Remove FlexibleCollections feature flag logic for repository methods:
* GetManyByUserIdAsync
* GetManyByUserIdCipherIdAsync
* UpdateCollectionsAsync
* UpdateCollectionsForCiphersAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
Remove FlexibleCollections feature flag logic for repository methods:
* CiphersController.GetByIdAsync
* CipherRepository.DeleteAsync
* CipherRepository.MoveAsync
* RestoreAsync
* SoftDeleteAsync
This feature flag was never turned on and we will update the sprocs
directly as required.
* PM-7322 - AccountsController.cs - create empty method + empty req model to be able to create draft PR.
* PM-7322 - Start on RegisterFinishRequestModel.cs
* PM-7322 - WIP on Complete Registration endpoint
* PM-7322 - UserService.cs - RegisterUserAsync - Tweak of token to be orgInviteToken as we are adding a new email verification token to the mix.
* PM-7322 - UserService - Rename MP to MPHash
* PM-7322 - More WIP progress on getting new finish registration process in place.
* PM-7322 Create IRegisterUserCommand
* PM-7322 - RegisterUserCommand.cs - first WIP draft
* PM-7322 - Implement use of new command in Identity.
* PM-7322 - Rename RegisterUserViaOrgInvite to just be RegisterUser as orgInvite is optional.
* PM07322 - Test RegisterUserCommand.RegisterUser(...) happy paths and one bad request path.
* PM-7322 - More WIP on RegisterUserCommand.cs and tests
* PM-7322 - RegisterUserCommand.cs - refactor ValidateOrgInviteToken logic to always validate the token if we have one.
* PM-7322 - RegisterUserCommand.cs - Refactor OrgInviteToken validation to be more clear + validate org invite token even in open registration scenarios + added tests.
* PM-7322 - Add more test coverage to RegisterUserWithOptionalOrgInvite
* PM-7322 - IRegisterUserCommand - DOCS
* PM-7322 - Test RegisterUser
* PM-7322 - IRegisterUserCommand - Add more docs.
* PM-7322 - Finish updating all existing user service register calls to use the new command.
* PM-7322 - RegistrationEmailVerificationTokenable.cs changes + tests
* PM-7322 - RegistrationEmailVerificationTokenable.cs changed to only verify email as it's the only thing we need to verify + updated tests.
* PM-7322 - Get RegisterUserViaEmailVerificationToken built and tested
* PM-7322 - AccountsController.cs - get bones of PostRegisterFinish in place
* PM-7322 - SendVerificationEmailForRegistrationCommand - Feature flag timing attack delays per architecture discussion with a default of keeping them around.
* PM-7322 - RegisterFinishRequestModel.cs - EmailVerificationToken must be optional for org invite scenarios.
* PM-7322 - HandlebarsMailService.cs - SendRegistrationVerificationEmailAsync - must URL encode email to avoid invalid email upon submission to server on complete registration step
* PM-7322 - RegisterUserCommandTests.cs - add API key assertions
* PM-7322 - Clean up RegisterUserCommand.cs
* PM-7322 - Refactor AccountsController.cs existing org invite method and new process to consider new feature flag for delays.
* PM-7322 - Add feature flag svc to AccountsControllerTests.cs + add TODO
* PM-7322 - AccountsController.cs - Refactor shared IdentityResult logic into private helper.
* PM-7322 - Work on getting PostRegisterFinish tests in place.
* PM-7322 - AccountsControllerTests.cs - test new method.
* PM-7322 - RegisterFinishRequestModel.cs - Update to use required keyword instead of required annotations as it is easier to catch mistakes.
* PM-7322 - Fix misspelling
* PM-7322 - Integration tests for RegistrationWithEmailVerification
* PM-7322 - Fix leaky integration tests.
* PM-7322 - Another leaky test fix.
* PM-7322 - AccountsControllerTests.cs - fix RegistrationWithEmailVerification_WithOrgInviteToken_Succeeds
* PM-7322 - AccountsControllerTests.cs - Finish out integration test suite!
* PM-5092 - Add new EnableEmailVerification global setting.
* PM-5092 - WIP - AccountsController.cs - create stub for new PostRegisterSendEmailVerification
* PM-5092 - RegisterSendEmailVerificationRequestModel
* PM-5092 - Create EmailVerificationTokenable.cs and get started on tests (still WIP).
* PM-5092 - EmailVerificationTokenable.cs finished + tests working.
* PM-5092 - Add token data factory for new EmailVerificationTokenable factory.
* PM-5092 - EmailVerificationTokenable.cs - set expiration to match existing verify email.
* PM-5092 - Get SendVerificationEmailForRegistrationCommand command mostly written + register as scoped.
* PM-5092 - Rename tokenable to be more clear and differentiate it from the existing email verification token.
* PM-5092 - Add new registration verify email method on mail service.
* PM-5092 - Refactor SendVerificationEmailForRegistrationCommand and add call to mail service to send email.
* PM-5092 - NoopMailService.cs needs to implement all interface methods.
* PM-5092 - AccountsController.cs - get PostRegisterSendEmailVerification logic in place.
* PM-5092 - AccountsControllerTests.cs - Add some unit tests - WIP
* PM-5092 - SendVerificationEmailForRegistrationCommandTests
* PM-5092 - Add integration tests for new acct controller method
* PM-5092 - Cleanup unit tests
* PM-5092 - AccountsController.cs - PostRegisterSendEmailVerification - remove modelState invalid check as .NET literally executes this validation pre-method execution.
* PM-5092 - Rename to read better - send verification email > send email verification
* PM-5092 - Revert primary constructor approach so DI works.
* PM-5092 - (1) Cleanup new but now not needed global setting (2) Add custom email for registration verify email.
* PM-5092 - Fix email text
* PM-5092 - (1) Modify ReferenceEvent.cs to allow nullable values for the 2 params which should have been nullable based on the constructor logic (2) Add new ReferenceEventType.cs for email verification register submit (3) Update AccountsController.cs to log new reference event (4) Update tests
* PM-5092 - RegistrationEmailVerificationTokenable - update prefix, purpose, and token id to include registration to differentiate it from the existing email verification token.
* PM-5092 - Per PR feedback, cleanup used dict.
* PM-5092 - formatting pass (manual + dotnet format)
* PM-5092 - Per PR feedback, log reference event after core business logic executes
* PM-5092 - Per PR feedback, add validation + added nullable flag to name as it is optional.
* PM-5092 - Per PR feedback, add constructor validation for required tokenable data
* PM-5092 - RegisterVerifyEmail url now contains email as that is required in client side registration step to create a master key.
* PM-5092 - Add fromEmail flag + some docs
* PM-5092 - ReferenceEvent.cs - Per PR feedback, make SignupInitiationPath and PlanUpgradePath nullable
* PM-5092 - ReferenceEvent.cs - remove nullability per PR feedback
* PM-5092 - Per PR feedback, use default constructor and manually create reference event.
* PM-5092 - Per PR feedback, add more docs!
* Renamed ProductType to ProductTierType
* Renamed Product properties to ProductTier
* Moved ProductTierType to Bit.Core.Billing.Enums namespace from Bit.Core.Enums
* Moved PlanType enum to Bit.Core.Billing.Enums
* Moved StaticStore to Bit.Core.Billing.Models.StaticStore namespace
* Added ProductType enum
* dotnet format
* Moved AccountsBilling controller to be owned by Billing
* Added org billing history endpoint
* Updated GetBillingInvoicesAsync to only retrieve paid, open, and uncollectible invoices, and added option to limit results
* Removed invoices and transactions from GetBillingAsync
* Limiting the number of invoices and transactions returned
* Moved Billing models to Billing namespace
* Split billing info and billing history objects
* Removed billing method GetBillingBalanceAndSourceAsync
* Removed unused using
* Cleaned up BillingInfo a bit
* Update migration scripts to use `CREATE OR ALTER` instead of checking for the `OBJECT_ID`
* Applying limit to aggregated invoices after they return from Stripe
* Refactored GET provider subscription
Refactoring this endpoint and its associated tests in preparation for the addition of more endpoints that share similar patterns
* Replaced StripePaymentService call in AccountsController, OrganizationsController
This was made in error during a previous PR. Since this is not related to Consolidated Billing, we want to try not to include it in these changes.
* Removing GetPaymentInformation call from ProviderBillingService
This method is a good call for the SubscriberService as we'll want to extend the functionality to all subscriber types
* Refactored GetTaxInformation to use Billing owned DTO
* Add UpdateTaxInformation to SubscriberService
* Added GetTaxInformation and UpdateTaxInformation endpoints to ProviderBillingController
* Added controller to manage creation of Stripe SetupIntents
With the deprecation of the Sources API, we need to move the bank account creation process to using SetupIntents. This controller brings both the creation of "card" and "us_bank_account" SetupIntents
under billing management.
* Added UpdatePaymentMethod method to SubscriberService
This method utilizes the SetupIntents created by the StripeController from the previous commit when a customer adds a card or us_bank_account payment method (Stripe). We need to cache the most recent SetupIntent for the subscriber so that we know which PaymentMethod is their most recent even when it hasn't been confirmed yet.
* Refactored GetPaymentMethod to use billing owned DTO and check setup intents
* Added GetPaymentMethod and UpdatePaymentMethod endpoints to ProviderBillingController
* Re-added GetPaymentInformation endpoint to consolidate API calls on the payment method page
* Added VerifyBankAccount endpoint to ProviderBillingController in order to finalize bank account payment methods
* Updated BitPayInvoiceRequestModel to support providers
* run dotnet format
* Conner's feedback
* Run dotnet format'
* Add check to verify the vault state for rotation is not obviously desynced (empty)
* Add unit test for key rotation guardrail
* Move de-synced vault detection to validators
* Add tests
* Define a model for updating many auth requests
In order to facilitate a command method that can update many auth
requests at one time a new model must be defined that accepts valid
input for the command's needs. To achieve this a new file has been
created at
`Core/AdminConsole/OrganizationAuth/Models/OrganizationAuthRequestUpdateCommandModel.cs`
that contains a class of the same name. It's properties match those that
need to come from any calling API request models to fulfill the request.
* Declare a new command interface method
Calling API functions of the `UpdateOrganizationAuthRequestCommand` need
a function that can accept many auth request response objects and
process them as approved or denied. To achieve this a new function has
been added to `IUpdateOrganizationAuthRequestCommand` called
`UpdateManyAsync()` that accepts an
`IEnumberable<OrganizationAuthRequest>` and returns a `Task`.
Implementations of this interface method will be used to bulk process
auth requests as approved or denied.
* Stub out method implementation for unit testing
To facilitate a bulk device login request approval workflow in the admin
console `UpdateOrganizationAuthRequestCommand` needs to be updated to
include an `UpdateMany()` method. It should accept a list of
`OrganizationAuthRequestUpdateCommandModel` objects, perform some simple
data validation checks, and then pass those along to
`AuthRequestRepository` for updating in the database.
This commit stubs out this method for the purpose of writing unit tests.
At this stage the method throws a `NotImplementedException()`. It will
be expand after writing assertions.
* Inject `IAuthRequestRepository` into `UpdateOrganizationAuthCommand`
The updates to `UpdateOrganizationAuthRequestCommand` require a new
direct dependency on `IAuthRequestRepository`. This commit simply
registers this dependency in the `UpdateOrganizationAuthRequest`
constructor for use in unit tests and the `UpdateManyAsync()`
implementation.
* Write tests
* Rename `UpdateManyAsync()` to `UpdateAsync`
* Drop the `CommandModel` suffix
* Invert business logic update filters
* Rework everything to be more model-centric
* Bulk send push notifications
* Write tests that validate the command as a whole
* Fix a test that I broke by mistake
* Swap to using await instead of chained methods for processing
* Seperate a function arguement into a variable declaration
* Ungeneric-ify the processor
* Adjust ternary formatting
* Adjust naming of methods regarding logging organization events
* Throw an exception if Process is called with no auth request loaded
* Rename `_updates` -> `_update`
* Rename email methods
* Stop returning `this`
* Allow callbacks to be null
* Make some assertions about the state of a processed auth request
* Be more terse about arguements in happy path test
* Remove unneeded null check
* Expose an endpoint for bulk processing of organization auth requests (#4077)
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Replace SubscriberQueries with SubscriberService
* Replace OrganizationBillingQueries with OrganizationBillingService
* Replace ProviderBillingQueries with ProviderBillingService, move to Commercial
* Replace AssignSeatsToClientOrganizationCommand with ProviderBillingService, move to commercial
* Replace ScaleSeatsCommand with ProviderBillingService and move to Commercial
* Replace CancelSubscriptionCommand with SubscriberService
* Replace CreateCustomerCommand with ProviderBillingService and move to Commercial
* Replace StartSubscriptionCommand with ProviderBillingService and moved to Commercial
* Replaced RemovePaymentMethodCommand with SubscriberService
* Formatting
* Used dotnet format this time
* Changing ProviderBillingService to scoped
* Found circular dependency'
* One more time with feeling
* Formatting
* Fix error in remove org from provider
* Missed test fix in conflit
* [AC-1937] Server: Implement endpoint to retrieve provider payment information (#4107)
* Move the gettax and paymentmethod from stripepayment class
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the method to retrieve the tax and payment details
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit tests for the paymentInformation method
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the endpoint to retrieve paymentinformation
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit tests to the SubscriberService
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Remove the getTaxInfoAsync update reference
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Remove FlexibleCollectionsSignUp feature flag
* Always set Organization.FlexibleCollections to true
* Remove explicit assignment of LimitCollectionCreationDeletion so it defaults to false
* fix: align policy checks for excluded types, update tests, create fixture, refs AC-240
* fix: update final policy check against other orgs (not including the current), refs AC-240
* Add unit tests for the StorageSubscriptionUpdateTests.cs
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* remove unwanted comment from the class
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Create a class file and add unit tests for SmSeatSubscriptionUpdateTest.cs
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit test for the secrets manager seat update
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Fix the failing test cases
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add unit test for service account update
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add new models
* Update repositories
* Add new authz handler
* Add new query
* Add new command
* Add authz, command, and query to DI
* Add new endpoint to controller
* Add query unit tests
* Add api unit tests
* Add api integration tests
* Add the ability to get multi projects access
* Add access policy helper + tests
* Add new data/request models
* Add access policy operations to repo
* Add authz handler for new operations
* Add new controller endpoints
* add updating service account revision
* fcmv1 update
* try without nested data obj
* type must be a string
* fcmv1 migration flag
* lint fixes
* fix tests
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* [PM-3176] Extract IOrganizationService.SaveUserAsync to a command
* [PM-3176] Enabled nullable on command
* [PM-3176] Removed check that was not working
* Add new endpoint for creating client organizations in consolidated billing
* Create empty org and then assign seats for code re-use
* Fixes made from debugging client side
* few more small fixes
* Vincent's feedback
* [PM-6934] Prevent enabling two step login policy if any Org member has no master password and no 2FA set up
* [PM-6934] PR feedback
* [PM-6934] Updated policy check to only check users that will be deleted
* [PM-6934] Removed unnecessary code
* [PM-6934] Fixed unit tests and policy update logic
* [PM-6934] Updated error message
* remove the unwanted test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Fix the double email issue
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Resolve the bug issue
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* change the category name
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* move private down the class
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* move the private method down the class file
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* Add the RegisterUser Test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* modify the test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* remove the failing test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* revert the test
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* add the email method
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* revert changes on the UserServiceTests.cs
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---------
Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
* [AC-1637] Added HtmlEncodingStringConverter to encode/decode special chars on JSON serialization/deserialization
* [AC-1637] Added unit tests for HtmlEncodingStringConverter
* [AC-1637] Moved expected values on unit tests to the arrange phase
* [AC-1637] Added HtmlEncodingStringConverter to properties that are for input/output of Org Name and Business name
* [AC-1637] Modified views in Admin project to decode values to display
* [AC-1637] Replaced Html.Raw with HttpUtility.HtmlDecode
* [AC-1637] Added JsonConverter to Provider DTOs
* [AC-1637] Modified HandlebarsMailService to decode organization name before sending emails
* Revert "[AC-1637] Added JsonConverter to Provider DTOs"
This reverts commit 94d507cf93.
* [AC-1637] Fixed Admin panel organization search
* [AC-1637] Sanitizing Organization name and business name on creation in Admin panel
* [AC-1637] Sanitizing organization name and business name on creation by a provider
* [AC-1637] Sanitizing provider name on creation and on viewing in admin panel
* [AC-1637] Added sanitization to more places where Org name is used
* [AC-1637] Swapped using HttpUtility for WebUtility since the later is part of the dotnet framework
* [AC-1637] Updated error messages
* [AC-1637] Decoding on Admin panel add existing organization
* [AC-1637] Fix HTML decoding issues
* [AC-1637] Refactor HTML decoding in View and Model classes on Admin panel
* [AC-1637] Refactor provider name and business name usages to use methods that output decoded values
* [AC-1637] Fixed typo
* [AC-1637] Renamed Provider methods to retrieve Decoded Name and BusinessName
* [AC-1637] Renamed Organization methods to retrieve Decoded Name and BusinessName
* [AC-1637] Update the display name method in the `ProviderOrganizationOrganizationDetails` class to `DisplayName()`
* [AC-2077] Set a minimum number of seats for the tested Organization
* [AC-2077] Added PlanType property to OrganizationCustomization
* [AC-2077] Set up the test secrets manager seats to be null in case the plan does not support it
* Fix assigning Manage access to default collection
The previous implementation did not work when creating an org as a
provider because the ownerId is null in OrganizationService.SignUp.
Added a null check and handled assigning access in ProviderService
instead.
* Tweaks
* [AC-2154] Logging organization data before migrating for flexible collections
* [AC-2154] Refactored logging command to perform the data migration
* [AC-2154] Moved validation inside the command
* [AC-2154] PR feedback
* [AC-2154] Changed logging level to warning
* [AC-2154] Fixed unit test
* [AC-2154] Removed logging unnecessary data
* [AC-2154] Removed primary constructor
* [AC-2154] Added comments
* Added offboarding survey response to cancellation when FF is on.
* Removed service methods to prevent unnecessary upstream registrations
* Forgot to actually remove the injected command in the services
* Rui's feedback
* Add missing summary
* Missed [FromBody]
