refactor(TwoFactorAuthentication): Remove references to old Duo SDK version 2 code and replace them with the Duo SDK version 4 supported library DuoUniversal code.
Increased unit test coverage in the Two Factor Authentication code space. We opted to use DI instead of Inheritance for the Duo and OrganizaitonDuo two factor tokens to increase testability, since creating a testing mock of the Duo.Client was non-trivial.
Reviewed-by: @JaredSnider-Bitwarden
* Add check for managed user before purging account
* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel
* Rename the property ManagesActiveUser to UserIsManagedByOrganization
* Remove whole class #nullable enable and add it to specific places
* [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address
* Remove unnecessary .ToList()
* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable
* Prevent deletion of accounts managed by an organization when Account Deprovisioning is enabled
* Add CannotDeleteManagedAccountViewModel and email templates
- Added CannotDeleteManagedAccountViewModel class to handle emails related to preventing deletion of accounts managed by an organization.
- Added HTML and text email templates for sending notifications about the inability to delete an account owned by an organization.
- Updated IMailService interface with a new method to send the cannot delete managed account email.
- Implemented the SendCannotDeleteManagedAccountEmailAsync method in HandlebarsMailService.
- Added a check in UserService to send the cannot delete managed account email if the user is managed by any organization.
- Added a no-op implementation for SendCannotDeleteManagedAccountEmailAsync in NoopMailService.
* Update error message when unable to purge vault for managed account
* Update error message when unable to change email for managed account
* Update error message when unable to delete account when managed by organization
* Update error message in test for deleting organization-owned accounts
* Add check for managed user before purging account
* Rename IOrganizationRepository.GetByClaimedUserDomainAsync to GetByVerifiedUserEmailDomainAsync and refactor to return a list. Remove ManagedByOrganizationId from ProfileResponseMode. Add ManagesActiveUser to ProfileOrganizationResponseModel
* Rename the property ManagesActiveUser to UserIsManagedByOrganization
* Remove whole class #nullable enable and add it to specific places
* [PM-11405] Account Deprovisioning: Prevent a verified user from changing their email address
* Remove unnecessary .ToList()
* Refactor IUserService methods GetOrganizationsManagingUserAsync and IsManagedByAnyOrganizationAsync to not return nullable objects. Update ProfileOrganizationResponseModel.UserIsManagedByOrganization to not be nullable
* Update error message when unable to purge vault for managed account
* Update error message when unable to change email for managed account
* Update expected error messages on unit tests
* Add TestFeatureService to Api.IntegrationTest.Helpers and use it on ApiApplicationFactory to be able to enable specific features for each test
* Add CreateVerifiedDomainAsync method to OrganizationTestHelpers
* Add tests to AccountsControllerTest to prevent changing email for managed accounts
* Remove setting the feature flag value in ApiApplicationFactory and set it on AccountsControllerTest
* Remove TestFeatureService class from Api.IntegrationTest.Helpers
* Attempt to fix tde to mp flow
* Move tde offboarding to dedicated flag
* Add tde offboarding password request
* Validate tde offboarding input
* Correctly check whether tde is active when building trusted device options
* Refactor Tde offboarding into a separate command
* Add unit tests for tde offboarding
* Update tde offboarding request model
* Fix tests
* Fix further tests
* Fix documentation
* Add validation for updatetdepasswordasync key/newmasterpassword
* Add comment explaining test
* Remove unrelated changes
* remove validation from 2fa GET and mask sensitive data
* skip verification check on put email
* disable verification on send-email and reenable on put email
* validate authenticator on set instead of get
* Revert "validate authenticator on set instead of get"
This reverts commit 7bf2084531.
* fix tests
* fix more tests
* Narrow scope of verify bypass
* Defaulted to false on VerifySecretAsync
* fix default param value
---------
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.
* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.
* PM-3833 - FIX LINT
* PM-3833 - Fix issues after merge conflict fixes.
* PM-3833 - Another test fix
* inital changes
* add provider GatewayType migrations
* db provider migrations
* removed duo migrations added v2 metadata to duo response
* removed helper scripts
* remove signature from org duo
* added backward compatibility for Duo v2
* added tests for duo request + response models
* refactors to TwoFactorController
* updated test methods to be compartmentalized by usage
* fix organization add duo
* Assert.Empty() fix for validator
* Add check to verify the vault state for rotation is not obviously desynced (empty)
* Add unit test for key rotation guardrail
* Move de-synced vault detection to validators
* Add tests
* Replace SubscriberQueries with SubscriberService
* Replace OrganizationBillingQueries with OrganizationBillingService
* Replace ProviderBillingQueries with ProviderBillingService, move to Commercial
* Replace AssignSeatsToClientOrganizationCommand with ProviderBillingService, move to commercial
* Replace ScaleSeatsCommand with ProviderBillingService and move to Commercial
* Replace CancelSubscriptionCommand with SubscriberService
* Replace CreateCustomerCommand with ProviderBillingService and move to Commercial
* Replace StartSubscriptionCommand with ProviderBillingService and moved to Commercial
* Replaced RemovePaymentMethodCommand with SubscriberService
* Formatting
* Used dotnet format this time
* Changing ProviderBillingService to scoped
* Found circular dependency'
* One more time with feeling
* Formatting
* Fix error in remove org from provider
* Missed test fix in conflit
* [AC-1937] Server: Implement endpoint to retrieve provider payment information (#4107)
* Move the gettax and paymentmethod from stripepayment class
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the method to retrieve the tax and payment details
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit tests for the paymentInformation method
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the endpoint to retrieve paymentinformation
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit tests to the SubscriberService
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Remove the getTaxInfoAsync update reference
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Added offboarding survey response to cancellation when FF is on.
* Removed service methods to prevent unnecessary upstream registrations
* Forgot to actually remove the injected command in the services
* Rui's feedback
* Add missing summary
* Missed [FromBody]
* Add reset password validator with tests
* add organization user rotation methods to repository
- move organization user TVP helper to admin console ownership
* rename account recovery to reset password
* formatting
* move registration of RotateUserKeyCommand to Core and make internal
* add admin console ValidatorServiceCollectionExtensions
* [PM-4619] feat: scaffold new create options command
* [PM-4169] feat: implement credential create options command
* [PM-4619] feat: create command for credential creation
* [PM-4619] feat: create assertion options command
* [PM-4619] chore: clean-up unused argument
* [PM-4619] feat: implement assertion command
* [PM-4619] feat: migrate to commands
* [PM-4619] fix: lint
* [PM-4169] fix: use constant
* [PM-4619] fix: lint
I have no idea what this commit acutally changes, but the file seems to have some character encoding issues. This fix was generated by `dotnet format`
## Type of change
<!-- (mark with an `X`) -->
```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```
## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
Previous PR: #3434
Adds ciphers and folders to the new key rotation.
## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->
* **file.ext:** Description of what was changed and why
## Before you submit
- Please check for formatting errors (`dotnet format --verify-no-changes`) (required)
- If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team
## Type of change
<!-- (mark with an `X`) -->
```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```
## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
See #3425 for part 1 and background.
This PR adds emergency access to the rotation. All new code is hidden behind a feature flag.
The Accounts controller has also been moved to Auth ownership.
## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->
* **file.ext:** Description of what was changed and why
* **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors).
* **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys.
* **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains.
## Before you submit
- Please check for formatting errors (`dotnet format --verify-no-changes`) (required)
- If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team
* PM-3659 - WebAuthnController.cs - Passkey Creation - Add RequireSSO login policy validation to prevent users from creating passkeys if require SSO applies to them.
* PM-3659 - per PR feedback, apply new require SSO validation to options call
* PM-3659 - Remove unneeded comment
* PM-3659 - Per PR feedback, add unit tests for new require SSO scenarios on both Post and Options endpoints on the WebAuthnController
* Remove duplicated line
* Remove extra whitespace
