refactor(TwoFactorAuthentication): Remove references to old Duo SDK version 2 code and replace them with the Duo SDK version 4 supported library DuoUniversal code.
Increased unit test coverage in the Two Factor Authentication code space. We opted to use DI instead of Inheritance for the Duo and OrganizaitonDuo two factor tokens to increase testability, since creating a testing mock of the Duo.Client was non-trivial.
Reviewed-by: @JaredSnider-Bitwarden
* PM-11969 - Add new logic for registering a user via an AcceptEmergencyAccessInviteToken
* PM-11969 - Unit test new RegisterUserViaAcceptEmergencyAccessInviteToken method.
* PM-11969 - Integration test new method
* PM-11945 - Rename RegisterUserWithOptionalOrgInvite to RegisterUserViaOrgInvite as the org invite isn't optional in the function - just the overall process of registration.
* PM-11945 - Yet another rename
* PM-11945 - Wire up call to RegisterUserViaOrgSponsoredFreeFamilyPlanInviteToken and test.
* PM-11945 - RegisterUserCommandTests - test new method
* PM-11949 - Rename tests
* PM-11945 - AccountsControllerTests.cs - add integration test for RegistrationWithEmailVerification_WithOrgSponsoredFreeFamilyPlanInviteToken_Succeeds
* PM-11945 - Adjust naming per PR feedback to match docs.
* PM-11945 - More renaming
* Attempt to fix tde to mp flow
* Move tde offboarding to dedicated flag
* Add tde offboarding password request
* Validate tde offboarding input
* Correctly check whether tde is active when building trusted device options
* Refactor Tde offboarding into a separate command
* Add unit tests for tde offboarding
* Update tde offboarding request model
* Fix tests
* Fix further tests
* Fix documentation
* Add validation for updatetdepasswordasync key/newmasterpassword
* Add comment explaining test
* Remove unrelated changes
* PM-6198 - RegistrationEmailVerificationTokenable - add new static validate token method
* PM-6198 - Rename RegistrationStart to Registration as we now have to add another anonymous reference event.
* PM-6198 - rest of work
* PM-6198 - Unit test new account controller method.
* PM-6198 - Integration test new account controller endpoint
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.
* PM-7322 - Start on RegisterFinishRequestModel.cs
* PM-7322 - WIP on Complete Registration endpoint
* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.
* PM-7322 - UserService - Rename MP to MPHash
* PM-7322 - More WIP progress on getting new finish registration process in place.
* PM-7322 Create IRegisterUserCommand
* PM-7322 - RegisterUserCommand.cs - first WIP draft
* PM-7322 - Implement use of new command in Identity.
* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.
* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.
* PM-7322 - More WIP on RegisterUserCommand.cs and tests
* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.
* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.
* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite
* PM-7322 - IRegisterUserCommand - DOCS
* PM-7322 - Test RegisterUser
* PM-7322 - IRegisterUserCommand - Add more docs.
* PM-7322 - Finish updating all existing user service register calls to use the new command.
* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests
* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.
* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested
* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place
* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.
* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.
* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step
* PM-7322 - RegisterUserCommandTests.cs - add API key assertions
* PM-7322 - Clean up RegisterUserCommand.cs
* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.
* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO
* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.
* PM-7322 - Work on getting PostRegisterFinish tests in place.
* PM-7322 - AccountsControllerTests.cs - test new method.
* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.
* PM-7322 - Fix misspelling
* PM-7322 - Integration tests for RegistrationWithEmailVerification
* PM-7322 - Fix leaky integration tests.
* PM-7322 - Another leaky test fix.
* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds
* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
* PM-3833 - API - AccountsController.cs && AccountsController.cs - remove prelogin and register endpoints.
* PM-3833 - Move Request and Response models that were used for Prelogin and PostRegister from API to Identity.
* PM-3833 - FIX LINT
* PM-3833 - Fix issues after merge conflict fixes.
* PM-3833 - Another test fix
* PM-5092 - Add new EnableEmailVerification global setting.
* PM-5092 - WIP - AccountsController.cs - create stub for new PostRegisterSendEmailVerification
* PM-5092 - RegisterSendEmailVerificationRequestModel
* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).
* PM-5092 - EmailVerificationTokenable.cs finished + tests working.
* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.
* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.
* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.
* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.
* PM-5092 - Add new registration verify email method on mail service.
* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.
* PM-5092 - NoopMailService.cs needs to implement all interface methods.
* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.
* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP
* PM-5092 - SendVerificationEmailForRegistrationCommandTests
* PM-5092 - Add integration tests for new acct controller method
* PM-5092 - Cleanup unit tests
* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.
* PM-5092 - Rename to read better - send verification email > send email verification
* PM-5092 - Revert primary constructor approach so DI works.
* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.
* PM-5092 - Fix email text
* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests
* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.
* PM-5092 - Per PR feedback, cleanup used dict.
* PM-5092 - formatting pass (manual + dotnet format)
* PM-5092 - Per PR feedback, log reference event after core business logic executes
* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.
* PM-5092 - Per PR feedback, add constructor validation for required tokenable data
* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.
* PM-5092 - Add fromEmail flag + some docs
* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable
* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback
* PM-5092 - Per PR feedback, use default constructor and manually create reference event.
* PM-5092 - Per PR feedback, add more docs!
* block legacy users from authN
* undo change to GetDeviceFromRequest
* lint
* add feature flag
* format
* add web vault url to error message
* fix test
* format
* [deps] Auth: Update Duende.IdentityServer to v7
* Fixes for upgrade incompatibility
* Update configuration file used in a test
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
* Bump Microsoft.AspNetCore.Mvc.Testing to 8.0.1
* Bump Microsoft.NET.Test.Sdk to 17.8.0
* Nuget bumps on Infrastructure.Integration to be equal to solution
* Use global setting
* Use global setting
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Upgrade to .NET 8
* Linting
* Clean up old JSON deserialization code
* More .NET 8-oriented linting
* Light feedback
* Get rid of old test we don't know the root issue for
* Fix a new test
* Remove now-unnecessary Renovate constraint
* Use Any()
* Somehow a 6.0 tooling config we don't need snuck back in
* Space out properties that always change per release
* Bump a few core packages since the last update
* Remove TDE feature flag.
* Removed references to feature service from decryption options builder.
* Removed redundant references.
* Removed test that is no longer valid, as it was testing the feature flag.
* Removed remainder of TDE feature check.
* [deps]: Update Duende.IdentityServer to v6.3.6
* Fix test
* Grant table changes
* Reassert view
* EF migrations
* Restore non-null key and simpler index
* Master SQL sync
* Lint
* Fix ID setting since the property isn't exposed
* Bump to .7
* Point to new Duende package
* Drop unused indexes first
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Upgrade to Duende.Identity
* Linting
* Get rid of last IdentityServer4 package
* Fix identity test since Duende returns additional configuration
* Use Configure
PostConfigure is ran after ASP.NET's PostConfigure
so ConfigurationManager was already configured and our HttpHandler wasn't
being respected.
* Regenerate lockfiles
* Move to 6.0.4 for patches
* fixes with testing
* Add additional grant type supported in 6.0.4 and beautify
* Lockfile refresh
* Reapply lockfiles
* Apply change to new WebAuthn logic
* When automated merging fails me
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
* Upgrade to SDK v8
* Provide application properties
* Test adjustments
* Clean up tests
* Ensure project name is set
* Add a 'v' for Git tagging support
