IUpdateOrganizationInviteLinkCommand to process update requests and returns the appropriate response model.
- Enhanced the controller's functionality to support invite link modifications, ensuring better management of organization invite links.
* Add unit tests for Update method in OrganizationInviteLinksController
- Implemented multiple test cases for the Update method, covering scenarios such as successful updates, handling of non-existing invite links, and validation errors for allowed domains.
- Ensured comprehensive coverage of the Update functionality to validate correct behavior and response models in various conditions.
* Add integration test for updating organization invite links
* fix(invite-link): add [MinLength(1)] to Update request model and matching test
* Add Get method to OrganizationInviteLinksController for retrieving invite links by organization ID
- Implemented a new GET endpoint to fetch an invite link based on the organization ID.
- Integrated IOrganizationInviteLinkRepository to handle data retrieval.
- Updated tests to validate the new functionality, ensuring correct responses for existing and non-existing links.
- Refactored service registration for invite link commands to improve clarity.
* Add GetOrganizationInviteLinkQuery and IGetOrganizationInviteLinkQuery interface
- Implemented GetOrganizationInviteLinkQuery to retrieve invite links for organizations.
- Added IGetOrganizationInviteLinkQuery interface defining the contract for fetching invite links.
- Included error handling for cases where invite links are not available or do not exist.
* Add unit tests for GetOrganizationInviteLinkQuery
- Created GetOrganizationInviteLinkQueryTests to validate the functionality of retrieving organization invite links.
- Implemented tests for successful retrieval, handling cases where no link exists, and scenarios with insufficient permissions or null abilities.
- Ensured proper error handling and assertions for various outcomes in the query execution.
* Add InviteLinkNotFound error type for handling missing invite links
- Introduced InviteLinkNotFound record to represent a not found error for invite links.
- Enhanced error handling in the InviteLinks feature to provide clearer feedback when an invite link is not found.
* Add IGetOrganizationInviteLinkQuery to service collection
- Registered IGetOrganizationInviteLinkQuery with the service collection to enable dependency injection for retrieving organization invite links.
- This addition supports the functionality introduced in the GetOrganizationInviteLinkQuery implementation.
* Refactor OrganizationInviteLinksController to use IGetOrganizationInviteLinkQuery
- Updated OrganizationInviteLinksController to replace IOrganizationInviteLinkRepository with IGetOrganizationInviteLinkQuery for retrieving invite links.
- Enhanced the Get method to handle results more effectively, returning appropriate responses based on the query outcome.
- Modified unit tests to align with the new query implementation, ensuring proper handling of both found and not found scenarios.
* Set AllowedDomains for invite link in OrganizationInviteLinksControllerTests
* Add ConflictError type
* Add generic Handle<T> and extract MapError on BaseAdminConsoleController
* Initialize Code property with a new GUID in OrganizationInviteLink class
* Add ICreateOrganizationInviteLinkCommand interface
* Add CreateOrganizationInviteLinkRequest record for invite link creation
* Add OrganizationInviteLink request and response models for invite link management
* Refactor ICreateOrganizationInviteLinkCommand interface to use CreateOrganizationInviteLinkRequest for invite link creation
* Add CreateOrganizationInviteLinkCommand class to handle invite link creation logic, including domain sanitization and validation checks.
* Add error handling for invite link creation with specific conflict and validation errors
* Add OrganizationInviteLink service commands to OrganizationServiceCollectionExtensions
* Add OrganizationInviteLinksController to manage invite link creation for organizations
* Add integration tests for OrganizationInviteLinksController and CreateOrganizationInviteLinkCommand to validate invite link creation logic, including success and error scenarios.
* Remove unnecessary blank line in OrganizationInviteLinksControllerTests class
* Refactor CreateOrganizationInviteLinkRequestModel to use required properties for AllowedDomains and EncryptedInviteKey
* Update CreateOrganizationInviteLinkCommand to validate allowed domains by using DomainNameValidator
* Add encryption validation attributes to CreateOrganizationInviteLinkRequestModel and implement unit tests for model validation
* Refactor OrganizationInviteLink to encapsulate AllowedDomains serialization logic within methods. Update OrganizationInviteLinkResponseModel to utilize new GetAllowedDomains method for improved clarity and maintainability.
* Enhance domain sanitization in CreateOrganizationInviteLinkCommand by converting domains to lowercase during trimming for improved consistency.
* Update OrganizationInviteLinksControllerTests to use a valid encrypted invite key constant for consistency in test cases.
* Add ability check for organization invite links in CreateOrganizationInviteLinkCommand
- Introduced a new method to verify if an organization can use invite links based on its ability.
- Added a new error type for cases where invite links are not available due to organizational plan restrictions.
- Updated tests to cover scenarios where the organization lacks the ability to create invite links.
* Add documentation for Code property in OrganizationInviteLink class
- Added XML summary comments to the Code property to clarify its purpose and generation method.
- Explained the choice of using Guid.NewGuid for the Code to avoid predictability and ensure uniqueness.
* Implement domain validation in CreateOrganizationInviteLinkRequestModel
- Added IValidatableObject implementation to CreateOrganizationInviteLinkRequestModel for domain validation.
- Introduced Validate method to check the format of allowed domains and return appropriate validation results.
- Updated tests to cover scenarios for invalid domain formats and mixed valid/invalid domains.
- Removed redundant domain validation logic from CreateOrganizationInviteLinkCommand.
* Remove outdated tests from CreateOrganizationInviteLinkRequestModelTests
- Deleted tests for validating EncryptedInviteKey and EncryptedOrgKey as they are no longer relevant.
- Cleaned up the test class to focus on current validation logic for allowed domains.
* Refactor GetAllowedDomains method in OrganizationInviteLink class
- Updated the GetAllowedDomains method to return an empty array instead of throwing a JsonException when deserialization fails.
- This change improves the method's resilience by providing a default value for invalid or missing allowed domains.
* Remove unused InviteLinkInvalidDomains error type from Errors.cs
- Deleted the InviteLinkInvalidDomains record as it is no longer needed.
- This cleanup aligns with recent changes in domain validation logic and improves code maintainability.
* Update OrganizationServiceCollectionExtensions to use TryAddScoped for command registration
- Changed the registration of ICreateOrganizationInviteLinkCommand to use TryAddScoped instead of AddScoped.
* Mock organization ability retrieval in OrganizationInviteLinksControllerTests
* Add ValidateSequenceAttribute for collection validation and corresponding unit tests
* Refactor CreateOrganizationInviteLinkRequestModel to use ValidateSequenceAttribute for domain validation and update unit tests for improved error handling.
* Enhance ValidateSequenceAttribute to handle null values and improve error messaging format
* Add empty line
* Refactor ValidateSequenceAttribute to support IEnumerable interface for improved type handling
* Refactor ValidateSequenceAttribute to improve validation logic and error handling for IEnumerable types
* Remove unused using directive for Microsoft.AspNetCore.Http.HttpResults in BaseAdminConsoleController.cs
* Add MinLength validation to AllowedDomains in CreateOrganizationInviteLinkRequestModel and implement unit test for empty AllowedDomains scenario
* Refactor CreateOrganizationInviteLinkCommandTests to move SetupAbility method for better organization and readability
* Add error handling methods in BaseAdminConsoleController for improved response management
* Update CreateOrganizationInviteLinkRequestModelTests to use array initialization syntax for AllowedDomains so that MinLength attribute works
* Refactor OrganizationInviteLinkResponseModel constructor for improved readability
* Add tests asserting current behavior of our dataprotection initialization
* Make unprotect keys configurable
* Update Step 3 to being required
* Attempt to make tests work in CI
- Added support for retrieving confirmed accepted policies and organization user details based on the feature flag 'PoliciesInAcceptedState'.
- Updated SyncResponseModel to include new properties for these details.
- Enhanced SyncControllerTests to verify behavior with the feature flag enabled and disabled.
* refactor: enhance null safety in InviteOrganization and related models
- Updated InviteOrganization properties to be nullable for improved null safety.
- Refactored InviteOrganizationUsersRequest to use primary constructor syntax.
- Added null checks for Plan in validation logic to prevent errors when the organization plan is unavailable.
- Adjusted PasswordManagerSubscriptionUpdate to handle nullable PasswordManagerPlan.
- Ensured consistent handling of nullable properties across various validation classes.
* refactor: update organization handling in SCIM user models and commands
- Replaced references to InviteOrganization with Organization in SCIM user request models and related commands for consistency.
- Enhanced null safety by ensuring proper handling of organization properties across various components.
- Updated tests to reflect changes in organization handling and ensure functionality remains intact.
* test: add unit tests for SCIM organization user invitation scenarios
- Implemented tests for inviting SCIM organization users under different conditions: when self-hosted with a null plan and when not self-hosted with a null plan.
- Ensured proper validation and response handling for both success and failure cases.
- Updated dependencies and mock setups to reflect the new test scenarios.
feat: Add WebAuthn Cache
- Add IWebAuthnChallengeCacheProvider with distributed cache implementation for storing WebAuthn Challenges
- Inject the cache provider into AssertWebAuthnLoginCredentialCommand and WebAuthnGrantValidator so challenges can be stored
- Use a static token lifetime for WebAuthnLoginAssertionOptionsTokenable and enable nullable reference types on the tokenable
- Add unit tests for the cache provider, the assertion command, and the WebAuthn controller; add Identity integration and unit tests for WebAuthnGrantValidator with a FakeWebAuthnAuthenticator helper
* Add UseInviteLinks to Organization SQL schema and views
* Add Migrator scripts for UseInviteLinks column and data migration
* Add EF migrations for UseInviteLinks on Organization
* Wire UseInviteLinks through organization domain and repositories
* Add HasInviteLinks plan support and UseInviteLinks license handling
* Expose UseInviteLinks and HasInviteLinks on organization and plan API models
* Update tests for UseInviteLinks and invite-links plan feature
* Update migration script with missing update to Organization_ReadManyByIds
* Move UseInviteLinks column after ExemptFromBillingAutomation
* Bump date on migration scripts
* Add optional RevisionDate param to group sprocs
When provided, bump Group.RevisionDate on affected groups during
membership and collection-access changes. Defaults to NULL for
backward compatibility.
* Add migration for group RevisionDate bump
* Add revisionDate param to group repository methods
Update IGroupRepository and IOrganizationUserRepository interfaces
and their Dapper and Entity Framework implementations.
* Pass revisionDate through business logic to repos
Inject TimeProvider into commands, services, and controllers to
supply the timestamp when modifying group membership.
* Update unit tests for group revisionDate param
* Update and add integration tests for group revision
* Enhance IGroupRepository and IOrganizationUserRepository with detailed XML documentation
* Bump date on migration script
* Bump date on migration script
* update minimum version to handle all new item types rather than individual types
* add cipher types for driverslicense and passport
* add request and response models for DriversLicense and Passport
* add events for DriversLicense and Passport
* add seeder
* add additional properties from CXP
* add additional fields
* [PM-34813] fix system coupons regression
refactor customer setup class to split system coupons from discount coupons so that they can be applied systematically
* [PM-34213] Log event when attachment is created via delayed upload
* [PM-34213] Add tests for attachment created event logging
* [PM-34213] Move Cipher_AttachmentCreated event log to authenticated attachment creation callers
